Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 15 March 2024
Black Arrow Cyber Threat Intelligence Briefing 15 March 2024:
-Mind The Gap - Mimecast Report Finds Humans Are Biggest Security Flaw
-Three-Quarters of Cyber Victim Are SMBs - Why SMBs are Becoming More Vulnerable
-Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc
-UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’
-Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024
-Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture
-Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
-Independent Cyber Security Audits Are Powerful Tools for Boards
-Navigating Cyber Security in The Era of Mergers
-Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Mind The Gap: Mimecast Report Finds Humans Are Biggest Security Flaw
A global report from Mimecast has found that 74% of all cyber breaches are caused by human factors, including errors, misuse of access privileges or social engineering. Email remains the primary attack vector for cyber threats. Further, 67% of respondents expect AI-driven attacks to soon be the norm and 69% believe their company will be harmed by an attack.
No matter the size, sector or budget of an organisation, people remain a consistent risk factor. Even with strong technology controls, people can still be the risk that brings down the organisation. It is therefore important for organisations to integrate people into their cyber security investments. This should include awareness and education training, and fostering a cyber secure culture in the organisation.
Sources: [IT Security Guru] [Beta News] [Verdict]
Three-Quarters of Cyber Victim Are SMBs: Why SMBs are Becoming More Vulnerable
According to a recent Sophos report, over three-quarters of cyber incidents impacted smaller businesses in 2023, with ransomware having the largest impact. The research also found that in 90% of attacks, data or credential theft was involved and in 43%, data theft was the main focus.
The report found significant usage of initial access brokers; these are attackers whose speciality is to break into computer networks and sell ready-to-go access to other attackers. In fact, the report found that almost half of all malware detected in SMBs were malicious programs used to steal sensitive data and login credentials. Unfortunately, many SMBs struggle to keep up due to a lack of resources and budget; instead, they must be able to prioritise their cyber security efforts to get the most return on investment.
Sources: [Infosecurity Magazine] [Help Net Security] [TechRadar] [Nairametrics] [TechTarget]
Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc
The Ipsos report on Cyber Security Skills in the UK Labour Market 2023 sheds light on the persistent challenges faced in recruiting, training, and retaining cyber security professionals across various domains. With approximately 739,000 businesses lacking basic cyber skills and 487,000 facing advanced skills gaps, the demand for trained professionals is escalating. The shortage of incident response skills highlights the need for comprehensive education and training programs. Senior management and board-level executives must also be equipped with the knowledge to manage incidents effectively, emphasising reporting, seeking external assistance, and maintaining a no-blame culture. Understanding cyber risks at the business level is crucial, as cyber crime has evolved into a well-organised industry with distinct roles and profit-sharing mechanisms among cyber criminal groups. Conducting tabletop incident response exercises can effectively prepare senior leadership for cyber incidents, ensuring a proactive and coordinated response to mitigate risks and safeguard organisational resilience.
Source: [TechRadar]
UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’
The recent response from the British government to warnings about the looming ransomware threat has sparked criticism, with accusations of adopting an "ostrich strategy" by downplaying the severity of the national cyber threat. Despite alarming assessments from the Joint Committee on the National Security Strategy (JCNSS) regarding the high risk of a catastrophic ransomware attack, the government's formal response has been met with scepticism. Key recommendations, such as reallocating responsibility for tackling ransomware away from the Home Office, were rejected, with the government arguing that its existing regulations and the current National Cyber Strategy were sufficient. This argument has raised concerns about the government's preparedness and resource allocation. With ransomware attacks escalating in the UK, the Committee underscores the urgency for a proactive national security response to mitigate the potentially devastating impacts on the economy and national security.
Source: [The Record Media]
Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024
Research conducted by the Identity Theft Resource Center (ITRC) found that 2023 set an all time high in data breaches, 72% more than the prior year. Separately, the Allianz Risk Barometer identified cyber incidents as the biggest global business threat for 2024, ranking above regulatory concerns, climate change and a shortage of skilled workers. It is crucial that the severity of this risk is reflected in the actions taken by organisations, who must effectively govern and implement their cyber security strategy.
Sources: [JDSupra]
Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture
Cyber security has become a pressing issue on financial institutions due to the rise in cyber attacks, as highlighted by the February attack on Bank of America via a third-party service. The involvement of the LockBit ransomware group underlines the persistent nature of these threats, particularly targeting the financial sector. These attacks disrupt services and undermine trust in the financial system, necessitating robust cyber security frameworks. The new US Securities and Exchange Commission (SEC) rule requiring immediate disclosure of cyber security incidents presents both benefits and challenges, calling for clear guidelines and industry-wide collaboration. BlackBerry’s Global Threat Intelligence Report revealed a staggering million attacks globally in just 120 days last year. These attacks, often using commodity malware, make up almost two-thirds of all industry-related incidents. The 27% increase in novel malware samples highlights the need for improved defences. These findings emphasise the need for AI-driven detection and defence strategies. While critical infrastructure remains a primary focus, commercial enterprises must remain vigilant, with a third of threats targeting various sectors, emphasising the pervasive nature of cyber threats across industries.
Source:[ SC Media] [TechRadar]
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
In a recent revelation, Microsoft disclosed that the Kremlin-backed threat group known as Midnight Blizzard successfully accessed some of Microsoft’s source code repositories and internal systems following a hack in January 2024. The breach, believed to have originally occurred in November 2023, exploited a legacy test account lacking multi-factor authentication by employing a password spray attack. Microsoft assured no compromise to customer-facing systems but warned of ongoing attempts by Midnight Blizzard to exploit stolen corporate email data. The extent of the breach remains under investigation, with concerns raised over the potential accumulation of attack vectors by the threat actor. The incident underscores the escalating sophistication of nation-state cyber threats and prompts a re-evaluation of security measures, highlighting the imperative for robust defences against such adversaries.
Source: [The Hacker News]
Independent Cyber Security Audits Are Powerful Tools for Boards
Board members are increasingly held accountable for their organisation's cyber posture, facing personal liability for lapses. To gain insight and demonstrate proactive leadership, independent cyber security audits have become indispensable. These audits not only aid in regulatory compliance but also uncover blind spots in the organisation's security measures. Recent regulations, such as by the US Securities and Exchange Commission (SEC) underscore the imperative for robust cyber security oversight at the board level. The audit process involves defining the scope, conducting assessments, validating findings through simulations, and presenting comprehensive reports to leadership. By embracing cyber security audits, boards can fulfil their duty of overseeing and enhancing the organisation's cyber resilience in an ever-evolving threat landscape.
Source: [Bloomberg Law]
Navigating Cyber Security in The Era of Mergers
In today's landscape of frequent mergers and acquisitions (M&A), organisations grapple with the challenge of aligning cyber security measures across subsidiaries, posing a risk to overall security. According to an IBM survey, over one in three executives attribute data breaches to M&A activity during integration. This complexity arises as security teams may lack insight into subsidiary infrastructure, hindering risk assessment and mitigation efforts. Historical incidents like the NotPetya attack on Merck and the Talk Talk hack highlight vulnerabilities post-acquisition, emphasising the need for a proactive approach to subsidiary cyber security. To address these challenges, organisations must conduct comprehensive risk assessments, standardise security protocols, foster collaboration, and consider unified security platforms. By proactively addressing visibility gaps and implementing standardised protocols, organisations can fortify their defences against evolving cyber threats amidst M&A activities.
Source: [Forbes]
Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm
According to a recent report, 76% of organisations were compromised by QR-code phishing in the last 12 months. Along with this, there has also been a rise in the number of sophisticated vishing attacks, with recent attacks costing organisations millions. The introduction of artificial intelligence has only added fuel to this fire already impacting security controls such as call-back procedures. With the tactics of phishing evolving, organisations need to ensure they are up-to-date and that employees are trained effectively to mitigate the risk of these.
Sources: [Help Net Security] [Dark Reading]
Governance, Risk and Compliance
Cyber Security skills gap and boardroom blindness invite hacker havoc | TechRadar
Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)
Navigating Cyber Security In The Era Of Mergers (forbes.com)
SMEs invest in tech opportunities but risk missing security safeguards (betanews.com)
Your tech tools won’t save you from cyber threats | TechRadar
The CISO Role Is Changing. Can CISOs Themselves Keep Up? (darkreading.com)
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
How enterprises can tackle risky cyber security behavior and improve workforce resilience | ITPro
Building a Security Culture of Shared Responsibility - Security Boulevard
MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense
Threats
Ransomware, Extortion and Destructive Attacks
Sophos: Remote ransomware attacks on SMBs increasing | TechTarget
UK government’s ransomware failings leave country ‘exposed and unprepared’ (therecord.media)
Understanding the multi-tiered impact of ransomware. (thecyberwire.com)
Ransomware tracker: The latest figures [March 2024] (therecord.media)
The effects of law enforcement takedowns on the ransomware landscape - Help Net Security
UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)
Businesses leaving their Kubernetes containers exposed to ransomware | TechRadar
StopCrypt: Most widely distributed ransomware now evades detection (bleepingcomputer.com)
Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica
Ransomware Victims
British Library’s legacy IT blamed for lengthy rebuild • The Register
British Library shares lessons from cyber attack | UKAuthority
Stanford University failed to detect intruders for 4 months • The Register
Stanford says data from 27,000 people leaked in September ransomware attack (therecord.media)
Law Firm Sues MSP Over Black Basta Ransomware Attack | MSSP Alert
Play ransomware group stole 65,000 Swiss government files • The Register
Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care (claimsjournal.com)
Nissan confirms ransomware attack exposed data of 100,000 people (bleepingcomputer.com)
Equilend warns employees their data was stolen by ransomware gang (bleepingcomputer.com)
Phishing & Email Based Attacks
Phishing Threats Rise as Malicious Actors Target Messaging Platforms - Security Boulevard
MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)
What is phishing? Examples, types, and techniques | CSO Online
Other Social Engineering
Sophisticated Vishing Campaigns Take World by Storm (darkreading.com)
Your tech tools won’t save you from cyber threats | TechRadar
Artificial Intelligence
AI Poses Extinction-Level Risk, State-Funded Report Says | TIME
Cyber crime underworld has removed all the guardrails on AI frontier
Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data (darkreading.com)
Cyber attackers are threatening businesses with AI, says Microsoft (qz.com)
Intelligence officials warn pace of innovation in AI threatens US | CyberScoop
How advances in AI are impacting business cyber security - Help Net Security
NCSC Blog - AI and cyber security: what you need to know (techuk.org)
4 types of prompt injection attacks and how they work | TechTarget
Former Google engineer charged with stealing AI trade secrets | TechTarget
How to craft a generative AI security policy that works | TechTarget
2FA/MFA
Malware
Keyloggers, spyware, and stealers dominate SMB malware detections - Help Net Security
SMBs are being hit with more malware attacks than ever, and many can't keep up | TechRadar
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)
Botnets: The uninvited guests that just won’t leave | CSO Online
Hackers using Weaponized PDF Files to Deliver Remcos RAT (cybersecuritynews.com)
RedLine malware top credential stealer of last 6 months | SC Media (scmagazine.com)
Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT (darkreading.com)
Mobile
Blog: Why Hackers Love Phones - Keep your Eye on the Device - Security Boulevard
SIM swappers hijacking phone numbers in eSIM attacks (bleepingcomputer.com)
PixPirate Android malware uses new tactic to hide on phones (bleepingcomputer.com)
Denial of Service/DoS/DDOS
French government sites disrupted by très grande DDOS • The Register
Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)
RIA: Estonia's state institutions hit by largest cyber attack to date | News | ERR
DDoS attacks reach critical levels in 14 seconds | Security Magazine
Internet of Things – IoT
Internet of Risks: Cyber Security Risk in the Internet of Things | UpGuard
Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors - Security Week
Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk (darkreading.com)
Chinese spies want to steal IP by backdooring safe locks • The Register
Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)
MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)
Data Breaches/Leaks
Data Breaches up 72% From Record High: Cyber Incident Readiness Must be Top of Mind | Epiq - JDSupra
Jersey regulator's data breach leaks names and addresses - BBC News
Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware (bleepingcomputer.com)
Okta denies it was hacked again after data appears on hacking site | TechRadar
Over 12 million auth secrets and keys leaked on GitHub in 2023 (bleepingcomputer.com)
French unemployment agency data breach impacts 43 million people (bleepingcomputer.com)
Organised Crime & Criminal Actors
How to Identify a Cyber Adversary: Standards of Proof (darkreading.com)
How to Identify a Cyber Adversary: What to Look For (darkreading.com)
Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)
Bitcoin Fog mixer operator convicted for laundering $400 million (bleepingcomputer.com)
US Seizes $1.4 Million in Cryptocurrency From Tech Scammers - Security Week
Insider Risk and Insider Threats
Insider threats can damage even the most secure organisations - Help Net Security
Your tech tools won’t save you from cyber threats | TechRadar
Former Google engineer charged with stealing AI trade secrets | TechTarget
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Building a Security Culture of Shared Responsibility - Security Boulevard
How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur
Insurance
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)
Supply Chain and Third Parties
Play ransomware group stole 65,000 Swiss government files • The Register
Industry: Act Now To Secure the Solutions You Offer the Military | AFCEA International
Cloud/SaaS
EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch
Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)
How Not to Become the Target of the Next Microsoft Hack (darkreading.com)
Cloud Account Attacks Surged 16-Fold in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)
Cloud security vs. network security: What's the difference? | TechTarget
Encryption
Linux and Open Source
How to Ensure Open Source Packages Are Not Landmines (darkreading.com)
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Russian Hackers Are Weaponizing Stolen Microsoft Passwords (claimsjournal.com)
Overcoming the threat of account takeover fraud (securitybrief.co.nz)
LastPass suffers worldwide outage causing site 404 error - 9to5Mac
Social Media
Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)
Meta sues “brazenly disloyal” former exec over stolen confidential docs | Ars Technica
TikTok Ban Raises Data Security, Control Questions (darkreading.com)
Training, Education and Awareness
Your tech tools won’t save you from cyber threats | TechRadar
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Regulations, Fines and Legislation
Everything you need to know about the EU's Cyber Solidarity Act | ITPro
The New Hacker Playbook: Weaponizing the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra
Models, Frameworks and Standards
4 Security Tips From PCI DSS 4.0 Anyone Can Use (darkreading.com)
Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)
Backup and Recovery
Data Protection
EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch
How do you lot feel about Pay or OK model, ICO asks Brits • The Register
Careers, Working in Cyber and Information Security
Half of firms struggling to hire cyber security experts (securitybrief.co.nz)
UK Council's Vision: Set High Standards in Cyber Security (govinfosecurity.com)
How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur
Cyber security skills gap and boardroom blindness invite hacker havoc | TechRadar
Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)
How To Overcome The Machismo Problem In Cyber Security (forbes.com)
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
TikTok Ban Raises Data Security, Control Questions (darkreading.com)
Lithuania security services warn of China's espionage against the country (securityaffairs.com)
Chinese Cyber Crime: Discretion Is the Better Part of Valor (databreachtoday.co.uk)
Chinese spies want to steal IP by backdooring safe locks • The Register
Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)
Russia
Microsoft says Russian hackers stole source code after spying on its executives - The Verge
Microsoft says Russian hackers breached its systems, accessed source code (bleepingcomputer.com)
Microsoft: Russians are using stolen information to breach company’s systems (therecord.media)
Microsoft says it hasn't been able to evict Russian state hackers | AP News
Kremlin accuses US of plotting election-day cyber attack • The Register
Major operation under way to identify source of Russian attack that 'jammed signals' on... - LBC
First-ever South Korean national detained for espionage in Russia (securityaffairs.com)
Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)
North Korea
Vulnerability Management
How to Streamline the Vulnerability Management Life Cycle - Security Boulevard
Researchers expose Microsoft SCCM misconfigs usable in cyber attacks (bleepingcomputer.com)
Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)
Vulnerabilities
Adobe Patches Critical Flaws in Enterprise Products - Security Week
Major CPU, Software Vendors Impacted by New GhostRace Attack - Security Week
Critical Fortinet flaw may impact 150,000 exposed devices (bleepingcomputer.com)
Fortinet Releases Security Updates for Multiple Products | CISA
SAP Patches Critical Command Injection Vulnerabilities - Security Week
Cisco addressed severe flaws in its Secure Client (securityaffairs.com)
5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw - Security Boulevard
New cyber crime crew Magnet Goblin caught exploiting Ivanti • The Register
Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory (darkreading.com)
Threat actors breached two crucial systems of the US CISA (securityaffairs.com)
Researchers found multiple flaws in ChatGPT plugins (securityaffairs.com)
Exploited Building Access System Vulnerability Patched 5 Years After Disclosure - Security Week
Tools and Controls
Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)
NSA's Zero-Trust Guidelines Focus on Segmentation (darkreading.com)
Expert Cyber Security Strategies For Protecting Remote Businesses (forbes.com)
Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Cloud security vs. network security: What's the difference? | TechTarget
Immutability: A boost to your security backup (betanews.com)
MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense
How teams can improve incident recovery time to minimize damages - Help Net Security
Reports Published in the Last Week
Other News
Finance sector facing huge amount of cyber attacks that could leave it on its knees | TechRadar
French state services hit by cyber attacks of 'unprecedented intensity' (france24.com)
Better Safe Than Sorry: Making Cyber Security a Priority | HealthLeaders Media
How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)
Pi Day: How Hackers Slice Through Security Solutions - Security Boulevard
78% of MSPs state cyber security is a prominent IT challenge | Security Magazine
No, 'Leave the World Behind' and 'Civil War' Aren’t Happening Before Your Eyes | WIRED
Maritime cyber security: threats and challenges - Port Technology International
What resources do small utilities need to defend against cyber attacks? | CyberScoop
10 free cyber security guides you might have missed - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 January 2024
Black Arrow Cyber Threat Intelligence Briefing 19 January 2024:
-World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
-Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
-Researcher Uncovers One of The Biggest Password Dumps in Recent History
-Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
-75% of Organisations Hit by Ransomware in 2023
-The Dangers of Quadruple Blow Ransomware Attacks
-Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
-It’s a New Year and a Good Time for a Cyber Security Checkup
-Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
-Cyber Threats Top Global Business Risk Concern for 2024
-Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
-With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
-Digital Resilience – a Step Up from Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.
The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.
Sources: [ITPro] [The Debrief]
Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.
However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.
Sources: [ITPro] [Law Society] [Security Brief] [Financial Times] [Infosecurity Magazine]
Researcher Uncovers One of The Biggest Password Dumps in Recent History
Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.
Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.
Source: [Ars Technica]
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.
Source: [Infosecurity Magazine]
75% of Organisations Hit by Ransomware in 2023
A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.
Source: [Infosecurity Magazine]
The Dangers of Quadruple Blow Ransomware Attacks
With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.
This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.
Source: [TechRadar]
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.
Source: [Infosecurity Magazine]
It’s a New Year and a Good Time for a Cyber Security Checkup
2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.
Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.
Source: [JDSupra]
Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.
In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.
Source: [The Hacker News]
Cyber Threats Top Global Business Risk Concern for 2024
Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.
Source: [Insurance Journal]
Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company. When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.
Source: [Quartz]
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.
Source: [Dark Reading]
Digital Resilience: a Step Up from Cyber Security
In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [CSO Online] [Financial Times]
Governance, Risk and Compliance
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Improving Supply Chain Security, Resiliency (informationweek.com)
Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
How to Recover After Failing a Cyber Security Audit - Security Boulevard
Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Security considerations during layoffs: Advice from an MSSP - Help Net Security
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
How to improve cyber resilience across your workforce (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)
3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)
Ransomware causes mental, physical trauma to security pros • The Register
The dangers of quadruple blow ransomware attacks | TechRadar
Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security
TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)
Ransomware negotiation: When cyber security meets crisis management - Help Net Security
Ransomware Victims
Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
British Library to share learning from cyber attack - Museums Association
British Library starts restoring services online after hack - BBC News
British cosmetics firm Lush confirms cyber attack (therecord.media)
Delay to Manx Care dental services after cyber attack - BBC News
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)
A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar
Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)
Phishing & Email Based Attacks
Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar
US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard
Artificial Intelligence
AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)
How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)
Adversaries exploit trends, target popular GenAI apps - Help Net Security
The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
2FA/MFA
Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Malware
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)
Data-theft malware exploits Windows Defender SmartScreen • The Register
MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
5 malware mistakes most people make while traveling and trying to charge (nypost.com)
Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)
Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar
JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard
$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Modernising print security for today’s working world | TechRadar
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Data Breaches/Leaks
Insufficient cyber security caused PSNI data breach (iapp.org)
Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Organised Crime & Criminal Actors
Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard
Illegal online casinos spread crypto-crime across Asia • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)
Illegal online casinos spread crypto-crime across Asia • The Register
Insider Risk and Insider Threats
Insurance
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)
Supply Chain and Third Parties
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
Improving Supply Chain Security, Resiliency (informationweek.com)
Cloud/SaaS
Insurance website's buggy API leaked Office 365 password • The Register
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
3 ways to combat rising OAuth SaaS attacks - Help Net Security
FBI: Beware of cloud-credential thieves building botnets • The Register
Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Researcher uncovers one of the biggest password dumps in recent history | Ars Technica
Insurance website's buggy API leaked Office 365 password • The Register
FBI: Beware of cloud-credential thieves building botnets • The Register
Social Media
Malvertising
Training, Education and Awareness
The right strategy for effective cyber security awareness - Help Net Security
Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard
How to improve cyber resilience across your workforce (ft.com)
Regulations, Fines and Legislation
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
IT consultant in Germany fined for exposing shoddy security • The Register
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK
Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard
Home improvement marketers dial up trouble from regulator • The Register
Models, Frameworks and Standards
10 cyber security frameworks you need to know about - Help Net Security
NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST
Backup and Recovery
Data Protection
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
Careers, Working in Cyber and Information Security
Ransomware causes mental, physical trauma to security pros • The Register
Protecting the protectors: combating stress in the cyber security industry | The Independent
Best practices to mitigate alert fatigue - Help Net Security
Universities not delivering the right skills for cyber security (betanews.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
Nation State Actors
China
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)
Russia
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)
Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)
Russia finds way around sanctions on battlefield tech: report – POLITICO
Moscow imports a third of battlefield tech from western companies (ft.com)
Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
CISA: Critical SharePoint vuln is under active exploitation • The Register
Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)
Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)
VMware Urges Customers to Patch Critical Aria Automation Vulnerability - SecurityWeek
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)
Two more Citrix NetScaler bugs exploited in the wild • The Register
Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Windows 10 security update requires some major changes - experts only need apply | TechRadar
GitLab Patches Critical Password Reset Vulnerability - SecurityWeek
Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek
Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)
New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)
Tools and Controls
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
Key elements for a successful cyber risk management strategy - Help Net Security
Preventing insider access from leaking to malicious actors - Help Net Security
Over 90 percent of organisations set to increase data protection spending (betanews.com)
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
Best practices to mitigate alert fatigue - Help Net Security
Modernising print security for today’s working world | TechRadar
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
Digital nomads amplify identity fraud risks - Help Net Security
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
The right strategy for effective cyber security awareness - Help Net Security
SOC-as-a-Service: The Five Must-Have Features - Security Boulevard
Other News
What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)
How news organisations became a prime target for cyber attacks (pressgazette.co.uk)
UK doubles spending on overseas cyber security projects (ft.com)
Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 January 2024
Black Arrow Cyber Threat Intelligence Briefing 12 January 2024:
-Boardrooms on Notice: Cyber Security Oversight More Important Than Ever
-Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023
-Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever
-Cyber Insecurity and Misinformation Top WEF Global Risk List
-Why Effective Cyber Security and Risk Management are Crucial for Business Growth
-The Cost of Dealing with a Cyber Attack Doubled Last Year
-Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved
-Mandiant, SEC Lose Control of X Accounts Without 2FA
-If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis
-82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year
-Cyber Security is the Number One Priority for the Financial Sector Again
-Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Boardrooms on Notice: Cyber Security Oversight More Important Than Ever
In 2023, the rise in security breaches and cyber attacks caused cyber security to transcend its usual confines and emerge as a critical boardroom concern, prompting executives to recognise the need for proactive engagement. The current landscape has necessitated executive decision-makers to proactively engage in cyber security, instead of just passively observing. It is no surprise that in a survey from KMPG of over 300 CEO’s, dealing with cyber risk was designated as the top priority for the foreseeable three to five years.
When a company faces a substantial fine or penalty from a breach, it serves two crucial purposes. Firstly, it sets a precedent for ensuring companies across the board understand the repercussions of lax cyber security measures and secondly, it pushes organisations towards proactive investment in robust cyber security frameworks. Many organisations are beginning to realise that the cost of a breach, both financial and reputational, far outweighs that of prevention. Furthermore, many frameworks are now placing the board as directly responsible.
Sources: [Lexology] [Security Brief]
Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023
Ransomware reported to the UK financial regulator in 2023 doubled, and the impact is clear. In a survey of CISOs based in the UK, one-third confessed to paying ransomware groups millions in recent years in a bid to alleviate the impact of an attack. The minimum ransom paid by UK businesses across a five year period stood at around $250,000, the study found. Ransomware is the dominant threat that continues to plague organisations, and it is important that your organisation is doing all it can to prevent such an attack, and has plans in place to recover when such an attack happens.
Sources: [Data Breaches] [UK mortgage news] [The Hacker News]
Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever
As organisations find themselves more and more reliant on digital technology than ever before, the impact of not having it becomes greater and greater. As reliance on these systems grows, the level of cyber threat grows as well. A recent report found 68% of those surveyed believed they would not survive more than a single day without their IT systems, up from 46% in 2017. The report found that 54% of organisations said they experienced some form of cyber attack last year, with ransomware cited as the most disruptive.
Source: [TechRadar]
Cyber Insecurity and Misinformation Top WEF Global Risk List
In the latest report by the World Economic Forum, misinformation and disinformation have emerged as the most severe global risk anticipated over the next two years, with the risk becoming more likely as elections in several economies take place this year. As artificial intelligence models become easier to use and more accessible to the general population, this will enable an explosion of false information and synthetic content such as cloned voices and fake websites.
Another top concern identified in the report is the risk of cyber attacks and cyber insecurities. Currently the production of AI technologies is highly concentrated; this creates a significant supply chain risk, as the reliance of one or two models could give rise to systemic cyber vulnerabilities, paralysing critical infrastructure.
Source: [Infosecurity Magazine]
Why Effective Cyber Security and Risk Management are Crucial for Business Growth
Technology has changed, enhanced and transformed how business is conducted. However, these new advancements such as cloud, IoT and AI have introduced a range of new cyber security risks. It is crucial for leaders to grasp the accompanying risks to ensure the safety of their organisations, customers and products. Given the inevitability of business risk, particularly cyber risk, leaders should focus on managing it by identifying mission-critical aspects of their organisation and then determining how best to protect them. The first step to a proactive approach to cyber security is to devise a robust and tailored cyber security strategy aligned to the organisation’s risk profile. This not only improves the safety and security of the organisation, but also the trust of its customers and products in an increasingly digital world.
Source: [World Economic Forum]
The Cost of Dealing with a Cyber Attack Doubled Last Year
New research by Dell claims that the cost of global cyber attacks reached a new high in 2023, topping out at $1.41 million per attack, up $660,000 from the previous year. It was found that almost half (48%) of UK based organisations reported suffering either a cyber attack or incident that prevented access to company data.
Over half of global respondents report that malicious links in spam or phishing emails, hacked devices, and stolen credentials are the most common entry points for cyber attacks.
Source: [TechRadar]
Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved
Merck’s long legal battle with its insurers over the damage caused by the infamous NotPetya attack has finally come to an end, with the Merck agreeing to settle with their insurer providers who had refused to pay $699 million of the $1.4 million that was claimed in damages.
The legal battle began when Merck, who did not have cyber insurance, had made a claim under its ‘all-risks’ coverage. In 2022, it was stated that the NotPetya attack “is not sufficiently linked to a military action or objective as it was a non-military cyber attack against an accounting software provider” and in May 2023, this decision was upheld, forcing the insurers to settle.
Source: [Security Week] [Dark Reading]
Mandiant, SEC Lose Control of X Accounts Without 2FA
While security teams are focused on preventing the gamut of different levels of cyber attack sophistication, it can be easy for even the sharpest teams to overlook the simple stuff. This was recently seen when Google’s cyber security operation, Mandiant, temporarily lost control of its account on X (formerly known as Twitter) due to not having two-factor authentication (2FA). A separate high-profile incident also occurred this week, as the US Securities and Exchange Commission (SEC) account on X was hijacked to post a fake announcement about bitcoin, raising its value by 5%.
In March of 2023, X changed the way multi-factor authentication (MFA) worked, so that only premium subscribers have access to it. The two high-profile attacks, which were due to accounts not having MFA, show that cyber criminals are taking advantage of these changes. These incidents serve as a clear reminder that organisations must prioritise even the most fundamental security practices, such as MFA, to protect their digital assets.
Further, the attack on the SEC has opened them to criticism from firms such as SolarWinds who the SEC had previously reprimanded for cyber security failures.
Source: [Dark Reading]
If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis
A question to ask is why, in the event of a data security incident, is there an overwhelming feeling that the company is doomed? Yet when there are other issues, such as internal investigations, the feeling is not as strong. For a lot of companies, these cyber incidents are the first time that their cyber response plan (if they have one at all) is enacted and it is this lack of preparation that causes such a feeling. Companies looking to increase their cyber resilience should look to have and regularly test a cyber incident response plan; you do not want to be in the position of having to learn your plan and deal with a cyber incident at the same time.
Source: [Help Net Security]
82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year
A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them according to a recent report. For many, the issue is caused by a lack of proper remediation solutions; this formed part of the reason why 87% of surveyed organisations reported plans to enhance vulnerability and exposure remediation within the next year. The need increases when considering last year there were more than 28,000 new vulnerabilities; that is the equivalent of nearly 80 every day.
Sources: [Infosecurity Magazine] [SecurityWeek]
Cyber Security is the Number One Priority for the Financial Sector Again
In Softcat's annual Business Tech Priorities Report, the financial sector's tech investments for the coming year have been unveiled. Notably, cyber security remains the top priority for the sector with 55% prioritising cyber security before anything else, reflecting the critical need to protect against the escalating threat landscape. It's important to understand that cyber security is not merely an IT problem; it is a business imperative. As consumers increasingly embrace digital banking, the impact of digitalisation on the financial sector is evident. With cyber incidents on the rise, investment in cyber security, including zero-trust security and AI threat hunting, is imperative for safeguarding not only data but the entire business.
Sources: [The Fintech Times] [Islamic Finance News]
Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’
In 2024, cyber crime marketplaces are expected to surge even more, transitioning every cyber threat further into the “as-a-service” model. The term “as-a-service” refers to the provision of specific functionalities or tools as a service, typically offered on a subscription or pay-as-you-go basis. This allows malicious actors with limited technical skills to launch sophisticated attacks. This trend was already being spotted at the end of 2023 as a report found that 73% of all internet traffic is currently composed of malicious bots and related fraud farm activities. This highlights the need for organisations to have accurate threat intelligence and analysis to understand the digital terrain ahead of these continued and expanding “as-a-service” threats.
Source: [Security Boulevard]
Governance, Risk and Compliance
If you prepare, a data security incident will not cause an existential crisis - Help Net Security
IFN – Cyber Security: Not an IT problem, but a business one (islamicfinancenews.com)
The cost of dealing with a cyber attack doubled last year | TechRadar
Board Priorities 2024: Cyber preparedness & resilience - Lexology
Boardrooms on notice: Cyber security oversight more important than ever (securitybrief.co.nz)
Why cyber security and risk management are crucial for growth | World Economic Forum (weforum.org)
How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard
The expanding scope of CISO duties in 2024 - Help Net Security
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
The Reality Of Cyber In 2024: What Dangers Do Businesses Face? - Minutehack
Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)
The power of basics in 2024's cyber security strategies - Help Net Security
Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)
Threats
Ransomware, Extortion and Destructive Attacks
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
British Library ransomware cyber attack ‘set to cost £7million’ (yahoo.com)
There is a Ransomware Armageddon Coming for Us All (thehackernews.com)
Ransomware victims targeted in follow-on extortion attacks • The Register
Swatting: The new normal in ransomware extortion tactics • The Register
Another top US mortgage firm hit by major cyber attack | TechRadar
Capital Health attack claimed by LockBit ransomware, risk of data leak (bleepingcomputer.com)
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Babuk ransomware decryptor updated with Tortilla support • The Register
"Security researcher" offers to delete data stolen by ransomware attackers - Help Net Security
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)
Finland warns of Akira ransomware wiping NAS and tape backup devices (bleepingcomputer.com)
Ransomware payment ban: Wrong idea at the wrong time • The Register
Ransomware Victims
In $1.4B coverage over cyber attack, Merck settles with insurers (fiercepharma.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
British Library says final cost of cyber attack is ‘not confirmed’ | Evening Standard
Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals - Neowin
Mortgage firm loanDepot cyber attack impacts IT systems, payment portal (bleepingcomputer.com)
Toronto Zoo: Ransomware attack had no impact on animal wellbeing (bleepingcomputer.com)
LockBit ransomware gang claims the attack on Capital Health (securityaffairs.com)
Fidelity National Financial says hackers stole data on 1.3 million customers | TechCrunch
HMG Healthcare Says Data Breach Impacts 40 Facilities - Security Week
Full reopening of Isle of Man dentist delayed by 'serious cyber attack' | iomtoday.co.im
Ransomware wrecks Paraguay’s largest telco (databreaches.net)
Phishing & Email Based Attacks
Uncovering the hidden dangers of email-based attacks - Help Net Security
Framework discloses data breach after accountant gets phished (bleepingcomputer.com)
Female cyber pros group targeted in phishing scam | IT Business
Artificial Intelligence
Adapting Security to Protect AI/ML Systems (darkreading.com)
NIST identifies AI cyber security vulnerabilities (iapp.org)
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week
Why Cyber Security Is Foundational To AI Safety (forbes.com)
FTC offers $25,000 prize for detecting AI-enabled voice cloning (bleepingcomputer.com)
The growing challenge of cyber risk in the age of synthetic media - Help Net Security
Securing AI systems against evasion, poisoning, and abuse - Help Net Security
Staying One Step Ahead of Hackers When It Comes to AI | WIRED
New AI tools spawn fears of greater 2024 election threats, survey finds - Nextgov/FCW
AI discovers that not every fingerprint is unique (techxplore.com)
VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)
2FA/MFA
Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
Malware
A new macOS backdoor could let hackers hijack your device without you knowing | TechRadar
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months (bleepingcomputer.com)
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)
SpectralBlur: New macOS Backdoor Threat from North Korean Hackers (thehackernews.com)
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)
Stuxnet: The malware that cost a billion dollars to develop? • Graham Cluley
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Linux devices are under attack by a never-before-seen worm | Ars Technica
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)
Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (thehackernews.com)
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)
Mobile
CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)
Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week
Internet of Things – IoT
Coming Soon to a Network Near You: More Shadow IoT - Security Week
The Connection Between Alaska Airlines, Blown Out Windows, and IoT Security - Security Boulevard
Surveyed drivers prefer low-tech cars over data-sharing ones • The Register
VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)
Data Breaches/Leaks
Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected - Security Week
Framework discloses data breach after accountant gets phished (bleepingcomputer.com)
2.2 billion records compromised by security incidents In Dec 2023 (itsecuritywire.com)
Texas-based care provider HMG Healthcare says hackers stole unencrypted patient data | TechCrunch
Midwives clinic takes nine months to deliver news of data breach (bitdefender.com)
Organised Crime & Criminal Actors
Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’ - Security Boulevard
Cyber Attacks Drain $1.84bn from Web3 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)
Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)
Move Over, APTs: Common Cyber Criminals Begin Critical Infrastructure Targeting (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
What Is Cryptojacking, and Why Is Higher Education Being Targeted? | EdTech Magazine
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)
Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)
Cryptocurrency community lost over $100 million last week (coinpaper.com)
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)
Child Abusers Are Getting Better at Using Crypto to Cover Their Tracks | WIRED
Insider Risk and Insider Threats
Insurance
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
2024 Cyber Insurance Requirements Predictions (trendmicro.com)
Supply Chain and Third Parties
Cloud/SaaS
SaaS cyber crime levels are expected to rise this year - Digital Journal
Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears - Security Week
Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)
Identity and Access Management
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
What is credential stuffing and how do you keep your accounts safe from it (engadget.com)
Social Media
Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Fake Recruiters Defraud Facebook Users via Remote Work Offers (darkreading.com)
Sexual assault in the metaverse investigated by British police • Graham Cluley
Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)
Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)
Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)
Coinbase Offers SEC Security Assistance After X Account Hack (beincrypto.com)
Malvertising
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)
Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)
Regulations, Fines and Legislation
US DOD’s CMMC 2.0 rules lift burdens on MSPs, manufacturers | CSO Online
SEC Speech on Cyber Security Disclosure | Paul Hastings LLP - JDSupra
What does the EU’s Cyber Security Regulation aim to achieve? (siliconrepublic.com)
SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)
SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)
Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)
Cyber Criminal Whistleblowers will Get Smarter - Security Boulevard
Ofcom poaches Big Tech staff in push to enforce new internet curbs (ft.com)
Cyber Security | UK Regulatory Outlook January 2024 - Osborne Clarke | Osborne Clarke
Models, Frameworks and Standards
NIST identifies AI cyber security vulnerabilities (iapp.org)
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)
Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
Nation State Actors
China
AI is helping US spies catch stealthy Chinese hacking ops, NSA official says | CyberScoop
Bribed US Navy sailor sold secrets to China for just $14k • The Register
China Claims It Caught a Foreign Consultant Spying for UK’s MI6 | TIME
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Security Week
Russia
Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)
Military briefing: Russia has the upper hand in electronic warfare with Ukraine (ft.com)
Russia's Sandworm blamed for Kyivstar telecom cyber attack • The Register
Ukraine is on the front lines of global cyber security - Atlantic Council
Iran
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)
Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)
Investigation on Stuxnet malware triggers doubt | SC Media (scmagazine.com)
North Korea
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)
South Korea's technological superiority challenged by North Korea's cyber attacks - The Korea Times
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies (thehackernews.com)
Turkish Hackers Target Microsoft SQL Servers in Americas, Europe - Security Week
Young Britons exposed to online radicalisation following Hamas attack - BBC News
Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)
Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)
CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)
Vulnerability Management
Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs - Security Week
Researchers develop technique to prevent software bugs - Help Net Security
Best Practices for Vulnerability Scanning: When and How Often to Perform - Security Boulevard
Vulnerabilities
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs (bleepingcomputer.com)
Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws (securityaffairs.com)
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security (darkreading.com)
Ivanti warns of Connect Secure zero-days exploited in attacks (bleepingcomputer.com)
Cisco Patches Critical Vulnerability in Unity Connection Product - Security Week
KyberSlash attacks put quantum encryption projects at risk (bleepingcomputer.com)
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Security Week
CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA
Attacks aimed at vulnerable Apache RocketMQ servers underway | SC Media (scmagazine.com)
Fortinet Releases Security Updates for FortiOS and FortiProxy | CISA
Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager (thehackernews.com)
Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Security Week
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week
CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack (thehackernews.com)
CISA Urges Patching of Exploited SharePoint Server Vulnerability - Security Week
Over 150k WordPress sites at takeover risk via vulnerable plugin (bleepingcomputer.com)
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) - Help Net Security
Tools and Controls
Why Red Teams Can't Answer Defenders' Most Important Questions (darkreading.com)
Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cyber Security - Security Week
Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)
APIs are increasingly becoming attractive targets - Help Net Security
Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center
Insufficient Internal Network Monitoring in Cyber Security - Security Boulevard
Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)
How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard
Embracing offensive cyber security tactics for defence against dynamic threats - Help Net Security
Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)
Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)
2024 Cyber Insurance Requirements Predictions (trendmicro.com)
Exposed Secrets are Everywhere. Here's How to Tackle Them (thehackernews.com)
Other News
SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)
SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)
Cyber Focused FBI Agents Deploy to Embassies Globally (darkreading.com)
A cyber attack hit the Beirut International Airport (securityaffairs.com)
Cyber attacks on Island ‘are mostly from Russia’ - Jersey Evening Post
Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center
Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)
Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)
It’s 2024. Time to Have Attribution Standards in Cyber Space - OODA Loop
Protecting Critical Infrastructure Means Getting Back to Basics (darkreading.com)
6 of the biggest threats banks faced in 2023 | American Banker
US to hospitals: Meet security standards or no federal money • The Register
Hospitals Must Treat Patient Data and Health With Equal Care (darkreading.com)
Cyber Security Risk Mitigation for Law Firms in 2024 | US Legal Support - JDSupra
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 March 2023
Black Arrow Cyber Briefing 03 March 2023:
-It’s Time to Evaluate Your Security Education Plan Amongst the Rise in Social Engineering Attacks
-Mobile Users are More Susceptible to Phishing Attacks
-Phishing as a Service Stimulates Cyber Crime
-Attacker Breakout Time Drops to Just 84 Minutes
-Attackers are Developing and Deploying Exploits Faster Than Ever
-Old Vulnerabilities are Haunting Organisations and Aiding Attackers
-Scams Drive Nearly $9bn Fraud Surge in 2022
-Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This
-Cyber Security in This Era of Polycrisis
-Russian Ransomware Projects Rebranded to Avoid Western Sanctions
-Ransomware Attacks Ravaged Big Names in February
-Firms Who Pay Ransom Subsidise New Attacks
-How the Ukraine War Opened a Fault Line in Cyber Crime
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
It’s Time to Evaluate Your Security Education Plan with the Rise in Social Engineering Attacks
Security provider Purplesec found 98% of attacks in 2022 involved an element of social engineering. Social engineering attacks can take many forms including phishing, smishing, vishing and quishing and it’s vital to educate your organisation on how to best prepare for these. Education plans should focusing on educating all levels of users, including those at the top. These plans should also be tested to allow organisations to assess where they are at and identify where they can improve.
Mobile Users are More Susceptible to Phishing Attacks
A report conducted by mobile security provider Lookout focused on the impact of mobile phishing. Some of the key findings from the report included that more than 50% of personal devices were exposed to a mobile phishing attack every quarter, the percentage of users falling for multiple mobile phishing links increasing and an increased targeting of highly regulated industries such as insurance, banking and financial services. It is likely that this has resulted from the increase in relaxed bring your own device (BYOD) policies.
Phishing as a Service Stimulates Cyber Crime
Phishing attacks are at an all-time high and the usage of Phishing as a Service (PaaS) opens this attack technique to virtually anyone. The sale of “phishing kits” and usage of artificial intelligence has further increased the availability of this attack technique. In response, organisations should look to improve their email security, cloud security and education programs for employees.
https://www.trendmicro.com/en_us/ciso/23/c/phishing-as-a-service-phaas.html
Attacker Breakout Time Drops to Just 84 Minutes
The average time it takes for a threat actor to move laterally from a compromised host within an organisation dropped 14% between 2012 and 2022 down to 84 minutes, according to a report by security provider Crowdstrike. With the reduction in time it takes a threat actor to move across systems, organisations have even less time to enact their incident response plans and contain breaches effectively, putting further pressure on the incident response team. By responding quickly, organisations can minimise the cost and damage of a breach. The report from Crowdstrike found that organisations were facing increasing difficulty in detecting suspicious activity as attackers are choosing to use valid organisation credentials rather than malware, to gain access to an organisation’s systems.
https://www.infosecurity-magazine.com/news/attacker-breakout-time-drops-just/
Attackers are Developing and Deploying Exploits Faster Than Ever
A report from security provider Rapid7 found that over 56% of vulnerabilities were exploited within seven days of public disclosure. Worryingly, the median time for exploitation in 2022 was just one day. The finding from the report highlights the need for organisations to not only conduct threat intelligence to be aware of vulnerabilities but to also look to employ patches where possible in a timely manner.
https://www.helpnetsecurity.com/2023/03/03/attackers-developing-deploying-exploits/
Old Vulnerabilities are Haunting Organisations and Aiding Attackers
Known vulnerabilities, vulnerabilities for which patches have already been made available, are one of the primary attack vectors for threat actors. Vulnerability management vendor Tenable found that the top exploited vulnerabilities were originally disclosed as far back as 2017 and organisations that had not applied these patches were at increased risks of attack.
https://www.helpnetsecurity.com/2023/03/03/known-exploitable-vulnerabilities/
Scams Drive Nearly $9bn Fraud Surge in 2022
Americans lost $8.8 billion to fraud last year, with imposter scams responsible for $2.8 billion of that amount, according to the Federal Trade Commission (FTC). Losses to business imposters were particularly damaging, climbing to $660 million from the previous year. Interestingly, the FTC found that younger people reported losing money to fraud the most often.
https://www.infosecurity-magazine.com/news/investment-scams-drive-9bn-in/
Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This
The World Economic Forum’s recent report found that 93% of cyber security leaders and 86% of business leaders think it is moderately or very likely that global geopolitical instability will lead to a catastrophic cyber event in the next two years. Reinforcing this, a report from (ISC)² found that 80% of business executives believe a weakening economy will increase cyber threats and a recession will only amplify this.
Cyber Security in this Era of Polycrisis
A year since Russia invaded Ukraine, the geopolitical context is increasingly tense and volatile. The world faces several major crises in what has been coined a 'polycrisis,' a cluster of global shocks with compounding effects. This, along with increasing geopolitical tensions causes a rise in risk from cyber attacks. In fact, the European Union Agency for Cyber Security (ENISA) recently issued an alert regarding actors conducting malicious cyber activities against businesses and governments in the European Union and findings from Google show a 300% increase in state-sponsored cyber attacks targeting users in NATO countries.
https://www.weforum.org/agenda/2023/02/cybersecurity-in-an-era-of-polycrisis/
Russian Ransomware Projects Rebranded to Avoid Western Sanctions
Research provider TRM labs found that some major Russian-linked ransomware crime gangs have rebranded their activities in 2022 to avoid sanctions. To strengthen their anonymity, two major ransomware crime gangs LockBit and Conti restructured their activities. Conti is reported to have restructured into three smaller groups named Black Besta, BlackByte, Karakurt. LockBit on the other hand launched LockBit 3.0, which is focused on monetary gain. Additionally, the report found that Russian-speaking darknet markets had amassed over $130 million in sales.
https://cryptopotato.com/russian-ransomware-projects-rebranded-to-avoid-western-sanctions-report/
Ransomware Attacks Ravaged Big Names in February
Despite the apparent slight drop in ransomware activity last month, several high profile targets of various industries were hit; this ranges from the likes of the US Marshal Service, retailer WH Smith, satellite provider Dish and many more. These attacks reinforce the concept that any organisation can be a victim, regardless of industry.
Firms Who Pay Ransoms Subsidise New Attacks
A report from security provider Trend Micro found that whilst only a relatively small number of ransomware victims pay their extorters, those that do pay are effectively funding 6-10 new attacks. The report also found that attackers are aware of which industries and countries pay ransoms more often, so organisations belonging to those industries and countries may find themselves an even more attractive target.
https://www.infosecurity-magazine.com/news/firms-pay-ransom-subsidise-10/
How the Ukraine War Opened a Fault Line in Cyber Crime
A report from threat intelligence provider Recorded Future has highlighted the impact that the Russian invasion of Ukraine has had on cyber. Recorded Future explain how a number of threat actor groups fled during the war and in addition to differing political views between groups, there has been a disruption to the cyber environment. In fact, Recorded Future found that Russian-language dark web marketplaces have taken a major hit and the prediction is that the epicentre of cyber crime may shift to English-speaking dark web forums, shops and marketplaces.
https://www.darkreading.com/analytics/ukraine-war-fault-line-cybercrime-forever
Threats
Ransomware, Extortion and Destructive Attacks
Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online
Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Ransomware Attacks: Don’t Let Your Guard Down - SecurityWeek
Ransomware attacks ravaged big names in February | TechTarget
Cyber Insurance Market Back From Brink After Onslaught of Ransomware Attacks (insurancejournal.com)
Royal Mail schools LockBit in leaked negotiation (malwarebytes.com)
'Ethical hacker' among ransomware suspects arrested • The Register
Wiper malware goes global, destructive attacks surge - Help Net Security
A Deep Dive into the Evolution of Ransomware Part 3 (trendmicro.com)
New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware (bleepingcomputer.com)
PureCrypter malware hits govt orgs with ransomware, info-stealers (bleepingcomputer.com)
Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain (thehackernews.com)
Dish Network confirms ransomware attack behind multi-day outage (bleepingcomputer.com)
US Marshals Ransomware Hit Is 'Major' Incident (darkreading.com)
The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)
Vice Society publishes data stolen during Vesuvius ransomware attack • Graham Cluley
US Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities (thehackernews.com)
Phishing & Email Based Attacks
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert
Phishing as a Service Stimulates Cyber crime (trendmicro.com)
BEC – Business Email Compromise
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Expert strategies for defending against multilingual email-based attacks - Help Net Security
Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan (darkreading.com)
The Top 5 New Social Engineering Attacks in 2023 - (ISC)² Blog (isc2.org)
How to Prevent Callback Phishing Attacks on Your Organization (bleepingcomputer.com)
2FA/MFA
Malware
RIG Exploit Kit still infects enterprise users via Internet Explorer (bleepingcomputer.com)
Exfiltrator-22 Post-Exploitation Toolkit Nips At Cobalt Strike's Heels (darkreading.com)
Malicious package flood on PyPI might be sign of new attacks to come | CSO Online
Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)
It's official: BlackLotus malware can bypass secure boot • The Register
Threat actors target law firms with GootLoader and SocGholish--Security Affairs
Mobile
Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert
Mobile Banking Trojans Surge, Doubling in Volume (darkreading.com)
Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News
Don't be fooled by a pretty icon, malicious apps hide in plain sight - Help Net Security
Denial of Service/DoS/DDOS
Data Breaches/Leaks
LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)
Stanford University discloses data breach affecting PhD applicants (bleepingcomputer.com)
Threat actors leak Activision employee data on hacking forum--Security Affairs
10 US states that suffered the most devastating data breaches in 2022 - Help Net Security
Australian orgs lodged 497 data breach notices in back half of 2022 - Security - iTnews
Hatch Bank discloses data breach after GoAnywhere MFT hack (bleepingcomputer.com)
GunAuction site was hacked and data of 565k accounts were exposed--Security Affairs
Chick-fil-A confirms accounts hacked in months-long "automated" attack (bleepingcomputer.com)
What GoDaddy's Years-Long Breach Means for Millions of Clients (darkreading.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptocurrency Bitcoin mining rig found in school crawlspace • The Register
Highly evasive cryptocurrency miner targets macOS--Security Affairs
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Investment Scams Drive $9bn Fraud Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)
FTC reveals alarming increase in scam activity, costing consumers billions - Help Net Security
Resecurity identified the investment scam network Digital Smoke - Help Net Security
Pig butchering scam explained: Everything you need to know (techtarget.com)
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
Third-party risks overwhelm traditional ERM setups - Help Net Security
Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
Software Supply Chain
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
SBOM is a 'massive galaxy of mess' for supply chain security • The Register
IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)
Cloud/SaaS
How to Tackle the Top SaaS Challenges of 2023 (thehackernews.com)
Cloud incident response: Frameworks and best practices | TechTarget
Security teams have no control over risky SaaS-to-SaaS connections - Help Net Security
It only takes one over-privileged identity to do major damage to a cloud - Help Net Security
SCARLETEEL hackers use advanced cloud skills to steal source code, data (bleepingcomputer.com)
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
Google Cloud Platform allows data exfiltration without a (forensic) trace - Help Net Security
What Happened in That Cyber attack? With Some Cloud Services, You May Never Know (darkreading.com)
New Report: Inside the High Risk of Third-Party SaaS Apps (darkreading.com)
Containers
Hybrid/Remote Working
Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)
How to work from home securely, the NSA way (malwarebytes.com)
Encryption
API
Open Source
Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)
Should organisations swear off open-source software altogether? | VentureBeat
IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek
Critical Vulnerabilities Allowed Booking.com Account Takeover - SecurityWeek
Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (darkreading.com)
Social Media
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO
TikTok answers three big cyber-security fears about the app - BBC News
Meta says $725M deal ends all Cambridge Analytica claims; one state disagrees | Ars Technica
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)
Cyber resilience in focus: EU act to set strict standards - Help Net Security
Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)
ML practitioners push for mandatory AI Bill of Rights - Help Net Security
Governance, Risk and Compliance
Third-party risks overwhelm traditional ERM setups - Help Net Security
CISOs Share Their 3 Top Challenges for Cybersecurity Management (darkreading.com)
The Importance of Recession-Proofing Security Operations (darkreading.com)
Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert
CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles - SecurityWeek
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Gartner Prediction: Nearly Half of Cybersecurity Pros Will Change Jobs by 2025 - MSSP Alert
Growing Demand For Skilled Cybersecurity Workforce In Digital Age (informationsecuritybuzz.com)
Partnering With a Cybersecurity Vendor Can Help You Recruit Top Talent - MSSP Alert
CISOs Are Stressed Out and It's Putting Companies at Risk (thehackernews.com)
Law Enforcement Action and Take Downs
'Ethical hacker' among ransomware suspects arrested • The Register
The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)
Privacy, Surveillance and Mass Monitoring
UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)
Press greets Home Office redraft of national security bill with scepticism | Media | The Guardian
The Air Force Is Now Using Facial Recognition Drones (gizmodo.com)
How dog tracker apps are snooping on humans, according to cyber security experts (telegraph.co.uk)
Artificial Intelligence
Generative AI Changes Everything We Know About Cyber attacks (darkreading.com)
ChatGPT is bringing advancements and challenges for cybersecurity - Help Net Security
How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)
ML practitioners push for mandatory AI Bill of Rights - Help Net Security
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)
How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)
Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)
CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
Russian charged with smuggling US counterintel tech • The Register
Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online
China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)
'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek
China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian
Nation State Actors
Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)
How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)
Hacker group defaces Russian websites to display the Kremlin on fire | TechCrunch
Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)
CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
Russian charged with smuggling US counterintel tech • The Register
Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online
EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO
China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)
'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek
China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian
TikTok answers three big cyber-security fears about the app - BBC News
Russia bans foreign messaging apps in government organisations (bleepingcomputer.com)
Chinese hackers use new custom backdoor to evade detection (bleepingcomputer.com)
Vulnerability Management
Vulnerabilities
A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica
Hackers are actively exploiting Zoho ManageEngine flaw-Security Affairs
All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million (searchenginejournal.com)
CISA warns of hackers exploiting ZK Java Framework RCE flaw (bleepingcomputer.com)
Cisco patches critical Web UI RCE flaw in multiple IP phones (bleepingcomputer.com)
Aruba Networks fixes six critical vulnerabilities in ArubaOS (bleepingcomputer.com)
Microsoft releases Windows security updates for Intel CPU flaws (bleepingcomputer.com)
Tools and Controls
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)
Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online
The Future of Network Security: Predictive Analytics and ML-Driven Solutions (thehackernews.com)
Microsoft announces automatic BEC, ransomware attack disruption capabilities - Help Net Security
How to use zero trust and IAM to defend against cyber attacks in an economic downturn | VentureBeat
Pentesting No Longer Driven by Regulatory Compliance, New Study Finds - MSSP Alert
Application Security vs. API Security: What is the difference? (thehackernews.com)
Accurately assessing the success of zero-trust initiatives | TechTarget
Other News
Attackers are developing and deploying exploits faster than ever - Help Net Security
Attacker Breakout Time Drops to Just 84 Minutes - Infosecurity Magazine (infosecurity-magazine.com)
Moving target defence must keep cyber attackers guessing - Help Net Security
Covert cyber attacks on the rise as attackers shift tactics for maximum impact - Help Net Security
Dormant accounts are a low-hanging fruit for attackers - Help Net Security
Dish Network goes offline after likely cyber attack, employees cut off (bleepingcomputer.com)
News Corp says state hackers were on its network for two years (bleepingcomputer.com)
UK won the Military Cyberwarfare exercise Defence Cyber Marvel-Security Affairs
To Safeguard Critical Infrastructure, Go Back to Basics (darkreading.com)
Feds accuse Google of destroying evidence in antitrust case • The Register
Microsoft recommending you scan more Exchange server files • The Register
CISA director urges tech sector to stop shipping unsafe products | CyberScoop
Developers can make a great extension of your security team - Help Net Security
2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots (thehackernews.com)
Uncovering the most pressing cybersecurity concerns for SMBs - Help Net Security
Wiz execs: Most overhyped security tool is technology itself • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 June 2022
Black Arrow Cyber Threat Briefing 10 June 2022
-Business Email Compromise (BEC) Attacks Have Risen 53% Year-Over-Year
-Ransomware Attacks Setting New Records
-Hackers Are Now Hiding Inside Networks for Longer. That's Not a Good Sign
-Paying Ransomware Paints Bigger Bullseye on Target’s Back
-Organisations Fix Only 1 in 10 Vulnerabilities Monthly
-Cyber Attack Surface "Spiralling Out of Control"
-Phishing Hits All-Time High in Q1 2022
-Ransomware's ROI Retreat Will Drive More BEC Attacks
-The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
-Why Smishing and Vishing Attempts Surged In 2021?
-Know Your Enemy! Learn How Cyber Crime Adversaries Get In…
-Small Businesses Struggle with an Increase in Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business Email Compromise (BEC) Attacks Have Risen 53% Year-Over-Year
Armorblox released a report which highlights the use of language-based attacks that bypass existing email security controls. The report uncovers how the continued increase in remote working has made critical business workflows even more vulnerable to new forms of email-based attacks, often resulting in financial fraud or credential theft.
Language-based attacks have become the new normal for business email compromise (BEC) with 74% of these attacks using language as the main attack vector.
Security teams spend a massive amount of time configuring rules and exceptions in their email security solutions to block impersonation emails – both for executives and other employees. Despite all of that manual work and rule writing, 70% of impersonation emails evaded email security controls.
https://www.helpnetsecurity.com/2022/06/06/language-based-attacks-email-video/
Ransomware Attacks Setting New Records
Zscaler released the findings of its annual ThreatLabz Ransomware Report, which revealed an 80 percent increase in ransomware attacks year-over-year.
In 2022, the most prevalent ransomware trends include double-extortion, supply chain attacks, ransomware-as-a-service, ransomware rebranding, and geo-political incited ransomware attacks. The report details which industries are being targeted the most by cyber criminals, explains the damage caused by double-extortion and supply chain attacks, and catalogues the most active ransomware groups operating today.
Modern ransomware attacks require a single successful asset compromise to gain initial entry, move laterally, and breach the entire environment, making legacy VPN and flat networks extremely vulnerable. Attackers are finding success exploiting weaknesses across businesses’ supply chains as well as critical vulnerabilities like Log4Shell, PrintNightmare, and others. And with ransomware-as-a-service available on the darkweb, more and more criminals are turning to ransomware, realising that the odds of receiving a big payday are high.
The tactics and scope of ransomware attacks have been steadily evolving, but the end goal continues to be a disruption of the target organisation and theft of sensitive information for the purposes of ransom. The size of the ransom often depends on the number of systems infected and the value of the data stolen: the higher the stakes, the higher the payment. In 2019, many ransomware groups updated their tactics to include data exfiltration, commonly referred to as a ‘double extortion’ ransomware.
https://www.helpnetsecurity.com/2022/06/07/ransomware-attacks-increase/
Hackers Are Now Hiding Inside Networks for Longer. That's Not a Good Sign
Cyber criminals are spending more time inside networks before they're discovered, and that's allowing them to do more damage.
The amount of time cyber criminal intruders are spending inside victims' networks is increasing, providing them with the ability to carry out higher complexity campaigns and more damaging cyber attacks.
According to analysis by cyber security researchers at Sophos, who examined incidents targeting organisations around the world and across a wide range of industry sectors, the median dwell time that cyber criminals spend inside compromised networks is now 15 days, up from 11 days the previous year.
Dwell time is the amount of time hackers are inside the network before they're discovered or before they leave – and being able to spend an increased amount of time inside a compromised network undetected means they're able to more carefully conduct malicious activity, such as monitoring users, stealing data or laying the foundations for a malware or ransomware attack.
Paying Ransomware Paints Bigger Bullseye on Target’s Back
Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.
Paying ransomware attackers doesn’t pay off and often paints a bigger target on a victim’s back. Eighty percent of ransomware victims that paid their attackers were hit a second time by the malware scourge.
New ransomware numbers come from a Cybereason’s April ransomware survey of 1,456 cyber security professionals. According to the gated report (registration required), victims that were successfully extorted were not only targeted a second time, but frequently data encrypted by criminals later became unusable during the decryption process because of corruption issues.
The fact that ransomware gangs strike so quickly a second and third time isn’t surprising, because they will try to profit in any possible way so why not hit the same company, demand a higher ransom, and get paid again?
https://threatpost.com/paying-ransomware-bullseye-back/179915/
Organisations Fix Only 1 in 10 Vulnerabilities Monthly
New research from SecurityScorecard features a couple of eye-popping “only” findings: Only 10 percent of vulnerabilities are remediated each month, and only 60 percent of companies have improved their security profile despite a 15-fold increase in the number of cyber incidents in the last three years.
That’s not good. The research, which sought to measure how long it took the 1.6 million organisations assessed to remediate vulnerabilities in the three-year period from 2019 to 2022, also found the following:
· 53% had at least one exposed vulnerability to the internet, while 22% of organisations amassed more than 1,000 vulnerabilities each, confirming more progress is required to protect organisations’ critical assets.
· The financial sector is among the slowest remediation rates (median to fix 50% = 426 days), while utilities ranked among the fastest (median = 270 days).
· Despite a 15-fold increase in exploitation activity for vulnerabilities with published exploit code, there was little evidence that organisations in the financial sector fixed exploited flaws faster.
· The IT sector (62.6%) and public sector (61.6%) had the highest prevalence of open vulnerabilities.
· The financial sector (48.6%) exhibited the lowest proportion of open vulnerabilities; however, there is less than a 10% difference between this and other sectors in terms of industries with the most open vulnerabilities.
· It typically takes organisations 12 months to remediate half of the vulnerabilities in their internet-facing infrastructure.
· When firms have fewer than 10 open vulnerabilities, it can take about a month to close just half of them, but when the list grows into the hundreds, it takes up to a year to reach the halfway point.
Cyber Attack Surface "Spiralling Out of Control"
Global organisations are still beset with cyber visibility and control challenges, with two-fifths (43%) admitting their digital attack surface is out of control as a result, according to new Trend Micro research.
The security vendor polled over 6200 IT and business decision-makers to compile its new study, ‘Mapping the digital attack surface: Why global organisations are struggling to manage cyber risk’.
It revealed that nearly three-quarters (73%) are concerned about the increasing size of their attack surface. Over a third (37%) said it is “constantly evolving and messy,” and just half (51%) thought they were able to fully define its extent.
These visibility challenges are greatest in cloud environments, although problems persist across the board. The report highlights complex supply chains, tool bloat and home working-driven shadow IT as additional contributory factors.
On average, respondents estimated having just 62% visibility of their attack surface.
https://www.infosecurity-magazine.com/news/cyberattack-surface-out-of-control/
Phishing Hits All-Time High in Q1 2022
The first quarter of 2022 saw phishing attacks hit a record high, topping one million for the first time, according to data from the Anti Phishing Working Group (APWG).
The industry, law enforcement and government coalition’s new Phishing Activity Trends Report also revealed that March was the worst month on record for phishing, with 384,291 attacks detected.
The financial sector was the worst hit, accounting for 24% of all detected attacks, although webmail and SaaS providers were also popular targets.
Attacks spoofing retailers dropped 17% from the previous quarter to 15% following the busy holiday shopping season, while those against social media services rose significantly, from nearly 9% percent of all attacks to 13% over the same period.
https://www.infosecurity-magazine.com/news/phishing-hits-all-time-high-q1/
Ransomware's ROI Retreat Will Drive More BEC Attacks
Law enforcement crackdowns, tighter cryptocurrency regulations, and ransomware-as-a-service (RaaS) operator shutdowns are driving down the return on investment for ransomware operations across the globe.
A presentation at the RSA Conference last week laid out analysis of the ransomware threat landscape, predicting that there will be a pivot from ransomware toward renewed interest in basic business email compromise (BEC) attacks in the next 6 to 12 months.
Ransomware attacks grab headlines and have been supercharged by a few prolific RaaS operators, but crackdowns on just one group can make an enormous dent.
Ransomware is a centralised ecosystem with small numbers of operators responsible for the majority of attacks.
The recent disappearance of Pysa, left just two groups, Conti and Lockbit, with more than 50% of the share of the total ransomware attacks in the first half of 2022. BEC groups, on the other hand, are diffuse and scattered, making them much harder to eradicate.
Although they're not as quick to make the headlines, BEC attacks have cost business more than $43 billion since 2016, according to the FBI, and make up $1 out of every $3 lost to cyber attacks, far outpacing ransomware losses.
Ransomware has had a moment over the past couple of years, in part because once threat actors were able to abandon arcane wire transfers to collect ransoms and rely on cryptocurrency, caps on transactions were lifted and it became simple to collect much larger amounts. But new crypto regulations are chilling the ability of these cyber criminals to rely on its infrastructure to do business, adding "friction" to the transactions.
BEC attacks, by comparison, rely on social engineering to corrupt a business's financial supply chain to get employees to willingly part with the cash, making them exponentially harder to track and stop.
The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber attacks not only can affect customers’ data, but they can impact service delivery.
Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).
Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.
For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.
Why Smishing and Vishing Attempts Surged In 2021
In The Human Factor Report 2022, security vendor Proofpoint found that SMS phishing (smishing) attacks more than doubled year-on-year in 2021. The report is based on their analysis of over 2.6 billion email messages, 49 billion URLs, 1.9 billion attachments, 28 million cloud accounts and 1.7 billion mobile messages.
The study details the most common attack surfaces and methods including categories of risk, vulnerabilities, attacks, Russian Aligned APT’s, and Privilege as a vector.
Key Findings:
Managers and executives make up only 10% of users, but almost 50% of the most severe attack risk
Attackers attempt to initiate more than 100,000 telephone-oriented attacks every day.
Malicious URLS are 3-4x more common than malicious attachments.
Smishing attempts more than doubled in the US over the year, while in the UK over 50% of lures are themed around delivery notification.
More than 20 million messages attempted to deliver malware linked to eventual ransomware attack
Data loss prevention alerts have stabilised as businesses adopt permanent hybrid work models.
80% of businesses are attacked by a compromised supplier account in any given month.
35% of cloud tenants that received a suspicious login also saw suspicious post-access activity.
Know Your Enemy! Learn How Cyber Crime Adversaries Get In…
Cyber security vendor Sophos dug into the incident reports of 144 real-life cyber attacks investigated by its Rapid Response team during 2021.
What they found might not surprise you, but it’s vital information nevertheless, because it’s what really happened, not merely what might have.
Notably:
Unpatched vulnerabilities were the entry point for close to 50% of the attackers.
Attackers stuck around for more than a month on average when ransomware wasn’t their primary goal.
Attackers were known to have stolen data in about 40% of incidents. (Not all data thefts can be proved, of course, given that there isn’t a gaping hole where your copy of the data used to be, so the true number could be much higher.)
RDP was abused to circumnavigate the network by more than 80% of attackers once they’d broken in.
Intriguingly, if perhaps unsurprisingly, the smaller the organisation, the longer the crooks had generally been in the network before anyone noticed and decided it was time to kick them out.
In businesses with 250 staff and below, the crooks stuck around (in the jargon, this is known by the quaintly archaic automotive metaphor of dwell time) for more than seven weeks on average.
This compared with an average dwell time of just under three weeks for organisations with more than 3000 employees.
As you can imagine, however, ransomware criminals typically stayed hidden for much shorter periods (just under two weeks, instead of just over a month), not least because ransomware attacks are inherently self-limiting.
After all, once ransomware crooks have scrambled all your data, they’re out of hiding and straight into their in-your-face blackmail phase.
https://nakedsecurity.sophos.com/2022/06/07/know-your-enemy-learn-how-cybercrime-adversaries-get-in/
Small Businesses Struggle with an Increase in Cyber Attacks
Part of the problem: They don’t believe they are targets, so they don’t make security a priority. Cyber attacks are becoming more common for small businesses, and many aren’t prepared to deal with an attack.
As small businesses have accelerated their adoption of new technologies for remote work, communication, production and sales during the pandemic, their expanded computer networks have created new vulnerabilities to phishing and ransomware attacks. But many small businesses still don’t expect to be targeted by hackers, so preparing for a cyber attack is well down their list of priorities.
https://www.wsj.com/articles/small-business-cyberattacks-increase-11654540786
Threats
Ransomware
Ransomware attacks have increased by 80% year-over-year - Help Net Security
How the Russia-Ukraine war makes ransomware payments harder | CSO Online
How Poor Communication Opens the Door to Ransomware and Extortion (darkreading.com)
Cuba ransomware returns to extorting victims with updated encryptor (bleepingcomputer.com)
Vice Society gang adds the Italian City of Palermo to its data leak site - Security Affairs
Qbot - known channel for ransomware - delivered via phishing and Follina exploit - Help Net Security
Black Basta Ransomware Targets ESXi Servers in Active Campaign (darkreading.com)
Mandiant: Cyber extortion schemes increasing pressure to pay (techtarget.com)
Roblox Game Pass store used to sell ransomware decryptor (bleepingcomputer.com)
Costa Rican government held up by ransomware … again • The Register
BEEF ALERT: Ransomware Group Very Mad at Being Associated with Lavish Russian Hackers (vice.com)
Ransomware Pressure Forcing UK CISOs to Consider Quitting - Infosecurity Magazine
BEC – Business Email Compromise
Phishing & Email Based Attacks
Evasive phishing mixes reverse tunnels and URL shortening services (bleepingcomputer.com)
Proofpoint: We Block Up to Two Million Extortion Emails Daily - Infosecurity Magazine
Massive Facebook Messenger phishing operation generates millions (bleepingcomputer.com)
Facebook phishing campaign nets millions in IDs and cash • The Register
Other Social Engineering
Malware
Symantec sees more malware operators exploiting Follina • The Register
Potent Emotet Variant Spreads Via Stolen Email Credentials | Threatpost
Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry (darkreading.com)
This advanced new malware strain leaves you practically defenceless | TechRadar
MacOS malware attacks slipping through the cracks (techtarget.com)
11 infamous malware attacks: The first and the worst | CSO Online
9 types of computer virus and how they do their dirty work | CSO Online
Mobile
IoT
New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing (thehackernews.com)
How to Compromise a Printer in Three Simple Steps | CrowdStrike
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users (thehackernews.com)
7 NFT Scams That Could Be Targeting Your Brand (darkreading.com)
Hackers stole +$250,000 in Ethereum from Bored Ape Yacht ClubSecurity Affairs
Fraud, Scams & Financial Crime
Pandemic-related identity fraud: How serious is it? - Help Net Security
Apple Release 2021 Fraud Prevention Analysis- IT Security Guru
AML/CFT/Sanctions
Insurance
Dark Web
Software Supply Chain
82% of CIOs believe their software supply chains are vulnerable - Help Net Security
Boards, CEOs demand software supply chain security improvements - Help Net Security
Denial of Service DoS/DDoS
Cloud/SaaS
Cloud Security Tops Ransomware As Primary RSA Conference Attendee Concern - MSSP Alert
Only 13.5% of IT pros have mastered security in the cloud native space - Help Net Security
OMIGOD: Cloud providers still using secret middleware • The Register
Attack Surface Management
Open Source
Privacy
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones (thehackernews.com)
New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing (thehackernews.com)
Parental Controls and Child Safety
Law Enforcement Action and Take Downs
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
“Cyber Spetsnaz” is Attacking Government Agencies - Security Affairs
Russian Ministry Website Reportedly Hacked- IT Security Guru
Ordinary Ukrainians wage war with digital tools and drones | Financial Times (ft.com)
Ukraine's secret cyber-defence: Excellent backups • The Register
Major DDoS attacks increasing after invasion of Ukraine (techtarget.com)
Nation State Actors
Nation State Actors – Russia
Russia escalates threats against West in response to cyber attacks - CyberScoop
Russia, China, oppose US cyber support of Ukraine • The Register
Nation State Actors – China
Russia, China, oppose US cyber support of Ukraine • The Register
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade (bleepingcomputer.com)
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA
US: Chinese govt hackers breached telcos to snoop on network traffic (bleepingcomputer.com)
Nation State Actors – Iran
Microsoft seized 41 domains used by Iran-linked Bohrium APT - Security Affairs
Iranian hackers target energy sector with new DNS backdoor (bleepingcomputer.com)
Nation State Actors – Misc APT
Vulnerability Management
Vulnerabilities
Windows zero-day exploited in US local govt phishing attacks (bleepingcomputer.com)
DogWalk zero-day Windows bug receives patch - but not from Microsoft (bitdefender.com)
Chrome 102 Update Patches High-Severity Vulnerabilities | SecurityWeek.Com
NSA, FBI warning: Hackers are using these flaws to target VPNs and network devices | ZDNet
Ubuntu Users Get a Massive Linux Kernel Update, 35 Security Vulnerabilities Patched - 9to5Linux
Critical U-Boot Vulnerability Allows Rooting of Embedded Systems | SecurityWeek.Com
Sector Specific
Financial Services Sector
Telecoms
US: Chinese govt hackers breached telcos to snoop on network traffic (bleepingcomputer.com)
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA
Health/Medical/Pharma Sector
Healthcare-specific cyber security problems and how to address them - Help Net Security
Data for 2 million patients stolen in largest healthcare breach so far of 2022 (scmagazine.com)
Retail/eCommerce
Energy & Utilities
Iranian hackers target energy sector with new DNS backdoor (bleepingcomputer.com)
US Water Utilities Prime Cyber Attack Target, Experts | Threatpost
Education and Academia
Reports Published in the Last Week
Other News
This hacking group quietly spied on their targets for 10 years | ZDNet
Identity-based Attacks and Living-of-the-land Tactics Represent Top Threats - MSSP Alert
Over Half of CISOs Struggling for Board Investment - Infosecurity Magazine
Cisco EVP: Cyber security poverty line is human-rights issue • The Register
Top three most critical areas of web security - Help Net Security
How the Colonial Pipeline attack has changed cyber security | CSO Online
Five Eyes alliance’s top cop: tech is the future of Policing • The Register
An Emerging Threat: Attacking 5G Via Network Slices (darkreading.com)
How AI Is Useful — and Not Useful — for Cyber security (darkreading.com)
Only 43% of security pros can respond to critical alerts in less than an hour - Help Net Security
Now Is the Time to Plan for Post-Quantum Cryptography (darkreading.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 January 2022
Black Arrow Cyber Threat Briefing 21 January 2022
-Cyber Risks Top Worldwide Business Concerns In 2022
-Bosses Think That Security Is Taken Care Of: CISOs Aren't So Sure
-Fraud Is On the Rise, and It's Going to Get Worse
-Two-Fifths of Ransomware Victims Still Paying Up
-Less Than a Fifth of Cyber Leaders Feel Confident Their Organisation is Cyber-Resilient
-Endpoint Malware And Ransomware Detections Hit All-Time High
-End Users Remain Organisations' Biggest Security Risk
-Supply Chain Disruptions Rose In 2021
-Red Cross Begs Attackers Not to Leak Stolen Data for 515K People
-DHL Dethrones Microsoft As Most Imitated Brand In Phishing Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Risks Top Worldwide Business Concerns In 2022
Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the COVID-19 pandemic, all of which have heavily affected firms in the past year.
Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey’s history (44% of responses), Business interruption drops to a close second (42%) and Natural catastrophes ranks third (25%), up from sixth in 2021. Climate change climbs to its highest-ever ranking of sixth (17%, up from ninth), while Pandemic outbreak drops to fourth (22%).
The annual survey incorporates the views of 2,650 experts in 89 countries and territories, including CEOs, risk managers, brokers and insurance experts. View the full global and country risk rankings.
https://www.helpnetsecurity.com/2022/01/20/cyber-concern-2022/
Bosses Think That Security Is Taken Care Of: CISOs Aren't So Sure
The World Economic Forum warns about a significant gap in understanding between C-suites and information security staff - but it's possible to close the gap.
Organisations could find themselves at risk from cyberattacks because of a significant gap between the views of their own security experts and the boardroom.
The World Economic Forum's new report, The Global Cyber Security Outlook 2022, warns there are big discrepancies between bosses and information security personnel when it comes to the state of cyber resilience within organisations.
According to the paper, 92% of business executives surveyed agree that cyber resilience is integrated into enterprise risk management strategies – or in other words, protecting the organisation against falling victim to a cyberattack, or mitigating the incident so it doesn't result in significant disruption.
However, only 55% of security-focused executives believe that cyber resilience is integrated into risk management strategies – indicating a significant divide in attitudes to cyber security.
This gap can leave organisations vulnerable to cyberattacks, because boardrooms believe enough has been done in order to mitigate threats, while in reality there could be unconsidered vulnerabilities or extra measures put in place.
Fraud Is On the Rise, and It's Going to Get Worse
The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud.
As more daily activities — work, education, shopping, and entertainment — shift online, fraud is also on the rise. A trio of recent reports paint a bleak picture, highlighting concerns that companies are experiencing increasing losses from fraud and that the situation will get worse over the coming year.
In KPMG's survey of senior risk executives, 67% say their companies have experienced external fraud in the past 12 months, and 38% expect the risk of fraud committed by external perpetrators to somewhat increase in the next year. External fraud, which includes credit card fraud and identity theft, is specifically referring to incidents perpetuated by individuals outside the company. For most of these respondents, there was a financial impact: Forty-two percent say their organisations experienced 0.5% to 1% of loss as a result of fraud and cybercrime.
https://www.darkreading.com/edge-articles/fraud-is-on-the-rise-and-its-going-to-get-worse
Two-Fifths of Ransomware Victims Still Paying Up
Two-fifths (39%) of ransomware victims paid their extorters over the past three years, with the majority of these spending at least $100,000, according to new Anomali research.
The security vendor hired The Harris Poll to complete its Cyber Resiliency Survey – interviewing 800 security decision-makers in the US, Canada, the UK, Australia, Singapore, Hong Kong, India, New Zealand, the UAE, Mexico and Brazil.
Some 87% said their organisation had been the victim of a successful attack resulting in damage, disruption, or a breach since 2019. However, 83% said they’d experienced more attacks since the start of the pandemic.
Over half (52%) were ransomware victims, with 39% paying up. Of these, 58% gave their attackers between $100,000 and $1m, while 7% handed over more than $1m.
https://www.infosecurity-magazine.com/news/two-fifths-ransomware-victims/
Less Than a Fifth of Cyber Leaders Feel Confident Their Organisation is Cyber-Resilient
Less than one-fifth (17%) of cyber leaders feel confident that their organisations are cyber-resilient, according to the World Economic Forum (WEF)’s inaugural Global Cyber Security Outlook 2022 report.
The study, written in collaboration with Accenture, revealed there is a wide perception gap between business executives and security leaders on the issue of cyber security. For example, 92% of businesses believe cyber-resilience is integrated into their enterprise risk-management strategies, compared to just 55% of cyber leaders.
This difference in attitude appears to be having worrying consequences. The WEF said that many security leaders feel that they are not consulted in security decisions, and only 68% believe cyber-resilience forms a major part of their organisation’s overall corporate risk management.
In addition, over half (59%) of all cyber leaders admitted they would find it challenging to respond to a cyber security incident due to a shortage of skills within their team.
Supply chain security was another major concern among cyber leaders, with almost nine in 10 (88%) viewing SMEs as a key threat to supply chains.
Interestingly, 59% of cyber leaders said cyber-resilience and cyber security are synonymous, with the differences not well understood.
https://www.infosecurity-magazine.com/news/cyber-leaders-organisation/
Endpoint Malware And Ransomware Detections Hit All-Time High
Endpoint malware and ransomware detections surpassed the total volume seen in 2020 by the end of Q3 2021, according to researchers at the WatchGuard Threat Lab. In its latest report, WatchGuard also highlights that a significant percentage of malware continues to arrive over encrypted connections.
While zero-day malware increased by just 3% to 67.2% in Q3 2021, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. Data shows that many organisations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks.
https://www.helpnetsecurity.com/2022/01/20/endpoint-malware-ransomware-detections-q3-2021/
End Users Remain Organisations' Biggest Security Risk
With the rapid adoption of hybrid working environments and increased attacks, IT and security professionals worry that future data breaches will most likely be the result of end users who are negligent of or break security policy, according to a recent Dark Reading survey. The percentage of respondents in Dark Reading's 2021 Strategic Security Survey who perceive users breaking policy as the biggest risk fell slightly, however, from 51% in 2020 to 48% in 2021. Other potential issues involving end users showed improvements as well, with social engineering falling in concern from 20% to 15% and remote work worries halving from 26% to 13%.
While this trend is positive, it's unclear where the increased confidence comes from, since more people now report ineffective end-user security awareness training (11%, to 2020's 7%).
Respondents shared their heightened concern about well-funded attacks. In 2021, 25% predicted an attack targeted at their organisations (a rise from 2020, when 20% said the same), and fear of a nation-state-sponsored action rose to 16% from 9% the year before. Yet only 16% reported sophisticated, automated malware as a top concern, a 10% drop from 2020, and fear of a gap between security and IT advances only merited 9%. A tiny 3% worried that their security tools wouldn't work well together, dropping from the previous year's 10%.
Supply Chain Disruptions Rose In 2021
56% of businesses experienced more supply chain disruptions in 2021 than 2020, a Hubs report reveals.
Last year was marked by a number of challenges, including computer chip shortages, port congestion, the ongoing impacts of COVID-19, logistics impediments, and energy crises, though with every hurdle faced, solutions are being sought. It is increasingly clear that while certain risks are hard to anticipate and difficult to plan for, it is possible to mitigate the effects of supply chain disruptions by establishing a robust and agile supply chain.
Over 98% of global companies are now planning to boost the resilience of their manufacturing supply chains, however, 37% have yet to implement any measures. As businesses develop long term strategies, over 57% of companies say diversification of their supply chains is the most effective way of building resilience. This report explores last year’s most disruptive events, how disruptions have changed over time, industry trends and strategies for strengthening manufacturing supply chains.
https://www.helpnetsecurity.com/2022/01/19/supply-chain-disruptions-2021/
Red Cross Begs Attackers Not to Leak Stolen Data for 515K People
A cyber attack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. UPDATE: The ICRC says it’s open to confidentially communicating with the attacker.
The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ “highly vulnerable” people. The data was stolen from a program used to reunite family members split apart by war, disaster or migration.
“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Robert Mardini, the director general of the International Committee for the Red Cross (ICRC), said in a release on Wednesday. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”
https://threatpost.com/red-cross-begs-attackers-not-to-leak-515k-peoples-stolen-data/177799/
DHL Dethrones Microsoft As Most Imitated Brand In Phishing Attacks
DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth.
This isn't surprising considering that the final quarter of every year includes the Black Friday, Cyber Monday, and Christmas shopping season, so phishing lures based on package deliveries naturally increase.
DHL is an international package delivery and express mail service, delivering over 1.6 billion parcels per year.
As such, phishing campaigns impersonating the brand have good chances of reaching people who are waiting for a DHL package to arrive during the holiday season.
The specific lures range from a package that is stuck at customs and requires action for clearance to supposed tracking numbers that hide inside document attachments or embedded links.
Threats
Ransomware
New White Rabbit Ransomware Linked To FIN8 Hacking Group (bleepingcomputer.com)
Conti Ransomware Gang Started Leaking Files Stolen From Bank Indonesia - Security Affairs
This New Ransomware Comes With A Small But Dangerous Payload | ZDNet
FBI Warning: This New Ransomware Makes Demands Of Up To $500,000 | ZDNet
Experts Warn Of Attacks Using A New Linux Variant Of SFile Ransomware - Security Affairs
SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack | Threatpost
FBI Warns Organisations of Diavol Ransomware Attacks | SecurityWeek.Com
Marketing Giant RRD Confirms Data Theft In Conti Ransomware Attack (bleepingcomputer.com)
After Ransomware Arrests, Some Dark Web Criminals Are Getting Worried | ZDNet
BEC – Business Email Compromise
Phishing
Phishing Impersonates Shipping Giant Maersk To Push STRRAT Malware (bleepingcomputer.com)
#COVID19 Phishing Emails Surge 500% on Omicron Concerns - Infosecurity Magazine
Financially Motivated Earth Lusca Threat Actors Targets Orgs Worldwide - Security Affairs
Malware
Microsoft Details Recent Damaging Malware Attacks on Ukrainian Organisations (darkreading.com)
Custom-Written Malware Discovered Across Windows, MacOS, And Linux Systems | TechSpot
Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica
Ukraine: Wiper Malware Masquerading As Ransomware Hits Government Organisations - Help Net Security
Linux Malware Is On The Rise. Here Are Three Top Threats Right Now | ZDNet
Malware That Can Survive OS Reinstalls Strikes Again, Likely for Cyber Espionage | PCMag
New MoonBounce UEFI Malware Used By Apt41 In Targeted Attacks (bleepingcomputer.com)
Data Breaches/Leaks
Exposed Records Exceeded 40 Billion In 2021 - Help Net Security
European Regulators Hand Out €1.1bn in GDPR Fines - Infosecurity Magazine
Organised Crime & Criminal Actors
Financially Motivated Earth Lusca Threat Actors Targets Orgs Worldwide - Security Affairs
A Hacker Is Negotiating With Victims on the Blockchain After $1.4M Heist (vice.com)
FBI & European Police Take Down Computer Servers Used In Major Cyberattacks Worldwide - CNNPolitics
Europol Shuts Down VPNLab, Cyber Criminals' Favourite VPN Service (thehackernews.com)
Cryptocurrency/Cryptomining/Cryptojacking
Cyber Criminals Actively Target VMware vSphere with Cryptominers | Threatpost
New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets (thehackernews.com)
Cheap Malware Is Behind A Rise In Attacks On Cryptocurrency Wallets | ZDNet
Insider Risk and Insider Threats
Research: Why Employees Violate Cyber Security Policies (hbr.org)
What CISOs Can Learn About Insider Threats From Iran's Human Espionage Tactics | CSO Online
Fraud, Scams & Financial Crime
How Buy Now, Pay Later Is Being Targeted By Fraudsters - Help Net Security
Romance Scammer Who Targeted 670 Women Gets 28 Months In Jail – Naked Security (sophos.com)
Insurance
CNI, OT, ICS, IIoT and SCADA
UK Mulls Making MSPs Subject To Mandatory Security Standards • The Register
‘Anomalous’ Spyware Stealing Credentials In Industrial Firms (bleepingcomputer.com)
European Union Simulated A Cyber Attack On A Fictitious Finnish Power Company - Security Affairs
Nation State Actors
Ukraine Cyber Attack Timeline: Microsoft, CISA, White House and Kyiv Statements - MSSP Alert
Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks (thehackernews.com)
Security Scanners Across Europe Tied To China Govt, Military | AP News
Cloud
Privacy
Passwords & Credential Stuffing
Your Keyboard Walking Password Isn’t Complex Or Secure – Review Geek
Box Flaw Allowed To Bypass MFA And Takeover Accounts - Security Affairs
Spyware, Espionage & Cyber Warfare
Vulnerabilities
CISA Adds 13 Exploited Vulnerabilities To List, 9 with Feb. 1 Remediation Date | ZDNet
High-Severity Vulnerabilities Patched in McAfee Enterprise Product | SecurityWeek.Com
Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM (thehackernews.com)
A bug in McAfee Agent allows to run code with SYSTEM privileges - Security Affairs
Zoho Fixes A Critical Vulnerability (CVE-2021-44757) in Desktop Central - Security Affairs
Ubuntu Patch For Heap Buffer Overflow Vulnerability • The Register
Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers (thehackernews.com)
Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks (thehackernews.com)
F5 Patches Two Dozen Vulnerabilities in BIG-IP | SecurityWeek.Com
McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges | Threatpost
Oracle Critical Patch Update for January 2022 will fix 483 new flaws - Security Affairs
20K WordPress Sites Exposed by Insecure Plugin REST-API | Threatpost
Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software (thehackernews.com)
Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks (thehackernews.com)
Critical SAP Vulnerability Allows Supply Chain Attacks | SecurityWeek.Com
Zoho Plugs Another Critical Security Hole In Desktop Central (bleepingcomputer.com)
Safari Exploit Can Leak Browser Histories And Google Account Info | Engadget
Sector Specific
Financial Services Sector
Health/Medical/Pharma Sector
More Than Half Of Medical Devices Found To Have Critical Vulnerabilities | ZDNet
Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack | SecurityWeek.Com
Retail
Education and Academia
Other News
Biggest MSP Takeaways From The Apache Log4j Vulnerability - MSSP Alert
The Emotional Stages Of A Data Breach: How To Deal With Panic, Anger, And Guilt | CSO Online
The Log4j Vulnerability Puts Pressure on the Security World | Threatpost
Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes (thehackernews.com)
BadUSB explained: How rogue USBs threaten your organisation | CSO Online
Millions of UK Wi-Fi Routers Vulnerable To Security Threats - IT Security Guru
NATO, Ukraine Sign Deal to 'Deepen' Cyber Cooperation | SecurityWeek.Com
UK Umbrella Company Parasol Group Confirms Cyber Attack • The Register
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 14 January 2022
Black Arrow Cyber Threat Briefing 14 January 2022
-Businesses Suffered 50% More Cyber Attack Attempts per Week in 2021
-Cyber Attacks Against MSPs Jump 67%
-SMEs Still An Easy Target For Cyber Criminals
-World Economic Forum: Cyber Security Failures an Increasing Global Threat
-Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
-Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks
-North Korea Hackers Stole $400m Of Cryptocurrency In 2021, Report Says
-No Lights, No Heat, No Money - That's Life In Ukraine During Cyber Warfare
-Ukrainian Police Arrest Five Members Of Ransomware Affiliate
-Fingers Point To Lazarus, Cobalt, Fin7 As Key Hacking Groups Attacking Finance Industry
-Ransomware, Supply Chain, And Deepfakes: The Top Threats The Finance Industry Needs To Prepare For
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Businesses Suffered 50% More Cyber Attack Attempts per Week in 2021
Cyberattack attempts reached an all-time high in the fourth quarter of 2021, jumping to 925 a week per organisation, partly due to attempts stemming from the Log4j vulnerability, according to new data.
Check Point Research on Monday reported that it found 50% more attack attempts per week on corporate networks globally in calendar year 2021 compared with 2020.
The researchers define a cyberattack attempt as a single isolated cyber occurrence that could be at any point in the attack chain — scanning/exploiting vulnerabilities, sending phishing emails, malicious website access, malicious file downloads (from Web/email), second-stage downloads, and command-and-control communications.
Cyber Attacks Against MSPs Jump 67%
Cyber attacks spiked by 50 percent in 2021 as compared to 2020, aided by millions of attacks in December by hackers attempting to exploit the Log4J vulnerability, according to a Check Point Software Technologies research report.
In terming 2021 a “record breaking year,” the security provider pointed to a worldwide peak of 925 cyber attacks per organisation weekly and an October 2021 measure that showed a 40 percent increase in cyberattacks, with one out of every 61 entities hit by ransomware each week. The number of cyberattacks on managed service providers (MSPs) and internet service providers (ISPs) rose by nearly 70 percent year over year.
https://www.msspalert.com/cybersecurity-news/cyberattacks-vs-msps-skyrocket/
SMEs Still An Easy Target For Cyber Criminals
Cyber crime continues to be a major concern, with 51% of SMEs experiencing a cyber security breach, a Markel Direct survey reveals.
In this survey that polled 1000 respondents, Markel Direct explored the issue of cybercrime and its impact on the self-employed and SMEs. The survey found the most common cybersecurity attacks were malware/virus related (24%) followed by a data breach (16%) and phishing attack (15%), with 68% reporting the cost of their breach was up to £5,000.
This comes after the latest Quarterly Fraud and Cyber Crime Report revealed that Britons lost over £1 billion in the first six months of 2021, due to the considerable increase in fraudulent activity.
https://www.helpnetsecurity.com/2022/01/12/smes-cybersecurity-breach/
World Economic Forum: Cyber Security Failures an Increasing Global Threat
Cybersecurity was once again identified as a major short and medium-term threat to the world in this year’s World Economic Forum’s (WEF’s) The Global Risk Report. The analysis was based on insights from nearly 1000 global experts and leaders who responded to the WEF’s Global Risks Perception Survey (GRPS).
Perhaps unsurprisingly, environmental issues like climate action failure and extreme weather ranked highest on the risks facing the world over the short (0-2 years), medium (2-5 years) and long-term (5-10 years). In addition, a number of challenges exacerbated by the pandemic, such as livelihood crises, infectious diseases and mental health deterioration, also scored highly. Overall, this added up to a pessimistic assessment, with 84.2% of respondents stating they were either “worried” or “concerned” about the global outlook.
Digital challenges, such as “cyber security failures,” were also viewed as a significant and growing problem to the world. Nearly one in five (19.5%) respondents believe cybersecurity failures will be a critical threat to the world in just the next 0-2 years, and 14.6% said it would be in 2-5 years
https://www.infosecurity-magazine.com/news/world-economic-forum-cybersecurity/
Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
Microsoft started 2022 with a large January Patch Tuesday update covering nine critical CVEs, including a self-propagator with a 9.8 CVSS score.
Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days.
The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP).
https://threatpost.com/microsoft-wormable-critical-rce-bug-zero-day/177564/
Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks
In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations.
The surprise takedown, which it said was carried out at the request of the US authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organised cyber crime syndicate.
"In order to implement the criminal plan, these persons developed malicious software, organised the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet," the FSB said in a statement.
In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means.
https://thehackernews.com/2022/01/russia-arrests-revil-ransomware-gang.html
North Korea Hackers Stole $400m Of Cryptocurrency In 2021, Report Says
North Korean hackers stole almost $400m (£291m) worth of digital assets in at least seven attacks on cryptocurrency platforms last year, a report claims.
Blockchain analysis company Chainalysis said it was one of most successful years on record for cyber-criminals in the closed east Asian state.
The attacks mainly targeted investment firms and centralised exchanges.
North Korea has routinely denied being involved in hack attacks attributed to them.
"From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," Chainalysis said in a report.
https://www.bbc.co.uk/news/business-59990477
No Lights, No Heat, No Money - That's Life In Ukraine During Cyber Warfare
Hackers who defaced and interrupted access to numerous Ukrainian government websites on Friday could be setting the stage for more serious cyberattacks that would disrupt the lives of ordinary Ukrainians, experts said.
"As tensions grow, we can expect more aggressive cyber activity in Ukraine and potentially elsewhere," said John Hultquist, an intelligence analyst at US cyber security company Mandiant, possibly including "destructive attacks that target critical infrastructure."
"Organisations need to begin preparing," Hultquist added.
Intrusions by hackers on hospitals, power utility companies, and the financial system were until recently rare. But organised cyber criminals, many of them living in Russia, have gone after institutions aggressively in the past two years with ransomware, freezing data and computerized equipment needed to care for hospital patients.
In some cases, those extortion attacks have led to patient deaths, according to litigation, media reports and medical professionals.
Ukrainian Police Arrest Five Members Of Ransomware Affiliate
Ukrainian police announced the arrest of five members of a ransomware affiliate on Thursday, noting that the group was behind attacks on more than 50 companies across Europe and the US.
In a statement, both the Ukrainian Security Service and Ukrainian Cyber Police said the group made at least $1 million through their attacks on the companies.
US and UK law enforcement officials worked with Ukrainian officials on the operation.
Officials said the leader of the group was a 36-year-old who worked with his wife and three other people out of Kyiv. The five are facing a variety of charges in Ukraine related to money laundering, hacking, and selling malware.
One of the people charged is wanted by law enforcement agencies in UK after "using a virus to obtain bank card details of the customers of British banks," according to the police statement.
The bank card details were used to buy things online that were then resold.
https://www.zdnet.com/article/ukrainian-police-arrest-members-of-ransomware-affiliate/
Fingers Point To Lazarus, Cobalt, Fin7 As Key Hacking Groups Attacking Finance Industry
The Lazarus, Cobalt, and FIN7 hacking groups have been labeled as the most prevalent threat actors striking financial organisations today.
According to "Follow the Money," a new report (.PDF) published on the financial sector by Outpost24's Blueliv on Thursday, members of these groups are the major culprits of theft and fraud in the industry today.
The financial sector has always been, and possibly always will be, a key target for cybercriminal groups. Organisations in this area are often custodians of sensitive personally identifiable information (PII) belonging to customers and clients, financial accounts, and cash.
They also often underpin the economy: if a payment processor or bank's systems go down due to malware, this can cause irreparable harm not only to the victim company in question, but this can also have severe financial and operational consequences for customers.
Ransomware, Supply Chain, And Deepfakes: The Top Threats The Finance Industry Needs To Prepare For
The finance industry is constantly targeted by numerous threat actors, and they are always innovating and trying new techniques (such as deepfakes) to outsmart security teams and breach an organisation’s network.
In addition to that, there is currently a huge demand for data and new tools on the dark web. In fact, users are selling access to point-of-sale (PoS) terminals and login details to the websites of financial services organisations all the time.
How can financial organisations protect themselves from existing threats and combat new ones at the same time?
https://www.helpnetsecurity.com/2022/01/12/finance-industry-threats/
Threats
Ransomware
Night Sky Ransomware Is Attacking Corporate Networks For 800k Ransom - The Cybersecurity Times
One Of The REvil Members Arrested Was Behind Colonial Pipeline Attack - Security Affairs
Ransomware Is Being Rewritten In Go For Joint Attacks On Windows, Linux Users | IT PRO
Watch Out, That Microsoft Edge Update Is Actually Ransomware | TechRadar
Qlocker Ransomware Returns To Target QNAP NAS Devices Worldwide (bleepingcomputer.com)
Trends That Shaped Ransomware – And Why It’s Not Slowing Down - CyberScoop
Phishing
Check Your SPF Records: Wide IP Ranges Undo Email Security And Make For Tasty Phishes | ZDNet
Phishers Are Targeting Office 365 Users By Exploiting Adobe Cloud - Help Net Security
Real Big Phish: Mobile Phishing & Managing User Fallibility | Threatpost
Malware
Microsoft Defender Weakness Lets Hackers Bypass Malware Detection (bleepingcomputer.com)
New RedLine Malware Version Spread As Fake Omicron Stat Counter (bleepingcomputer.com)
‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS | Threatpost
FluBot Malware Continues To Evolve. What's New In Ver 5.0 And Beyond? Security Affairs
Oops: Cyberspies Infect Themselves With Their Own Malware (bleepingcomputer.com)
Mobile
Android Users Can Now Disable 2G to Block Stingray Attacks (bleepingcomputer.com)
EFF Praises Android’s New 2G Kill Switch, Wants Apple To Follow Suit | Ars Technica
How To Protect Yourself Against Sim-Swapping Scams With Mobile Phone Fraud On The Rise (inews.co.uk)
IoT
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Abcbot Botnet Is Linked To Xanthe Cryptojacking Group | ZDNet
North Korean Hackers Impersonate Major Crypto Investment Firm to Scam Startups (vice.com)
Insider Risk and Insider Threats
Data Security In The Age Of Insider Threats: A Primer - Help Net Security
Former DHS Official Charged With Stealing Govt Employees' PII (bleepingcomputer.com)
Forensics Expert Kept Murder Snaps on PC - Infosecurity Magazine
Fraud, Scams & Financial Crime
DoS/DDoS
Extortion DDoS Attacks Grow Stronger And More Common (Bleepingcomputer.Com)
DDoS Attacks That Come Combined With Extortion Demands Are On The Rise | ZDNet
CNI, OT, ICS, IIoT and SCADA
Manufacturers Are Starting To Realize The Importance Of OT Security - Help Net Security
FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure (thehackernews.com)
Critical Infrastructure Falls Short on Ransomware Readiness, Mitigation, Recovery - MSSP Alert
Nation State Actors
Ukraine Hacks Add to Worries of Cyber Conflict With Russia | SecurityWeek.Com
Destructive Malware Targeting Ukrainian Organisations - Microsoft Security Blog
US Olympic Athletes Urged to Leave Phones Behind (gizmodo.com)
Russian Submarines Threatening Undersea Cables, UK Defence Chief Warns - Security Affairs
Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor (thehackernews.com)
US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence (thehackernews.com)
Cloud
Passwords & Credential Stuffing
Parental Controls and Child Safety
Vulnerabilities
Threat Actors Can Bypass Malware Detection Due To Microsoft Defender Weakness - Security Affairs
noPac Exploit: Microsoft AD Flaw May Lead to Total Domain Compromise | CrowdStrike
Adobe Fixes 4 Critical Reader Bugs That Were Demonstrated At Tianfu Cup - Security Affairs
WordPress 5.8.3 Security Update Fixes SQL Injection, XSS Flaws (bleepingcomputer.com)
WordPress Bugs Exploded in 2021, Most Exploitable | Threatpost
Sonicwall SMA 100 VPN Box Security Hole Exploit Info Shared • The Register
Cisco Patches Critical Vulnerability in Contact Center Products | SecurityWeek.Com
Millions of Routers Exposed to RCE by USB Kernel Bug | Threatpost
Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws | SecurityWeek.Com
Sector Specific
Financial Services Sector
SMBs – Small and Medium Businesses
Reports Published in the Last Week
Other News
Hackers Penetrate 93% of Local Company Networks, Cyber Simulation Finds - MSSP Alert
URL Parsing: A Ticking Time Bomb Of Security Exploits - TechRepublic
Europol Told to Delete Vast Trove of Personal Information - Infosecurity Magazine
The Race Towards Renewable Energy Is Creating New Cyber Security Risks | ZDNet
What Is Clipboard Hijacking? How to Avoid Becoming a Victim (makeuseof.com)
White House Reminds Tech Giants Open Source Is A National Security Issue (bleepingcomputer.com)
Want To Improve Corporate Security? Prioritize Personal Security | ZDNet
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.