Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns

According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.

Sources: [Help Net Security ] [Dark Reading]

Ransomware Incidents Reported to UK Financial Regulator Doubled

The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.

Sources: [Digital Journal] [Digital Journal]

Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023

According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.

A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.

To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.

Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]

Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023

According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.

The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.

Sources: [Infosecurity Magazine] [Infosecurity Magazine]

AI Abuse and Misinformation Campaigns Threaten Financial Institutions

According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.

Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”

Source: [Help Net Security]

Security Teams are ‘Overconfident’ About Handling Next-Gen Threats

In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.

Source: [CSO Online]

AI Makes Phishing Attacks Accessible to Basic Users

One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.

Source: [The Economic Times]

Cyber Attacks Wreaking Physical Disruption on the Rise

According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.

Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.

Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.

Source: [Dark Reading]

73% Brace for Cyber Security Impact on Business in Next Two Years

A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.

Source: [Help Net Security]

To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset

2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.

Source: [IBTimes]

Cyber Security Imperative for Protecting Executives

The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.

Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.

Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.

Source: [Forbes]

The Increasing Role of Cyber Security Experts in Complex Legal Disputes

Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.

Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.

Source: [JDSupra]

Governance, Risk and Compliance

• Ransomware incidents reported to UK financial regulator have doubled - Digital Journal

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• Half of British SMEs Have Lost Data in Past Five Years - Infosecurity Magazine (infosecurity-magazine.com)

• The Big Question: Are SMEs now at the forefront of cyber risks? - Emerging Risks Media Ltd

• Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week

• Is the Human Factor Overlooked in Cyber Security? - Infosecurity Magazine (infosecurity-magazine.com)

• Security teams are ‘overconfident’ about handling next-gen threats | CSO Online

• Banks told to expand risk management to cover AI (finextra.com)

• Corporations With Cyber Governance Create 4X More Value (darkreading.com)

• Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ

• 73% brace for cyber security impact on business in the next year or two - Help Net Security

• Businesses overestimating their skills amid cyber security crisis, survey reveals (holyrood.com)

• Why your data isn’t as safe as you think and what it could cost you - IT Security Guru

• Unspoken Battle: Cyber Security Imperative For Protecting Executives (forbes.com)

• The Increasing Role Of Cyber Security Experts In Complex Legal Disputes | IMS Legal Strategies - JDSupra

• Businesses must prioritise prevention to lock out online threats (yahoo.com)

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• As Cyber Regulators Rush Toward New Rules, Shifting Foundations May Complicate Compliance | Wiley Rein LLP - JDSupra

• Lessons from the World's Costliest Corporate Cyber Attacks - Management Today

• Three trends set to drive cyber attacks in 2024 (networkingplus.co.uk)

• Why Cyber Security Is a Whole-of-Society Issue (darkreading.com)

• Instilling the Hacker Mindset Organisationwide (darkreading.com)

• How CISOs Can Make Cyber Security a Long-Term Priority for Boards (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Cyber security incidences surge in the UK financial services sector - Digital Journal

• Ransomware attacks rise by 46% in February 2024, finds NCC Group (securitybrief.co.nz)

• To Stay Ahead Of Ransomware Attacks, Businesses Need To Adopt An Offensive Security Mindset | IBTimes

• RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

• Lessons From the LockBit Takedown (darkreading.com)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption | Trend Micro (US)

• Trend Micro: LockBit ransomware gang's comeback is failing | TechTarget

• Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)

• Collaboration Needed to Fight Ransomware (darkreading.com)

Ransomware Victims

• Ransomware attacks ravaged municipal governments in March | TechTarget

• NHS Scotland confirms ransomware attackers leaked patients' data - Help Net Security

• Yacht retailer MarineMax discloses data breach after cyber attack (bleepingcomputer.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

• Ransomware gang leaks UK city council’s confidential files • The Register

• Omni Hotels confirms cyber attack behind ongoing IT outage (bleepingcomputer.com)

• World’s second-largest lens-maker blinded by cyber incident • The Register

Phishing & Email Based Attacks

• This new phishing attack targets iPhone and Android alike via RCS | TechRadar

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

• $1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)

• Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff – POLITICO

• Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)

• Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (thehackernews.com)

• Phishing Attacks Targeting Political Parties, Germany Warns (govinfosecurity.com)

• A phish by any other name should still not be clicked – Computerworld

• Google now blocks spoofed emails for better phishing protection (bleepingcomputer.com)

• New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (thehackernews.com)

• Microsoft Teams phishing attacks and how to prevent them | TechTarget

Artificial Intelligence

• Banks told to expand risk management to cover AI (finextra.com)

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• 22% of employees admit to breaching company rules with GenAI - Help Net Security

• The Danger Of Unmanaged AI In The Enterprise (forbes.com)

• 6 Prompts You Don't Want Employees Putting in Microsoft Copilot (bleepingcomputer.com)

• Microsoft Copilot Blocked on US Congress Devices Over Security Concerns | Cryptopolitan

• Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)

• Microsoft Announces New Safety System to Filter Malicious AI Output | Extremetech

• Microsoft GM on AI and elections: 'There will be fakes' • The Register

• Why AI forensics matters now - Help Net Security

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• More Than Half of Organisations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud (darkreading.com)

• The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)

• ‘Many-shot jailbreak’: lab reveals how AI safety features can be easily bypassed | Artificial intelligence (AI) | The Guardian

• Chinese hackers turn to AI to meddle in elections | CyberScoop

• Security and AI occupy SME thoughts | Microscope (computerweekly.com)

Malware

• Escalating malware tactics drive global cyber crime epidemic - Help Net Security

• Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)

• TheMoon Malware Rises Again with Malicious Botnet for Hire (darkreading.com)

• Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (thehackernews.com)

• Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (thehackernews.com)

• Botnets: The uninvited guests that just won’t leave | CSO Online

• Detecting Windows-based Malware Through Better Visibility (thehackernews.com)

• Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar

• Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (thehackernews.com)

• Europe subjected to Mispadu trojan attacks | SC Media (scmagazine.com)

• YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)

• The Biggest Takeaways from Recent Malware Attacks (bleepingcomputer.com)

• Thousands of Australian Businesses Targeted With RAT (darkreading.com)

• Cyber criminals are spreading malware through Facebook pages impersonating AI brands (therecord.media)

Mobile

• This new phishing attack targets iPhone and Android alike via RCS | TechRadar

• 2 wireless protocols expose mobile users to spying — the FCC wants to fix that - Nextgov/FCW

• This notorious Android banking trojan now lets hackers remotely control your phone — how to stay safe | Tom's Guide (tomsguide.com)

• Location tracking and the battle for digital privacy - Help Net Security

• How and why to enable Stolen Device Protection on your iPhone (idownloadblog.com)

• Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)

Denial of Service/DoS/DDOS

• New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (thehackernews.com)

Internet of Things – IoT

• Porsche Kills Two More Models Due to Cyber Security Regulations - autoevolution

• UK Encouraged to Prioritise Cyber Security with Electric Vehicle Charging Points - Electrical Times

Data Breaches/Leaks

• Researchers Report Sevenfold Increase in Data Theft Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Highly sensitive files mysteriously disappeared from EUROPOL headquarters (securityaffairs.com)

• Threat Actor Claims Classified Five Eyes Data Theft - Infosecurity Magazine (infosecurity-magazine.com)

• 17 Billion Personal Records Exposed in Data Breaches in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Almost 2.9M impacted by Harvard Pilgrim Health Care breach | SC Media (scmagazine.com)

• Hot Topic confirms multiple new cyber attacks — customer details and payment info exposed online | TechRadar

• Ivanti-linked breach of CISA potentially affected more than 100,000 individuals | CyberScoop

• Prudential Insurance says data of 36,000 exposed during February cyber attack (therecord.media)

• OWASP discloses a data breach (securityaffairs.com)

• Hotel Self Check-In Kiosks Exposed Room Access Codes - Security Week

• Nearly 1M medical records feared stolen from City of Hope • The Register

• SurveyLama data breach exposes info of 4.4 million users (bleepingcomputer.com)

• Cyber criminals steal data of around 700,000 Apotheka pharmacy customers | News | ERR

• PandaBuy data breach allegedly impacted +1.3M customers (securityaffairs.com)

• OWASP discloses breach due to a Wiki web server misconfig • The Register

• US cancer center data breach exposes info of 827,000 patients (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Escalating malware tactics drive global cyber crime epidemic - Help Net Security

• Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week

• Calls to Incident Response Helpline Double in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Rise of non-tech hackers: new era of cyber threats - VnExpress International

• India rescuing citizens forced into cyber fraud schemes in Cambodia | Reuters

• Cyber criminal adoption of browser fingerprinting - Help Net Security

• With just $700 and a Raspberry Pi — you too can become a cyber criminal | TechRadar

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX founder Sam Bankman-Fried sentenced to 25 years for crypto fraud (cnbc.com)

• $1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)

Insider Risk and Insider Threats

• Is the Human Factor Overlooked in Cyber Security? - Infosecurity Magazine (infosecurity-magazine.com)

• Human risk is the top cyber threat for IT teams - Help Net Security

• Instilling the Hacker Mindset Organisation wide (darkreading.com)

Insurance

• Can cyber insurance help secure business? | Mint (livemint.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

Supply Chain and Third Parties

• Thwarted supply-chain hack sets off alarm bells across DC - POLITICO

Cloud/SaaS

• How much does cloud-based identity expand your attack surface? - Help Net Security

• Who owns your data? SaaS contract security, privacy red flags | CSO Online

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

Identity and Access Management

• How much does cloud-based identity expand your attack surface? - Help Net Security

Linux and Open Source

• "We got lucky": What the XZ Utils backdoor says about the strength and insecurities of open source | ITPro

• New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking (thehackernews.com)

• Red Hat warns of backdoor in XZ tools used by most Linux distros (bleepingcomputer.com)

• A new XZ backdoor scanner will be able to safeguard any Linux binary from threats (msn.com)

• What we know about the xz Utils backdoor that almost infected the world | Ars Technica

• Malicious xz backdoor reveals fragility of open source • The Register

• Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)

• German state switches to LibreOffice, promises Windows move • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)

• American fast-fashion firm Hot Topic hit by credential stuffing attacks (securityaffairs.com)

Social Media

• Cyber criminals are spreading malware through Facebook pages impersonating AI brands (therecord.media)

• WhatsApp was down in Meta’s second big outage this year | TechCrunch

• YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar

• New Chrome feature aims to stop hackers from using stolen cookies (bleepingcomputer.com)

Training, Education and Awareness

• Human risk is the top cyber threat for IT teams - Help Net Security

• Instilling the Hacker Mindset Organisation wide (darkreading.com)

Regulations, Fines and Legislation

• Ransomware incidents reported to UK financial regulator have doubled - Digital Journal

• Financial cyber defence: gearing up for DORA (finextra.com)

• EU's reimagined NIS 2 cyber security vision to go live (electronicspecifier.com)

• Navigating Cyber Security and Data Privacy Regulations in the Insurance Industry | McGuireWoods LLP - JDSupra

• 6 business benefits of data protection and GDPR compliance | TechTarget

• Treasury accuses banks of 'insufficient data sharing' on fraud | American Banker

• A CISO's Guide to Materiality and Risk Determination (darkreading.com)

• NIS2 Requires Major Changes in EU SaaS Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

Models, Frameworks and Standards

• Using the NIST CSF for Strong Cyber Security Compliance | NAVEX - JDSupra

• NIST And CISA: 13 Must-Review Resources For SMBs (forbes.com)

• Are businesses prepared for the CSF 2.0 challenge? - Digital Journal

Backup and Recovery

• World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Data protection vs. data backup: How are they different? | TechTarget

Data Protection

• 3 Strategies to Future-Proof Data Privacy (darkreading.com)

• Navigating Cyber Security and Data Privacy Regulations in the Insurance Industry | McGuireWoods LLP - JDSupra

• 6 business benefits of data protection and GDPR compliance | TechTarget

• How to conduct a data privacy audit, step by step | TechTarget

• Data protection vs. data backup: How are they different? | TechTarget

Careers, Working in Cyber and Information Security

• The Complexity and Need to Manage Mental Well-Being in the Security Team - Security Week

• Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ

• Hardest Cyber Security Jobs to Fill in 2024 Techopedia

• Unlocking Cyber Security Success: The Importance of Certifications - ClearanceJobs

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• Are you okay? Understanding the world of a CISO | CSO Online

Misinformation, Disinformation and Propaganda

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• Microsoft GM on AI and elections: 'There will be fakes' • The Register

• How to Counter Disinformation Campaigns in Global Elections (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Wars prompt questions for facial recognition providers, and obscure the answers | Biometric Update

• UN Peace Operations Under Fire from State-Sponsored Hackers (darkreading.com)

Nation State Actors

China

• Chinese Spy Ops Attack 7 MSPs, Feds Allege | MSSP Alert

• UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal – POLITICO

• Pulling the Curtain Back on China’s Cyberespionage (informationweek.com)

• MPs challenge government claims China cyber attack was unsuccessful (ft.com)

• Chinese hackers turn to AI to meddle in elections | CyberScoop

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• OODA Loop - Government Agencies are in the Fight Against Chinese Human Targeting and Cyber Espionage. Will it be Enough?

• UK, Czech ministers among China’s hacking targets – POLITICO

• Security fears over supercomputer deal with Chinese firm Lenovo (thetimes.co.uk)

• Ministry of State Security releases bilingual report, urging Western forces to stop slandering and attacking China - China Military

Russia

• Ukraine gives award to foreign vigilantes for hacks on Russia - BBC News

• STA: Russian hackers take responsibility for cyber attack on Slovenia

• Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny | CNN Politics

• Russian network that 'paid European politicians' busted, authorities claim - BBC News

• Russia charges suspects behind theft of 160,000 credit cards (bleepingcomputer.com)

Iran

• Iran's Evolving Cyber Enabled Influence Operations to Support Hamas (darkreading.com)

• Satellite Cyber Security, Iran, and the Israel-Hamas War | Geopolitical Monitor

North Korea

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask | WIRED

Vulnerability Management

• Vulnerability database backlog due to increased volume, changes in 'support,' NIST says (therecord.media)

• CVE and NVD - A Weak and Fractured Source of Vulnerability Truth - Security Week

• Attack Surface Management vs. Vulnerability Management (thehackernews.com)

Vulnerabilities

• Are You Affected by the Backdoor in XZ Utils? (darkreading.com)

• Red Hat issues urgent alert for Fedora Linux users due to malicious code (betanews.com)

• Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)

• Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)

• Cisco addressed high-severity flaws in IOS and IOS XE software (securityaffairs.com)

• Ivanti commits to secure-by-design overhaul • The Register

• Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure (thehackernews.com)

• Apple GoFetch was caused by an obsession with speed • The Register

• Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! - Security Week

• Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (thehackernews.com)

• WiFi WPS vulnerability: disable it, or else | Cybernews

• Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems - Security Week

• Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)

• Splunk Patches Vulnerabilities in Enterprise Product - Security Week

• JetBrains fixes 26 'security problems,' offering no details • The Register

Tools and Controls

• RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• New XZ backdoor scanner detects implant in any Linux binary (bleepingcomputer.com)

• The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)

• How much does cloud-based identity expand your attack surface? - Help Net Security

• How Pentesting-as-a-Service can Reduce Overall Security Costs (bleepingcomputer.com)

• Building a cyber security risk assessment template - Security Boulevard

• Microsoft unveils safety and security tools for generative AI | InfoWorld

• The Biggest Mistake Security Teams Make When Buying Tools (darkreading.com)

• World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

• Can cyber insurance help secure business? | Mint (livemint.com)

• 71% Website Vulnerable: API Security Becomes Prime Target for Hackers - Security Boulevard

• Old Technology, New Tricks: Why DNS Is Still A Major Security Target (forbes.com)

• Cyber Risk Management: A Beginner's Guide - Security Boulevard

• Microsoft Entra Recommendations adds several more for better user security - Neowin

• A CISO's Guide to Materiality and Risk Determination (darkreading.com)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Attack Surface Management vs. Vulnerability Management (thehackernews.com)

• Why a Cloud Security Platform Approach is Critical | Trend Micro (US)

• The Importance Of Physical Cyber Security Testing (forbes.com)

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• Human risk is the top cyber threat for IT teams - Help Net Security

• Data protection vs. data backup: How are they different? | TechTarget

• What is Threat Management? - Security Boulevard

• SIEM Implementation: Strategies and Best Practices | MSSP Alert

• Is Windows Defender All the Antivirus Protection You Need? (makeuseof.com)

Other News

• Cyber Attacks Wreaking Physical Disruption on the Rise (darkreading.com)

• Cyber attacks on critical infrastructure show advanced tactics and new capabilities - Help Net Security

• Is your pension protected from cyber attacks? - CityAM

• Cyber Safety Review Board: Microsoft security culture 'inadequate' (geekwire.com)

• Microsoft slammed for lax infosec that led to Exchange crack • The Register

• Infosec professionals praise CSRB report on Microsoft breach | TechTarget

• 76% of consumers don't see themselves as cyber crime targets - Help Net Security

• Shielding the lifelines: Protecting energy and infrastructure from cyber threats (betanews.com)

• Cyber Security Statistics In 2024: Is Your Law Firm Protected? - Above the Law

• Sellafield nuclear waste dump faces prosecution over cyber security failures (bitdefender.com)

• Australia Doubles Down On Cyber Security After Attacks (darkreading.com)

• Furry Hackers Use Church's Money To Buy Inflatable Sea Lions (dailydot.com)

• Windows 10 Support Deadline: Your Guide to Extended Security Updates (ESU) (mspoweruser.com)

• Healthcare's cyber resilience under siege as attacks multiply - Help Net Security

• Rise of non-tech hackers: new era of cyber threats - VnExpress International

• Why Cultural Institutions Are Rich Targets for Cyber Attackers  (informationweek.com)

• 5 top OT threats and security challenges | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Protect Your Passwords, Warns Spy Chief, As Ransomware Cyber Attacks Double

Ransomware cyber attacks doubled in the past year, the chief of GCHQ has revealed - as he warned Britain must “pay attention” to attacks from China.

Sir Jeremy Fleming, director of the cyber spy agency, called for more action to "sort out" ransomware attacks across the UK, adding it was not "rocket science".

He said such attacks have doubled in the last year, with hackers using software to lock files on computers and stop victims from accessing their own data.

This essentially holds them hostage until the hackers receive payment and then give a decryption key to the victim, so they can regain access.

‘Criminals are making very good money from it’

Sir Jeremy said ransomware "just pays" and added that "criminals are making very good money from it and are often feeling that that's largely uncontested".

While cautious of “keeping up” with security challenges alongside European partners, he said the immediate priority was tackling “links between criminal and state actors” to defeat ransomware, which he said “is no mean feat in itself”. https://www.telegraph.co.uk/news/2021/10/25/ransomware-cyber-attacks-double-year-reveals-spy-chief/

Graff Multinational Jeweller Hit by Conti Gang. Data of its Rich Clients Are At Risk, Including Trump and Beckham, as the Gang Threaten to Release Private Details of World Leaders, Actors and Tycoons

The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff and asked the payment of a multi-million ransom to avoid leaking details of world leaders, actors and tycoons.

The customers of the company are the richest people on the globe, including Donald Trump, David Beckham, Tom Hanks, Samuel L Jackson, Alec Baldwin, and Sir Philip Green.

As proof of the hack, the group already published on its leak site files related to purchases made by David Beckham, Oprah, and Donald Trump.

The Conti gang has already leaked 69,000 confidential documents, leaked files include customer lists, invoices, receipts, and credit notes. https://securityaffairs.co/wordpress/123980/cyber-crime/conti-ransomware-graff-jeweller.html

Business Email Compromise (BEC) Costs UK Firms £140M Over Past Year

Reported business email compromise (BEC) incidents have hit 4600 cases over the past 12 months, costing individuals and businesses £138m in losses, according to new figures from the UK’s National Economic Crime Centre (NECC).

The government body is working with the National Crime Agency (NCA), City of London Police, banking group UK Finance and fraud prevention non-profit Cifas on a new campaign to raise awareness of the crime, also dubbed “mandate fraud” or “payment diversion fraud.”

It claimed that the average amount lost over those 4600 cases was £30,000, with criminals typically impersonating others and creating or amending invoices to trick victims into diverting money to accounts under their control. https://www.infosecurity-magazine.com/news/bec-costs-uk-firms-140m-past-year/

Ransomware: It's A 'Golden Era' For Cyber Criminals - And It Could Get Worse Before It Gets Better

Ransomware is the most significant cybersecurity threat facing organisations today as increasingly professional and sophisticated cyber criminals follow the money in order to maximise the profit from illicit campaigns.

ENISNA, the European Union Agency for Cybersecurity, has released the latest edition of the ENISA Threat Landscape (ETL) report, which analyses cyber-criminal activity between April 2020 and July 2021. It warns of a surge in cyber criminality, much of it driven by the monetisation of ransomware attacks.

Although the paper warns that many different cybersecurity threats are on the rise, ransomware represents the 'prime threat' faced by organisations today, with a 150% rise in ransomware attacks during the reporting period. And there are fears that despite the problem of ransomware attracting the attention of world leaders, the problem will get worse before it gets better. https://www.zdnet.com/article/ransomware-its-a-golden-era-for-cyber-criminals-and-it-could-get-worse-before-it-gets-better/

Despite Increased Cyber Threats, Many Organisations Have No Defence Plans In Place

98% of US executives report that their organisations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-US executives, according to a Deloitte survey.

Further, COVID-19 pandemic disruption led to increased cyber threats to US executives’ organisations (86%) at a considerably higher rate than non-US executives experienced (63%). Yet, 14% of US executives say their organisations have no cyber threat defence plans, a rate more than double that of non-US executives (6%).

The biggest fallout US execs report from cyber incidents or breaches at their organisations during the past year include operational disruption (28%), share price drop (24%), leadership change (23%), intellectual property theft (22%) and loss of customer trust (22%).

Increases in data management, perimeter and complexities (38%), inability to match rapid technology changes (35%) and a need for better prioritization of cyber risk across the enterprise (31%) all pose obstacles to US executives’ organisation-wide cybersecurity management programs.

“No CISO or CSO ever wants to tell organisational stakeholders that efforts to manage cyber risk aren’t keeping-up with the speed of digital transformations made, or bad actors’ improving tactics”. https://www.helpnetsecurity.com/2021/10/28/threat-defence-plans/

Serious Warning Issued For Millions Of Apple iPhone Users

While iPhone 13 sales continue to soar, iPhones owners have faced growing security threats, multiple App Store scams, potential privacy violations and zero day hacks. Now a shocking account of extreme iPhone hacking has been revealed.

In a remarkable report, New York Times senior reporter Ben Hubbard has revealed how his iPhone was hacked multiple times over a period of several years, and without any human interaction or knowledge the attacks were taking place. And the experience results in a stark warning: “the spyware used against me makes us all vulnerable”.

“It’s like being robbed by a ghost,” explains Hubbard, recounting the experience. “I didn’t even have to click on a link for my phone to be infected.” https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/

Ransomware Attacks Are Evolving. Your Security Strategy Should, Too

Ransomware is an intensifying problem for all organisations, and it’s only going to get worse. What started as a floppy disk-based attack with a $189 ransom demands has grown from a minor inconvenience for organisations into a multi-billion dollar cyber crime industry.

The organisational threat of these types of attacks goes well beyond encryption of sensitive or mission-critical data – for many companies, the thought of a breach and data becoming publicly available on the internet makes a high ransom seem worth it. No wonder ransomware is on the rise: Organisations pay an average of $220,298 and suffer 23 days of downtime following an attack. https://threatpost.com/ransomware-attacks-evolving-security-strategy/175835/

Solarwinds Hackers Are Targeting The Global IT Supply Chain, Microsoft Says

The Russian-linked hacking group that’s been blamed for an attack on the US government and a significant number of private US companies last year is targeting key players in the global technology supply chain, according to cybersecurity experts at Microsoft.

Nobelium, as the hacking group is known, is infamous for the SolarWinds hack.

On Monday, Tom Burt, Microsoft corporate vice president of customer security and trust, said Nobelium has “been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain.”

“This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers” https://www.cnbc.com/2021/10/25/solarwinds-hackers-targeting-global-it-supply-chain-microsoft-says.html

Defenders Worry Orgs Are More Vulnerable Than Last Year

Enterprise security defenders find themselves in a rough spot: The number of threats against their organisations is growing and that they're vulnerable to attacks. Data from Dark Reading's 2021 Strategic Security Survey suggest that even though most IT and security leaders are confident about the security defences they have implemented, they also believe their organisations are more vulnerable to attacks compared with a year ago.

The reasons for this pessimism vary. For 67% of respondents, the biggest concern lies in the fact that there are more attacks this year than there were last year. However, 56% say the increased sophistication of the threats they are facing is why their organisations are more vulnerable to compromise. Other reasons include the surge in ransomware attacks and shortage of skilled security professionals to detect and respond to threats. https://www.darkreading.com/edge-threat-monitor/defenders-worry-orgs-are-more-vulnerable-than-last-year

Threats

Ransomware

• These Companies Are Most at Risk for Ransomware Attacks | PCMag

• Ransomware: How Bad Is It Going To Get? - Help Net Security

• As Fewer Victims Pay Ransoms, Conti Gang Looks To Sell Victim Data | Sc Media (Scmagazine.Com)

• Europol Announces “Targeting” Of 12 Suspects In Ransomware Attacks – Naked Security (Sophos.Com)

• Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide (thehackernews.com)

• SEO Poisoning Used to Distribute Ransomware (darkreading.com)

• FBI Warns Of Ranzy Locker Ransomware Threat, As Over 30 Companies Hit (Tripwire.Com)

• Ransomware Has Disrupted Almost 1,000 Schools in the US This Year (vice.com)

• Chaos Ransomware Targets Gamers Via Fake Minecraft Alt Lists (Bleepingcomputer.Com)

Phishing

• These Phishing Emails Use QR Codes To Bypass Defences And Steal Microsoft 365 Usernames And Passwords | ZDNet

• Phishing as a Ransomware Precursor - MSP Insights - MSSP Alert

• Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam | Threatpost

Other Social Engineering

• How Deepfakes Enhance Social Engineering And Authentication Threats, And What To Do About It | CSO Online

Malware

• Squid Game Malware Might Be The Scariest Thing You See This Halloween | Techradar

• TA575 Criminal Group Using 'Squid Game' Lures For Dridex Malware | ZDNet

• Snake Malware Biting Hard On 50 Apps For Only $25 (Bleepingcomputer.Com)

• New WSlink Malware Loader Runs as a Server and Executes Modules in Memory (thehackernews.com)

Mobile

• 6 Ways Your Cell Phone Can Be Hacked—Are You Safe? (makeuseof.com)

• Millions Of Android Users Targeted In Subscription Fraud Campaign (Bleepingcomputer.Com)

• New AbstractEmu Malware Roots Android Devices, Evades Detection (Bleepingcomputer.Com)

IOT

• Cyber Criminals Take Aim at Connected Car Infrastructure (darkreading.com)

Vulnerabilities

• All Windows Versions Impacted By New LPE Zero-Day Vulnerability (Bleepingcomputer.Com)

• Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs (thehackernews.com)

• Adobe's Surprise Security Bulletin Dominated by Critical Patches | Threatpost

• WordPress Plugin Bug Lets Subscribers Wipe Sites | Threatpost

• Over 1 Million WordPress Sites Affected by OptinMonster Plugin Flaws - Security Affairs

• Cisco SD-WAN Flaw Could Lead To Arbitrary Code Execution, Patch It Now! Security Affairs

Data Breaches/Leaks

• Millions Of Healthcare Records Reportedly Exposed In Mega Data Breach | Techradar

• Location Data Collection Firm Admits Privacy Breach - BBC News

• HIV Scotland Reveals Patient-Advocates' Names In Email Fail • The Register

Organised Crime & Criminal Actors

• Suspected Trickbot Malware Developer Faces 60 Years in Jail - Infosecurity Magazine (infosecurity-magazine.com)

• Reading INTERPOL the African Cyberthreat Assessment Report 2021 - Security Affairs

Dark Web

• Police Arrest 150 Dark Web Vendors Of Illegal Drugs And Guns (Bleepingcomputer.Com)

Supply Chain

• The SolarWinds Hackers Are Looking for Their Next Big Score | WIRED

• North Korean Lazarus Attackers Turn to the IT Supply Chain | Threatpost

• 6 Eye-Opening Statistics About Software Supply Chain Security (darkreading.com)

Nation State Actors

• North Korea-linked Lazarus APT targets the IT supply chainSecurity Affairs

• Microsoft Says Russia Hacked At Least 14 IT Service Providers This Year - The Record By Recorded Future

Other News

• All Sectors Are Now Prey as Cyber Threats Expand Targeting | Threatpost

• Attack The Block – How A Security Researcher Cracked 70% Of Urban WiFi Networks In One Hit | The Daily Swig (Portswigger.Net)

• Microsoft Warns Over Uptick In Password Spraying Attacks | ZDNet

• Increased Risk Tolerances Are Making Digital Transformation Programs Vulnerable - Help Net Security

• MITRE and CISA Publish The 2021 List of Most Common Hardware Weaknesses - Security Affairs

• Enterprises Allocating More IT Dollars on Cybersecurity (darkreading.com)

• Cyber-Attack Hits UK Internet Phone Providers - BBC News

• Despite Spending Millions On Bot Mitigation, 64% Of Organisations Lost Revenue Due To Bot Attacks - Help Net Security

• Threat Actor Leaks Mercedes-Benz Platform’s Source Code | CyberNews

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise

In early May, global insurer AXA made a landmark policy decision: The company would stop reimbursing French companies for ransomware payments to cyber criminals. The decision, which reportedly came after French authorities questioned whether the practice had fuelled the current epidemic in ransomware attacks, may be just the beginning of a general retreat that will force companies to reconsider their attempts to outsource cyber-risk to insurance firms. Already, the massive damages from one damaging crypto worm, NotPetya, caused multiple lawsuits when insurers refused to pay out on cyber insurance claims.

https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109

Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack

The cyber attack on IT systems in the health service will cost it at least €100 million, according to chief executive Paul Reid. This is at the lower end of estimates of the total cost, he indicated, and includes the cost of restoring the network, upgrading systems to Microsoft 365 and the disruption caused to patients. Appointments for about 7,000 patients a day are being cancelled, almost two weeks after a criminal gang hacked the HSE systems. Mr Reid said the HSE was keen to see an independent and objective assessment of the cyber attack.

https://www.irishtimes.com/news/health/cyberattack-hse-faces-final-bill-of-at-least-100m-1.4577076

Ransomware: Dramatic Increase In Attacks Is Causing Harm On A Significant Scale

A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK's National Crime Agency (NCA) has warned. The NCA's annual National Strategic Assessment (NSA) of Serious and Organised Crime details how the overall threat from cyber crime has increased during the past year, with more severe and high-profile attacks against victims. Ransomware attacks have grown in frequency and impact over the course of the last year, to such an extent that they rank alongside other major crimes "causing harm to our citizens and communities on a significant scale," warns the report.

https://www.zdnet.com/article/ransomware-dramatic-increase-in-attacks-is-causing-harm-on-a-significant-scale/

Deepfakes Could Be The Next Big Security Threat To Businesses

An overwhelming majority of businesses say that manipulated online content and media such as deepfakes are a serious security risk to their organisation. Deepfakes have already been shown to pose a threat to people portrayed in the manipulated videos, and could have serious repercussions when the individual holds a position of importance, be it as a leader of a country, or a leader of an enterprise. Earlier in 2021, the FBI’s cyber division warned that deepfakes are a critical emerging threat that can be used in all manners of social engineering attacks including ones aimed at businesses.

https://www.techradar.com/news/deepfakes-could-be-the-next-big-security-threat-to-businesses

Ransomware: Two-Thirds Of Organisations Say They'll Take Action To Boost Their Defences

The severe disruption caused by the Colonial Pipeline ransomware attack has alerted organisations to the need to bolster their defences against cyber attacks – and two-thirds are set to take actions required to prevent them becoming another ransomware victim following the incident. The ransomware attack against Colonial Pipeline – one of the largest pipeline operators in the United States, providing almost half of the East Coast's fuel – caused disruption to operations and led to gas shortages, demonstrating how cyber attacks can have physical consequences.

https://www.zdnet.com/article/ransomware-two-thirds-of-organisations-say-theyll-take-action-to-boost-their-defences/

The 10 Most Dangerous Cyber Threat Actors

When hacking began many decades ago, it was mostly the work of enthusiasts fuelled by their passion for learning everything they could about computers and networks. Today, nation-state actors are developing increasingly sophisticated cyber espionage tools, while cyber criminals are cashing in millions of dollars targeting everything from Fortune 500 companies to hospitals. Cyber attacks have never been more complex, more profitable, and perhaps even more baffling. At times, drawing clear lines between different kinds of activities is a challenging task. Nation-states sometimes partner with each other for a common goal, and sometimes they even appear to be working in tandem with cyber criminal gangs.

https://www.csoonline.com/article/3619011/the-10-most-dangerous-cyber-threat-actors.html

Cyber Security Leaders Lacking Basic Cyber Hygiene

Constella Intelligence released the results of a survey that unlocks the behaviours and tendencies that characterize how vigilant organisations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge. The findings from the survey, which polled over 100 global cyber security leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications, revealed that 57% have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%).

https://www.helpnetsecurity.com/2021/05/26/cybersecurity-leaders-cyber-hygiene/

Watch Out: Crypto Jacking Is On The Rise Again

During the last year, though, malicious crypto mining has seen a resurgence, with NTT’s 2021 Global Threat Intelligence Report, published this month, revealing that crypto miners have now overtaken spyware as the world’s most common malware. Crypto miners, says NTT, made up 41% of all detected malware in 2020, and were most widely found in Europe, the Middle East, Africa, and the Americas. The most common coinminer variant was XMRig, which infects a user’s computer to mine Monero, accounting for 82% of all mining activity. Others included Crypto miner and XMR-Stack.

https://cybernews.com/security/watch-out-cryptojacking-is-on-the-rise-again/

Threats

Ransomware

• Ransomware Attacks Are Becoming More Common – How Do We Stop Them?

• Ryuk Ransomware Operators Shift Tactics To Target Victims

• Bose Confirms Ransomware Attack That Exposed Employee Data

• Russian To Be Deported After Failed Tesla Ransomware Plot

• Ransomware Attack Halts Child Protection Court Cases

• FBI Warns Of Conti Ransomware Attacks Against Healthcare Organisations

• HSE Cyber Attack Has Had ‘Devastating Impact’, Cancer Services Director Says

Phishing

• Financial Spear-Phishing Campaigns Pushing RATs

• This Massive Phishing Campaign Delivers Password-Stealing Malware Disguised As Ransomware

Other Social Engineering

• NatWest Launches 'Urgent' Crypto Currency Scam Alert

• Eight Men Arrested Over Royal Mail Delivery Scam Texts

• Fake Amazon Order Emails Lead To Vishing

Malware

• This Fake Streaming Service Will Spread Malware

• This Ransomware-Spreading Malware Botnet Just Will Not Go Away

Mobile

• New Malware Plunders Dutch Android Users’ Bank Accounts

IOT

• Hackers Can Use Smart Plugs To Break Into Your Home Network

Vulnerabilities

• VMware Sounds Ransomware Alarm Over Critical Severity Bug

• Trend Micro Bugs Threaten Home Network Security

• Digging Into A Ubiquiti Firmware Update Bug

• “Unpatchable” Vuln In Apple’s New MAC Chip – What You Need To Know

• PDF Feature ‘Certified’ Widely Vulnerable To Attack

• SonicWall urges customers to 'immediately' patch NSM On-Prem bug

• FBI Issues Warning About Fortinet Vulnerabilities After Apt Group Hacks Local Gov’t Office

• Restaurant Reservation System Patches Easy-To-Exploit XSS Bug

• Bluetooth Flaws Allow Attackers To Impersonate Legitimate Devices

Data Breaches

• UK Police Suffered Thousands Of Data Breaches In 2020

• Air India Cyber Attack: Personal Data Of Over 4.5 Million Passengers Leaked

Organised Crime & Criminal Actors

• ‘Privateer’ Threat Actors Emerge From Cyber Crime Swamp

Cryptocurrency

• Crypto Currency Crackdown Will not Stop Ransomware, CISA Official Says

• Watch Out: Crypto Jacking Is On The Rise Again

• Bitcoin Mine Found Stealing Electricity

Dark Web

• French Authorities Seize Their Third Dark Web Marketplace

OT, ICS, IIoT and SCADA

• Cyber Attacks On Operational Technology Are On The Rise

• UK Prepares For Ransomware Attacks On Pipelines

Nation State Actors

• Threat Actor ‘Agrius’ Emerges To Launch Wiper Attacks Against Israeli Targets

• Russian Group Behind SolarWinds Spy Campaign Conduct New Cyber Attacks

• Belgium Uproots Cyber Espionage Campaign With Suspected Ties To China

Privacy

• Employers Are Watching Remote Workers And They Are Monitoring These Activities

• GCHQ’s Mass Data Interception Violated Right To Privacy, Court Rules

• Amazon Devices Will Soon Automatically Share Your Internet With Neighbours

Reports Published in the Last Week

• Report: Cloud Security Breaches Surpass On-Prem Ones For The First Time

Other News

• Enemy Hackers Target NATO With Constant Cyber Attacks

• Security Is An Architectural Issue: Why The Principles Of Zero Trust And Least Privilege Matter So Much Right Now

• GDPR Is Being Used As A Bureaucratic Dodge To Avoid Public Scrutiny

• UK Universities To Be Offered Advice On National Security Threats

• How Hacking Became A Professional Service In Russia

• A Chinese Hacking Competition May Have Given Beijing New Ways To Spy On The Uyghurs

• 'Did Weak WiFi Password Lead The Police To Our Door?'

• How Much Economic Damage Would Be Done If A Cyber Attack Took Out The Internet?

• German Cyber Security Chief Fears Hackers Could Target Hospitals

• How The Post-Pandemic World Will Challenge CISOs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Two Thirds Of CISOs Across World Expect Damaging Cyber Attack In Next 12 Months

More than 1,000 CISOs around the world have expressed concerns about the security ramifications of the massive shift to remote work since the beginning of the pandemic. One hundred CISOs from the US, Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, and Singapore were interviewed for the report, with many highlighting significant problems in the current cyber security landscape.

https://www.zdnet.com/article/two-thirds-of-cisos-across-world-expect-damaging-cyberattack-in-next-12-months/

Ransomware: Don't Pay Up, It Just Shows Cyber Criminals That Attacks Work, Warns Home Secretary

For victims of ransomware attacks, paying the ransom does not guarantee that their network will be restored – and handing money to criminals only encourages them to try their luck infecting more companies with the file-encrypting malware. The impact of ransomware attacks continues to rise as cyber criminals encrypt networks, while also blackmailing victims with the prospect of stolen data being published, to generate as much money as possible from extortion.

https://www.zdnet.com/article/ransomware-dont-pay-the-ransom-it-just-encourage-cyber-criminals-that-attacks-work-warns-home-secretary/

The Most Significant Cyber Attacks From 2006-2020, By Country

Committing a cyber crime can have serious consequences. In the US, a cyber criminal can receive up to 20 years in prison for hacking into a government institution if it compromises national security. Yet, despite the consequences, cyber criminals continue to wreak havoc across the globe. But some countries seem to be targeted more than others. Using data from SpecOps Software, this graphic looks at the countries that have experienced the most significant cyber attacks over the last two decades.

https://www.visualcapitalist.com/cyber-attacks-worldwide-2006-2020/

The Shape Of Fraud And Cyber Crime: 10 Things We Learned From 2020

While it remains true that the older you are, the greater the financial loss, why would fraudsters target the young, who are arguably less well off? The answer lies in volume. Criminals have been offsetting higher monetary gain for higher attack rates, capitalising on the fact that the young are perhaps both more liberal with personal information (and privacy in general) and, at the same time, heavy digital users (social media, surveys, games, and so on). In fact, it is scary to see how much value the humble email address can have for criminals. We often forget that once obtained, it can be used further down the line to commit more fraud.

https://www.computerweekly.com/opinion/The-shape-of-fraud-and-cyber-crime-10-things-we-learned-from-2020

Is Third-Party Software Leaving You Vulnerable To Cyber Attacks?

When companies buy digital products, they expect them to be secure. In most cases, they do not test for vulnerabilities down the digital supply chain — and do not even have adequate processes or tools to do so. Hackers have taken note, and incidents of supply chain cyber attacks, which exploit weaknesses within the digital supply chain to break into organisations’ internal networks, are on the rise. As a result, there have been many headline incidents that not only bring shame to the companies involved, but rachet up the visibility of these threats to top executives who want to know their offerings are secure.

https://hbr.org/2021/05/is-third-party-software-leaving-you-vulnerable-to-cyberattacks

US Pipeline Ransomware Attack Serves As Fair Warning To Persistent Corporate Inertia Over Security

Organisations that continue to disregard the need to ensure they have adopted basic cyber security hygiene practices should be taken to task. This will be critical, especially as cyber criminals turn their attention to sectors where cyber threats can result in real-world risks, as demonstrated in the US Colonial Pipeline attack. In many of my conversations with cyber security experts, there is a shared sense of frustration that businesses still are failing to get some of the most basic things right. Default passwords are left unchanged, frontline staff and employees are still falling for common scams and phishing attacks, and major businesses think nothing of using technology that are decades old.

https://www.zdnet.com/article/us-pipeline-ransomware-attack-serves-as-fair-warning-to-persistent-corporate-inertia-over-security/

Ransomware Attackers Are Now Using Triple Extortion Tactics

The number of organisations affected by ransomware so far this year has more than doubled, compared with the same period in 2020, according to the report. Since April, Check Point researchers have observed an average of 1,000 organisations impacted by ransomware every week. For all of 2020, ransomware cost businesses worldwide around $20 billion, more than 75% higher than the amount in 2019. The healthcare sector has been seeing the highest volume of ransomware with around 109 attacks per organization each week. Amid news of a ransomware attack against gas pipeline company Colonial Pipeline, the utilities sector has experienced 59 attacks per organization per week. Organisations in the insurance and legal sector have been affected by 34 such attacks each week.

https://www.techrepublic.com/article/ransomware-attackers-are-now-using-triple-extortion-tactics/

AXA Pledges To Stop Reimbursing Ransom Payments For French Ransomware Victims

Insurance company AXA has revealed that, at the request of French government officials, it will end cyber insurance policies in France that pay ransomware victims back for ransoms paid out to cyber criminals. While unconfirmed, the Associated Press reported that the move was an industry first. AXA is one of the five biggest insurers in Europe and made the decision as ransomware attacks become a daily occurrence for organisations across the world.

https://www.zdnet.com/article/axa-pledges-to-stop-reimbursing-ransom-payments-for-french-ransomware-victims/

The Dystopic Future Of Cyber Security And The Importance Of Empowering CISOs

Over a decade ago, in 2007, the first iPhone was released and with it emerged an ecosystem of apps that continues to expand to this day. This was a watershed moment, not solely for the technology industry, but civilization. It was a catalyst for what was to come. Suddenly, every consumer could access the internet at a touch of a button, and the accumulation of their data by private companies began en masse. It was at this point that data was established as an increasingly valuable commodity, and in turn, became a heightened exploitation risk. It also instigated a wave of innovation that has yet to break and is only growing rapidly in pace. In this state, technology providers, users, and manufacturers get excited about new functionalities, new features, new developments, while little thought is given to the negative consequences that could arise as a result. Indeed, fear has no place in the state of innovation as it is this primal thinking that inhibits creativity.

https://www.infosecurity-magazine.com/blogs/the-dystopic-future-of/

Cyber Security Experts Warn Over Online Wine Scams

Online wine scams became a bigger threat as cyber criminals sought to take advantage of more people and businesses organising virtual drinks and ordering bottles on the internet in the wake of Covid-19 restrictions, suggests the report. So-called ‘phishing emails’ were a particular concern, according to findings published in April by US-based group Recorded Future in partnership with Area 1 Security. From January 2020 onwards, the authors found a significant rise in legitimate wine-themed web domain registrations using terms like Merlot, Pinot, Chardonnay or Vino.

https://www.decanter.com/wine-news/cyber-security-experts-warn-over-online-wine-scams-457647/

Threats

Ransomware

• New Ransomware: CISA Warns Over Fivehands File-Encrypting Malware Variant

• Energy Companies Are The Firms Most Likely To Pay Cyber Attack Ransoms

• A Student Pirating Software Led To A Full-Blown Ryuk Ransomware Attack

• MTR In Real Time: Pirates Pave Way For Ryuk Ransomware

• Ransomware Going For $4K On The Cyber Underground

• Foreign Secretary Issues Warning To Russia On Ransomware

• Anatomy Of A $2 Million Darkside Ransomware Breach

BEC

• Business Email Compromise Attack Targeted Dozens Of Orgs

Phishing

• Phishing Attacks Exploit Cognitive Biases, Research Finds

• AI Discovers A Complex Phishing Crypto Currency Scam Campaign

Other Social Engineering

• Coronavirus-Related Cyber Crime Contributes To 15-Fold Surge In Scam Takedowns

• She Responded To A Smishing Scam. Then The Spam Texts Got Worse.

Malware

• Emails Reveal 128 Million iOS Users Were Affected By ‘Xcodeghost’ Malware

Mobile

• A New Smishing Trojan Is Out And About

• New Android Malware Targeting Banks In Italy, Spain, Germany, Belgium, And The Netherlands

IOT

• How To Apply A Zero Trust Approach To Your IoT Solutions

• Troy Hunt At Black Hat Asia: ‘We’re Making It Very Difficult For People To Make Good Security Decisions’

Vulnerabilities

• Don’t Delay Installing Your Windows 10 May Patch Tuesday Update – It Fixes 3 Zero-Day Exploits

• Patch Adobe Reader Now Or Risk A Major Security Attack

• WiFi Vulnerability May Leave Millions Of Devices Open To 'Frag Attacks'

• Remote Mouse Mobile App Contains Raft Of Zero-Day RCE Vulnerabilities

• Lemon Duck Hacking Group Adopts Microsoft Exchange Server Vulnerabilities In New Attacks

Data Breaches

• Hackers release personal info of 22 DC Police officers

• Anatomy Of A $2 Million Darkside Ransomware Breach

Organised Crime & Criminal Actors

• Bulletproof Hosting Admins Plead Guilty To Running Cyber Crime Safe Haven

Supply Chain

• Rapid7 Source Code, Credentials Accessed In Codecov Supply-Chain Attack

Nation State Actors

• Russian Hackers Are Targeting These Vulnerabilities, So Patch Now

• NCSC Warns British Start-Ups Of Threat From Chinese And Russian Hackers

• NCSC, CISA publish new information on Russia’s Cozy Bear

Privacy

• Your Employer May Be Spying On You — Here Are 3 Ways To Stop It

Reports Published in the Last Week

• DDOS Attacks In Q1 2021

• Verizon 2021 Data Breach Investigations Report (DBIR)

Other News

• University Cancels Exams After Cyber Attack

• Your Old Mobile Phone Number Could Compromise Your Cyber Security

• Microsoft's New Security Feature Locks Hackers Out With GPS

• Biden Signs Executive Order Aiming To Prevent Future Cyber Security Disasters

• Cyber Security And Compliance For Healthcare Organizations

• Train Firm’s ‘Worker Bonus’ Email Is Actually Cyber Security Test

• Half Of Government Security Incidents Caused By Missing Patches

• 90% Of Security Leaders View Bot Management As A Top Priority

• 'Everyone Had To Rethink Security': What Microsoft Learned In Last Year

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.