Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

94% of Ransomware Victims Have Their Backups Targeted by Attackers

Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.

Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.

Source: [Tech Republic]

Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability

The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.

The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.

The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.

Sources: [The Banker] [IMF]

Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist

A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.

Source: [TechCrunch]

Your Annual Cyber Security Is Not Working, But There is a Solution

Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.

To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.

Source: [TechRadar]

73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert

A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.

Source: [Business Wire]

Russia and Ukraine Top Inaugural World Cyber Crime Index

The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.

Top ten Countries in full:

1.       Russia

2.       Ukraine

3.       China

4.       United States

5.       Nigeria

6.       Romania

7.       North Korea

8.       United Kingdom

9.       Brazil

10.   India

Source: [Infosecurity Magazine]

Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?

The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.

Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.

Sources: [ITPro] [The Guardian]

Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat

Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.

The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.

Sources: [Claims Journal] [Inc.com]

The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).

Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.

Source: [Infosecurity Magazine] [TechRadar]

Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts

Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.

Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.

Sources: [Ars Technica] [Data Breach Today]

Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss

93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.

Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.

Sources: [Infosecurity Magazine] [Help Net Security]

Charities Doing Worse than Private Sector in Staving off Cyber Attacks

Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.

Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.

Source: [TFN]

Governance, Risk and Compliance

• Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Security breaches are causing more damage than ever before | TechRadar

• 73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert | Business Wire

• Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)

• Where Are You on the Cyber Security Readiness Index? Cisco Thinks You’re Probably Overconfident | Network Computing

• Experts say shocking level of cyber security breaches revealed in new government report “are avoidable” | LawNews.co.uk

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• 51% of enterprises experienced a breach despite large security stacks - Help Net Security

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)

• Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• New LockBit Variant Exploits Self-Spreading Features - Infosecurity Magazine (infosecurity-magazine.com)

• Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate - Help Net Security

• FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)

• Infiltrating ransomware gangs on the dark web - CBS News

• What if we made ransomware payments illegal? | SC Media (scmagazine.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

• Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyber Attacks - IT Security Guru

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• A whole new generation of ransomware makers are attempting to shake up the market | TechRadar

• Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly

• Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)

Ransomware Victims

• Change Healthcare’s ransomware attack costs reach nearly $1B • The Register

• Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia  (securityaffairs.com)

• Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)

• Ransomware attack compromises UN agency data | SC Media (scmagazine.com)

• 840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)

• US think tank Heritage Foundation hit by cyber attack | TechCrunch

• Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Cyber Attack Takes Frontier Communications Offline (darkreading.com)

Phishing & Email Based Attacks

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Microsoft Most Impersonated Brand in Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)

Other Social Engineering

• Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)

Artificial Intelligence

• CISOs not changing priorities in response to AI threats (betanews.com)

• 92% of enterprises unprepared for AI security challenges - Help Net Security

• AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)

• Enterprise Endpoints Aren't Ready for AI (darkreading.com)

• Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

2FA/MFA

• Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

Malware

• LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)

• TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)

• A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack | TechRadar

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

• New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)

Mobile

• Government spyware is another reason to use an ad blocker | TechCrunch

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Enterprises face significant losses from mobile fraud - Help Net Security

• SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS attacks saw a huge surge in the first part of 2024, with one particular country badly hit | TechRadar

• 68% of Companies are More Vulnerable to DDoS Than They Think - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks are still growing and there are new threats on the horizon | ITPro

Internet of Things – IoT

• How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security

• CISA warns of critical vulnerability in Chirp smart locks • The Register

• New rules for security of connected products in the UK and EU - Lexology

Data Breaches/Leaks

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• Panama Papers: Money laundering trial of 27 defendants begins

• Over half a million Roku subscribers are the victims of the latest cyber security attack - PhoneArena

• Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)

• Wells Fargo Says It Has Suffered Data Breach, Blames Employee for Exposing Personal Information on Pair of Customers - The Daily Hodl

• 5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)

• Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)

Organised Crime & Criminal Actors

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

• Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)

• Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch

• Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)

Insider Risk and Insider Threats

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Underestimating the dangers within: mitigating the insider cyber threat | TechRadar

Insurance

• Cyber threats increase as insurance costs fall - report (emergingrisks.co.uk)

Cloud/SaaS

• Exposing the top cloud security threats - Help Net Security

• What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• The cloud is benefiting IT, but not business | InfoWorld

Identity and Access Management

• Identity in the Shadows: Shedding Light on Cyber Security's Unseen Threats (thehackernews.com)

Linux and Open Source

• Open source groups say more software projects may have been targeted for sabotage (yahoo.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Attackers are pummelling networks around the world with millions of login attempts | Ars Technica

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

• Threat actors look to stolen credentials | Computer Weekly

• Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)

• Bad Bots Drive 10% Annual Surge in Account Takeover Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)

Social Media

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• EU tells Meta it can't paywall privacy • The Register

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Malvertising

• Government spyware is another reason to use an ad blocker | TechCrunch

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Training, Education and Awareness

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Cyber security training: How to make it more motivating (hrexecutive.com)

Regulations, Fines and Legislation

• US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online

• New rules for security of connected products in the UK and EU - Lexology

• Congress votes to kick Uncle Sam’s data broker habit • The Register

• Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica

Models, Frameworks and Standards

• Rebalancing NIST: Why 'Recovery' Can't Stand Alone (darkreading.com)

Backup and Recovery

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

Data Protection

• 5 Common Data Protection Challenges That Businesses Face (techtarget.com)

Careers, Working in Cyber and Information Security

• IT and security professionals demand more workplace flexibility - Help Net Security

• National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)

• Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)

Law Enforcement Action and Take Downs

• UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost - Infosecurity Magazine (infosecurity-magazine.com)

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Preparing for Cyber Warfare: 6 Key Lessons From Ukraine (darkreading.com)

• State-sponsored cyber attacks: The new frontier | ITPro

China

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Risks are higher than ever for US- China cyber war | Responsible Statecraft

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• Singapore infosec boss: splinternet hinders interoperability • The Register

• FBI says Chinese hackers preparing to attack US infrastructure | Reuters

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

Russia

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Microsoft breach allowed Russia to steal Feds' emails • The Register

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch

• Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes

• Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget

• Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register

• Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Singapore infosec boss: splinternet hinders interoperability • The Register

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

Iran

• Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)

• Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)

• Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)

• Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)

North Korea

• DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse (darkreading.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• “There are no borders in cyber space. We have to fight global terrorism together.” | Ctech (calcalistech.com)

• Furry Hackers Target Far-Right Outlet 'Real America's Voice' (dailydot.com)

• Government spyware is another reason to use an ad blocker | TechCrunch

Vulnerability Management

• Cyber Security Pros Urge US Congress to Help NIST Restore NVD Operation - Infosecurity Magazine (infosecurity-magazine.com)

• How to conduct security patch validation and verification | TechTarget

• Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack

• The importance of the Vulnerability Operations Centre for cyber security | TechRadar

Vulnerabilities

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• “Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica

• Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)

• PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)

• Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA

• Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)

• Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)

• Juniper Networks Publishes Dozens of New Security Advisories - Security Week

• Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)

• Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)

• Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard

Tools and Controls

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• 6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Monitoring: What's the Value? (bleepingcomputer.com)

• 5 Steps Toward Military-Grade API Security - The New Stack

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• Cyber security training: How to make it more motivating (hrexecutive.com)

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• AI set to enhance cyber security roles, not replace them - Help Net Security

• Why You Still Shouldn't Trust Zero Trust (forbes.com)

• Stateful vs. stateless firewalls: Understanding the differences | TechTarget

Reports Published in the Last Week

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

Other News

• Why home cyber security is important (xda-developers.com)

• Microsoft remains in the US government's good graces despite its high susceptibility to attacks | Windows Central

• Charities doing worse than private sector in staving off cyber attacks - TFN

• Private companies operating critical infrastructure are not taking cyber security threats seriously enough. | USAPP (lse.ac.uk)

• The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)

• Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg

• The invisible seafaring industry that keeps the internet afloat (theverge.com)

• Do we have a plan on how to deal with subsea cables sabotage? | Euronews

• Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week

• Trust in Cyber Takes a Knock as CNI Budgets Flatline - Infosecurity Magazine (infosecurity-magazine.com)

• University chiefs to get security service Cobra briefing on hostile states | The Argus

• SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week

• Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 1 in 3 Employees Don’t Understand Why Cyber Security Is Important

According to a new Tessian report, 30% of employees do not think they personally play a role in maintaining their company’s cyber security posture.

What’s more, only 39% of employees say they’re very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, 42% of employees said they wouldn’t know if they had caused an incident in the first place, and 25% say they just don’t care enough about cyber security to mention it.

Virtually all IT and security leaders agreed that a strong security culture is important in maintaining a strong security posture. Yet, despite rating their organisation’s security 8 out 10, on average, three-quarters of organisations experienced a security incident in the last 12 months.

The report suggests this could stem from a reliance on traditional training programs: 48% of security leaders say training is one of the most important influences on building a positive security posture. But the reality is that employees aren’t engaged; just 28% of UK and US workers say security awareness training is engaging and only 36% say they’re paying full attention. Of those who are, only half say it’s helpful, while another 50% have had a negative experience with a phishing simulation. With recent headlines depicting how phishing simulations can go awry, negative experiences like these further alienate employees and decrease engagement.

https://www.helpnetsecurity.com/2022/07/28/employees-dont-understand-why-cybersecurity-is-important/

• As Companies Calculate Cyber Risk, the Right Data Makes a Big Difference

The proposed US Securities and Exchange Commission’s stronger rules for reporting cyber attacks will have ramifications beyond increased disclosure of attacks to the public. By requiring not just quick reporting of incidents, but also disclosure of cyber policies and risk management, such regulation will ultimately bring more accountability for cyber security to the highest levels of corporate leadership. Other jurisdictions will very likely follow the US in requiring more stringent cyber controls and governance.

This means that boards and executives everywhere will need to increase their understanding of cyber security, not only from a tech point of view, but from a risk and business exposure point of view. The CFO, CMO and the rest of the C-suite and board will want and need to know what financial exposure the business faces from a data breach, and how likely it is that breaches will happen. This is the only way they will be able to develop cyber policies and plans and react properly to the proposed regulations.

Companies will therefore need to be able to calculate and put a dollar value on their exposure to cyber risk. This is the starting point for the ability to make cyber security decisions not in a vacuum, but as part of overall business decisions. To accurately quantify cyber security exposure, companies need to understand what the threats are and which data and business assets are at risk, and they then need to multiply the cost of a breach by the probability that such an event will take place in order to put a dollar figure on their exposure.

While there are many automated tools, including those that use artificial intelligence (AI), that can help with this, the key to doing this well is to make sure calculations are rooted in real and relevant data – which is different for each company or organisation.

https://venturebeat.com/2022/07/22/as-companies-calculate-cyber-risk-the-right-data-makes-a-big-difference/

• Only 25% Of Organisations Consider Their Biggest Threat to Be from Inside the Business

A worrying 73.5% of organisations feel they have wasted the majority of their cyber security budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal, according to Gurucul.

Only 25% of organisations consider their biggest threat to be from inside the business, despite insider threats increasing by 47% over the past two years. With only a quarter of businesses seeing their biggest threat emanating from inside their organisation, it seems over 70% saw the biggest cyber security challenges emanating from external threats such as ransomware. In fact, although external threats account for many security incidents, we must never forget to look beyond those external malicious and bad actors to insider threats to effectively secure corporate data and IP.

The survey also found 33% of respondents said they are able to detect threats within hours, while 27.07% even claimed they can detect threats in real-time. However, challenges persist with 33% of respondents stating that it still takes their organisation days and weeks to detect threats, with 6% not being able to detect them at all.

https://www.helpnetsecurity.com/2022/07/28/biggest-threat-inside-the-business/

• The Global Average Cost of a Data Breach Reaches an All-Time High of $4.35 Million

IBM Security released the 2022 Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organisations.

With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organisations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

The perpetuality of cyber attacks is also shedding light on the “haunting effect” data breaches are having on businesses, with the IBM report finding 83% of studied organisations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organisations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.

The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organisations globally between March 2021 and March 2022. The research, which was sponsored and analysed by IBM Security, was conducted by the Ponemon Institute.

https://www.helpnetsecurity.com/2022/07/27/2022-cost-of-a-data-breach-report/

• Race Against Time: Hackers Start Hunting for Victims Just 15 Minutes After a Bug Is Disclosed

Attackers are becoming faster at exploiting previously undisclosed zero-day flaws, according to Palo Alto Networks.  This means that the amount of time that system admins have to patch systems before exploitation happens is shrinking fast..

The company warns in its 2022 report covering 600 incident response (IR) cases that attackers typically start scanning for vulnerabilities within 15 minutes of one being announced.

Among this group are 2021's most significant flaws, including the Exchange Server ProxyShell and ProxyLogon sets of flaws, the persistent Apache Log4j flaws aka Log4Shell, the SonicWall zero-day flaws, and Zoho ManageEngine ADSelfService Plus.

While phishing remains the biggest method for initial access, accounting for 37% of IR cases, software vulnerabilities accounted of 31%. Brute-force credential attacks (like password spraying) accounted for 9%, while smaller categories included previously compromised credentials (6%), insider threat (5%), social engineering (5%), and abuse of trusted relationships/tools (4%).    

Over 87% of the flaws identified as the source of initial access fell into one of six vulnerability categories.

https://www.zdnet.com/article/race-against-time-hackers-start-hunting-for-victims-just-15-minutes-after-a-bug-is-disclosed/

• Ransomware-as-a-Service Groups Forced to Change Tack as Payments Decline

Ransomware-as-a-service (RaaS) operators are evolving their tactics yet again in response to more aggressive law enforcement efforts, in a move that is reducing their profits but also making affiliates harder to track, according to Coveware.

The security vendor’s Q2 2022 ransomware report revealed that concerted efforts to crack down on groups like Conti and DarkSide have forced threat actors to adapt yet again.

It identified three characteristics of RaaS operations that used to be beneficial, but are increasingly seen as a hinderance.

The first is RaaS branding, which has helped to cement the reputation of some groups and improve the chances of victims paying, according to Coveware. However, branding also makes attribution easier and can draw the unwanted attention of law enforcement, it said.

“RaaS groups are keeping a lower profile and vetting affiliates and their victims more thoroughly,” Coveware explained.

“More RaaS groups have formed, resulting in less concentration among the top few variants. Affiliates are frequently shifting between RaaS variants on different attacks, making attribution beyond the variant more challenging.”

In some cases, affiliates are also using “unbranded” malware to make attribution more difficult, it added.

The second evolution in RaaS involves back-end infrastructure, which used to enable scale and increase profitability. However, it also means a larger attack surface and a digital footprint that’s more expensive and challenging to maintain.

As a result, RaaS developers are being forced to invest more in obfuscation and redundancy, which is hitting profits and reducing the amount of resources available for expansion, Coveware claimed.

Finally, RaaS shared services used to help affiliates with initial access, stolen data storage, negotiation management and leak site support.

https://www.infosecurity-magazine.com/news/raas-groups-forced-change-payments/

• Phishers Targeted Financial Services Most During H1 2022

Banks received the lion’s share of phishing attacks during the first half of 2022, according to figures published by cyber security company Vade.

The analysis also found that attackers were most likely to send their phishing emails on weekdays, with most arriving between Monday and Wednesday. Attacks tapered off towards the end of the week, Vade said.

While financial services scored highest on a per-sector basis, Microsoft was the most impersonated brand overall. The company’s Microsoft 365 cloud productivity services are a huge draw for cyber-criminals hoping to access accounts using phishing attacks.

Phishing attacks on Microsoft customers have become more creative, according to Vade, which identified several phone-based attacks. It highlighted a campaign impersonating Microsoft’s Defender anti-malware product, fraudulently warning that the company had debited a subscription fee. It encouraged victims to fix the problem by phone.

Facebook came a close second, followed by financial services company Crédit Agricole, WhatsApp and Orange.

https://www.infosecurity-magazine.com/news/phishers-financial-services-h1-2022/

• HR Emails Dupe Employees the Most – KnowBe4 research reveals

In phishing tests conducted on business emails, more than half of the subject lines clicked imitated Human Resources communications.

New research has revealed the top email subjects clicked on in phishing tests were those related to or from Human Resources, according to the latest ‘most clicked phishing tests‘ conducted by KnowBe4. In fact, half of those that were clicked on had subject lines related to Human Resources, including vacation policy updates, dress code changes, and upcoming performance reviews. The second most clicked category were those send from IT, which include requests or actions of password verifications that were needed immediately.

KnowBe4’s CEO commented “More than 80% of company data breaches globally come from human error, so security awareness training for your staff is one of the least costly and most effective methods to thwart social engineering attacks. Training gives employees the ability to rapidly recognise a suspicious email, even if it appears to come from an internal source, causing them to pause before clicking. That moment where they stop and question the email is a critical and often overlooked element of security culture that could significantly reduce your risk surface.”

This research comes hot off the heels of the recent KnowBe4 industry benchmarking report which found one in three untrained employees will click on a phishing link. The worst performing industries were Energy & Utilities, Insurance and Consulting, with all labelled the most at risk for social engineering in the large enterprise category.

https://www.itsecurityguru.org/2022/07/27/hr-emails-dupe-employees-the-most-knowbe4-research-reveals/

• 84% Of Organisations Experienced an Identity-Related Breach in the Past 18 Months

60% of IT security decision makers believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20%), treading water (13%), or merely running to keep up (27%), according to a survey by Sapio Research.

The report also highlights differences between the perceived and actual effectiveness of security strategies. While 40% of respondents believe they have the right strategy in place, 84% of organisations reported that they have experienced an identity-related breach or an attack using stolen credentials during the previous year and a half.

Promisingly, many organisations are hungry to make a change, particularly when it comes to protecting identities. In fact, 90% of respondents state that their organisations fully recognise the importance of identity security in enabling them to achieve their business goals, and 87% say that it is one of the most important security priorities for the next 12 months.

However, 75% of IT and security professionals also believe that they’ll fall short of protecting privileged identities because they won’t get the support they need. This is largely due to a lack of budget and executive alignment, with 63% of respondents saying that their company’s board still doesn’t fully understand identity security and the role it plays in enabling better business operations.

While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks. This means that the majority of organisations will continue to fall short of protecting privileges, leaving them vulnerable to cyber criminals looking to discover privileged accounts and abuse them.

https://www.helpnetsecurity.com/2022/07/28/identity-related-breach/

• Economic Downturn Raises Risk of Insiders Going Rogue

Declining economic conditions could make insiders more susceptible to recruitment offers from threat actors looking for allies to assist them in carrying out various attacks.

Enterprise security teams need to be aware of the heightened risk and strengthen measures for protecting against, detecting, and responding to insider threats, researchers from Palo Alto Network's Unit 42 threat intelligence team recommended in a report this week.

The security vendor's report highlighted several other important takeaways for security operations teams, including the fact that ransomware and business email compromise attacks continue to dominate incident response cases and vulnerability exploits — accounting for nearly one-third of all breaches.

Unit 42 researchers analysed data from a sampling of over 600 incident response engagements between April 2021 and May 2022 and determined that difficult economic times could lure more actors to cyber crime. This could include both people with technical skills looking to make a fast buck, as well as financially stressed insiders with legitimate access to valuable enterprise data and IT assets. The prevalence of remote and hybrid work models has created an environment where it's easier for workers to steal intellectual property or carry out other malicious activity, the researchers found.

https://www.darkreading.com/risk/economic-downturn-raises-the-risk-of-insiders-going-rogue

• 5 Trends Making Cyber Security Threats Riskier and More Expensive

Since the pandemic the cyber world has become a far riskier place. According to the Hiscox Cyber Readiness Report 2022, almost half (48%) of organisations across the US and Europe experienced a cyber attack in the past 12 months. Even more alarming is that these attacks are happening despite businesses doubling down on their cyber security spend.

Cyber security is at a critical inflection point where five megatrends are making the threat landscape riskier, more complicated, and costlier to manage than previously reported. To better understand the evolution of this threat landscape, let’s examine these trends in more detail.

1. Everything becomes digital

2. Organisations become ecosystems

3. Physical and digital worlds collide

4. New technologies bring new risks

5. Regulations become more complex

Organisations can follow these best practices to elevate cyber security performance:

• Identify, prioritise, and implement controls around risks.

• Adopt a framework such as ISO 27001 or NIST Cyber Security Framework.

• Develop human-layered cyber security.

• Fortify your supply chain.

• Avoid using too many tools.

• Prioritise protection of critical assets.

• Automate where you can.

• Monitor security metrics regularly to help business leaders get insight into security effectiveness, regulatory compliance, and levels of security awareness in the organisation.

Cyber security will always be a work in progress. The key to effective risk management is having proactive visibility and context across the entire attack surface. This helps to understand which vulnerabilities, if exploited, can cause the greatest harm to the business. Not all risks can be mitigated; some risks will have to be accepted and trade-offs will have to be negotiated.

https://www.csoonline.com/article/3667442/5-trends-making-cybersecurity-threats-riskier-and-more-expensive.html#tk.rss_news

• Ransomware: Publicly Reported Incidents Are Only the Tip of the Iceberg

The threat landscape report on ransomware attacks published this week by the European Union Agency for Cybersecurity (ENISA) uncovers the shortcomings of the current reporting mechanisms across the EU.

As one of the most devastating types of cyber security attacks over the last decade, ransomware, has grown to impact organisations of all sizes across the globe.

This threat landscape report analysed a total of 623 ransomware incidents across the EU, the United Kingdom and the United States for a reporting period from May 2021 to June 2022. The data was gathered from governments' and security companies' reports, from the press, verified blogs and in some cases using related sources from the dark web.

Between May 2021 and June 2022 about 10 terabytes of data were stolen each month by ransomware threat actors. 58.2% of the data stolen included employees' personal data.

At least 47 unique ransomware threat actors were found.

For 94.2% of incidents, we do not know whether the company paid the ransom or not. However, when the negotiation fails, the attackers usually expose and make the data available on their webpages. This is what happens in general and is a reality for 37.88% of incidents.

We can therefore conclude that the remaining 62.12% of companies either came to an agreement with the attackers or found another solution.

The study also shows that companies of every size and from all sectors are affected.

The figures in the report can however only portray a part of the overall picture. In reality, the study reveals that the total number of ransomware attacks is much larger. At present this total is impossible to capture since too many organisations still do not make their incidents public or do not report on them to the relevant authorities.

https://www.enisa.europa.eu/news/ransomware-publicly-reported-incidents-are-only-the-tip-of-the-iceberg

Threats

Ransomware

• LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top (darkreading.com)

• Ransomware looms large over the cyber insurance industry - Help Net Security

• 800,000 businesses fall victim to ransomware each year (komando.com)

• Business services top target of ransomware attacks (securitybrief.co.nz)

• How Crypto is Driving the Ransomware Epidemic | Cryptoland Roundtable - YouTube

• On security researcher's newsletter, exposing cyber criminals behind ransomware - CyberScoop

• LockBit ransomware abuses Windows Defender to load Cobalt Strike (bleepingcomputer.com)

• Mailing List Provider WordFly Scrambling to Recover Following Ransomware Attack | SecurityWeek.Com

• No More Ransom helps millions of ransomware victims in 6 years (bleepingcomputer.com)

• Lockbit ransomware gang claims to have breached the Italian Revenue Agency - Security Affairs

• Lockbit Ramps Up Attacks on Public Sector - Infosecurity Magazine (infosecurity-magazine.com)

• A ‘Top Tier’ Hacking Gang Is Likely To Be Behind Entrust Ransomware (informationsecuritybuzz.com)

• No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices (darkreading.com)

• Ransomware caused American Dental Association outage, led to stolen data (scmagazine.com)

• The road to ransomware recovery starts before an attack • The Register

• LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities (trendmicro.com)

BEC – Business Email Compromise

• Crackdown on BEC Schemes: 100 Arrested in Europe, Man Charged in US | SecurityWeek.Com

• European Police Arrest 100 Suspects in BEC Crackdown - Infosecurity Magazine (infosecurity-magazine.com)

Phishing & Email Based Attacks

• Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands | Threatpost

• Three of the world's most expensive phishing attacks and how they could have been prevented (betanews.com)

• Threat Actors Respond To Microsoft Blocking Macros with New Email Tactics (informationsecuritybuzz.com)

• Phishing scam targeting Bank of America, Citi and Wells Fargo customers (komando.com)

• APT-Like Phishing Threat Mirrors Landing Pages (darkreading.com)

• New Callback Malware Campaign Impersonates Legitimate Cyber Security Providers - MSSP Alert

• Microsoft Tops Brands Phishers Prefer (darkreading.com)

• Phishing Attacks: Microsoft Leads Top 25 of Impersonated Brands - MSSP Alert

• Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network (thehackernews.com)

• 1,000s of Phishing Attacks Blast Off From InterPlanetary File System (darkreading.com)

• New ‘Robin Banks’ phishing service targets BofA, Citi, and Wells Fargo (bleepingcomputer.com)

Other Social Engineering; SMishing, Vishing, etc

• US govt warns Americans of escalating SMS phishing attacks (bleepingcomputer.com)

Malware

• Cisco Incident Response Report: Commodity Malware Top Threat in Q2 - MSSP Alert

• Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us | Ars Technica

• As Microsoft blocks Office macros, hackers find new attack vectors (bleepingcomputer.com)

• Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers (thehackernews.com)

• Microsoft links Raspberry Robin malware to Evil Corp attacks (bleepingcomputer.com)

• Malware-laced npm packages used to target Discord users - Security Affairs

• CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards (bleepingcomputer.com)

• Sophisticated UEFI rootkit of Chinese origin shows up again in the wild after 3 years | CSO Online

• Attackers are slowly abandoning malicious macros - Help Net Security

• One of the most beloved Windows tools could actually be a huge security risk | TechRadar

• QBot phishing uses Windows Calculator DLL hijacking to infect devices (bleepingcomputer.com)

• Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike (trendmicro.com)

• Microsoft: Austrian company DSIRF selling Subzero malware (techtarget.com)

• Threat actors leverages DLL-SideLoading to spread Qakbot - Security Affairs

• Rare 'CosmicStrand' UEFI Rootkit Swings into Cyber crime Orbit (darkreading.com)

Mobile

• Here are the top phone security threats in 2022 and how to avoid them | ZDNet

• New Android malware apps installed 10 million times from Google Play (bleepingcomputer.com)

• Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France (thehackernews.com)

• Facebook ads push Android adware with 7 million installs on Google Play (bleepingcomputer.com)

• Millions of Android devices infected with wallet-draining malware | TechRadar

• Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware (thehackernews.com)

• These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware (thehackernews.com)

Internet of Things – IoT

• IoT Botnets Fuels DDoS Attacks – Are You Prepared? | Threatpost

• Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices (thehackernews.com)

Data Breaches/Leaks

• US court system suffered ‘incredibly significant attack’ • The Register

• Congress Warns of US Court Records System Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Uber admits covering up massive 2016 data breach in settlement with US prosecutors - The Verge

• T-Mobile to pay $500M for one of the largest data breaches in US history [Updated] | Ars Technica

• Data Stolen in Breach at Security Company Entrust | SecurityWeek.Com

• Fallout from massive Shanghai Police data breach reverberates on dark web - CyberScoop

• Big Questions Remain Around Massive Shanghai Police Data Breach (darkreading.com)

Organised Crime & Criminal Actors

• Cyber-mercenaries represent shifting criminal business model • The Register

• Messaging Apps Tapped as Platform for Cyber Criminal Activity | Threatpost

• Teenager Jailed for Snapchat Blackmail Cyber Crimes- IT Security Guru

• DUCKTAIL operation targets Facebook’s Business and Ad accounts - Security Affairs

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto fraud on the rise as consumers fall for fake celebrity endorsements | Cybernews

• Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection (thehackernews.com)

• NFT Hacking Group Attacks On The Rise, Report Finds- IT Security Guru

• Hackers steal $6 million from blockchain music platform Audius (bleepingcomputer.com)

 Fraud, Scams & Financial Crime

• Major shifts and the growing risk of identity fraud - Help Net Security

• Uber's former head of security faces fraud charges after allegedly covering up data breach (bitdefender.com)

• JPMorgan, UBS accused of shoddy identity theft protection • The Register

• Euro Police Bust €3m Internet Fraud Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Romance scammers jailed after tricking Irish OAP out of €250k (bitdefender.com)

• Get a family safeword to make sure you don’t fall for the Mum and Dad scam | Money | The Sunday Times (thetimes.co.uk)

• What the Titanic Can Teach Us About Fraud? | SecurityWeek.Com

AML/CFT/Sanctions

• Russia declares Guernsey an 'unfriendly state' - BBC News

• Crypto exchange Kraken reportedly probed over Iran sanctions • The Register

Insurance

• Ransomware looms large over the cyber insurance industry - Help Net Security

Dark Web

• Cyber crime goods and services are cheap and plentiful - Help Net Security

• Hackers Selling Malware on Dark Web Underground Market (cybersecuritynews.com)

Supply Chain and Third Parties

• Experts warn of hacker claiming access to 50 US companies through breached MSP - The Record by Recorded Future

• Crook calls for help extorting service provider's clients • The Register

• Getting Ahead of Supply Chain Attacks (darkreading.com)

Software Supply Chain

• 8 top SBOM tools to consider | CSO Online

Denial of Service DoS/DDoS

• Akamai blocked the largest DDoS attack ever on its European customers - Security Affairs

• DDoS Attack Trends in 2022: Ultrashort, Powerful, Multivector Attacks (bleepingcomputer.com)

Cloud/SaaS

• Kansas MSP shuts down cloud services to fend off cyber attack (bleepingcomputer.com)

• Organisations are struggling with SaaS security. Why? - Help Net Security

Attack Surface Management

• 4 Steps the Financial Industry Can Take to Cope With Their Growing Attack Surface (thehackernews.com)

Identity and Access Management

• Why firms need to harness identity management before it spirals into an identity crisis - Help Net Security

• Benefits of modern PAM: Efficiency, security, compliance - Help Net Security

Encryption

• Transport Layer Security (TLS): Issues & Protocol (trendmicro.com)

• SSH2 vs. SSH1 and why SSH versions still matter (techtarget.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Inadequate password and authentication requirements found in popular business web apps - Help Net Security

• Using Account Lockout policies to block Windows Brute Force Attacks (bleepingcomputer.com)

• Stop Putting Your Accounts At Risk, and Start Using a Password Manager (thehackernews.com)

Social Media

• Facebook security cracked by Malware made in Vietnam • The Register

• Cyber-Criminal Offers 5.4m Twitter Users’ Data - Infosecurity Magazine (infosecurity-magazine.com)

• Social Media Accounts Hijacked to Post Indecent Images - Infosecurity Magazine (infosecurity-magazine.com)

Training, Education and Awareness

• Poor Training and Communications Hindering Cyber security Efforts - Infosecurity Magazine (infosecurity-magazine.com)

Privacy

• US, UK law enforcement to implement data sharing law, troubling privacy advocates - CyberScoop

Law Enforcement Action and Take Downs

• UK Seizes Nearly $27m in Crypto-Assets - Infosecurity Magazine (infosecurity-magazine.com)

• European Cops Helped 1.5 Million People Decrypt Their Ransomwared Computers (vice.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• World entering 'dangerous new age' of threats, says UK's top national security adviser | World News | Sky News

• Cyberspies use Google Chrome extension to steal emails undetected (bleepingcomputer.com)

• Microsoft says it caught an Austrian spyware group using Windows 0-day exploits - The Verge

• Pegasus spyware: Just 'tip of the iceberg' seen so far • The Register

• Cyber attacks by Iran and Israel now target critical infrastructure. - The Washington Post

• Ukraine Cyber War Fall-out and Ransomware Trends Areas of Focus in New CyberCube Research | Business Wire

• US and Ukraine Sign Agreement to Deepen Cyber security Operational Collaboration - MSSP Alert

• CISA, Ukrainian cyber agency deepen partnership to combat Russian threat - CyberScoop

• How is Anonymous attacking Russia? The top six ways ranked (cnbc.com)

• European Lawmaker Targeted With Cytrox Predator Surveillance Spyware | SecurityWeek.Com

Nation State Actors

Nation State Actors – Russia

• Russia is quietly ramping up its Internet censorship machine | Ars Technica

• Apple network traffic takes mysterious detour through Russia • The Register

• 'Crippling' Western sanctions are hitting Russia much harder than Putin is letting on, say Yale economists (inews.co.uk)

Nation State Actors – China

• Chinese APTs: Interlinked networks and side hustles – Intrusion Truth (wordpress.com)

• OneWeb sale risks giving China a stake in ‘Five Eyes’ spying tech (telegraph.co.uk)

Nation State Actors – North Korea

• North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts (thehackernews.com)

• North Korean hackers attack EU targets with Konni RAT malware (bleepingcomputer.com)

• US puts $10 million bounty on North Korean threat groups • The Register

• Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37? Security Affairs

Nation State Actors – Iran

• Cyber attacks by Iran and Israel now target critical infrastructure. - The Washington Post

Vulnerability Management

• Hackers scan for vulnerabilities within 15 minutes of disclosure (bleepingcomputer.com)

• Attackers Have 'Favourite' Vulnerabilities to Exploit (darkreading.com)

• Taking the Risk-Based Approach to Vulnerability Patching (thehackernews.com)

• Organisations struggle to manage devices and stay ahead of vulnerabilities - Help Net Security

• 2022 Unit 42 Incident Response Report: How Attackers Exploit Zero-Days (paloaltonetworks.com)

• Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization (darkreading.com)

• Time between vuln disclosures, exploits is getting smaller • The Register

Vulnerabilities

• Critical Samba bug could let anyone become Domain Admin – patch now! – Naked Security (sophos.com)

• Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware (darkreading.com)

• How to Fix CVE-2022-30190 vulnerability using Microsoft Intune - CloudInfra

• CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG | CSO Online

• Critical FileWave MDM Flaws Open Organisation-Managed Devices to Remote Hackers (thehackernews.com)

• Hackers are abusing IIS extensions to establish covert backdoors - Security Affairs

• FileWave fixes bugs that left 1,000+ orgs open to ransomware • The Register

• Google Chrome Zero-day Vulnerability Discovered By Avast (informationsecuritybuzz.com)

• LibreOffice fixed 3 flaws, including a code execution issue - Security Affairs

• Critical security vulnerability in Grails could lead to remote code execution | The Daily Swig (portswigger.net)

• Drupal developers fixed a code execution flaw in the popular CMS - Security Affairs

• LibreOffice Releases Software Update to Patch 3 New Vulnerabilities (thehackernews.com)

• Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores (thehackernews.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Reports Published in the Last Week

• Hiscox Cyber Readiness Report 2022

• ENISA Threat Landscape for Ransomware Attacks — ENISA (europa.eu)

Other News

• A Retrospective on the 2015 Ashley Madison Breach – Krebs on Security

• The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications (darkreading.com)

• Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office | Threatpost

• Strong Authentication - Robust Identity and Access Management Is a Strategic Choice - Security Affairs

• You Pay More When Companies Get Hacked | WIRED

• Microsoft again reverses course, will block macros by default (scmagazine.com)

• Is Your Home or Small Business Built on Secure Foundations? Think Again… (darkreading.com)

• Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits - Microsoft Security Blog

• Infosec pros want more industry cooperation and support for open standards - Help Net Security

• We pass cyber attack costs onto customers, businesses admit • The Register

• How to Combat the Biggest Security Risks Posed by Machine Identities (thehackernews.com)

• Discord, Telegram Services Hijacked to Launch Array of Cyber Attacks (darkreading.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.