Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Overconfident Organisations Prone to Cyber Breaches

A study found that 95% of UK enterprises were very confident or somewhat confident that they do not have gaps in their security controls, yet despite this, 69% have fallen victim to a cyber attack in the last two years. One of the reasons given for this false sense of confidence was the belief that more tools meant more security; worryingly, 45% of organisations struggled with the implementation of tools due to the need for expertise. Attackers are constantly adapting their tactics to bypass the security controls that most organisations implement. It is difficult for IT teams and business leaders to maintain an objective assessment of how effective their chosen security controls are against today’s attackers. Black Arrow provides the impartial and expert advice that businesses require, including a free initial assessment, with no vested interest other than helping our clients achieve pragmatic and proportionate security.

Source: [IT Security Guru]

Board Members Struggling to Understand Cyber Risks

Board members frequently struggle to understand cyber risks, putting businesses at higher risk of attacks, a new report has found. The report noted that Board interest is being piqued as a result of growing media reporting of cyber incidents, a heightened Board focus on operational resilience post-pandemic, investor pressure and a tightening regulatory environment.

Worryingly, despite the increase in interest and increased internal and external focus on cyber risk, a number of Board-level respondents reported that they felt scared or embarrassed to ask their CISO for fear of exposing their lack of understanding.

Source: [Infosecurity Magazine]

Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them

Senior executives in today's evolving work landscape face growing cyber security threats, including extortion and device theft. The rise of ‘workcations’, which blend work and leisure, has blurred professional and personal boundaries, exposing leaders to heightened risks, and necessitating a strong focus on cyber security.

These executives are particularly attractive targets due to their access to critical information and decision-making authority. To protect their organisations, they must prioritise robust security measures, such as stronger passwords, anti-theft safeguards for devices, multi factor authentication, and, where appropriate or necessary, the use of virtual private networks. As guardians of their businesses' well-being, executives carry the responsibility of upholding stringent cyber security practices, ensuring that the benefits of remote work do not compromise their organisations' security.

Source: [Fortune]

Cyber Attacks Reach Fever Pitch in Q2 2023

A report has found the global landscape of increasing digitisation, political unrest, the emergence of AI and the widespread adoption of work from home, have all contributed to an increase in attacks, which have increased 314% in the first half of this year compared the first half of 2022.  Rather worryingly, between the first and second quarter this year, there was a 387% increase in activity.

Source: [Data Centre & Network News]

Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats

A report from the Information Commissioner’s Office (ICO) in the UK found ransomware attacks on UK organisations reached record levels last year, impacting over 700 organisations. This isn’t the true count though, as it does not factor the overwhelming majority of victims who do not report attacks, so the true number will be many times this. This increase comes as reports are finding that UK companies are struggling to address the growing threats, and this includes a lack of understanding at the Board level. In fact, 59% of directors say their Board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.

Sources: [The Record] [The Fintech Times] [Financial Times]

Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. Referring to one of the groups, Microsoft said “In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,". This tactic has also been used by Russian Nation State Actors.

Source: [Bleeping Computer]

Europol - Financial Crime Makes “Billions” and Impacts “Millions”

The European policing alliance’s first ever European Financial and Economic Crime Threat Assessment was compiled from “operational insights and strategic intelligence” contributed by member states and Europol partners. The assessment highlighted a criminal economy worth billions of euros and that impacts millions of victims each year.

Source: [Infosecurity Magazine]

Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security

A recent report found that 30% of parents have never spoken to their children about cyber security. Additionally, over 40% of parents, who themselves admitted that they didn’t know how to create strong passwords, still give their child access to their mobile phones and almost a third (32%) give them access to their computers. By doing so, parents are not only putting their children at risk, but inadvertently, themselves and the organisations they work for as well.

Black Arrow offers a range of training, including formal and informal training, for individuals, employees and business leaders. Contact us today for a free initial conversation.

Source: [IT Security Guru]

Hackers are Dropping USB Drives Outside Buildings to Target Networks

A mid-year cyber security report found that along with the explosive growth in AI, bad actors are still using tried and tested, but unfortunately still very effective, tactics such as dropping USB drives outside target buildings in the hope that an employee will pick them up and plug them into devices connected to the corporate network. Many times, these actors are banking on their targets lacking protections against these attacks. Think about your organisation, would someone plug a device they found in the street into their work computer out of curiosity? Does your organisation have controls in place to prevent this type of attack?

Source: [Tech Republic]

Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night

According to a recent survey, 55% of IT decision-makers cited data theft as their main concern, with ransomware placed third, after phishing. This comes as ransomware attackers are moving towards more exfiltration-based techniques. Exfiltration creates a significant number of issues for an organisation including the regulatory requirements of telling customers, to not knowing what data has been exfiltrated.

Source: [Information Security Buzz]

If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now

Criminals have had plenty of time to use encryption keys stolen in the 2022 LastPass hack to open vaults, and there has been a reported increase in the number of vaults that have been cracked. For those attackers that haven’t been able to crack your password, they're under no time constraints.

Whilst successful attackers may not directly target your email accounts, PayPal wallets, or banks, these assets can be packaged and sold to other criminal third parties. If any of the passwords stored in a LastPass vault prior to 2022 are still in use, you should change them immediately.

Source: [Make Use Of]

Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web

IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report. The latest haul of new CVEs brings the total number tracked by the vendor to 3,900; a number that has doubled since 2019. Similarly, a separate report from Palo Alto Networks found that 80% of security exposures exist in the cloud.

IBM highlighted that this has led to a number of cloud credentials being actively sold on the dark web, in some cases for the same price as a dozen doughnuts. These credentials are believed to account for almost 90% of goods and services for sale on the dark web.

Sources: [Infosecurity Magazine] [The Register] [TechTarget]

Governance, Risk and Compliance

• More UK companies failing to tackle cyber security, reveals new report - The Intermediary - Latest UK mortgage news

• Deputy PM urges UK plc not to lose focus on cyber | Computer Weekly

• Cyber criminals are now targeting top executives–and could be using sensitive information to extort them | Fortune

• Why Data Theft Is Now The #1 Cyber Security Threat Keeping IT Pros Awake At Night (informationsecuritybuzz.com)

• Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru

• Global companies to hike security spending as threats rise - survey | Reuters

• CISOs need to be forceful to gain leverage in the boardroom - Help Net Security

• Board Members Struggling to Understand Cyber Risks - Infosecurity Magazine (infosecurity-magazine.com)

• Board And CISO Disconnect On Cyber Security Preparedness 'Rings Alarm Bells'– Expert Comments (informationsecuritybuzz.com)

• Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru

• Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard

• Cyber Security risks dampen corporate enthusiasm for tech investments - Help Net Security

• CISOs and Board Reporting – an Ongoing Problem - SecurityWeek

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks hit record level in UK, according to neglected official data (therecord.media)

• Ransomware tracker: The latest figures [September 2023] (therecord.media)

• Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)

• Ransomware thrives as cyber security remains lax, says UK report | Financial Times (ft.com)

• Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family (thehackernews.com)

• Ransomware and the cyber crime ecosystem - NCSC.GOV.UK

• Ransomware in top three threats for 65% of organisations | Security Magazine

• The 10 biggest ransomware attacks in history | TechTarget

• Sophos on the State of Ransomware - GovInfoSecurity

• TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)

• Don’t focus on ransomware variants, say UK’s national cyber and crime agencies (therecord.media)

• Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor (darkreading.com)

• Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors (darkreading.com)

Ransomware Victims

• Greater Manchester Police officers' details targeted in 'ransomware attack' | Breaking News News | Sky News

• A phone call to helpdesk was likely all it took to hack MGM | Ars Technica

• MGM Resorts cyber attack: Casinos warned to be on 'high alert' as £11bn firm remains crippled | Science & Tech News | Sky News

• MGM, Caesars File SEC Disclosures on Cyber Security Incidents (darkreading.com)

• Caesars paid millions in ransom to cybercrime group prior to MGM hack – NECN

• Group in Casino Hacks Skilled at Duping Workers for Access (1) (bloomberglaw.com)

• Ransomware tracker: The latest figures [September 2023] (therecord.media)

• IT Systems Encrypted After UK School Hit By Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Attack Wipes Out Four Months of Sri Lankan Government Data - Infosecurity Magazine (infosecurity-magazine.com)

• Rhysida gang claims to have hacked three more US hospitals (securityaffairs.com)

• Ransomware crew claims to have hit Save The Children • The Register

• Shell says Australian unit BG Group hit by MOVEit cyber security breach | Reuters

• Dutch football association pays ransom to Russian cyber criminals – EURACTIV.com

• Cyber security incident affects services at The Weather Network | CFJC Today Kamloops

Phishing & Email Based Attacks

• New Microsoft Teams Phishing Campaign Targets Corporate Employees - Infosecurity Magazine (infosecurity-magazine.com)

• Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security

• Attackers Abuse Google Looker Studio to Evade DMARC, Email Security (darkreading.com)

• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper (thehackernews.com)

• $24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack

• Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar

• Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)

• Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)

• Journalists, authors, and other writers targeted by phishing emails | TechRadar

• Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach - SecurityWeek

• Windows Systems Targeted in Multi-Stage Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• How should SMBs navigate the phishing minefield? - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Understanding the dangers of social engineering - Help Net Security

• How to Avoid Smishing Attacks Targeting Subscription Service Users (securityintelligence.com)

Artificial Intelligence

• Cyber Criminals Feasting On Artificial Intelligence (forbes.com)

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

• ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)

• Cloud security in the era of artificial intelligence (securityintelligence.com)

• Deepfake cyberthreats keep rising. Here's how to prevent them - SiliconANGLE

2FA/MFA

• Organisation Still Aren't Adopting Enterprisewide Multifactor Authentication — What's the Holdup? (securityintelligence.com)

Malware

• Microsoft Teams phishing attack pushes DarkGate malware (bleepingcomputer.com)

• Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)

• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper (thehackernews.com)

• Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)

• Windows Systems Targeted in Multi-Stage Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Intel-based Macs under attack from new MetaStealer malware — how to stay safe | Tom's Guide (tomsguide.com)

• Protecting Your Microsoft IIS Servers Against Malware Attacks (thehackernews.com)

• 3 Strategies to Defend Against Resurging Infostealers (darkreading.com)

• New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (thehackernews.com)

• Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)

• 'Steal-It' Campaign Uses OnlyFans Models as Lures (darkreading.com)

• Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (welivesecurity.com)

• Cybersecurity alert: Malware hidden in Microsoft Teams messages targeting users - OnMSFT.com

• Iranian Cyberspies Deployed New Backdoor to 34 Organizations - SecurityWeek

Mobile

• 'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users (darkreading.com)

• France halts iPhone 12 sales over radiation levels - BBC News

Denial of Service/DoS/DDOS

• Massive DDoS attack on US financial company thwarted by cyber firm (therecord.media)

• Akamai prevented largest DDoS attack on a US financial company (securityaffairs.com)

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek

• Yukon gov't website back after cyber attack, Nunavut gov't site still down | CBC News

Internet of Things – IoT

• Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)

• Wyze security camera owners report seeing strangers' camera feeds | Mashable

• Hackers Are Salivating Over Electric Cars - The Atlantic

• Hackers will hack anything — including your sex toys - The Hustle

Data Breaches/Leaks

• Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru

• LastPass Hackers Cracking Password Vaults - Experts Warns - Cyber Kendra

• Dymocks Booksellers suffers data breach impacting 836k customers (bleepingcomputer.com)

• Lessons from the DuoLingo data breach – Digital Journal

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Capita class action: 2,000 sign up in wake of data theft • The Register

• Airbus data leaked via infected customer computer • The Register

• Threat actor leaks sensitive data belonging to Airbus (securityaffairs.com)

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Organised Crime & Criminal Actors

• Cyber criminals are now targeting top executives–and could be using sensitive information to extort them | Fortune

• Europol: Financial Crime Makes “Billions” and Impacts “Million" - Infosecurity Magazine (infosecurity-magazine.com)

• How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Influx of Russian fraudsters gives Turkish cyber crime hub new lease of life | Financial Times (ft.com)

• Europol's spotlight report sheds light on evolving cyber attacks (amlintelligence.com)

• Ransomware in the underworld. (thecyberwire.com)

• Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Criminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks (thehackernews.com)

• Top blockchain Cyber security threats to watch out for (att.com)

• $24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack

• Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin

• Hackers steal $53 million worth of cryptocurrency from CoinEx (bleepingcomputer.com)

• Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News

Insider Risk and Insider Threats

• Human behaviour as both threat and defence | Professional Security

Fraud, Scams & Financial Crime

• Latest fraud schemes targeting the payments ecosystem - Help Net Security

• Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News

• Glasgow firm issues warning following recent cyber attack | Glasgow Times

Impersonation Attacks

• Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security

• Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)

Deepfakes

• Deepfake cyber threats keep rising. Here's how to prevent them - SiliconANGLE

AML/CFT/Sanctions

• TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)

Insurance

• Insurance industry grapples with rising cyber crime threat, climate change concerns: PwC - Reinsurance News

• Cyber security is top insurance concern as global attacks increase - Insurance Post (postonline.co.uk)

Dark Web

• Dark Web Threats to Businesses - DevX

• ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)

• Cloud credentials are the hot ticket item on the dark web • The Register

Supply Chain and Third Parties

• Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard

• Lazarus Group Targets macOS in Supply Chain Assault - Infosecurity Magazine (infosecurity-magazine.com)

• Airbus Cyber Attack: Over 3,200 Vendor Data Accessed by Hackers (cybersecuritynews.com)

• Capita class action: 2,000 sign up in wake of data theft • The Register

• The rise and evolution of supply chain attacks - Help Net Security

• A 2-Week Prescription for Eliminating Supply Chain Threats (darkreading.com)

Cloud/SaaS

• New Microsoft Teams Phishing Campaign Targets Corporate Employees - Infosecurity Magazine (infosecurity-magazine.com)

• Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar

• Finding Your Way in Cloud Security - SecurityWeek

• 7 Steps to Kickstart Your SaaS Security Program (thehackernews.com)

• Cloud storage security: What's new in the threat matrix | Microsoft Security Blog

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Cloud credentials are the hot ticket item on the dark web • The Register

• Palo Alto Networks: 80% of security exposures exist in cloud | TechTarget

• Cloud security in the era of artificial intelligence (securityintelligence.com)

Containers

• Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns (darkreading.com)

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)

Identity and Access Management

• Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)

• Companies need to rethink how they implement identity security - Help Net Security

• Enterprises persist with outdated authentication strategies - Help Net Security

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

Encryption

• OpenSSL 1.1.1 reaches end of life... unless you can pay up • The Register

• When a Quantum Computer Is Able to Break Our Encryption, It Won’t Be a Secret | Lawfare (lawfaremedia.org)

API

• API Expanding Attack Surfaces: 74% Reporting Multiple Breaches – Approov Comments (informationsecuritybuzz.com)

• How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)

• Elevating API security to reinforce cyber defence - Help Net Security

• Machine Learning is a Must for API Security - IT Security Guru

Open Source

• Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)

• Linux Malware! Read This If You Use Free Download Manager (itsfoss.com)

Passwords, Credential Stuffing & Brute Force Attacks

• If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now (makeuseof.com)

• Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)

• New WiKI-Eve attack can steal numerical passwords over WiFi (bleepingcomputer.com)

• Wi-Fi radio signal data can be used 'to predict passwords' • The Register

• Cloud credentials are the hot ticket item on the dark web • The Register

• Iranian hackers breach defence orgs in password spray attacks (bleepingcomputer.com)

Social Media

• Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)

Training, Education and Awareness

• How to Transform Security Awareness Into Security Culture (darkreading.com)

• Elevating Cyber Awareness: A Strategic Approach (informationweek.com)

• How end-user phishing training works (and why it doesn’t) (bleepingcomputer.com)

• Great security training is a real challenge - Help Net Security

Digital Transformation

• Was the digital transformation worth it security-wise? (securityintelligence.com)

Parental Controls and Child Safety

• Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security- IT Security Guru

• Parents, children and cyber security: Time for a big conversation – Digital Journal

Cyber Bullying, Cyber Stalking and Sextortion

• How To Answer The General Counsel’s Questions After A Cyber Incident (forbes.com)

Regulations, Fines and Legislation

• SEC Issues Final Rules on Cyber Security Disclosures | Kelley Drye & Warren LLP - JDSupra

• Cyber risk is business risk, and the SEC knows it (fdd.org)

• What Makes an Incident ‘Material’? | Calloquy, PBC - JDSupra

• The International Criminal Court will now prosecute cyberwar crimes | Ars Technica

• Preparing For Cyber Security Disclosures Set For Public Companies (forbes.com)

• UK ICO and NCSC Set to Share Anonymized Threat Intelligence - Infosecurity Magazine (infosecurity-magazine.com)

• One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem (securityintelligence.com)

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Models, Frameworks and Standards

• Understanding the HITRUST CSF and its Benefits | UpGuard

Backup and Recovery

• How to develop a cloud backup ransomware protection strategy | TechTarget

• How To Backup Data From NAS: A Complete Guide (informationsecuritybuzz.com)

Data Protection

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Careers, Working in Cyber and Information Security

• Cyber Security Skills Gap: Roadies & Gamers Are Untapped Talent (darkreading.com)

• Three ways to overcome cyber security staff shortages (securitybrief.co.nz)

Privacy, Surveillance and Mass Monitoring

• Wyze security camera owners report seeing strangers' camera feeds | Mashable

• Your Car Is Spying On You, From Your Sex Life To How Fast You Go | Carscoops

• Google Chrome just rolled out a new way to track you and serve ads. Here's what you need to know (theconversation.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

China

• Risk & Repeat: Big questions remain on Storm-0558 attacks | TechTarget

• Parliamentary researcher ‘who spied for China’ arrested | UK news | The Guardian

• Arrest of alleged spy raises questions around UK’s China policy | Financial Times (ft.com)

• Microsoft, Apple versus China, spyware actors (techrepublic.com)

• Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)

• Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cyber Crime - SecurityWeek

• Spies, Hackers, Informants: How China Snoops on the West - SecurityWeek

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

• China caught with its malware in another nation's power grid • The Register

• China Threat Recap: A Deeper Insight (informationsecuritybuzz.com)

• As China steps up cyber security enforcement, smaller businesses are feeling the heat | South China Morning Post (scmp.com)

• British and Chinese academic research collaborations quadruple despite security fears (telegraph.co.uk)

Iran

• Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)

• ‘Scan-and-exploit’ campaign snares unpatched Exchange servers | SC Media (scmagazine.com)

• Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors (thehackernews.com)

North Korea

• Lazarus Group Targets macOS in Supply Chain Assault - Infosecurity Magazine (infosecurity-magazine.com)

• Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin

Misc Nation State/Cyber Warfare

• ‘Cyber attacks lower warfare bar, rules key’ | Mint (livemint.com)

• Polish election questioned after Pegasus spyware used to smear opposition, investigation finds | Computer Weekly

• How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek

• How Cyber Attacks Are Transforming Warfare (thehackernews.com)

• OODA Loop - The ICC Will Now Investigate Cyber War Crimes

• The Double-Edged Sword of Cyber Espionage (darkreading.com)

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

Vulnerability Management

• Severe vulnerability found in all browsers, and it's being attacked | PCWorldOvercoming the Rising Threat of Session Hijacking (darkreading.com)

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica

Vulnerabilities

• Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws (bleepingcomputer.com)

• Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) - Help Net Security

• Severe vulnerability found in all browsers, and it's being attacked | PCWorld

• Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now (thehackernews.com)

• After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery - SecurityWeek

• CISA Adds Critical RocketMQ Bug to Must-Patch List - Infosecurity Magazine (infosecurity-magazine.com)

• Notepad++ 8.5.7 released with fixes for four security vulnerabilities (bleepingcomputer.com)

• Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (bleepingcomputer.com)

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)

• Cisco warns of VPN zero-day exploited by ransomware gangs (bleepingcomputer.com)

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

Tools and Controls

• Global companies to hike security spending as threats rise - survey | Reuters

• Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru

• What Is XDR and Why It's Changing the Security Industry - ReadWrite

• Organisations Still Aren't Adopting Enterprisewide Multifactor Authentication — What's the Holdup? (securityintelligence.com)

• Remote Desktop Protocol exposures leave 85% of organisations vulnerable to attack - SiliconANGLE

• How CISOs Can Effectively Manage Firewall Vulnerabilities | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• The Dark Web Is Expanding (As Is the Value of Monitoring It) (darkreading.com)

• How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)

• Elevating Cyber Awareness: A Strategic Approach (informationweek.com)

• Great security training is a real challenge - Help Net Security

• Companies need to rethink how they implement identity security - Help Net Security

• Enterprises persist with outdated authentication strategies - Help Net Security

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

• Easy Configuration Fixes Can Protect Your Server from Attack (securityintelligence.com)

Reports Published in the Last Week

• Ransomware and the Cyber Crime ecosystem - NCSC.GOV.UK

• Sophos on the State of Ransomware - GovInfoSecurity

• The State of Pentesting 2023 Report | Cobalt

Other News

• Record number of cyber attacks targeting critical IT infrastructure reported to UK gov’t this year (therecord.media)

• The Weaponization of Operational Technology (securityintelligence.com)

• ICS Computers in Western Countries See Increasing Attacks: Report - SecurityWeek

• Cyber Trends: The Gunpowder of the Twenty-First Century (e-ir.info)

• The 9 Top Technology Trends That Are Shaping the Future of Cyber Security (makeuseof.com)

• Some of TOP universities wouldn’t pass cyber security exam: left websites vulnerable - Security Affairs

• The Cyber Security Risks In Education Cannot Be Ignored (forbes.com)

• A new Repojacking attack exposed over 4,000 GitHub repositories to hack (securityaffairs.com)

• Cyber attacks reach fever pitch in Q2 2023 - Data Centre & Network News (dcnnmagazine.com)

• Rising OT/ICS cyber security incidents reveal alarming trend - Help Net Security

• Building cyber resiliency in public services | UKAuthority

• Brits happy to break cyber law if the price is right | Computer Weekly

• Chilling Lack of Cyber Experts in UK Government: Parliamentary Inquiry - Infosecurity Magazine (infosecurity-magazine.com)

• British Military Hit by Six Million Cyber Attacks in 2022 (thedefensepost.com)

• Trustwave report on hospitality industry security threats | Cyber Magazine

• Cyber security impact on construction, engineering projects (csemag.com)

• Cyber criminals come for schools — and schools aren’t ready (hechingerreport.org)

• Professional Sports: The Next Frontier of Cyber Security? (darkreading.com)

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Poison in the Water: The Physical Repercussions of IoT Security Threats (securityintelligence.com)

• Australia Inc roiled by raft of cyber attacks since late 2022 | Reuters

• Death by digital: attacks on healthcare put people at risk (synack.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Cyber crime is 'a constant threat' to SMEs

Criminals are diversifying and growing more dangerous, while SMEs remain complacent and mostly oblivious to the threats.

With a quarter of small and medium-sized enterprises (SME) falling victim to a cyberattack in the last 12 months, the threat towards these organizations is constant. This is according to a new report from Direct Line – Business, which claims that businesses aren't doing all they can to stay safe.

The report states that, if a cyber attack were to occur, many organisations would find themselves in a seriously dangerous position given they hold less than $13,000 in cash reserves. Besides financial damage, many should also expect damaged client and customer relationships due to eroded trust.

With cybercriminals diversifying into different methods of attack, SMEs need to stay vigilant on multiple fronts. Phishing is still the most popular weapon for criminals, the report states, but malware and ransomware, as well as DDoS attacks, are also notable mentions.

https://www.itproportal.com/features/cybercrime-is-a-constant-threat-to-smes/

The most common passwords of 2020 are atrocious

Bottom line: Choosing secure passwords has never been humanity’s strong suit and let’s face it, it’s never going to be. People simply have too many accounts to protect these days, leading to poor practices such as simplifying passwords to make them easier to remember and reusing the same password across multiple accounts.

https://www.techspot.com/news/87657-most-common-passwords-2020-atrocious.html#Share

Why ransomware is still so successful: Over a quarter of victims pay the ransom

Over a quarter of organisations that fall victim to ransomware attacks opt to pay the ransom as they feel as if they have no other option than to give into the demands of cyber criminals – and the average ransom amount is now more than $1 million.

https://www.zdnet.com/article/why-ransomware-is-still-so-successful-over-a-quarter-of-victims-pay-the-ransom/

Cyber crime is maturing. Here are 6 ways organisations can keep up

In 2020, the world has experienced many challenges. Among them, hastened digitalisation has brought new opportunities but also new risks. According to the World Economic Forum Global Risks Report 2020, cyber attacks rank first among global human-caused risks and RiskIQ predicts that by 2021 cyber crime will cost the world $11.4 million each minute.

https://www.weforum.org/agenda/2020/11/how-to-protect-companies-from-cybercrime/

Ransomware-as-a-service: The pandemic within a pandemic

Ransomware is a massive problem. But you already knew that.

Technical novices, along with seasoned cyber security professionals, have witnessed over the past year a slew of ransomware events that have devastated enterprises around the world. Even those outside of cyber security are now familiar with the concept: criminals behind a keyboard have found a way into an organization’s system, prevented anyone from actually using it by locking it up, and won’t let anyone resume normal activity until the organization pays a hefty fee.

https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/

CISOs say a distributed workforce has critically increased security concerns

73% of security and IT executives are concerned about new vulnerabilities and risks introduced by the distributed workforce, Skybox Security reveals.

The report also uncovered an alarming disconnect between confidence in security posture and increased cyberattacks during the global pandemic.

https://www.helpnetsecurity.com/2020/11/18/distributed-workforce-security/

Threats

Ransomware

Capcom confirms Ragnar Locker ransomware attack, data exposure

Capcom has confirmed that a recent security incident was due to a Ragnar Locker ransomware infection, potentially leading to the exposure of customer records.

This week, the Japanese gaming giant confirmed that the company had fallen prey to "customized ransomware" which gave attackers unauthorised access to its network -- as well as the data stored on Capcom Group systems.

https://www.zdnet.com/article/capcom-confirms-ransomware-attack-potential-theft-of-customer-employee-data/

Ransomware attack forces web hosting provider Managed.com to take servers offline

One of the biggest providers of managed web hosting solutions, has taken down all its servers in order to deal with a ransomware attack.

The ransomware impacted the company's public facing web hosting systems, resulting in some customer sites having their data encrypted.

The incident only impacted a limited number of customer sites, which the company said it immediately took offline.

https://www.zdnet.com/article/web-hosting-provider-managed-shuts-down-after-ransomware-attack/

Phishing

Office 365 phishing campaign detects sandboxes to evade detection

Microsoft is tracking an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets.

"We’re tracking an active credential phishing attack targeting enterprises that uses multiple sophisticated methods for defence evasion and social engineering," Microsoft said.

"The campaign uses timely lures relevant to remote work, like password updates, conferencing info, helpdesk tickets, etc."

https://www.bleepingcomputer.com/news/security/office-365-phishing-campaign-detects-sandboxes-to-evade-detection/

Malware

Adult site users targeted with ZLoader malware via fake Java update

A malware campaign ongoing since the beginning of the year has recently changed tactics, switching from exploit kits to social engineering to target adult content consumers.

The operators use an old trick to distribute a variant of ZLoader, a banking trojan that made a comeback earlier this year after an absence of almost two years, now used as an info stealer.

https://www.bleepingcomputer.com/news/security/adult-site-users-targeted-with-zloader-malware-via-fake-java-update/

Lazarus malware strikes South Korean supply chains

Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates.

Cyber security researchers reported the abuse of the certificates, stolen from two separate, legitimate South Korean companies.

https://www.zdnet.com/article/lazarus-malware-strikes-south-korean-supply-chains/

Malware activity spikes 128%, Office document phishing skyrockets

The report demonstrates threat actors becoming even more ruthless. Throughout Q3, hackers shifted focus from home networks to overburdened public entities, including the education sector and the Election Assistance Commission (EAC). Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

https://www.helpnetsecurity.com/2020/11/13/malware-activity-q3-2020/

Cloud

Attackers can abuse a misconfigured IAM role across 16 Amazon services

Researchers at Palo Alto’s Unit 42 have confirmed that they have compromised a customer’s AWS cloud account with thousands of workloads using a misconfigured identity and access management (IAM) role.

https://www.scmagazine.com/home/security-news/cloud-security/attackers-can-abuse-a-misconfigured-iam-role-across-16-aws-services/

Vulnerabilities

More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug

A year and a half after Microsoft disclosed the BlueKeep vulnerability impacting the Windows RDP service, more than 245,000 Windows systems still remain unpatched and vulnerable to attacks.

The number represents around 25% of the 950,000 systems that were initially discovered to be vulnerable to BlueKeep attacks during a first scan in May 2019.

https://www.zdnet.com/article/more-than-245000-windows-systems-still-remain-vulnerable-to-bluekeep-rdp-bug/

Windows Kerberos authentication breaks due to security updates

Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released to address CVE-2020-17049 during this month's Patch Tuesday, on November 10.

https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-due-to-security-updates/

Cisco Patches Critical Flaw After PoC Exploit Code Release

A critical path-traversal flaw exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.

A day after proof-of-concept (PoC) exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch.

https://threatpost.com/critical-cisco-flaw-sensitive-data/161305/

Widespread Scans Underway for RCE Bugs in WordPress Websites

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.

Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers.

According to the Wordfence Threat Intelligence team, more than 7.5 million probes targeting these vulnerabilities have been observed, against more than 1.5 million WordPress sites, just since Tuesday.

https://threatpost.com/widespread-scans-rce-bugs-wordpress-websites/161374/

Webex fixed some seriously spooky security flaws

Cisco has patched several troubling security vulnerabilities in its Webex video conferencing service.

The flaws in the video conferencing software were flagged. Researchers took a deeper look at the collaboration tools being used for day-to-day work to better understand how they could impact sensitive meetings now being held virtually. During its investigation, the company's security researchers discovered three vulnerabilities in Webex.

https://www.techradar.com/news/cisco-webex-had-some-very-spooky-security-flaws

Data Breaches

Animal Jam was hacked, and data stolen; here’s what parents need to know

WildWorks,  the gaming company that makes the popular kids game Animal Jam, has confirmed a data breach.

Animal Jam is one of the most popular games for kids, ranking in the top five games in the 9-11 age category in Apple’s App Store in the U.S., according to data provided by App Annie. But while no data breach is ever good news, WildWorks has been more forthcoming about the incident than most companies would be, making it easier for parents to protect both their information and their kids’ data.

https://techcrunch.com/2020/11/16/animal-jam-data-breach/

Crown Prosecution Service guilty of ‘serious’ data breaches

Prosecutors are routinely guilty of “serious” data breaches that can endanger the public by disclosing addresses of people who report crimes, a watchdog has revealed.

Independent assessors of the Crown Prosecution Service found that prosecutors in England and Wales were responsible for “a significant number of data security breaches”.

https://www.thetimes.co.uk/article/crown-prosecution-service-guilty-of-serious-data-breaches-k7vhl0hnf

Privacy

MacOS Big Sur reveals Apple secretly hates your VPN and firewall

If you're using a Mac VPN and recently updated your device to Big Sur, your privacy may be at risk as it was discovered that Apple apps are able to bypass both firewalls and VPN services in the company's latest version of macOS.

Twitter user mxswd first spotted the issue back in October and provided more details in a tweet which reads: “Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running”.

https://www.techradar.com/uk/news/macos-big-sur-reveals-apple-secretly-hates-your-vpn-and-firewall

Server failure unearths massive macOS tracking plans

More serious doubts have been raised about Apple's snooping tactics following fresh revelations about the company's macOS software. We’ve already reported how apps in the latest release of macOS can bypass firewalls and VPNs and how the release was bricking some older MacBook Pro machines.

https://www.techradar.com/news/server-failure-unearths-massive-macos-tracking-plans

Employee surveillance software demand increased as workers transitioned to home working

As people hunkered down to work from home during COVID-19, companies turned to employee surveillance software to track their staff.

What does the rise of intrusive tools such as employee surveillance software mean for workers at home?

A new study shows that the demand for employee surveillance software was up 55% in June 2020 compared to the pre-pandemic average. From webcam access to random screenshot monitoring, these surveillance software products can record almost everything an employee does on their computer.

https://www.zdnet.com/article/employee-surveillance-software-demand-increased-as-workers-transitioned-to-home-working/

Los Angeles police ban facial recognition software and launch review after officers accused of unauthorized use

The Los Angeles police department (LAPD) has banned commercial facial recognition software and launched a review after 25 officers were accused of using it unofficially to try to identify people.

https://www.theregister.com/2020/11/19/lapd_facial_recogntion/

Nation State Actors

More than 200 systems infected by new Chinese APT 'FunnyDream'

A new Chinese state-sponsored hacking group (also known as an APT) has infected more than 200 systems across Southeast Asia with malware over the past two years.

The malware infections are part of a widespread cyber-espionage campaign carried out by a group named FunnyDream, according to a new report published today by security firm Bitdefender.

The attacks have primarily targeted Southeast Asian governments. While Bitdefender has not named any victim countries, a report published earlier this spring by fellow security firm Kaspersky Lab has identified FunnyDream targets in Malaysia, Taiwan, and the Philippines, with the most victims being located in Vietnam.

https://www.zdnet.com/article/more-than-200-systems-infected-by-new-chinese-apt-funnydream/

Massive, China-state-funded hack hits companies around the world, report says

Attacks are linked to Cicada, a group believed to be funded by the Chinese state.

Researchers have uncovered a massive hacking campaign that’s using sophisticated tools and techniques to compromise the networks of companies around the world.

The hackers, most likely from a well-known group that’s funded by the Chinese government, are outfitted with both off-the-shelf and custom-made tools. One such tool exploits Zerologon, the name given to a Windows server vulnerability, patched in August, that can give attackers instant administrator privileges on vulnerable systems.

https://arstechnica.com/information-technology/2020/11/massive-china-state-funded-hack-hits-companies-around-the-word-report-says/

Other News

Hackers are leaning more heavily on cloud resources

Underground cloud services may seem like an oxymoron, but they are quite real, and criminals are using them to speed up attacks and leave very little room for compromised businesses to react.

This is according to a new report from cybersecurity firm Trend Micro, which found terabytes of internal business data and logins - including for Google, Amazon and PayPal - for sale on the dark web.

https://www.itproportal.com/news/hackers-are-leaning-more-heavily-on-cloud-resources/

CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024

Digital attack attempts in industrial environments are on the rise. In February 2020, IBM X-Force reported that it had observed a 2,000% increase in the attempts by threat actors to target Industrial Control Systems (ICS) and Operational Technology (OT) assets between 2018 and 2020. This surge eclipsed the total number of attacks against organizations’ industrial environments that had occurred over the previous three years combined.

https://www.tripwire.com/state-of-security/risk-based-security-for-executives/ceo-personally-liable-cyber-physical-security-incidents/

Reports Published in the Last Week

Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world

https://nakedsecurity.sophos.com/2020/11/18/sophos-threat-report-2021/

Verizon Releases First Cyber-Espionage Report

https://www.infosecurity-magazine.com/news/verizon-releases-first-cyber/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.