Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 29 December 2023
Black Arrow Cyber Threat Intelligence Briefing 29 December 2023:
-UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions
-Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance
-The Most Popular Passwords of 2023 are Easy to Guess and Crack
-Dangerous Malware Pretends to be Some of Your Most Used Business Software
-MFA Helps You Stay Resilient, But Nothing is a Silver Bullet
-Ransomware Leak Site Victims Reached Record-High in November
-MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023
-Europol Warns 443 Online Shops Infected with Credit Card Stealers
-Physical Access Systems Open Door to IT Networks
-Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks
-Daily Malicious Files Rise to 411,000 a day in 2023
-Android Malware Actively Infecting Devices to Take Full Control
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions
The UK’s power network has long been an attractive target for enemies of the state and that remains true today. In fact, according to the UK Government, the risk of the whole country’s electricity system being shut down is growing. So are the dangers to citizens if it happens.
The UK’s National Risk Register, the official document assessing 89 different possible threats to the country, explains that a cyber attack on the National Grid could be launched by culprits “encrypting, stealing or destroying data upon which critical systems depend, or via disruption to operational systems”.
Source: [iNews]
Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance
Billions of people around the world are expected to go to the polls and vote in 2024, in what will be the most significant election year in recent memory, and cyber security and government officials have already warned about countries using technology to influence operations. This includes disinformation campaigns and hacking attempts. Officials have further warned that artificial intelligence will likely be used to fuel such campaigns.
Sources: [The Record] [Security Affairs]
The Most Popular Passwords of 2023 are Easy to Guess and Crack
NordPass released a list of the top 200 common passwords recently, which included “123456” and “admin” as the top two. Of particular note, the top 40 passwords were all deemed to take less than 12 seconds to crack, or could be determined by an actor with no knowledge of the password. Many people would argue that there are so many passwords needed these days that it becomes hard to remember, hence their choice of easier passwords, and often reusing or recycling them across multiple sites and services. The use of a password manager can greatly reduce this need, requiring the user to only remember one password whilst also allowing for more complex and harder to crack passwords.
Source: [gHacks]
Dangerous Malware Pretends to be Some of Your Most Used Business Software
Hackers are using an old form of banking malware, known as Carbanak, to launch damaging ransomware attacks. Hackers are using compromised websites to host the malware, impersonating popular business-related software such as HubSpot, Veeam, or Xero.
Source: [TechRadar]
MFA Helps You Stay Resilient, But Nothing is a Silver Bullet
Multi-factor authentication (MFA) is a great resource for improving your organisation’s cyber resilience, but no technology is 100% secure and the human element will nearly always remain. With notable security breaches bypassing MFA to compromise organisations including Uber, games company EA, and authentication business Okta, organisations need to be aware that it is a possibility. As such, organisations need to ensure they implement MFA effectively and educate their users in their implementation; even the strongest of controls are rendered useless if they can be bypassed with one social engineering phone call.
Source: [Help Net Security]
Ransomware Leak Site Victims Reached Record-High in November
Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39% increase from October and a 110% increase compared with November 2022. Further, this is the eleventh consecutive month in which there has been a year-on-year increase in ransomware victims, and the ninth with a victim count over 300.
Source: [Infosecurity Magazine]
MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023
2023 was a colossal year for data breaches, with the likes of MOVEit, Capita, Citrix, Royal Mail, MGM resorts and 3CX among some of the most significant victims. Such attacks have involved a number of vectors, such as file transfer vulnerabilities, social engineering, supply chain attacks and zero-day exploits. The result? Millions of people’s data compromised, and hundreds of millions paid out to attackers; the attack on MGM resorts alone is reported to have costed upwards of $100 million.
Source: [TechCrunch]
Europol Warns 443 Online Shops Infected with Credit Card Stealers
Europol has notified over 400 websites that their online shop had been hacked, with malicious scripts that steal card information from paying customers. The scripts are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses, which are then uploaded to an attacker. This information is then used, or sold on the dark web to be used. Unfortunately, some of these attacks can go undetected for weeks or even several months.
Source: [Bleeping Computer]
Physical Access Systems Open Door to IT Networks
Cyber attackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorised building access to sensitive locations, as well as breach internal IP networks directly from these systems, research has shown. At a recent leading security conference, analysts demonstrated this is an attack. Assets such as these can often be forgotten about and therefore omitted from protections, highlighting the need for organisations to have an up to date and accurate asset register.
Source: [Dark Reading]
Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks
Hacking can be sophisticated, but often it is not sophisticated at all. Some of the biggest hacks this year started with what seemed like an innocent phone call, but which in fact were fairly simple social engineering attacks. Additionally, hackers continued to target companies that failed to promptly update their systems, even after patches were released to fix critical vulnerabilities. The best first step to protect an organisation is to establish a culture of good cyber security hygiene across people, operations and technology.
Source: [Pymnts]
Daily Malicious Files Rise to 411,000 a day in 2023
Cyber criminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky. Malicious desktop files in particular rose by 53%. Cyber criminals favoured Microsoft Office services’ vulnerabilities, which represented 69% of all exploited vulnerabilities.
Source: [Infosecurity Magazine]
Android Malware Actively Infecting Devices to Take Full Control
Android Malware is actively being used to take control of devices for illicit purposes, such as stealing sensitive information and enabling remote attacks, and least 327,000 devices are reported to have been infected with such malware. Research has found that amongst the most targeted countries are the UK and US. Often, for the malware to work, users need to allow it access to information such as contacts, email. In some cases, the user would only be aware they have consented if they were to manually check the apps settings. For organisations, this can mean employees bringing personal or work phones into the corporate environment, with malware potentially along for the ride.
Source: [GBhackers]
Threats
Ransomware, Extortion and Destructive Attacks
Rethinking data security in the age of ransomware and AI - SiliconANGLE
Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)
Do the casino ransomware attacks make the case to pay? • The Register
Windows CLFS and five exploits used by ransomware operators | Securelist
Cyber crime experts reveal how to infiltrate ransomware gangs • The Register
How ransomware operators try to stay under the radar | Malwarebytes
How many times are you going to think about ransomware in 2024? (betanews.com)
Ransomware Victims
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Lockbit ransomware disrupts emergency care at German hospitals (bleepingcomputer.com)
Integris Health patients get extortion emails after cyber attack (bleepingcomputer.com)
Ransomware Group Claims 100 Gb of Data Stolen From Nissan Australia - Security Week
Indian IT services giant HCL Technologies hit by ransomware | TechRadar
LockBit gang claims to have breached accountancy firm Xeinadin (securityaffairs.com)
Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)
Australia’s Largest Auto Dealer Group Hit By Massive Cyber Attack | Carscoops
Artificial Intelligence
Elections 2024, Artificial Intelligence could upset world balances (securityaffairs.com)
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week
Rethinking data security in the age of ransomware and AI - SiliconANGLE
GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)
Why data, AI, and regulations top the threat list for 2024 - Help Net Security
5 Ways that AI Is Set To Transform Cyber Security (informationweek.com)
The Emerging Landscape of AI-Driven Cyber Security Threats: A Look Ahead - Security Week
Skynet Ahoy? What to Expect for Next-Gen AI Security Risks (darkreading.com)
2FA/MFA
Malware
Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)
Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware (thehackernews.com)
This growing malware threat actor is set to unleash a surge of attacks, experts warn | TechRadar
'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick (darkreading.com)
Microsoft disables MSIX protocol handler abused in malware attacks (bleepingcomputer.com)
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices (thehackernews.com)
Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)
Fake VPN Chrome extensions force-installed 1.5 million times (bleepingcomputer.com)
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)
New Rugmi Malware Loader Surges with Hundreds of Daily Detections (thehackernews.com)
Game mod on Steam breached to push password-stealing malware (bleepingcomputer.com)
How the new Instegogram threat creates liability for organisations | CSO Online
Mobile
TikTok makes users give iPhone passwords, reasons unclear (nypost.com)
Android Malware Actively Infecting Devices to Take Full Control (gbhackers.com)
Chameleon Android Malware Can Bypass Biometric Security - Security Week
SMS Scams Set to Peak on Saturday in UK - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Essential DDoS statistics for understanding attack impact - Help Net Security
How to Prepare for DDoS Attacks During Peak Business Times (darkreading.com)
In Cyber Security and Fashion, What's Old Is New Again (darkreading.com)
Internet of Things – IoT
Tech gifts you shouldn’t buy your family and friends for the holidays | TechCrunch
Physical Access Systems Open Door to IT Networks (darkreading.com)
Ho Ho Home For Christmas? Tips For Avoiding Tech Terrors This Festive Season - IT Security Guru
Data Breaches/Leaks
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Mortgage firm LoanCare warns 1.3 million people of data breach (bleepingcomputer.com)
Real estate agency exposes details of 690k customers (securityaffairs.com)
Insomniac Games Releases Statement Over Recent Cyber Attack - Gameranx
Ubisoft says it's investigating reports of a new security breach (bleepingcomputer.com)
Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)
Inmate, Staff Information Stolen in Rhode Island Prison Data Breach - Security Week
Mint Mobile discloses new data breach exposing customer data (bleepingcomputer.com)
Hackers steal customer data from Europe’s largest parking app operator | Hacking | The Guardian
Yakult Australia confirms 'cyber incident' after 95 GB data leak (bleepingcomputer.com)
CBS, Paramount owner National Amusements says it was hacked | TechCrunch
Panasonic discloses data breach after December 2022 cyber attack (bleepingcomputer.com)
Customers warned after major car dealership group Eagers Automotive hacked | The West Australian
Cyber Attacks Impacts Two Major Australian Companies Including Leaked Passports | The Epoch Times
Organised Crime & Criminal Actors
Simple Hacking Techniques Prove Successful in Cyber Attacks (pymnts.com)
Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch
Hacking or Social Engineering? What You Need to Know to Keep Yourself Safe | HackerNoon
3 Clues That Hackers May Know More About Your Business Than You Do | Inc.com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Hacking group Pink Drainer strikes again, pilfering $4.4M from just 1 victim (cointelegraph.com)
Supply Chain and Third Parties
Third-party issues disrupt 45% of firms despite cyber security spends (securitybrief.co.nz)
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Cloud/SaaS
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Data security and cost are key cloud adoption challenges for financial industry - Help Net Security
The Future of Hybrid Cloud: What to Expect in 2024 and Beyond (techtarget.com)
Encryption
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Linux and Open Source
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
The most popular passwords of 2023 are easy to guess and crack - gHacks Tech News
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week
Social Media
Regulations, Fines and Legislation
Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024 (darkreading.com)
Why data, AI, and regulations top the threat list for 2024 - Help Net Security
Europe classifies three adult sites as worthy of its toughest internet regulations • The Register
5 US cyber security compliance deadlines in 2024 | SC Media (scmagazine.com)
EU updates product liability regime to include software, Artificial Intelligence – EURACTIV.com
Models, Frameworks and Standards
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers (darkreading.com)
Top Tips from CISOs for CISOs - Infosecurity Magazine (infosecurity-magazine.com)
How leaders can look after information security professionals | ITPro
Building Mental Resilience: A CISO's Journey - GovInfoSecurity
What Does the Future Hold for Today’s Cyber Security Leaders? (huntress.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Ministers fear a cyber attack cutting all our electricity – this is why (inews.co.uk)
How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)
Nation State Actors
China
Russia
Ukrainian remote workers targeted in new espionage campaign (therecord.media)
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)
Russian firms subjected to new cyber espionage campaign | SC Media (scmagazine.com)
Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies (thehackernews.com)
Inside the World of Deep-Cover Russian Spies Who Are Infiltrating the West (businessinsider.com)
Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)
Iran
Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)
Israel and Iran are waging a cyber war in the shadows - opinion - The Jerusalem Post (jpost.com)
A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes
North Korea
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)
Kim Jong Un Expected To Conduct Military, Cyber Attacks During US Elections - Benzinga
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (securityaffairs.com)
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - Security Week
Google Releases Eighth Zero-Day Patch of 2023 for Chrome (darkreading.com)
Windows CLFS and five exploits used by ransomware operators | Securelist
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers (bleepingcomputer.com)
Tools and Controls
Physical Access Systems Open Door to IT Networks (darkreading.com)
Even cyber security pros don't fully trust AI just yet | TechRadar
GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)
Verification roadblocks cause frustration for digital nomads - Help Net Security
Strengthening Resilience: Navigating the Cyber Security Landscape (darkreading.com)
API security in 2024: Predictions and trends - Help Net Security
Other News
5 Things You Can Do Today to Prepare for 2024’s Security Threats (informationweek.com)
Pensions Regulator publishes updated cyber security guidance for trustees | Mayer Brown - JDSupra
All I really need to know about cyber security, I learned in kindergarten (venturebeat.com)
New insights into the global industrial cyber security landscape - Help Net Security
NASA Releases First Space Cyber Security Best Practices Guide (inforisktoday.com)
Unveiling the true cost of healthcare cyber security incidents - Help Net Security
Hackers see wealth of information to steal in kids' school records (cnbc.com)
A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes
How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)
Post-pandemic Cyber Security: Lessons from the global health crisis (att.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 November 2023
Black Arrow Cyber Threat Intelligence Briefing 24 November 2023:
-The Human Element- Cyber Security’s Great Challenge
-Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
-Despite Increasing Ransomware Attacks, Some Companies in Denial
-A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
-The True Cost of a Ransomware Attack
-Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
-Cyber Security Investment Involves More Than Just Technology
-Questions Leaders Must Ask Themselves on Security Culture
-There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
-Cyber Attack on British Library Highlights Lack of UK Resilience
-Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
-The Cyber Security Lawsuit Boards are Talking About
-UK and Republic of Korea Issue Warning About North Korea State-Linked Cyber Actors Attacking Software Supply Chains
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
The Human Element- Cyber Security’s Great Challenge
According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches involved a human element. It is important for organisations to understand that it is not simply malicious employees or employees falling for social engineering attacks; it includes things such as negligent, or intentional but not malicious actions. In fact, a recent separate report by Kaspersky found that 26% of incidents over the past two years involved the result of intentional security protocol violations; in comparison, external hacking attempts made up 20%.
Further, Kaspersky found 25% of incidents occurred due to neglecting system software or application updates, followed by 22% resulting from deliberate use of weak passwords or failing to change them promptly, and 18% from staff visiting unsecured websites. One potential cause for these incidents is a lack of training on why such protocols need to be followed.
Black Arrow provides live in person and online instructor lead cyber security training including Cyber Risk and Governance Workshops for Senior Leadership, and Awareness, Behaviour and Culture Training for employees and contractors.
Sources [Beta News] [ Infosecurity Magazine] [The Economic Times (indiatimes.com)]
Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
Small or large, no company is immune to a cyber attack and therefore good cyber hygiene is an imperative for all. Whilst large firms may already have more mature defences in place, smaller firms are definitely catching on to this, with 47% of respondents to a recent survey stating they were more worried about their organisation’s security posture now than compared to six months ago.
The survey found that ransomware (35%), software vulnerability exploits (28%) and using the same password across different applications (25%) were amongst the largest concerns. Interestingly, in a separate report, 44% of incidents were found to lack any element of malware, indicating that attackers are moving beyond traditional methods. The same report found 65% of cases included remote monitoring and management tools as the vector for initial access, something a number of organisations do not secure.
Business email compromise (BEC) attacks are also a key concern for businesses of all sizes but can be especially damaging to smaller organisations for whom the financial loss can be devastating.
Sources [Computer Weekly] [Beta News] [Beta News]
Despite Increasing Ransomware Attacks, Some Companies are in Denial
A recent study has highlighted a contradiction in the way organisations perceive ransomware threats. Although many do not consider themselves likely targets, they are, nevertheless, bolstering their security measures, expanding their teams, and fortifying cyber defences, acknowledging the risks despite their assumed invulnerability.
Simultaneously, ransomware tactics are undergoing significant changes. The past three quarters have seen a marked increase in double-extortion attacks, with data leaks from these incidents rising by 50% compared to the previous year. This trend is predominantly driven by a few active groups, some newly emerged this year, amplifying the threat landscape.
In a tactical shift, the ransomware group ALPHV, also known as Blackcat, has lodged a formal complaint with the US Securities and Exchange Commission (SEC) against a victim for failing to comply with new disclosure regulations. Meanwhile, LockBit, infamous for attacks on high-profile targets, is modifying its extortion tactics due to lower-than-anticipated ransom returns. These developments point to an evolving and adaptive ransomware environment.
Sources: [Dark Reading] [SC Media] [Insurance Journal] [MSSP Alert] [Security Brief]
A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
It is reported that 2,620 organisations and more than 77 million individuals have been impacted to date by the MOVEit supply chain ransomware attack, with millions in the past week alone having received notifications that their information had either been accessed, leaked, or both.
In a survey involving directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, it was found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious. This anxiety translated into action, with 42% of respondents investing more into backup and recovery, and 29% tweaking existing cyber strategies. 29% had taken the decision to amend their existing cyber strategies. Staff training was also found to rise, with 42% looking to spend on skills development and 40% upping their investment in training.
Sources: [The Register] [Computer Weekly]
The True Cost of a Ransomware Attack
While the demand is often financial, the impact and reach of ransomware goes far beyond the ransomware demand. Alongside the financial impact, comes the reputational impact, loss of customers, resources in returning to business as normal and time lost in recovery. For some companies, it can take months to return to where they were before and for others, it marks the end of their organisation.
For an attacker, it doesn’t matter. Their goal is not limited by the size or sector of an organisation and it is therefore imperative that every organisation is prepared for the event of an incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [ITPro]
Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
A recent study has exposed serious flaws in passwords on the internet, revealing that three out of four popular websites are compromising user security by not meeting basic password standards. The study examined 20,000 websites, finding many allowed simple passwords, didn’t block common ones and adhered to outdated complexity requirements. It was found that over half the websites accept passwords of six characters or fewer, with 75% not requiring the advised minimum of eight characters, and 30% not supporting spaces or special characters. The study showcases the gap in security measures implementation across the web and emphasises the importance of ongoing improvement in web security standards.
The problem is further exacerbated by employees using work email for non-work approved websites and reusing the same passwords, meaning any breach of a compromised site hands the user’s credentials to an attacker. Further, many organisations are not even aware this is going on.
Source: [TechXplore]
Cyber Security Investment Involves More Than Just Technology
C-suite business leaders and senior IT professionals within large organisations, found that the top five cyber security investment areas were technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). suggesting an awareness that technology investments go hand-in-hand with investing in governance and personnel to effectively enable and manage the technology.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Dark Reading]
Questions Leaders Must Ask Themselves on Security Culture
In today's corporate landscape, there's a growing emphasis on the human aspect of cyber security, with Stanford University research indicating that about 88% of data breaches result from employee errors. Companies are now focusing on enhancing security awareness through marketing campaigns and integrating cyber security performance into job reviews. This shift acknowledges that as technological defences evolve, cyber attackers increasingly exploit human vulnerabilities, as evidenced by major ransomware incidents like those impacting Colonial Pipeline and JBS Foods.
Developing a strong security culture is essential, by complementing robust policies with ingraining security-minded beliefs and behaviours in employees. Key to this is the role of leadership in embedding and continuously assessing this culture. This involves evaluating training effectiveness, reporting mechanisms, proactive security approaches, and the impact of security initiatives, while also considering the complexity of human behaviour and the example set by top management. Emphasising these aspects is crucial for maintaining a secure and resilient organisational environment, and in so doing protecting an organisation's reputation and financial integrity.
Source: [AT&T]
There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
The convergence of organised crime, financial crime, and nation-state crime is a growing concern in today’s interconnected world. This crossover, driven by the digital revolution, globalisation, economic factors, and state fragility, is reshaping the global criminal landscape. Organised crime syndicates, traditionally involved in activities like drug trafficking and extortion, are now branching out into financial crimes, offering higher profits with lower risks.
Financial crime, once the domain of individual fraudsters and white-collar criminals, has become a lucrative venture for organised crime groups. They exploit the global financial system to launder proceeds of crime, finance their operations, and evade law enforcement. Nation-state crime, involving state-sponsored or state-condoned criminal activities, often overlaps with organised and financial crime. Some governments turn a blind eye to these activities, while others actively support them for political, economic, or strategic reasons.
Sources: [The Currency]
Cyber Attack on British Library Highlights Lack of UK Resilience
A recent ransomware attack on the British Library has spotlighted the vulnerabilities in the UK's public sector IT infrastructure, amid rising state-backed cyber attacks. This major incident, which caused a significant technical outage at the library, underscores the concerns of cyber intelligence experts about the government's inadequate investment in cyber resilience in critical areas like education, healthcare, and local government. The hacking group Rhysida, targeting essential infrastructure, claimed responsibility and auctioned stolen data, including British Library employees’ passports, for 20 bitcoin (approximately £600,000).
The attack on the British Library, a key public service institution, highlights the escalating threat of ransomware attacks and their potential exploitation by state actors. The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in cyber attacks in 2023, with incidents more than doubling compared to the previous year. In response, the UK government, which had already allocated £2.6bn for cyber security improvements and IT system updates, is actively assessing the situation with the support of the National Protective Security Authority.
Source: [FT]
Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
The European Union (EU) is seeking to improve cyber resilience across all member states by bringing in two new regulations: the Digital Operational Resilience Act (DORA), which focuses on financial services companies, and its counterpart the Network and Information Systems Directive (NIS2). The effects of the two regulations are likely to be wider reaching, bringing in more stringent processes and controls and redefining service provision to organisations.
With NIS2 coming into effect in October 2024, the mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.
Many organisations supplying services to firms that fall under DORA and NIS2 will themselves be subject to the full force of the regulations, with many of these suppliers, including IT providers, unaware that this will have far reaching ramifications for them and their ability to continue to provide these services.
Sources: [Help Net Security] [Help Net Security]
The Cyber Security Lawsuit Boards are Talking About
For the last month, an under-the-radar lawsuit has privately been a hot topic of conversation in boardrooms and corporate security departments alike. The lawsuit involved the Securities and Exchange Commission (SEC) accusing SolarWinds and their CISO of fraud. SolarWinds, like many organisations, had disclosed some facts, however what was reported was not sufficient to satisfy the regulator. The lawsuit is the first in which the SEC has charged a company with intentional fraud related to cyber security disclosures and it paints a picture for the wider movement of the cyber landscape. Whilst the SEC is US based you can expect regulatory counterparts in other jurisdictions globally to follow suit.
Source: [The New York Times]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
Why boards must prioritize cyber security expertise - Help Net Security4 data loss examples keeping backup admins up at night | TechTarget
Companies step up investment in ransomware protection (betanews.com)
CISOs can marry security and business success - Help Net Security
7 must-ask questions for leaders on security culture (att.com)
The human element -- cyber security's greatest challenge (betanews.com)
Why good cyber hygiene is a strategic imperative for UK SMEs (betanews.com)
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Cyber security Investment Involves More Than Just Technology (darkreading.com)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
Only 9% of IT budgets are dedicated to security - Help Net Security
Why transparency and accountability are important in cyber security | Computer Weekly
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Internal audit leaders are wary of key tech investments - Help Net Security
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
Stressed staff put enterprises at risk of cyber attack (betanews.com)
Threats
Ransomware, Extortion and Destructive Attacks
2023 ransomware statistics: Number of double-extortion attacks skyrocket | SC Media (scmagazine.com)
More than money: The true cost of a ransomware attack | ITPro
Despite Increasing Ransomware Attacks, Some Companies In Denial | MSSP Alert
Ransomware attacks doubIe in two years says Akamai Technologies report (securitybrief.co.nz)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Companies step up investment in ransomware protection (betanews.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money (insurancejournal.com)
The shifting sands of the war against cyber extortion - Help Net Security
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Play Ransomware Goes Commercial - Now Offered as a Service to Cyber criminals (thehackernews.com)
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Ransomware groups rack up victims among corporate America | CyberScoop
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
Paying ransom for data stolen in cyber attack bankrolls further crime, experts caution | CBC Radio
UK signs joint statement against ransomware payments - “New norm” or status quo? - Lexology
Capita to axe up to 900 jobs as it battles to recover from Russian cyber attack (telegraph.co.uk)
Schools Look to Improve Cyber security, but Many Vulnerable to Ransomware (insurancejournal.com)
4 Ways Fintech Companies Can Protect Themselves from Ransomware (financemagnates.com)
Cyber security should not be a gamble: Latest data breach hits major casino - Digital Journal
Ransomware Victims
Royal Mail spent £10 million recovering from LockBit breach - Tech Monitor
British Library staff passports leaked online as hackers demand £600,000 (telegraph.co.uk)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Allen & Overy Given 5 Days to Meet Hackers’ Demands: Expert Q&A | Law.com International
London & Zurich ransomware attack causes customer chaos • The Register
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack - SecurityWeek
Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company - Bloomberg
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Clorox Scapegoats Cyber Chief, Rewards Board After Crisis (forbes.com)
Fortune 500 insurance and mortgage firm FNF shuts down network following cyber attack | TechRadar
Yamaha Motor confirms ransomware attack on Philippines subsidiary (bleepingcomputer.com)
St Helens Council suspected cyber attack caused significant disruption - BBC News
Western Isles Council backup systems 'inaccessible' following cyber attack | STV News
Auto parts giant AutoZone warns of MOVEit data breach (bleepingcomputer.com)
BlackCat claims attack on Fidelity National Financial • The Register
Phishing & Email Based Attacks
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
More Than 50% of Online Retailers Not Blocking Fraudulent Emails | MSSP Alert
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
The Most Common Indicators of a Phishing Attempt (With Screenshots) | HackerNoon
Artificial Intelligence
Cyber threats reached a new high this year, with AI playing a major role | TechRadar
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
IT Pros Worry That Generative AI Will Be a Major Driver of Cyber security Threats (darkreading.com)
Smaller businesses embrace GenAI, overlook security measures - Help Net Security
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
OII | Large Language Models pose risk to science with false answers, says Oxford study
Malware
5 Of The Most Common Ways Malware Is Spread (And How To Stay Protected) (slashgear.com)
Report finds malware is no longer the biggest cyberthreat to smaller businesses - SiliconANGLE
Over half of SME cyber incidents now ‘malware-free’ | Computer Weekly
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
Mirai malware infects routers and cameras for new botnet • The Register
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (bleepingcomputer.com)
Malware Uses Trigonometry to Track Mouse Strokes (darkreading.com)
Atomic Stealer Malware is tricking Mac users with fake browser updates - gHacks Tech News
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
DarkGate and Pikabot malware emerge as Qakbot’s successors (bleepingcomputer.com)
How Ducktail steals Facebook accounts | Kaspersky official blog
Cyber criminals turn to ready-made bots for quick attacks - Help Net Security
3 Ways to Stop Unauthorized Code From Running in Your Network (darkreading.com)
New botnet malware exploits two zero-days to infect NVRs and routers (bleepingcomputer.com)
Mobile
FCC Tightens Telco Rules to Combat SIM-Swapping - SecurityWeek
Inside Apple’s Secretive War to Protect iPhones from Hacking • iPhone in Canada Blog
Cyber criminals Are Targeting App Beta-Testing, and This Is What to Look Out For (makeuseof.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
4 data loss examples keeping backup admins up at night | TechTarget
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
Canadian government discloses data breach after contractor hacks (bleepingcomputer.com)
US Cyber security Lab Suffers Major Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hacktivists breach US nuclear research lab, steal employee data (bleepingcomputer.com)
Welltok data breach exposes data of 8.5 million US patients (bleepingcomputer.com)
Cyber attackers leaked data of 27,000 NYC Bar Association membersers (therecord.media)
Enterprise software provider TmaxSoft leaks 2TB of data (securityaffairs.com)
Sumo Logic says customer data untouched during breach • The Register
Organised Crime & Criminal Actors
Indian Hack-for-Hire Group Targeted US, China, and More for Over 10 Years (thehackernews.com)
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyber attacks (darkreading.com)
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Outsmarting cyber criminals is becoming a hard thing to do - Help Net Security
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Supply Chain and Third Parties
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
Three Questions To Ask Third-Party Vendors About Cyber security Risk (forbes.com)
Cloud/SaaS
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Navigating the complexities of cyber security in a SaaS-dominated era (securitybrief.co.nz)
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your password hygiene remains atrocious, says NordPass • The Register
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Social Media
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
UK watchdog threatens enforcement action over ad cookies • The Register
Models, Frameworks and Standards
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
Understanding the UK government’s new cyber security regime, GovAssure - IT Security Guru
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
US cyber cops trace and return nearly $9M stolen by scammers • The Register
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Why cyber war readiness is critical for democracies - Help Net Security
Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape (inforisktoday.com)
Nation State Actors
China
Russia
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
Almost 4,000 cyber attacks on Ukraine detected – US Treasury Department | Ukrainska Pravda
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Potential cyberespionage campaign against Ukraine involves Remcos tool | SC Media (scmagazine.com)
Iran
Possible Iranian Group Behind 'Flood' of New Cyber attacks in Israel - Bloomberg
Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online
North Korea
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers (darkreading.com)
Hackers pose as officials to steal secrets and cryptocurrency for North Korea (bitdefender.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Citrix Bleed WFH Hack and Exploit: News on Data Loss Flaw - Bloomberg
Citrix warns admins to kill NetScaler user sessions to block hackers (bleepingcomputer.com)
Hackers Exploiting Windows SmartScreen Zero-day Vulnerability (cybersecuritynews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
CISA warns of actively exploited Windows, Sophos, and Oracle bugs (bleepingcomputer.com)
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
A critical OS command injection flaw affects Fortinet FortiSIEM (securityaffairs.com)
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Splunk RCE Vulnerability Let Attackers Upload Malicious File (cybersecuritynews.com)
Tools and Controls
Only 9% of IT budgets are dedicated to security - Help Net Security
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Cyber attack on British Library raises concerns over lack of UK resilience (ft.com)
Companies step up investment in ransomware protection (betanews.com)
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
The 7 Deadly Sins of Security Awareness Training (darkreading.com)
Identity And Access Management: 18 Important Trends And Considerations
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
MFA under fire, attackers undermine trust in security measures - Help Net Security
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login (thehackernews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
Detection & Response That Scales: A 4-Pronged Approach (darkreading.com)
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
6 Steps to Accelerate Cyber security Incident Response (thehackernews.com)
The CISO view: Navigating the promise and pitfalls of cyber security automation (betanews.com)
Other News
Why Defenders Should Embrace a Hacker Mindset (thehackernews.com)
Hackers are taking over planes’ GPS — experts are lost on how to fix it (nypost.com)
UK proposes 'super-complaints' to help keep internet safe • The Register
Consumers plan to be more consistent with their security in 2024 - Help Net Security
Security trends public sector leaders are watching | CyberScoop
Even gas pumps aren't safe from cyber attacks at the moment | TechRadar
Scottish cyber security organisation calls for greater awareness of rising threat - Business Insider
The US government wants to offer better cyber security to major infrastructure firms | TechRadar
The retail sector is under threat from… Gmail, WhatsApp and Google Drive? | TechRadar
Sekoia: Latest in the Financial Sector Cyber Threat Landscape (techrepublic.com)
Shields Ready: Critical Infrastructure Security and Resilience
Crimeware and financial cyberthreat predictions for 2024 | Securelist
Terrorism, cyber attacks main Paris 2024 threats as security plan finalised | Reuters
Read again: Decoding cyber security, safeguarding educational institutions | Edexec
What direction for the EU Cyber security Competence Centre? – EURACTIV.com
Unveiling the Most Common Cyber Threats in Retail – International Supermarket News
Mideast Oil & Gas Facilities Could Face Cyber Related Energy Disruptions (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 September 2023
Black Arrow Cyber Threat Intelligence Briefing 22 September 2023:
-New Ransomware Victims Surge by 47% as Small Businesses Targeted
-MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards
-SMEs Overestimate Their Cyber Security Preparedness
-China’s Hacking Power Bigger Than Rest of World Combined
-Cyber Insurance Claims for Ransomware Reach Record High
-Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives
-Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats
-Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company
-Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them
-Half of Executives Expect Supply Chain Challenges
-How Social Engineering Takes Advantage of Your Kindness
-Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
New Ransomware Victims Surge by 47% as Small Businesses Targeted
Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.
Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.
Source [Infosecurity Magazine]
MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards
The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.
The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens.
Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]
SMEs Overestimate Their Cyber Security Preparedness
According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.
The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Helpnet Security] [Security Magazine]
China’s Hacking Power Bigger Than Rest of World Combined
In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.
This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.
Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]
Cyber Insurance Claims for Ransomware Reach Record High
A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.
The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.
Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]
Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives
Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).
C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.
This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.
Sources: [MSSP Alert] [Tech Radar]
Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats
Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.
One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.
Source: [Synack]
Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company
A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.
The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?
Sources [PC Mag]
Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them
With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.
The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.
Sources: [Computer Weekly] [CSO Online]
Half of Executives Expect Supply Chain Challenges
With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.
One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.
Sources [PRnewswire] [SiliconANGLE]
How Social Engineering Takes Advantage of Your Kindness
Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.
Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.
Source: [Engadget]
Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually
A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.
Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.
Source: [Information Security Buzz]
Governance, Risk and Compliance
Cyber security still remains the greatest concern for many executives | TechRadar
Cyber attacks are constant and test even the best | Newsroom
Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)
SMEs overestimate their cyber security preparedness - Help Net Security
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)
Organisations failing to proactively address insider cyber risk | Computer Weekly
Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)
Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert
Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)
How to Get Your Board on Board With Cyber security (darkreading.com)
Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security
Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)
Balancing budget and system security: Approaches to risk tolerance - Help Net Security
Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)
Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Poor digital experience a blocker for cyber resilience | Computer Weekly
What is Governance, Risk and Compliance (GRC)? | TechTarget Definition
How to prevent and prepare for a cyber catastrophe (securityintelligence.com)
2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)
Why more security doesn’t mean more effective compliance - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com
Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)
‘Top’ ransomware gangs favour smaller businesses | Computer Weekly
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
Ransomware group's evolving tactics pose growing threat - Nextgov/FCW
Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog
Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian
NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)
Scattered Spider, Alphv, and the MGM hack, explained - The Hustle
Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)
What is Extortionware? How is it Different from Ransomware? (techtarget.com)
Ransomware cyber insurance claims rose by 27% | Security Magazine
Cyber insurance claims for ransomware reach record high (betanews.com)
Ransomware gang targeting defence firms, FBI warns - Defence One
Scattered Spider snares 100+ victims, moves into ransomware • The Register
BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)
FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)
Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week
Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)
Ransomware vs. resources: A higher education dilemma - eCampus News
Ransomware Victims
Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters
Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)
Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k
Clorox products in short supply after cyber attack disrupts operations | CNN Business
Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel
UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)
UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)
Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)
Major trucking software provider confirms ransomware incident (therecord.media)
Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)
Phishing & Email Based Attacks
HR phishing: self-evaluation questionnaire | Kaspersky official blog
Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)
How social engineering takes advantage of your kindness (engadget.com)
Artificial Intelligence
Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag
NSA Report: Deepfakes Threaten National Security | MSSP Alert
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)
Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)
Companies still don’t know how to handle generative AI risks - Help Net Security
85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)
McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)
Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)
2FA/MFA
Malware
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)
Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog
macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)
A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar
New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)
Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)
Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)
P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)
‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Mobile
Dangerous permissions detected in top Android health apps (securityaffairs.com)
Android security updates: Everything you need to know | Android Central
Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)
APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)
Botnets
Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)
P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)
No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)
Data Breaches/Leaks
Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)
Police data breach: 20,000 data points 'at risk' (computing.co.uk)
CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)
Pizza Hut Australia hack: data breach exposes customer information and order details | Australia
Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)
T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK
TransUnion says dump of customer data came from third party • The Register
US govt IT worker accused of leaking top secrets • The Register
Organised Crime & Criminal Actors
Europol lifts the lid on cyber crime tactics (malwarebytes.com)
One of the FBI’s most wanted hackers is trolling the US government | TechCrunch
India's biggest tech centres named as cyber crime hotspots • The Register
Scattered Spider snares 100+ victims, moves into ransomware • The Register
Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)
Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News
How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto
Insider Risk and Insider Threats
Organisations failing to proactively address insider cyber risk | Computer Weekly
HR’s role in cyber security and insider threat mitigation - Hindustan Times
Fraud, Scams & Financial Crime
Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News
How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto
Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)
Court sentences pair for India-based robocall scam • The Register
Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK
Singapore to detail fraud liability split for bank & victim • The Register
Deepfakes
Insurance
Cyber insurance claims for ransomware reach record high (betanews.com)
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
Ransomware cyber insurance claims rose by 27% | Security Magazine
Dark Web
Supply Chain and Third Parties
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)
Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)
Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)
How cyber attacks on Taiwan are hurting global business - Raconteur
Software Supply Chain
Cloud/SaaS
Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)
IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World
Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)
Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)
Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
EU's quest to fix the internet could become a privacy nightmare | TechRadar
UK Minister Warns Meta Over End-to-End Encryption - Security Week
Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)
Open Source
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica
New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)
Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)
Social Media
TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)
APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)
Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)
UK Minister Warns Meta Over End-to-End Encryption - Security Week
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK Minister Warns Meta Over End-to-End Encryption - Security Week
EU's quest to fix the internet could become a privacy nightmare | TechRadar
TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)
California Settles With Google Over Location Privacy Practices for $93 Million - Security Week
Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Models, Frameworks and Standards
How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)
How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)
Data Protection
Careers, Working in Cyber and Information Security
Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
IT pros told to accept burnout as normal part of their job - Help Net Security
Wanted: another 3mn cyber professionals | Financial Times (ft.com)
Law Enforcement Action and Take Downs
How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)
Court sentences pair for India-based robocall scam • The Register
Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)
Privacy, Surveillance and Mass Monitoring
California Settles With Google Over Location Privacy Practices for $93 Million - Security Week
TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent
EU's quest to fix the internet could become a privacy nightmare | TechRadar
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)
International Criminal Court hacked amid Russia probe • The Register
Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
One of the FBI’s most wanted hackers is trolling the US government | TechCrunch
Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)
Russian allegedly smuggled US weapons electronics to Moscow • The Register
China
China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)
FBI chief says China has bigger hacking program than the competition combined | Reuters
EU warns China on Ukraine disinformation and cyber attacks – POLITICO
Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED
Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica
Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar
Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)
Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)
How cyber attacks on Taiwan are hurting global business - Raconteur
DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)
Iran
Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)
Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)
North Korea
Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)
How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)
Misc Nation State/Cyber Warfare
Vulnerability Management
KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned | CISA
Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)
How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)
Vulnerabilities
Fortinet Releases Security Updates for Multiple Products | CISA
Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security
iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac
If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar
GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)
Microsoft releases firmware update for all Surface devices | TechSpot
Tools and Controls
Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)
Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)
Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)
Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)
Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security
Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)
Shadow IT: Security policies may be a problem - Help Net Security
Balancing budget and system security: Approaches to risk tolerance - Help Net Security
How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)
How Choosing Authentication Is a Business-Critical Decision (darkreading.com)
Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Reports Published in the Last Week
Other News
Why automakers are worried your car is the next target for cyber attacks - CityAM
Consumers are being bombarded with billions of threats every year | TechRadar
Bad torts: Law firms feel the heat from rising cyber threats (synack.com)
SME Cyber Security – Time for a New Approach? - IT Security Guru
Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)
Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online
Home Office sets up cyber security for Emergency Services Network | UKAuthority
Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)
Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)
Cyber on the battlefield is about more than IT - Nextgov/FCW
Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week
Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week
Singapore's retail banks take steps to enhance cyber security (finextra.com)
Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)
Strong compliance management is crucial for fintech-bank partnerships - Help Net Security
Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)
Dairy industry teams with cyber security group to beef up defences | Food Dive
Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)
GCHQ chief takes job in private security company | The Independent
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 August 2023
Black Arrow Cyber Threat Intelligence Briefing 25 August 2023:
-Cloud Hosting Firm Loses All Customer Data After Ransomware Attack
-Would You Infect Others to Rid Yourself of Ransomware?
-Artificial Intelligence and USBs Drive 8% Rise in Cyber Attacks
-Ransomware Attacks Broke Records in July, Mainly Driven By One Group
-Cyber Risk in The Boardroom
-Malware-Infected Advertising Grows Ever More Sophisticated, And More Damaging
-Cyber Security is Everyone’s Responsibility
-QR Code Hacks Are Another Thing to Worry About Now
-Security Basics Aren’t So Basic Anymore
-Apple MacOS Security Myths
-Security Leaders Report Misalignment of Investments and Risk Reduction
-Many CISOs Tout SaaS (Cloud) Cyber Security Confidence, but 79% Admit to SaaS Incidents, New Report Finds
-If You Ever Used Duolingo, Watch Out for Phishing Email
-91% of Security and IT Professionals Agree Cyber Criminals are Already Using AI in Email Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cloud Hosting Firm Loses All Customer Data After Ransomware Attack
CloudNordic, a Danish cloud hosting provider, has told customers to consider all of their data as having been lost following a ransomware infection that encrypted the large Danish cloud provider. The threat actors had destroyed the organisation’s backups, which prevented the firm from recovering effectively. The attack also impacted AzeroCloud, which is owned by the same company.
Worryingly, many organisations believe that having backups and using the cloud is enough for them to be able to recover from any cyber incident; unfortunately, as shown in the CloudNordic and AzeroCloud attacks, it is not enough. Organisations need to have a recovery plan in place which is tested and improved, to best strengthen themselves in the event of a cyber incident.
Sources: [The Register] [Bleeping Computer] [Help Net Security]
Would You Infect Others to Rid Yourself of Ransomware?
Hackers continually develop ransomware with new and creative attack methods that keep internet security professionals on their toes and pose challenges for people trying to detect threats. Victims of ransomware usually see messages asking them to pay for file access restoration; however, the Popcorn Time ransomware group takes a different approach to getting victims involved.
The Popcorn Time ransomware approach works via the referral method. The ransomware group is willing to give victims access to their files if they send the referral link to two other people, extending the attacker’s reach. Most people would hesitate to distribute a ransomware link through email, WhatsApp, or another method that is easy for victims to identify them as the perpetrators. Law enforcement bodies categorise ransomware attacks as crimes that come with hefty fines and prison time. Even those choosing to send the links to people they know face disastrous consequences beyond law enforcement, including the loss of jobs and relationships.
Source: [CyberNews]
Artificial Intelligence and USBs Drive 8% Rise in Cyber Attacks
Checkpoint’s 2023 Mid-Year Security Report shows an 8% surge in global weekly cyber attacks during Q2, marking the most significant increase in two years. The report highlights the fusion of advanced artificial intelligence (AI) technology with traditional tools like USB devices used for disruptive cyber attacks.
Other significant findings include the evolution of ransomware tactics. The report found that ransomware groups are exploiting vulnerabilities in common corporate software and shifting focus from encrypting data to stealing it. USB devices have resurfaced as threats, employed by both state-affiliated groups and cyber-criminals to distribute malware globally. The misuse of AI has escalated, as attackers use generative AI tools for phishing emails, keystroke monitoring malware and basic ransomware code.
Source: [InfoSecurity Magazine]
Ransomware Attacks Broke Records in July, Mainly Driven By One Group
A number of ransomware actors are utilising the threat of releasing sensitive data to get organisations to pay ransoms; in some cases this is combined with encryption to give the actor two avenues of payment. A report has found there were over 500 attacks last month, an increase of 153% compared to one year ago, and a 16% increase compared to June. Within Europe, there was a 59% increase in ransomware attacks from June to July.
Part of the significant rise is due to the ransomware group called Cl0p, whose attack on the MOVEit software has accounted for hundreds of victims this year. The Cl0p ransomware group has kept its promise to publish files on the clearweb of all its victims if contact was not made. The clearweb is simply what we know as the internet; anyone can access it. As such, there will be many organisations who are now having their sensitive data published and readily viewable for anyone who has access to the internet.
Sources: [Gov Info Seccurity] [Security Week] [ZDNET] [Cyber News]
Cyber Risk in The Boardroom
The relationship between the CISO and the wider boardroom has become increasingly cooperative, with 77% of CEO’s seeing cyber as a strategic function and a potential source of competitive advantage. While it is ultimately up to the board to take steps to keep cybersecurity high on the agenda, the CISO also has a responsibility to press the message and bridge any gaps.
CISOs must deliver concerns, strategies and recommendations in a business-first manner, while avoiding jargon and overly technical language. Attracting and retaining good quality senior security professionals is very challenging in the current market and Black Arrow offer a fractional CISO service, giving access to a whole team of specialists with wider expertise, experience and backgrounds, for less than the cost of hiring one individual.
Sources: [Security Week] [TechRadar]
Malware-Infected Advertising Grows Ever More Sophisticated, And More Damaging
The malware exploits known as malware-infected ads, or malvertising, have been around for decades, but new reports point to a steady rise in efficacy. With malvertising, the infected ads are typically placed on legitimate ad networks, which makes them more difficult to spot and remove. The technique continues to use more and more sophisticated mechanisms for getting their infections spread throughout the web and keeping them running for a long time. The exploits can operate in one of several ways, including intercepting a user’s clickstream on random hyperlinks and substituting them with redirects to advertising websites.
Adblockers either on endpoints or at the network level can also help to prevent malvertising from causing harm.
Source: [SiliconAngle]
Cyber Security is Everyone’s Responsibility
A recent survey found that 41% of respondents said that poor quality training, or a lack of training altogether, and insider threats were impacting their organisation’s security. Cyber security involves everyone as any employee can be an entry point for a cyber incident, but they also have the power to prevent one. It is important to make sure all employees are provided adequate training. Not every role requires the same training however, so it is important for organisations to identify and provide training that is appropriate to employees. Black Arrow provide live in person and online instructor lead cyber security training, both through Cyber Risk and Governance Workshops for Senior Leadership and Awareness, Behaviour and Culture Training for employees and contractors.
Source: [IT Pro Today]
QR Code Hacks Are Another Thing to Worry About Now
One of the upcoming technologies thrust upon us is QR codes. At this point, you can find them at most restaurants and parking sites. You simply scan the code and you are taken to the relevant site, for example, the menu for the restaurant. Attackers have cottoned on to this and started to use QR codes in phishing attacks; the idea being that the victim will scan the code without scrutinising it and be taken to a malicious website instead.
Source: [Bloomberg]
Security Basics Aren’t So Basic Anymore
The basics of cyber security, it turns out, aren’t so basic anymore. What was considered basic has moved way beyond just having firewalls and antivirus, and the most basic controls nowadays include more advanced controls such as robust identity and access management, multi-factor authentication (MFA) and patching and vulnerability management. Many of these now basic controls are lacking or non-existent across the economy according to cyber security experts. A report found that only 28% of Microsoft users had MFA enabled as 2022 closed.
You can’t solve all the problems at once. However, progress on these fronts also relies heavily on the need for a cultural shift. Organisations need to get to the point where they view cyber security in the same light as locks on doors and seatbelts in cars.
Source: [CioDive]
Apple MacOS Security Myths
Apple has maintained a reputation as being more secure than other manufacturers, and whilst Apple has put many different security mechanisms into its operating system, no technology is bulletproof. Assuming an Apple device is invulnerable can lead users to believe that their Mac will not get viruses or be subject to a plethora of other cyber threats. As a result, this can lead to poor cyber hygiene from the individual, as they assume they are safe regardless of what they do. Apple users need to remain every bit as aware of risks, social engineering, keeping devices up to date, and having appropriate security controls.
Source: [Huntress]
Security Leaders Report Misalignment of Investments and Risk Reduction
The cyber risk landscape was analysed in a recent report that examined the amount of risk that organisations are willing to accept, their resource constraints and key priorities for approaching cyber risk in the future. The report found 66% of respondents indicating that they have limited visibility and insight into their cyber risk profiles, hindering their ability to prioritise investments and allocate resources effectively. 67% of organisations experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place. Further, 61% of security executives expressed concerns over the current misalignment between cyber security investments and their organisation's risk reduction priorities.
Source: [InfoSecurity Magazine]
Many CISOs Tout SaaS (Cloud) Cyber Security Confidence, but 79% Admit to Incidents
Cyber security, IT, and business leaders alike recognise SaaS (cloud) cyber security as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cyber security as 85% answered that they are confident or very confident in their company's or customer's data security in sanctioned SaaS apps.
Despite the confidence, 79% of respondents confirmed that their organisation had identified SaaS cyber security incidents over the past 12 months. Many of those incidents occurred in environments with cyber security policies in place and enforced, as 66% of respondents claimed in their responses.
Source: [The Hacker News]
If You Ever Used Duolingo, Watch Out for Phishing Email
Users of Duolingo, past and present, should be wary of phishing emails as data on about 2.6 million accounts were scraped through an exposed application programming interface (API), and then offered on a hacking forum back in January. Login and real names, email addresses, phone numbers, and courses studied were part of the collection, which went for $1,500. Now that data has resurfaced on a different forum, and at a substantially lower cost of just a few dollars, users of the service can expect this data to be used in fresh phishing campaigns.
Source: [PCWorld]
91% of Security and IT Professionals: Criminals are Already Using AI in Email Attacks
Recent research found that 91% of security and IT professionals are noticing cyber criminals already using AI as part of email attack campaigns, with 74% indicating they have experienced an increase in the use of AI by cyber criminals in the past six months. This is worrying as 52% reported that email security is among one of their top three concerns.
Organisations need to make sure that their technologies, procedures and policies are updated to factor in AI-enabled email attacks to help reduce the risk they pose to the organisation. Such improvements should also include employees.
Source: [PR Newswire]
Governance, Risk and Compliance
Cyber security 'number one on the agenda in boardrooms,' Cramer says (cnbc.com)
Firms have mere hours to deflect cyber attacks, warns cyber security CEO (cointelegraph.com)
The End of “Groundhog Day” for the Security in the Boardroom Discussion? - SecurityWeek
How Cyber Security Leaders Can Help Lower Expenses While Reducing Risk (informationweek.com)
Cyber crime: A Multi-Billion-Dollar Industry (thecyberwire.com)
How the downmarket impacted enterprise cyber security budgets - Help Net Security
The Changing Landscape of Cyber Security Education (inforisktoday.com)
Protect Your Cyber Security Budget and Your Organisation | Dell USA
Rapid cyber attacks demand modernised security, says Palo Alto CEO (crypto.news)
Threats
Ransomware, Extortion and Destructive Attacks
Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy | Cybernews
Cuba ransomware gang looking for unpatched Veeam installations: Report | IT Business
Ransomware attacks broke records in July, mainly driven by this one group | ZDNET
Hosting firm says it lost all customer data after ransomware attack (bleepingcomputer.com)
Would You Infect Others to Rid Yourself of Ransomware? (makeuseof.com)
How Application Allowlisting Combats Ransomware Attacks (securityintelligence.com)
Akira ransomware gang spotted targeting Cisco VPN products to hack organisations-Security Affairs
Why Ransomware Gangs Opt for Encryption-Less Attacks (govinfosecurity.com)
MOVEit Health Data Breach Tally Keeps Growing (inforisktoday.com)
British intelligence is tipping off ransomware targets to disrupt attacks (therecord.media)
What the Hive Ransomware Case Says About RaaS and Cryptocurrency (darkreading.com)
Three trends to watch in the growing threat landscape (betanews.com)
Ransomware Victims
Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy | Cybernews
Hosting firm says it lost all customer data after ransomware attack (bleepingcomputer.com)
BlackCat ransomware group claims the hack of Seiko network -Security Affairs
Mysterious Cyber Attack Shuts Down Yet More Telescopes For Weeks | IFLScience
St Helens Council hit by suspected Ransomware cyber attack | St Helens Star
Phishing & Email Based Attacks
91% of security pros say cyber criminals are using AI in email attacks | Security Magazine
Cyber criminals turn to AI to bypass modern email security measures - Help Net Security
New Generation of Phishing Hides Behind Trusted Services (securityintelligence.com)
New phishing campaign recognised in Europe and South America | Security Magazine
If you ever used Duolingo, watch out for phishing emails | PCWorld
Open redirect flaws increasingly exploited by phishers - Help Net Security
How to spot phishing on a hacked WordPress website | Kaspersky official blog
New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia (thehackernews.com)
eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot (darkreading.com)
Phish in a Barrel: Real-World Cyber Attack Examples (govinfosecurity.com)
Email Security: Top 5 Threats and How to Protect Your Business - ReadWrite
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)
What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)
Artificial Intelligence
Cyber criminals turn to AI to bypass modern email security measures - Help Net Security
Tricks for making AI chatbots break rules are freely available online | New Scientist
What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)
Generative AI Is Scraping Your Data. So, Now What? (darkreading.com)
Fake versions of Google Bard are spreading malware | TechRadar
AI and the evolution of surveillance systems - Help Net Security
Thinking of Deploying Generative AI? You May Already Have (govinfosecurity.com)
Three trends to watch in the growing threat landscape (betanews.com)
Careful -- Hackers are targeting Google Bard ads for malware | Digital Trends
Malware
Serious WinRAR Flaw Can Be Exploited to Launch Malware (pcmag.com)
Hackers use VPN provider's code certificate to sign malware (bleepingcomputer.com)
HiatusRAT Malware Resurfaces: Taiwan Firms and US Military Under Attack (thehackernews.com) Ask the Mac Guy: macOS Security Myths (huntress.com)
New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App (thehackernews.com)
Researchers Uncover New Lazarus Group Malware Details | Decipher (duo.com)
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
TP-Link smart bulbs can let hackers steal your WiFi password (bleepingcomputer.com)
When Your Home Security System Turns the Camera on You | The Epoch Times
Anticipating the next wave of IoT cyber security challenges - Help Net Security
The Physical Impact of Cyber Attacks on Cities (darkreading.com)
Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick? - SecurityWeek
Data Breaches/Leaks
Tesla Data Breach Investigation Reveals Inside Job (darkreading.com)
Leak of 75k staff records was insiders' fault, Tesla claims • The Register
Guernsey CCTV investigation widened after more footage leaked | Bailiwick Express Jersey
Scraped data of 2.6 million Duolingo users released on hacking forum (bleepingcomputer.com)
Thousands of Charity Donors Have Details Leaked Onto Dark Web | The Epoch Times
How a Christie’s website revealed where people kept their art | The Seattle Times
Defence contractor Belcan leaks admin password with a list of flaws-Security Affairs
What lessons must be learned from the Electoral Register cyber attack? | theHRD (thehrdirector.com)
5 Early Warning Indicators That Are Key to Protecting National Secrets (darkreading.com)
University of Minnesota Confirms Data Breach, Says Ransomware Not Involved - SecurityWeek
Organised Crime & Criminal Actors
Check Point reveals 8% spike in global cyber attacks by mid-2023 (securitybrief.co.nz)
UK Court Convicts Lapsus$ Hacker for Breaching ISP BT and EE UPDATE - ISPreview UK
Cyber crime: A Multi-Billion-Dollar Industry (thecyberwire.com)
Hacking group KittenSec claims to 'pwn anything we see' to expose corruption | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)
What the Hive Ransomware Case Says About RaaS and Cryptocurrency (darkreading.com)
Insider Risk and Insider Threats
Leak of 75k staff records was insiders' fault, Tesla claims • The Register
Three trends to watch in the growing threat landscape (betanews.com)
Phish in a Barrel: Real-World Cyber Attack Examples (govinfosecurity.com)
Fraud, Scams & Financial Crime
Interpol arrest 14 who allegedly scammed $40m from victims • The Register
Germany Hunts for Cyber Criminals Amid Billion-Euro Scams - Bloomberg
Sneaky Amazon Google ad leads to Microsoft support scam (bleepingcomputer.com)
Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)
Surge in identity crime victims reporting suicidal thoughts - Help Net Security
Impersonation Attacks
Deepfakes
Insurance
Cyber security insurance is missing the risk - Help Net Security
Cyber Security Insurance Market Size & Share Analysis - (globenewswire.com)
Dark Web
Supply Chain and Third Parties
Cloud/SaaS
Cloud hosting firms hit by devastating ransomware attack - Help Net Security
Warning: Attackers Abusing Legitimate Internet Services (inforisktoday.com)
Maintaining consistent security in diverse cloud infrastructures - Help Net Security
How API authentication vulnerabilities are at the center of cloud security concerns | CSO Online
Lack of visibility into cloud access policies leaves enterprises flying blind - Help Net Security
Cloud services are creating more cyber-risks for telcos - Mobile Europe
Identity and Access Management
Ongoing Duo outage causes Azure Auth authentication errors (bleepingcomputer.com)
Cisco's Duo Security suffers major authentication outage • The Register
Encryption
API
Understanding how attackers exploit APIs is more important than ever - Help Net Security
How API authentication vulnerabilities are at the centre of cloud security concerns | CSO Online
Biometrics
ICO publishes guidance on use of biometric data in the UK - Tech Monitor
Is Facial Recognition Technology Becoming a Privacy Risk? (makeuseof.com)
Facial Recognition Technology (FRT) Statistics for 2023 (techreport.com)
Social Media
Malvertising
Sneaky Amazon Google ad leads to Microsoft support scam (bleepingcomputer.com)
Malware-infected advertising grows ever more sophisticated, and lethal - SiliconANGLE
Careful -- Hackers are targeting Google Bard ads for malware | Digital Trends
Training, Education and Awareness
2023 Cyber Security Awareness Month Appeal: Make Online Security Easier (govtech.com)
The Changing Landscape of Cyber Security Education (inforisktoday.com)
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Apple security updates could be banned by British government (9to5mac.com)
How EU lawmakers can make mandatory vulnerability disclosure responsible - Help Net Security
Morgan Stanley Fined for UK Energy Trading WhatsApp Breach (yahoo.com)
Controversial Cyber crime Law Passes in Jordan (darkreading.com)
Experian Pays $650,000 to Settle Spam Claims - Infosecurity Magazine (infosecurity-magazine.com)
Strengthening Cyber Security In Finance: A Look At EU DORA Regulations (forbes.com)
Backup and Recovery
Data Protection
ICO publishes guidance on use of biometric data in the UK - Tech Monitor
Experian Pays $650,000 to Settle Spam Claims - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
Unrealistic expectations exacerbate the cyber security talent shortage - Help Net Security
It's Time to Approach The Cyber Security Skills Gap Differently - IT Security Guru
How To Become Chief Information Security Officer - The Economic Times (indiatimes.com)
4 ways simulation training alleviates team burnout - Help Net Security
Tens of thousands of students receive free training to build cyber skills - The Business Magazine
5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast
The Importance of Accessible and Inclusive Cyber Security (securityintelligence.com)
Law Enforcement Action and Take Downs
Interpol arrest 14 who allegedly scammed $40m from victims • The Register
UK Court Convicts Lapsus$ Hacker for Breaching ISP BT and EE UPDATE - ISPreview UK
Germany Hunts for Cyber Criminals Amid Billion-Euro Scams - Bloomberg
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Incident response lessons learned from the Russian attack on Viasat | CSO Online
Ukrainian hackers claim to leak emails of Russian parliament deputy chief (therecord.media)
New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia (thehackernews.com)
China
Mounting Cyber Espionage and Hacking Threat from China - Modern Diplomacy
HiatusRAT Malware Resurfaces: Taiwan Firms and US Military Under Attack (thehackernews.com)
New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China | WIRED
Exposed: the Chinese spy using LinkedIn to hunt UK secrets (thetimes.co.uk)
FBI: Suspected Chinese actors continue Barracuda ESG attacks | TechTarget
Microsoft says Chinese hacking crew is targeting Taiwan | CyberScoop
US space companies face foreign spy threat, intelligence agencies say (usatoday.com)
North Korea
N. Korean Kimsuky APT targets S. Korea-US military exercises-Security Affairs
Researchers Uncover New Lazarus Group Malware Details | Decipher (duo.com)
Misc/Other/Unknown
Vulnerability Management
NCSC issues warning on cyber vulnerabilities (ukdefencejournal.org.uk)
How EU lawmakers can make mandatory vulnerability disclosure responsible - Help Net Security
Vulnerabilities
Juniper Networks fixes flaws leading to RCE in firewalls and switches - Help Net Security
Serious WinRAR Flaw Can Be Exploited to Launch Malware (pcmag.com)
Ivanti issues fix for third zero-day flaw exploited in the wild | TechTarget
Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability - SecurityWeek
FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective - SecurityWeek
Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog (thehackernews.com)
3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability - SecurityWeek
Western Digital patches potentially dangerous security flaw, so update now | TechRadar
Tools and Controls
How Cyber Security Leaders Can Help Lower Expenses While Reducing Risk (informationweek.com)
Security leaders report misalignment of investments and risk reduction | Security Magazine
Cyber security insurance is missing the risk - Help Net Security
Bolstering Cyber Security: Why Browser Security Is Crucial (inforisktoday.com)
How Application Allowlisting Combats Ransomware Attacks (securityintelligence.com)
The Vanishing Data Loss Prevention (DLP) Category - IT Security Guru
Unveiling the Hidden Risks of Routing Protocols (darkreading.com)
Hackers use VPN provider's code certificate to sign malware (bleepingcomputer.com)
Network detection and response in the modern era - Help Net Security
What’s Beyond SASE? The Next Steps (informationsecuritybuzz.com)
Prevention First: Don’t Neglect Endpoint Security | CSO Online
More Than Half of Browser Extensions Pose Security Risks (darkreading.com)
Protect Your Cyber Security Budget and Your Organisation | Dell USA
How the downmarket impacted enterprise cyber security budgets - Help Net Security
SEC Cyber Security Rules: Considerations for Incident Response Planning
Maintaining consistent security in diverse cloud infrastructures - Help Net Security
How API authentication vulnerabilities are at the centre of cloud security concerns | CSO Online
The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)
2023 Cyber Security Awareness Month Appeal: Make Online Security Easier (govtech.com)
The MOVEit hack and what it taught us about application security (bleepingcomputer.com)
The Changing Landscape of Cyber Security Education (inforisktoday.com)
Akamai Survey Finds Third-Party Defences Help Reduce Risk from Online Threats (prnewswire.com)
5 Best Practices for Implementing Risk-First Cyber Security (darkreading.com)
What's Going on With LastPass, and is it Safe to Use? (securityintelligence.com)
Malicious web application transactions skyrocket 500% (securitybrief.co.nz)
Other News
Our health care system may soon receive a much-needed cyber security boost | Ars Technica
Swan Retail cyber attack: 300 retailers crippled by breach (techmonitor.ai)
Cyber Attack on Energy One affects corporate systems in Australia and the UK | CSO Online
Vendors criticize Microsoft for repeated security failings | TechTarget
Microsoft's become a cyber security titan. That could be a problem - Tech Monitor
Global Naval Communication Market Research Report (globenewswire.com)
IT's rising role in physical security technology - Help Net Security
Hackers knocked out San Francisco's main real estate database | Fortune
Microsoft's 6 Biggest Hacks: Is Better Security Needed? (makeuseof.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 November 2021
Black Arrow Cyber Threat Briefing 19 November 2021
-Insurers Run From Ransomware Cover As Losses Mount
-The Ransomware Threat Is Getting Worse. But Businesses Still Aren't Taking It Seriously
-Ransomware Is Now A Giant Black Hole That Is Sucking In All Other Forms Of Cyber Crime
-52% Of SMBs Have Experienced A Cyber Attack In The Last Year
-Ransomware Phishing Emails Sneak Through SEGs
-Reality Check: Your Security Hygiene Is Worse Than You Think It Is
-The Covid-19 Crisis Has Fueled The Increase Of Cyber Crime In All Its Forms
-Ransomware Attacks Are Getting More Complex And Even Harder To Prevent
-Most Ransomware Attacks Rely On Exploiting Older, Unpatched Vulnerabilities
-Out-Of-Hours Ransomware Attacks Have A Greater Impact On Revenue
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Insurers Run From Ransomware Cover As Losses Mount
Insurers have halved the amount of cyber cover they provide to customers after the pandemic and home-working drove a surge in ransomware attacks that left them smarting from hefty payouts.
Faced with increased demand, major European and US insurers and syndicates operating in the Lloyd's of London market have been able to charge higher premium rates to cover ransoms, the repair of hacked networks, business interruption losses and even PR fees to mend reputational damage.
But the increase in ransomware attacks and the growing sophistication of attackers have made insurers wary. Insurers say some attackers may even check whether potential victims have policies that would make them more likely to pay out.
"Insurers are changing their appetites, limits, coverage and pricing," Caspar Stops, head of cyber at insurance firm Optio, said. "Limits have halved – where people were offering 10 million pounds ($13.50 million), nearly everyone has reduced to five."
Lloyd's of London, which has around a fifth of the global cyber market, has discouraged its 100-odd syndicate members from taking on cyber business next year, industry sources say on condition of anonymity. Lloyd's declined to comment.
https://www.reuters.com/markets/europe/insurers-run-ransomware-cover-losses-mount-2021-11-19/
The Ransomware Threat Is Getting Worse. But Businesses Still Aren't Taking It Seriously
Ransomware is the most significant cybersecurity threat facing the country today, but many businesses still aren't taking the threat as seriously as they should be, the National Cyber Security Centre (NCSC) has warned.
In its newly published annual review, the NCSC – the cybersecurity arm of intelligence agency GCHQ – details the incidents and threats the UK has faced during the past 12 months, including cyberattacks against the health service and vaccine developers during the coronavirus pandemic, state-sponsored cyber-espionage campaigns, phishing scams and more.
But, because of the likely impact a successful attack could have on essential services or critical national infrastructure, it's ransomware that is viewed as the most dangerous cyber threat – and one that more leadership teams need to think about.
Ransomware Is Now A Giant Black Hole That Is Sucking In All Other Forms Of Cyber Crime
File-encrypting malware is where the money is -- and that's changing the whole online crime ecosystem.
Ransomware is so lucrative for the gangs involved that other parts of the cybercrime ecosystem are being repurposed into a system for delivering potential victims.
"The gravitational force of ransomware's black hole is pulling in other cyberthreats to form one massive, interconnected ransomware delivery system -- with significant implications for IT security," said security company Sophos in a report.
Ransomware is considered by many experts to be most pressing security risk facing businesses -- and its extremely lucrative for the gangs involved, with ransom payouts increasing significantly.
52% Of SMBs Have Experienced A Cyber Attack In The Last Year
The consequences of a breach have never been more severe, with global cybercrime collectively totalling $16.4 billion each day, a Devolutions survey reveals.
A recent study by IBM revealed that organizations with fewer than 500 employees had an average data breach cost of $2.98 million per incident in 2021. As has been reported, approximately 60% of SMBs go out of business within six months of getting hacked.
Smaller companies are not exempt from cyberattacks; in fact, it’s quite the opposite. Yet many of the tools and resources that larger companies have at their disposal to protect them from cyber attacks are not befitting for smaller companies. There is a gap in the market.
https://www.helpnetsecurity.com/2021/11/19/smbs-cyberattack/
Ransomware Phishing Emails Sneak Through SEGs
Secure email gateway (SEG) protections aren’t necessarily enough to stop phishing emails from delivering ransomware to employees, especially if the cybercrooks are using legitimate cloud services to host malicious pages.
Researchers are raising the alarm over a phishing email kicking off a Halloween-themed MICROP ransomware offensive, which they observed making its way to a target’s inbox despite its being secured by an SEG.
https://threatpost.com/ransomware-phishing-emails-segs/176470/
Reality Check: Your Security Hygiene Is Worse Than You Think It Is
Sevco Security published a report which explores the gap between perceptions and realities of security hygiene and asset management. Leveraging findings from ESG’s “Security Hygiene and Posture Management Survey,” Sevco’s report addresses five unfounded perceptions that many security teams assume to be true and the realities that unveil alarming security risks.
The report reveals that the perception of good security hygiene often leads to gaps in asset inventory that leave organizations open to security incidents. One such gap is the assumption that organizations have an accurate understanding of asset inventory. The reality is that on average, organizations discover 20-30% previously unknown devices once various inventory sources have been analysed and reconciled.
https://www.helpnetsecurity.com/2021/11/18/perception-good-security-hygiene/
The Covid-19 Crisis Has Fueled The Increase Of Cyber Crime In All Its Forms
The accelerated digitalization related to the COVID-19 pandemic has significantly influenced the development of a number of cyber threats, according to the new edition of Europol’s Internet Organised Crime Threat Assessment.
Criminals have been quick to abuse the current circumstances to increase profits, spreading their tentacles to various areas and exposing vulnerabilities, connected to systems, hospitals or individuals.
While ransomware groups have taken advantage of widespread teleworking, scammers have abused COVID-19 fears and the fruitless search for cures online to defraud victims or gain access to their bank accounts. The increase of online shopping in general has attracted more fraudsters. With children spending a lot more time online, especially during lockdowns, grooming and dissemination of self-produced explicit material have increased significantly.
https://www.helpnetsecurity.com/2021/11/18/covid-19-cybercrime/
Ransomware Attacks Are Getting More Complex And Even Harder To Prevent
Ransomware attackers are probing known common vulnerabilities and exposures (CVEs) for weaknesses and quickly capitalizing on them, launching attacks faster than vendor teams can patch them. Unfortunately, ransomware attackers are also making attacks more complex, costly, and challenging to identify and stop, acting on potential targets’ weaknesses faster than enterprises can react.
Two recent research studies — Ivanti’s latest ransomware report, conducted with Cyber Security Works and Cyware, and a second study by Forrester Consulting on behalf of Cyware — show there’s a widening gap between how quickly enterprises can identify a ransomware threat versus the quickness of a cyberattack. Both studies provide a stark assessment of how far behind enterprises are on identifying and stopping ransomware attacks.
Most Ransomware Attacks Rely On Exploiting Older, Unpatched Vulnerabilities
Ransomware attackers exploited a dozen new vulnerabilities in campaigns in Q3 2021, bringing the total number of vulnerabilities associated with ransomware to 278, claims a new report.
Compiled by cybersecurity vendor Ivanti, the report reveals that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021.
It tracked a 4.5% increase in CVEs associated with ransomware in Q3 2021, along with a similar increase in actively exploited and trending vulnerabilities, along with a 3.4% increase in ransomware families, as compared to Q2 2021.
Out-Of-Hours Ransomware Attacks Have A Greater Impact On Revenue
Ransomware attacks at weekends and holidays are throwing victims into disarray, according to a study released by security company Cybereason.
The report, “Organizations at Risk: Ransomware Attackers Don’t Take Holidays,” surveyed security professionals whose organizations suffered a ransomware attack during a holiday or weekend in the last 12 months. It found 86% of them reported missing holiday or weekend activities with friends and family when responding to these attacks.
Of those surveyed, 60% take longer to assess the scope of an attack that happened over the weekend or on a holiday. Half said out-of-hours attacks led to a slower response overall.
One problem was assembling the right team, with just over a third reporting difficulties in getting the necessary people together. When those people do clock in unexpectedly, they might not be fully fit for duty. In fact, 70% were intoxicated when called in to address the attack, the report added.
Threats
Ransomware
UK Fighting Hacking Epidemic As Russian Ransomware Attacks Increase | Cybercrime | The Guardian
Ransomware Gangs Are Now Rich Enough To Buy Zero-Day Flaws, Say Researchers | ZDNet
Russian Ransomware Gangs Start Collaborating With Chinese Hackers (Bleepingcomputer.Com)
Exchange Exploit Leads to Domain Wide Ransomware (thedfirreport.com)
New Memento Ransomware Switches To Winrar After Failing At Encryption (Bleepingcomputer.Com)
ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyber Attacks - Truesec
Fake Ransomware Warnings Hit Wordpress Sites: How To Stay Safe - Malwarebytes Labs
MosesStaff Locks Up Targets, with No Ransom Demand, No Decryption | Threatpost
BEC - Business Email Compromise
Phishing
Malware
Emotet Malware Is Back And Rebuilding Its Botnet Via TrickBot (Bleepingcomputer.Com)
New Mac Malware Raises More Questions About Apple's Security Patching - Malwarebytes Labs
Mobile
New Banking Trojan SharkBot Makes Waves Across Europe, US | ZDNet
Android Malware BrazKing Returns As A Stealthier Banking Trojan (Bleepingcomputer.Com)
Android Malware That Spies On Your Phone Identified With 23 Apps. (livemint.com)
Vulnerabilities
Intel Vulnerabilities: Bios Bugs Put Cars, Laptops, Devices at Risk to Hackers - MSSP Alert
Microsoft Informs Users of High-Severity Vulnerability in Azure AD | SecurityWeek.Com
New Secret-Spilling Hole In Intel CPUs Sends Company Patching (Again) | Ars Technica
Netgear Fixes Code Execution Flaw In Many SOHO Devices - Security Affairs
Six Million Sky Routers Exposed To Takeover Attacks For 17 Months (Bleepingcomputer.Com)
WordPress Template Plugin Vulnerability Hits +1 Million Sites (searchenginejournal.com)
10,000+ Websites And Apps Are Vulnerable To Magecart - Help Net Security
Linux Has A Serious Security Problem That Once Again Enables DNS Cache Poisoning | Ars Technica
Data Breaches/Leaks
Organised Crime & Criminal Actors
Russian Cyber Crime Forums Throw Doors Open to Chinese-Speakers - Infosecurity Magazine
A Canadian Teen Was Arrested in a $36.5M SIM-Swap Heist | WIRED
Cryptocurrency/Cryptojacking
Cyber Criminals Increasingly Employ Crypto-Mixers to Launder Stolen Profits (darkreading.com)
Chinese Communist Party Official Expelled For Mining Crypto • The Register
Supply Chain
New Type of Supply Chain Attack Could Put Popular Admin Tools at Risk (intezer.com)
Hackers Are Threatening The Global Supply Chain | OilPrice.com
DoS/DDoS
Nation State Actors
Cyber War’s Global Players—It’s Not Always Russia Or China | CSO Online
FBI Warns Of APT Group Exploiting FatPipe VPN Zero-Day Since May (Bleepingcomputer.com)
Iranian Targeting Of IT Sector On The Rise - Microsoft Security Blog
Iranians Charged in Cyber Attacks Against US 2020 Election | Threatpost
Microsoft Warns about 6 Iranian Hacking Groups Turning to Ransomware (thehackernews.com)
Cloud
Cyber Criminals Target Alibaba Cloud for Cryptomining, Malware | Threatpost
Cloud Compliance: Falling Out Of It Could Spell Doom - Help Net Security
Financial Services Sector
Health Sector
Reports Published in the Last Week
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 October 2021
Black Arrow Cyber Threat Briefing 22 October 2021
-Many Organisations Lack Basic Cyber Hygiene Despite High Confidence In Their Cyber Defences
-83% Of Ransomware Victims Paid Ransom: Survey
-Report: Ransomware Affected 72% Of Organizations In Past Year
-Ransomware: Looking For Weaknesses In Your Own Network Is Key To Stopping Attacks
-A Hacker Warns: Give Up Trying To Keep Me Out — And Focus On Your Data
-Cyber Risk Trends Driving The Surge In Ransomware Incidents
-US Ransomware Victims Paid $600 Million to Hackers in 1H of 2021
-Hacking Group Created Fake Cyber Security Companies To Hire Experts And Involve Them In Ransomware Attacks Tricking Them Of Conducting A Pentest
-Nearly Three-Quarters of Organizations Victimized by DNS Attacks in Past 12 Months
-Cyber Crime Matures As Hackers Are Forced To Work Smarter
-Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Many Organisations Lack Basic Cyber Hygiene Despite High Confidence In Their Cyber Defences
A new report released this week analysed IT security leaders’ perceived threat of ransomware attacks and the maturity of their cyber security defences. The report found that while 81% of those surveyed consider their security to be above average or exceptional, many lack basic cyber hygiene – 41% lack a password complexity requirement, one of the cheapest, easiest forms of protection, and only 55.6% have implemented multi-factor authentication (MFA). https://www.helpnetsecurity.com/2021/10/21/organizations-cyber-hygiene/
83% Of Ransomware Victims Paid Ransom
A new survey of 300 US-based IT decision-makers found that 64% have been victims of a ransomware attack in the last 12 months, and 83% of those attack victims paid the ransom demand.
Cybersecurity company ThycoticCentrify released its "2021 State of Ransomware Survey & Report" on Tuesday, featuring the insights of IT leaders who have dealt with ransomware attacks over the last year. https://www.zdnet.com/article/83-of-ransomware-victims-paid-ransom-survey/
Ransomware Affected 72% Of Organisations In Past Year
72% of organisations were affected by ransomware at least once within the past twelve months, with 18% impacted more than six times in the past year. Organizations of all sizes were affected nearly to the same extent, with the exception of those with more than 25,000 employees. https://venturebeat.com/2021/10/20/report-ransomware-affected-72-of-organizations-in-past-year/
Ransomware: Looking For Weaknesses In Your Own Network Is Key To Stopping Attacks
Ransomware is a major cybersecurity threat to organisations around the world, but it's possible to reduce the impact of an attack if you have a thorough understanding of your own network and the correct protections are in place.
While the best form of defence is to stop ransomware infiltrating the network in the first place, thinking about how the network is put together can help slow down or stop the spread of an attack, even if the intruders have successfully breached the perimeter. https://www.zdnet.com/article/ransomware-looking-for-weaknesses-in-your-own-network-is-key-to-stopping-attacks/
A Hacker Warns: Give Up Trying To Keep Me Out — And Focus On Your Data
There is a misconceived notion that the security arena is a battlefield. It is not. It is a chess board and requires foresight and calculated pawn placement to protect the king — your data. If your main focus lies on keeping hackers out of your environment, then it’s already check mate. Your mission should be to buy time, slow hackers down and ultimately contain an attack.
Businesses must therefore make it as hard as possible for adversaries to exploit the relationships that allow them to move laterally through the corporate network. They can do this by distrusting anyone within their data’s environment and repeatedly corroborating that all users are who they say they are, and that they act like it too. That last part is crucial, because while identities are easy to compromise and imitate, behaviours are not. https://www.ft.com/content/93cec8b6-3fe9-4e9e-800a-62e13a0e2eac
Cyber Risk Trends Driving The Surge In Ransomware Incidents
During the COVID-19 crisis, another outbreak took place in the cyber space: a digital pandemic driven by ransomware. In a recent report, Allianz Global Corporate & Specialty (AGCS) analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices
The increasing frequency and severity of ransomware incidents is driven by several factors:
· Growing number of different attack patterns such as double and triple extortion campaigns
· Criminal business model around ‘ransomware as a service’ and cryptocurrencies
· Recent skyrocketing of ransom demands
· Rise of supply chain attacks.
Not all attacks are targeted. Criminals also adopt a scattergun approach to exploit those businesses that aren’t addressing or understanding the vulnerabilities they may have. Businesses must understand the need to strengthen their controls.
Cyber intrusion activity globally jumped 125% in the first half of 2021 compared to the previous year, according to Accenture, with ransomware and extortion operations one of the major contributors behind this increase. According to the FBI, there was a 62% increase in ransomware incidents in the US in the same period that followed an increase of 20% for the full year 2020. https://www.helpnetsecurity.com/2021/10/18/five-ransomware-trends/
US Ransomware Victims Paid $600 Million to Hackers in 1H of 2021
US Ransomware victims coughed up nearly $600 million to cyber hijackers in the first six months of 2021, further stamping cyber extortionists as an “increasing threat” to the U.S. financial, business and public sectors, a recent report released by the Treasury Department said.
Data gathered by the Financial Crimes Enforcement Network (FinCEN) derived from financial institutions’ Suspicious Activity Reports (SARs) revealed that the 635 reports filed for the first six months of this year is already 30 percent greater than the 487 filed for all of last year. Some 458 financial transitions have been reported as of June 30, 2021 with the total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 amounting to $590 million, or 42 percent more than the $416 million filed for all of 2020. https://www.msspalert.com/cybersecurity-research/victims-paid-600-millon-1h-2021/
Hacking Group Created Fake Cyber Security Companies To Hire Experts And Involve Them In Ransomware Attacks Tricking Them Of Conducting A Pentest
The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang is creating fake cyber security companies that hire experts requesting them to carry out pen testing attacks under the guise of pentesting activities.
FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces.
One of the companies created by the cyber criminal organizations with this purpose is Combi Security, but researchers from Gemini Advisory discovered other similar organizations by analyzing the site of another fake cybersecurity company named Bastion Security. https://securityaffairs.co/wordpress/123673/cyber-crime/fin7-fake-cybersecurity-firm.html
Nearly Three-Quarters of Organisations Victimized by DNS Attacks in Past 12 Months
Domain name system (DNS) attacks are impacting organizations at worrisome rates. According to a new survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Among those targeted, 61% have seen multiple attacks and 11% said they have been victimized regularly. While one-third of respondents recovered within minutes, 58% saw their businesses disrupted for more than an hour, and 14% took several hours to recover. https://www.darkreading.com/attacks-breaches/nearly-three-quarters-of-organizations-victimized-by-dns-attacks-in-past-12-months
Cyber Crime Matures As Hackers Are Forced To Work Smarter
An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.
Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide.
One key finding of the study is that the level of security on office software, web services, email platforms, etc., is getting better, browser vulnerabilities have reduced in numbers, and websites are not as easy to compromise and use as infection vectors today.
This has resulted in making web infections too difficult to pursue for non-sophisticated threat groups.
The case is similar with vulnerabilities, which are fewer and more expensive to discover.
Instead, hacking groups are waiting for a PoC or patch to be released, and then use that information to create their own exploits. https://www.bleepingcomputer.com/news/security/cybercrime-matures-as-hackers-are-forced-to-work-smarter/
Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts
Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder.
That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting the video platform with cookie theft malware. The actors behind the infiltration have been attributed to a group of hackers recruited in a Russian-speaking forum. https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html
Threats
Ransomware
2021 Ransomware Transactions Already Exceed 2020 Numbers, Treasury Department Says - CyberScoop
DarkSide Ransomware Rushes To Cash Out $7 Million In Bitcoin (Bleepingcomputer.Com)
Gigabyte Allegedly Hit by AvosLocker Ransomware | Threatpost
Evil Corp Demands $40 Million In New Macaw Ransomware Attacks (Bleepingcomputer.com)
Olympus US Hack Tied To Sanctioned Russian Ransomware Group | Techcrunch
81% of UK Healthcare Organizations Hit by Ransomware in Last Year - Infosecurity Magazine
BEC
Phishing
Malware
Cyber Criminals Have Found A Way To Get Their Malware Certified By Microsoft | Techradar
Minecraft Declared The Most Malware-Infected Game (Hackread.Com)
Mobile
Vulnerabilities
Update Now! Chrome Fixes More Security Issues - Malwarebytes Labs
A Flaw In WinRAR Could Lead To Remote Code Execution - Security Affairs
SQL Is The Top Critical Risk In The Web Application Layer In Q3, 2021 - IT Security Guru
Data Breaches/Leaks
Organised Crime & Criminal Actors
Insider Threats
Dark Web
The Dark Web Has Become Darker And Busier, Cyber Crime Services Cost Less Than $500 | Techspot
Increased Activity Surrounding Stolen Data On The Dark Web - Help Net Security
The Truth About The Dark Web's Secret Red Rooms (grunge.com)
Supply Chain
OT, ICS, IIoT and SCADA
Nation State Actors
State-Backed Hackers Breach Telcos With Custom Malware (Bleepingcomputer.Com)
Suspected Chinese Hackers Behind Attacks On Ten Israeli Hospitals (Bleepingcomputer.Com)
Cloud
Privacy
Over 80% of Brits Deluged with Scam Calls and Texts - Infosecurity Magazine
How mobile devices can be tracked via Bluetooth analysis • The Register
Brave Ditches Google For Its Own Privacy-Centric Search Engine (Bleepingcomputer.Com)
A Massive ‘Stalkerware’ Leak Puts The Phone Data Of Thousands At Risk | Techcrunch
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.