Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Resilience Requires Maturity, Persistence & Board Engagement

Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.

Source: [Dark Reading]

Security is a Process, not a Tool

The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.

Source: [Dark Reading]

46% of SMBs and Enterprises Have Experienced a Ransomware Attack

A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.

Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.

Source: [Security Magazine] [IT Business]

Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries

In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.

Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.

Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.  

Source: [welivesecurity]

67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission

New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.

Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.

Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.

Sources: [Tech Radar] [the HR Director]

The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023

In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.  

This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.

Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups.  Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Forbes] [Infosecurity Magazine] [ITPro]

Financial Services Still Stubbornly Vulnerable to Cyber Disruption

A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.

According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.

Source: [FTAdviser]

World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks

The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.

Sources: [SC Media] [Bit Defender]

NCSC Warns UK Over Significant Threat to Critical Infrastructure

The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.

The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.

They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.

For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.

This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.

Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]

Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.

Sources: [Infosecurity Magazine] [Bleeping Computer]

Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks

A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).

Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.

Source: [TechRadar]

Phishing Emails Are More Believable Than Ever. Here's What to Do About It.

Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.

It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CSO Online]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• 29% of organisations cite data loss as top security breach result | Security Magazine

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)

• Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar

• Security Is a Process, Not a Tool (darkreading.com)

• 6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• Should cyber security overconfidence be on your threat radar? | TechRadar

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Every Business Owner Should Be Thinking About Improving Online Security | Inc.com

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)

• How to withstand the onslaught of cyber security threats - Help Net Security

• 8 ways to cope with cyber security budget cuts | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Law practices and government agencies experience the largest ransomware spikes - Digital Journal

• Orgs still losing logs, powerless to speedy ransomware • The Register

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• 29 new ransomware groups have emerged in 2023 | ITPro

• 46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine

• Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business

• Half of Ransomware Groups Operating in 2023 Are New - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• The Persistent Menace: Understanding And Combating Ransomware (forbes.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Ransomware tracker: The latest figures [November 2023] (therecord.media)

• Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)

• LockBit ransomware group assemble strike team to breach banks, law firms and governments. | by Kevin Beaumont | Nov, 2023 | DoublePulsar

• Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Uncovering the ransomware threat from global supply chains | ITPro

• Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Success eludes the International Counter Ransomware Initiative - Help Net Security

• New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)

• How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)

• Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK

• FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)

• ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• FBI pumping 'significant' resources into Scattered Spider • The Register

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

• It ain’t what you store, it’s the way you restore it. • The Register

Ransomware Victims

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• How a cyber attack crippled the world's largest bank for hours | Euronews

• ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)

• FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)

• Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)

• Major cyber attack on Australian ports suggests sabotage by a 'foreign state actor' (theconversation.com)

• Tri-City Medical Center cyber attack impacting patient care (10news.com)

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• LockBit leaks Boeing files after failed ransom negotiations • The Register

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• British Library’s Halloween cyber scare was ransomware | Computer Weekly

• Royal Mail ransomware recovery to cost at least $12 million • The Register

• 9 million patients had data stolen after US medical transcription firm hacked | TechCrunch

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)

• Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News

• Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)

• Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week

• Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)

• Stellantis production affected by cyber attack at auto supplier - The Columbian

Phishing & Email Based Attacks

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)

Artificial Intelligence

• UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)

• UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK

• AI disinformation campaigns pose major threat to 2024 elections - Help Net Security

• AI poses growing threat to next general election, warns UK cyber security agency | UK News | Sky News

• Microsoft blocks internal access to ChatGPT over security • The Register

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED

• CISA Has a New Road Map for Handling Weaponized AI | WIRED

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)

• How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker

• Top 5 Risks of Artificial Intelligence - IT Security Guru

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Malware

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Infostealers and the high value of stolen data - Help Net Security

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• Ducktail Malware Targets the Fashion Industry (darkreading.com)

Mobile

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com

• Apple and Google have made phones the key to your digital life. Here’s what to do if you lose it. - Vox

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• How to spot a fake data blocker that could hack your computer in seconds | ZDNET

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Denial of Service/DoS/DDOS

• Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online

• How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)

Internet of Things – IoT

• UK Privacy Regulator Issues Black Friday Smart Device Warning - Infosecurity Magazine (infosecurity-magazine.com)

• How to protect your organisation from IoT malware | TechTarget

• Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)

Data Breaches/Leaks

• Infostealers and the high value of stolen data - Help Net Security

• 29% of organisations cite data loss as top security breach result | Security Magazine

• McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)

• Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)

• Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)

• Fourth time unlucky: Okta hit by new cyber attack - Digital Journal

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• The real cost of healthcare cyber security breaches - Help Net Security

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)

• Samsung warns some customers their data may have been stolen by hackers | TechRadar

• Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)

• Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)

• Morgan Stanley fined over computers with personal data (cnbc.com)

• Samsung says hackers accessed customer data during year-long breach | TechCrunch

• A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED

• Electric Ireland Confirms Compromise of 8,000 Customers’ Personal and Financial Data - IT Security Guru

Organised Crime & Criminal Actors

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• 'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Ethereum hacked to steal millions from users across the world | TechRadar

• Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)

Insider Risk and Insider Threats

• Employees putting businesses at risk downloading apps and software without consent | theHRD (thehrdirector.com)

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Insurance

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• Cyber insurance predictions for 2024 - Help Net Security

• Cyber ‘Catastrophe Bonds’ Move Step Closer to Hitting Public Debt Markets | Tech News (hindustantimes.com)

• Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News

Supply Chain and Third Parties

• Uncovering the ransomware threat from global supply chains | ITPro

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)

Cloud/SaaS

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• Traditional cloud security isn't up to the task - Help Net Security

• Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security

Identity and Access Management

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

Encryption

• The new frontier in online security: Quantum-safe cryptography (techxplore.com)

• In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica

• TETRA encryption algorithms entering the public domain • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• 70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)

• Top Passwords Used By Business Executives | NordPass

• Google Workspace security flaws could see hackers easily snaffle your password | TechRadar

• Stop using weak passwords for streaming services - it's riskier than you think | ZDNET

• The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot

Social Media

• Meta and YouTube face criminal surveillance complaints • The Register

• How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)

Malvertising

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Adware activity doubles in Q3 (betanews.com)

Training, Education and Awareness

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Regulations, Fines and Legislation

• EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)

• MPs Dangerously Uninformed About Facial Recognition – Report - Infosecurity Magazine (infosecurity-magazine.com)

• Meta and YouTube face criminal surveillance complaints • The Register

• SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)

• Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Morgan Stanley fined over computers with personal data (cnbc.com)

• White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop

Models, Frameworks and Standards

• What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra

• Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security

Backup and Recovery

• Why backup matters more than ever - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Data Protection

• Web browsing data collected in more detail than previously known, report finds (ft.com)

• Online ad auction data harms national security – claim • The Register

Careers, Working in Cyber and Information Security

• The challenges and opportunities of working in cyber security | TechRadar

• How US SEC legal actions put CISOs at risk and what to do about it | CSO Online

• Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)

Law Enforcement Action and Take Downs

• Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity

Cyber Warfare and Cyber Espionage

• NCSC Annual Review on 'state-aligned actors' | Professional Security

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

Nation State Actors

China

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC/ransomware: China’s cyber security industry moves out of the shadows

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• The alarming cyber hack at ICBC (ft.com)

• China proposes auditors undergo cyber security checks if national security involved - CNA (channelnewsasia.com)

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Labour warns against watering down of UK’s takeover screening powers

Russia

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC pays ransom after US hack (finextra.com)

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert

• Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure (thehackernews.com)

• Russia will target other countries for web attacks, Ukraine cyber defence chief warns – The Irish Times

• Major hack by Russian gang steals social security numbers and health information from 1.3 million in Maine | Daily Mail Online

• EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)

Iran

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

North Korea

• Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)

• Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Cyber Criminals Exploit Gaza Crisis With Fake Charity - Infosecurity Magazine (infosecurity-magazine.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

Vulnerabilities

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• Juniper networking devices under attack - Help Net Security

• CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)

• WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)

• Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)

• Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)

• Adobe Releases Security Updates for Multiple Products | CISA

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week

• Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week

• Fortinet Releases Security Updates for FortiClient and FortiGate | CISA

• Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)

• New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)

• SAP Patches Critical Vulnerability in Business One Product - Security Week

• Critical flaw fixed in SAP Business One product (securityaffairs.com)

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• Citrix Releases Security Updates for Citrix Hypervisor | CISA

• Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)

• An email vulnerability let hackers steal data from governments around the world (engadget.com)

• Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)

• Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr

• Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)

Tools and Controls

• Building resilience to shield your digital transformation from cyber threats - Help Net Security

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Overview of Open Source Intelligence (OSINT) (eweek.com)

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Web Application Attacks | Types of Web Application Attacks | Mimecast

• Traditional cloud security isn't up to the task - Help Net Security

• Top 10 API Security Threats for Q3 2023 - Security Week

• National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• 82% of Attacks Show Cyber Criminals Targeting Telemetry Data - Infosecurity Magazine (infosecurity-magazine.com)

• The Importance of Continuous Security Monitoring for a Robust Cyber security Strategy (thehackernews.com)

• NCSC backs use of security.txt for cyber resilience | UKAuthority

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• Hackers are wiping out traces of data traffic to remove attack traces: Sophos - The Hindu BusinessLine

• Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security

• The new imperative in API security strategy - Help Net Security

• How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)

• Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)

• Threat Intel: To Share or Not to Share is Not the Question - Security Week

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN

• How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics

• Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs

• 8 ways to cope with cyber security budget cuts | TechTarget

• Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)

• Kubernetes adoption creates new cyber security challenges - Help Net Security

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• CISOs vs. developers: A battle over security priorities - Help Net Security

• Cyber insurance predictions for 2024 - Help Net Security

• Hundreds of websites cloned to run ads for Chinese gambling • The Register

• AI helps leaders optimize costs and mitigate risks - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Reports Published in the Last Week

• NCSC Annual Review 2023 - NCSC.GOV.UK

Other News

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• 97% of Consumers Predict Cyber attacks Will Get Worse – or at Best, Stay Consistent – in 2024: ThreatX Data Reveals | Business Wire

• 'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT

• 82% of Attacks Show Cyber Criminals Targeting Telemetry Data - Infosecurity Magazine (infosecurity-magazine.com)

• National security at risk from web browsing data collection, report finds (ft.com)

• CISOs vs. developers: A battle over security priorities - Help Net Security

• Collaborative strategies are key to enhanced ICS security - Help Net Security

• Web Application Attacks | Types of Web Application Attacks | Mimecast

• Hackers are wiping out traces of data traffic to remove attack traces: Sophos - The Hindu BusinessLine

• Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• How to Keep Cyber Attacks from Tanking Your Balance Sheet

According to a recent Forrester report, last year saw 1 billion records exposed in the top 35 breaches, $2.6 billion stolen in the top nine cryptocurrency breaches, and $2.7 billion in fines levied to the top 35 violators.

The average cost of a data breach reached $4.35 million in 2022, according to IBM’s Cost of a Data Breach Report for that year, which represents a 2.6% increase over the prior year, and a 12.7% increase from 2020. For ransomware, a report found the average payment in 2021 was approximately $1.85 million, more than double the $760,000 figure from 2020. These are just direct costs; indirect costs are far greater and can include lost business, lost customers, reputational loss and regulatory fines.

When it comes to managing cyber risk, corporate boards should look to understand cyber security as a strategic business enabler, understand the impacts, align risk-management with business needs, ensure the organisation supports cyber security, incorporate cyber security expertise into governance and encourage systemic resilience.

https://hbr.org/2023/06/how-to-keep-cyberattacks-from-tanking-your-balance-sheet

• Company Size Doesn’t Matter When It Comes to Cyber Attacks

65% of large organisations suffered a cyber attack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to a recent report. The most common security incidents were the same for all companies; these were phishing, ransomware and user account compromise, also known as business email compromise (BEC).

Smaller companies often underestimate their risk, with the reasoning that cyber criminals want the biggest targets as they will likely have more intellectual property, however all businesses have valuable data and are therefore a target. Additionally, smaller organisations can sometimes be seen as a way into larger organisations that use their services.

https://www.helpnetsecurity.com/2023/05/29/larger-organizations-cyberattacks/

• ‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief

The threat of cyber attacks is growing at an “unprecedented” pace, according to the chief security officer at multinational teleco BT, Howard Watson, but it is not just large organisations such as BT who will be impacted by this increase.

Watson highlighted that the increase in sophisticated technology poses the biggest threat in the long run: “Technological advancement, as ever, is a double-edged sword in security. Quantum and AI have great potential for benefits in the right hands, or to cause massive damage in the wrong hands. But we know that cyber criminals will utilise these technologies, so we have to be able to respond in kind.”  Adding to this, the chief security officer highlighted that events that were previously considered as ‘exceptional’ need to be assessed and planned for as a probability, rather than a possibility.

https://www.thetimes.co.uk/article/exceptional-cyberattacks-now-normal-says-bt-security-chief-nd2kfp3gc

• How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs

Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers who collected data from over 200,000 SMB customers. Proofpoint identified a rise in phishing campaigns originating from such state-sponsored APT groups, who are highly skilled and typically state-sponsored groups with distinct strategic goals. These goals range from espionage and intellectual property theft to destructive attacks, state-sponsored financial theft, and disinformation campaigns.

Unfortunately, SMBs often lack adequate cyber security measures, making them vulnerable to all kinds of cyber threats. APT actors exploit this weakness by targeting SMBs as a stepping stone towards achieving their larger goals.

Alongside phishing campaigns, it was identified that APTs are increasingly targeting regional outsourced IT providers/Managed Service Providers (MSPs) to mount supply chain attacks. By compromising regional MSPs within geographies that align with the strategic collection requirements of APT actors, threat actors can gain access to multiple SMBs to extract sensitive information or execute further attacks.

https://www.helpnetsecurity.com/2023/05/31/apt-targeting-smbs/

• Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection

According to research, 2022 saw a 25% increase in the use of phishing kits. These phishing kits are a set of tools that enable cyber criminals to effortlessly create and maintain large scale sophisticated phishing campaigns. It is this sophistication that allows cyber criminals to circumnavigate conventional detections; in fact, the research found a 40% increase in the use of anti-bot technologies designed to prevent automated scanners from identifying content as phishing.

In some cases (11% of observed phishing kits) malicious links would not be detected when tested by anti-phishing controls because those controls do not use the exact device parameters, geolocation and referrer of the intended target victim’s profile; therefore the malicious link is allowed to be delivered to the intended target.

https://www.helpnetsecurity.com/2023/06/01/advanced-detection-evasion-techniques/

• Don't be Polite When you Get a Text from a Wrong Number

You should immediately be suspicious of any text you get from a number not in your contacts, even if it may be innocent looking. Your first reaction may be to be polite and let them know they have the wrong number, but this person is a stranger. Strangely, despite teaching our children not to talk to strangers, many are comfortable with divulging information to them. Although letting them know they made a mistake seems harmless, responding opens you up to being scammed and you’ve just let them know you’re a real person. Every bit of helpful information you provide has the potential to be leveraged by an attacker.

https://www.kens5.com/article/money/consumer/wrong-number-text-messages/273-c94cd68b-6117-4add-bf16-e010f7e16726

• Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches

90 organisations have reported breaches of personal information held by Capita after the outsourcing group had suffered a cyber attack, according to Britain’s data watchdog. The attack on Capita, which occurred in March, is still impacting businesses, with the UK Information Commissioners Office (ICO) making enquiries. Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach.

The impact of the attack, and its knock-on effect, highlights the need for organisations to consider their third party security, no matter the size of the third party they use.

https://www.theguardian.com/business/2023/may/30/capita-cyber-attack-data-breaches-ico

• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

A recent survey from McAfee found that nearly a third (30%) of adults have fallen victim or know someone who has fallen victim to an online scam when bargain hunting for travel deals during the summer season, with a full two-thirds of victims losing up to $1,000.

This has extended to the corporate environment, with threat actors impersonating the HR department and exploiting the trust users place in their employers, a report has found. The attack leverages regular HR procedures associated with holiday requests and taps into the anticipation and excitement surrounding the summer travel season, to capitalise on exploiting the user.

https://www.darkreading.com/endpoint/travel-themed-phishing-bec-campaigns-smarter-summer-season

• Organisations Spend 100 Hours Battling Post-Delivery Email Threats

Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organisation, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. The research shows that cyber criminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.

While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks. On average, organisations take nearly 100 hours to identify, respond to, and remediate a post-deliver email threat: 43 hours to detect the attack and 56 hours to respond and remediate after the attack is detected.

Users at companies with more than a 50% remote workforce report higher levels of suspicious emails: 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce. Companies with more than a 50% remote workforce also reported that it takes longer to both detect and respond to email security incidents: 55 hours to detect and 63 hours to respond and mitigate, compared to an average of 36 hours and 51 hours respectively for organisations with fewer remote workers.

https://www.helpnetsecurity.com/2023/05/30/2023-spear-phishing-trends/

• Ransomware Gangs Adopting Business-like Practices to Boost Profits

Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised. This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring.

The underground marketplace now includes entities including ransomware-as-a-service (RaaS) groups, Initial Access Brokers (IAB), crypter-as-a-service (CaaS), cryptojackers, malware-as-a-service (MaaS) groups and nation-state actors. This allows nation-states to use tools available on the underground market to gain access to networks and systems without being detected. Ultimately, this trend towards professionalisation makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors.

https://www.infosecurity-magazine.com/news/ransomware-gangs-business-practices/

• The Sobering Truth about Ransomware—for the 80% Who Paid Up

Newly published research of 1,200 organisations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research, 80% of the organisations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This is despite 41% of those organisations having a “do not pay” policy in place, which only goes to reinforce the cold hard fact that cyber crime isn’t an easy landscape to navigate. This is something that’s especially true when your business is facing the real-world impact of dealing with a ransomware attack.

Of the 960 organisations that paid a ransom, 201 of them (21%) were still unable to recover their lost data. The same number also reported that ransomware attacks were now excluded from their insurance policies. Of those organisations with cyber insurance cover, 74% reported a rise in premiums. Another report, published by Sophos, revealed that 32% of those surveyed opted to pay the ransom but a shocking 92% failed to recover all their data and 29% were unable to recover more than half of the encrypted data.

Some groups have switched to stealing sensitive customer or corporate data instead, with the ransom demanded in return for them not selling it to the highest bidder or publishing it online. Many groups combine the two for a double extortion ransomware attack.

https://www.forbes.com/sites/daveywinder/2023/05/30/the-sobering-truth-about-ransomware-for-the-80-percent-who-paid-up 

• The Great CISO Resignation: Why Security Leaders are Quitting in Droves

With the rise in AI tools such as ChatGPT broadening an attacker’s arsenal, this places greater and greater pressure on security leaders who are already dealing with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly quitting. A recent report found that nearly a third (32%) of CISOs in the US and UK were considering leaving their current organisation and 9 out of 10 reported themselves as “moderately” or “tremendously” stressed.

This so-called Great CISO Resignation is concerning, because what happens when there’s nobody guarding the gate and rallying the troops?

https://www.sdxcentral.com/articles/analysis/the-great-ciso-resignation-why-security-leaders-are-quitting-in-droves/2023/05/

• When is it Time for a Cyber Hygiene Audit?

Effective cyber hygiene practices limit threats against your systems, devices and users, preventing breaches that could compromise sensitive business information, database information, and personal data. But cyber hygiene isn’t a static or one-off process. It requires routine execution and, occasionally, a full audit. This audit typically covers a range of aspects including encryption, documentation, authentication, patches, security and ongoing cyber hygiene.

Good cyber hygiene is a necessary part of maintaining IT security. Setting up processes and procedures within your organisation’s regular operating procedures is an effective way to maintain cyber hygiene. Although the responsibilities may differ by position, everyone in the organisation plays a role.

An audit provides important information on where and where you need to improve. It also provides a baseline for measuring improvement and effectiveness. The key to success is to integrate hygiene into routine process starting top down from policies into every part of the business and making use of third party experts to help aid in the process.

https://www.trendmicro.com/en_us/devops/23/e/cyber-hygiene-audit-best-practices.html

Governance, Risk and Compliance

• Company size doesn't matter when it comes to cyber attacks - Help Net Security

• How to Keep Cyber attacks from Tanking Your Balance Sheet (hbr.org)

• When is it Time for a Cyber Hygiene Audit? (trendmicro.com)

• The great CISO resignation: Why security leaders are quitting in droves - SDxCentral

• ‘Exceptional’ cyber attacks now normal, says BT security chief (thetimes.co.uk)

• HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• The strategic importance of digital trust for modern businesses - Help Net Security

• Vendors: Threat actor taxonomies are confusing but essential | TechTarget

• Experts Not Willing To Wager A Candy Bar On Their Security (forbes.com)

• Breaking Enterprise Silos and Improving Protection – Security Week

• Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)

• Insider risk management: Where your program resides shapes its focus | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• Attackers leave organisations with no recovery option - Help Net Security

• Ransomware Gangs Adopting Business-like Practices to Boost Profits - Infosecurity Magazine (infosecurity-magazine.com)

• The Sobering Truth About Ransomware—For The 80% Who Paid Up (forbes.com)

• Rogue IT security worker failed to cover his tracks | Tripwire

• Organisations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation – Security Week

• The Week in Ransomware - May 26th 2023 - Cities Under Attack (bleepingcomputer.com)

• Cyble — Obsidian ORB Ransomware Demands Gift Cards as Payment

• AceCryptor: Cyber criminals' Powerful Weapon, Detected in 240K+ Attacks (thehackernews.com)

• BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration (securityintelligence.com)

• BlackCat claims the hack of the Casepoint legal technology platform used by US agencies - Security Affairs

• Investigating BlackSuit Ransomware’s Similarities to Royal (trendmicro.com)

• Fighting ransomware: Perspectives from cyber security professionals - Help Net Security

Ransomware Victims

• New York county still dealing with ransomware 8 months later • The Register

• ABB confirms data stolen in Black Basta ransomware attack | SC Media (scmagazine.com)

• SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)

• Industrial Giant ABB Confirms Ransomware Attack, Data Theft – Security Week

• MCNA Dental data breach impacts 8.9 million people after ransomware attack (bleepingcomputer.com)

• Harvard Pilgrim Health Care ransomware attack hits 2.5 million people (bleepingcomputer.com)

• Cyble — Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability

Phishing & Email Based Attacks

• Phishing campaigns thrive as evasive tactics outsmart conventional detection - Help Net Security

• Organisations spend 100 hours battling post-delivery email threats - Help Net Security

• Phishing remained the top identity abuser in 2022: IDSA report | CSO Online

• DocuSign-themed email leads to script-based infection

• New phishing technique poses as a browser-based file archiver | CSO Online

• Nigerian Cyber crime Ring's Phishing Tactics Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Sustained 'Red Deer' Phishing Attacks Impersonate Israel Post, Drop RATs (darkreading.com)

• North Korean phishing gang stole rocket tech info • The Register

Artificial Intelligence

• AI is 'a nuclear bomb and the entire world has already got it,' Palantir ethics expert warns (yahoo.com)

• Artificial intelligence is similar extinction risk as nuclear war and pandemics, say experts | Science & Tech News | Sky News

• AI: War crimes evidence erased by social media platforms - BBC News

• Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)

• ChatGPT Plugins Open Security Holes From PDFs, Websites and More | Tom's Hardware (tomshardware.com)

• What not to share with ChatGPT if you use it for work | Mashable

• Is ChatGPT a cyber security disaster? We asked the experts | Digital Trends

• Generative AI: The new attack vector for trust and safety - Help Net Security

• What are the concerns around AI and are some of the warnings 'baloney'? | Science & Tech News | Sky News

2FA/MFA

• PyPI announces mandatory use of 2FA for all software publishers (bleepingcomputer.com)

Malware

• QBot malware abuses Windows WordPad EXE to infect devices (bleepingcomputer.com)

• New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)

• Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)

• Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)

• RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)

• DogeRAT Malware Impersonates BFSI, Entertainment, E-commerce Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Stealthy SeroXen RAT malware increasingly used to target gamers (bleepingcomputer.com)

• Terminator antivirus killer is a vulnerable Windows driver in disguise (bleepingcomputer.com)

• Top macOS Malware Threats: Here Are 6 to Watch (darkreading.com)

• PyPI malware ramps up the threat to the code repository • The Register

• Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks (thehackernews.com)

• Cyber criminals use legitimate websites to obfuscate malicious payloads - Help Net Security

• North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)

Mobile

• Don't be polite when you get a text from a wrong number | kens5.com

• Predator Android Spyware: Researchers Uncover New Data Theft Capabilities (thehackernews.com)

• Android threat: 'Guerrilla' virus sneakily snuck onto 8.9m phones (citizen.co.za)

• Operation Triangulation: previously undetected malware targets iOS devices - Security Affairs

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• Android apps with spyware installed 421 million times from Google Play (bleepingcomputer.com)

Botnets

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

• Threatening botnets can be created with little code experience… – Unified Networking (unifiedguru.com)

• What Are Botnet Attacks & Explained Prevention Techniques | EC-Council (eccouncil.org)

• CAPTCHA-Breaking Services with Human Solvers Helping Cyber criminals Defeat Security (thehackernews.com)

Denial of Service/DoS/DDOS

• SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

Internet of Things – IoT

• Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)

• Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)

• How Safe Is Your Wearable Device? (darkreading.com)

• Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers (thehackernews.com)

• Solar panels vulnerable to hackers, concern for network security - DutchNews.nl

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints (darkreading.com)

• Dutch watchdog looking into alleged Tesla data breach | Reuters

• NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian

• The root causes of API incidents and data breaches - Help Net Security

• Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)

• Retailer Database Error Leaks Over One Million Customer Records - Infosecurity Magazine (infosecurity-magazine.com)

• Yet Another Toyota Cloud Data Breach Jeopardises Thousands of Customers (darkreading.com)

• Hacking forum hacked, user database leaked online • Graham Cluley

• Risk & Repeat: A troubling trend of poor breach disclosures | TechTarget

• New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)

• Workforce platform Prosperix leaks drivers licenses and medical records - Security Affairs

Organised Crime & Criminal Actors

• Types of Cyber Crime: A Comprehensive Guide to Uncover and Prevent Digital Attacks - Security Boulevard

• US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop

• What is the Cyber Crime Atlas? How it can help disrupt cyber crime | CSO Online

• New hacking forum leaks data of 478,000 RaidForums members (bleepingcomputer.com)

• Hacking forum hacked, user database leaked online • Graham Cluley

• Tricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity

• 3 signs your kids may be hackers and what to do about it | Euronews

• “I was a teenage hacker”: Two child hackers share their stories | Euronews

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)

• Hacked DJ's Twitter account costs cryptocurrency investors $170,000 (bitdefender.com)

• Cyber criminals Targeting Apache NiFi Instances for Cryptocurrency Mining (thehackernews.com)

Insider Risk and Insider Threats

• Report: ‘massive’ Tesla leak reveals data breaches, thousands of safety complaints | Tesla | The Guardian

• Rogue IT security worker failed to cover his tracks | Tripwire

• Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)

• Insider risk management: Where your program resides shapes its focus | CSO Online

Fraud, Scams & Financial Crime

• Don't be polite when you get a text from a wrong number | kens5.comTricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity

• HMRC in New Tax Credits Scam Warning - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)

Insurance

• Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf

• Cyber Insurance: A Growth Market for Insurers With Some Caveats (carriermanagement.com)

Dark Web

• The Dark Web: Exploring the Hidden Internet | TechSpot

Supply Chain and Third Parties

• Capita cyber attack: 90 organisations report data breaches | Capita | The Guardian

• Cyber Actors Impact Daily Life in Attacks on Critical Infrastructure, Supply Chains, Report Says - MSSP Alert

Software Supply Chain

• CISO-approved strategies for software supply chain security - Help Net Security

• Where SBOMs Stand Today (darkreading.com)

Cloud/SaaS

• One of Microsoft Azure's top tools has a serious security flaw | TechRadar

• Top public cloud security concerns for the media and entertainment industry - Help Net Security

• Disaster recovery in the cloud | InfoWorld

• Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack

• Why organisations should adopt a cloud cyber security framework - Help Net Security

• Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)

• Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace (darkreading.com)

Hybrid/Remote Working

• Navigating cyber security in the age of remote work - Help Net Security

Shadow IT

• The shadow IT fight — 2023 style | Computerworld

Identity and Access Management

• Digital nomads drive changes in identity verification - Help Net Security

Encryption

• After 28 years, SSLv2 is still not gone from the internet... but we're getting there

API

• The root causes of API incidents and data breaches - Help Net Security

Open Source

• 2 Lenses for Examining the Safety of Open Source Software (darkreading.com)

• EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cyber security | Electronic Frontier Foundation (eff.org)

Passwords, Credential Stuffing & Brute Force Attacks

• Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)

• Swiss real estate agency Neho fails to put a password on its systems - Security Affairs

• Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)

Social Media

• NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian

• Twitter pulls out of voluntary EU disinformation code - BBC News

• AI: War crimes evidence erased by social media platforms - BBC News

Malvertising

• RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)

Training, Education and Awareness

• Building an Effective Cyber security Training Program (hbr.org)

Travel

• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives (darkreading.com)

• US court finds that border phone searches need a warrant • The Register

Parental Controls and Child Safety

• 3 signs your kids may be hackers and what to do about it | Euronews

• “I was a teenage hacker”: Two child hackers share their stories | Euronews

Regulations, Fines and Legislation

• OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

• Netflix warns it may remove content from UK catalogue over government media bill | The Independent

• EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cyber security | Electronic Frontier Foundation (eff.org)

Models, Frameworks and Standards

• Why organisations should adopt a cloud cyber security framework - Help Net Security

Data Protection

• OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)

Careers, Working in Cyber and Information Security

• Ways to Help Cyber security's Essential Workers Avoid Burnout (darkreading.com)

• Managing mental health in cyber security - Help Net Security

• ISACA pledges to help grow cyber security workforce in Europe | CSO Online

Law Enforcement Action and Take Downs

• US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop

Privacy, Surveillance and Mass Monitoring

• The answer to the FBI's advanced persistent threat • The Register

• Amazon to Pay $31m After FTC's Security and Privacy Allegations - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• How giant pieces of spyware are shaping our views and our world | Evening Standard

• Twitter pulls out of voluntary EU disinformation code - BBC News

• The 2024 race promises to be 'very, very active' in terms of foreign and domestic meddling, says former CISA chief | CyberScoop

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine war blurs lines between cyber crims and state hacks • The Register

• Pegasus Spyware Is Detected in a War Zone for the First Time | WIRED

• Chinese State-Backed Cyber Operatives Threaten Critical Infrastructure in Espionage Campaign - MSSP Alert

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• How giant pieces of spyware are shaping our views and our world | Evening Standard

• Predator may have more spyware capabilities than we know • The Register

• Cyber Army! US Mulls Creating A New Military Unit That Can 'Track & Whack' Chinese, Russian Aggression (eurasiantimes.com)

• Cyberweapon manufacturers plot to stay on the right side of US | Financial Times (ft.com)

• Suspected Russia-trained spy whale reappears off Sweden’s coast | Sweden | The Guardian

• Pentagon Cyber Policy Cites Learnings from Ukraine War - Infosecurity Magazine (infosecurity-magazine.com)

• AI: War crimes evidence erased by social media platforms - BBC News

Nation State Actors

• How APTs target SMBs - Help Net Security

• Chinese hackers seeking ways to cripple infrastructure 'likely to have targeted UK operators' (inews.co.uk)

• China hacking Guam: Can the US stop foreign cyber attacks? | The Week

• Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop

• US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)

• Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)

• Investigation Launched After London City Airport Website Hacked (simpleflying.com)

• Taiwan rushes to prevent China from cutting off internet and phones | The Japan Times

• North Korea says spy satellite launch crashed into sea - BBC News

• Pentagon Cyber Policy Cites Learnings from Ukraine War - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Pink hackers continue to target govt and military organisations (bleepingcomputer.com)

• The next Chinese tech threat is already here | The Spectator

• North Korean phishing gang stole rocket tech info • The Register

• North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks (thehackernews.com)

• North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)

Vulnerability Management

• Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)

• Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)

• 3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them (thehackernews.com)

• Focus Security Efforts on Choke Points, Not Visibility (darkreading.com)

Vulnerabilities

• New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)

• Zero-day vulnerability in MoveIt Transfer under attack | TechTarget

• Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months (thehackernews.com)

• Chrome 114 Released With 18 Security Fixes – Security Week

• WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection (bleepingcomputer.com)

• WordPress force installs critical Jetpack patch on 5 million sites (bleepingcomputer.com)

• Microsoft finds macOS bug that lets hackers bypass SIP root restrictions (bleepingcomputer.com)

• Zyxel patches vulnerability in NAS devices (CVE-2023-27988) - Help Net Security

• Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices (thehackernews.com)

• Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED

• Barracuda Email Security Gateway under active attack • The Register

• MacOS 'Migraine' Bug: Big Headache for Device System Integrity (darkreading.com)

• FTC accuses Amazon of nightmare IoT security fails • The Register

• Critical Vulnerabilities Found in Faronics Education Software – Security Week

Tools and Controls

• HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• When is it Time for a Cyber Hygiene Audit? (trendmicro.com)

• The strategic importance of digital trust for modern businesses - Help Net Security

• Vendors: Threat actor taxonomies are confusing but essential | TechTarget

• 6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cyber crime (thehackernews.com)

• Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)

• Digital nomads drive changes in identity verification - Help Net Security

• Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)

• The Top 10 endpoint security challenges and how to overcome them | VentureBeat

• Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf

• Disaster recovery in the cloud | InfoWorld

• Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack

• Disaster recovery challenges enterprise CISOs face - Help Net Security

• Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)

• Research Reveals UK Firms Plan to Embrace New Era of Digital Identity- IT Security Guru

Reports Published in the Last Week

• Global Threat Intelligence Report April (blackberry.com)

• Top Cyber attacks Revealed in New Threat Intelligence Report (darkreading.com)

Other News

• Undetected Attacks Against Middle East Targets Conducted Since 2020 (darkreading.com)

• 8 best practices for securing your Mac from hackers in 2023 (techrepublic.com)

• Hot Pixels attack checks CPU temp, power changes to steal data (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Quarter of UK SMBs Hit by Ransomware in 2022

Over one in four (26%) British SMBs have been targeted by ransomware over the past year, with half (47%) of those compromised paying their extorters, according to new data from anti-virus provider Avast. The security vendor polled 1000 IT decision makers from UK SMBs back in October, to better understand the risk landscape over the previous 12 months.

More than two-thirds (68%) of respondents said they are more concerned about being attacked since the start of the war in Ukraine, fuelling concerns that have led to half (50%) investing in cyber-insurance. They’re wise to do so, considering that 41% of those hit by ransomware lost data, while 34% lost access to devices, according to Avast.

Given that SMBs comprise over 99% of private sector businesses in the country, it’s reassuring that cyber is now being viewed as a major business risk. Nearly half (48%) ranked it as one of the biggest threats they currently face, versus 66% who cited financial risk stemming from surging operational cost. More respondents cited cyber as a top threat than did physical security (35%) and supply chain disruption (33%).

Avast argued that SMBs are among the groups most vulnerable to cyber-threats as they often have very limited budget and resources, and many don’t have somebody on staff managing security holistically. As a result, not only are SMB’s lacking in their defence, but they’re also slower and less able to react to incidents.

https://www.infosecurity-magazine.com/news/quarter-of-uk-smbs-hit-ransomware/

• Global Cyber Attack Volume Surges 38% in 2022

The number of cyber attacks recorded last year was nearly two-fifths (38%) greater than the total volume observed in 2021, according to Check Point.

The security vendor claimed the increase was largely due to a surge in attacks on healthcare organisations, which saw the largest year-on-year (YoY) increase (74%), and the activities of smaller, more agile hacking groups.

Overall, attacks reached an all-time high in Q4 with an average of 1168 weekly attacks per organisation. The average weekly figures for the year were highest for education sector organisations (2314), government and military (1661) and healthcare (1463).

Threat actors appear to have capitalised on gaps in security created by the shift to remote working. The ransomware ecosystem is continuing to evolve and grow with smaller, more agile criminal groups that form to evade law enforcement. Hackers are also now increasingly widening their aim to target business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits. These make for a rich source of sensitive data given that most organisations’ employees continue to work remotely.

It is predicted that AI tools like ChatGPT would help to fuel a continued surge in attacks in 2023 by making it quicker and easier for bad actors to generate malicious code and emails.

Recorded cyber-attacks on US organisations grew 57% YoY in 2022, while the figure was even higher in the UK (77%). This chimes with data from UK ISP Beaming, which found that 2022 was the busiest year on record for attacks. It recorded 687,489 attempts to breach UK businesses in 2022 – the equivalent of one attack every 46 seconds.

https://www.infosecurity-magazine.com/news/global-cyberattack-volume-surges/

• 1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite the Majority of Employees Having Access to Critical Data

New research from cyber security provider Hornetsecurity has found that 33% of companies are not providing any cyber security awareness training to users who work remotely.

The study also revealed nearly three-quarters (74%) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.

Despite the current lack of training and employees feeling ill-equipped, almost half (44%) of respondents said their organisation plans to increase the percentage of employees that work remotely. The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe.

Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk.

The independent survey, which quizzed 925 IT professionals from a range of business types and sizes globally, highlighted the security management challenges and employee cyber security risk when working remotely. The research revealed two core problems causing risk: employees having access to critical data, and not enough training being provided on how to manage cyber security or how to reduce the risk of a cyber-attack or breach.

https://www.darkreading.com/vulnerabilities-threats/1-in-3-organizations-do-not-provide-any-cybersecurity-training-to-remote-workers-despite-a-majority-of-employees-having-access-to-critical-data

• AI-Generated Phishing Attacks Are Becoming More Convincing

It's time for you and your colleagues to become more sceptical about what you read.

That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harass, and spread fake news.

Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed. Amongst the use cases explored by the research were the use of GPT-3 models to create:

• Phishing content – emails or messages designed to trick a user into opening a malicious attachment or visiting a malicious link

• Social opposition – social media messages designed to troll and harass individuals or to cause brand damage

• Social validation – social media messages designed to advertise or sell, or to legitimise a scam

• Fake news – research into how well GPT-3 can generate convincing fake news articles of events that weren’t part of its training set

All of these could, of course, be useful to cyber criminals hell-bent on scamming the unwary or spreading unrest.

https://www.tripwire.com/state-of-security/ai-generated-phishing-attacks-are-becoming-more-convincing

• Customer and Employee Data the Top Prize for Hackers

The theft of customer and employee data accounts for almost half (45%) of all stolen data between July 2021 and June 2022, according to a new report from cyber security solution provider Imperva.

The data is part of a 12-month analysis by Imperva Threat Research on the trends and threats related to data security in its report “More Lessons Learned from Analysing 100 Data Breaches”.

Their analysis found that theft of credit card information and password details dropped by 64% compared to 2021. The decline in stolen credit card and password data pointing to the uptake of basic security tactics like multi-factor authentication (MFA). However, in the long term, PII data is the most valuable data to cyber-criminals. With enough stolen PII, they can engage in full-on identity theft which is hugely profitable and very difficult to prevent. Credit cards and passwords can be changed the second there is a breach, but when PII is stolen, it can be years before it is weaponised by hackers.

The research also revealed the root causes of data breaches, with social engineering (17%) and unsecured databases (15%) two of the biggest culprits. Misconfigured applications were only responsible for 2% of data breaches, but Imperva said that businesses should expect this figure to rise in the near future, particularly with cloud-managed infrastructure where configuring for security requires significant expertise.

It’s really concerning that a third (32%) of data breaches are down to unsecured databases and social engineering attacks, since they’re both straightforward to mitigate. A publicly open database dramatically increases the risk of a breach and, all too often, they are left like this not out of a failure of security practices but rather the total absence of any security posture at all.

https://www.infosecurity-magazine.com/news/customer-employee-data-hackers/

• Royal Mail hit by Ransomware Attack, Causes ‘Severe Disruption’ to Services

Royal Mail experienced “severe service disruption” to its international export services following a ransomware attack, the company has announced. A statement said it was temporarily unable to despatch export items including letters and parcels to overseas destinations.

Royal Mail said: “We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue” and advising that “Some customers may experience delay or disruption to items already shipped for export.”

The attack was later attributed to LockBit, a prolific ransomware gang with close ties to Russia. Both the NCSC and the NCA were involved in responding to the incident.

https://www.independent.co.uk/business/royal-mail-cyber-attack-exports-b2260308.html

• The Guardian Confirms Personal Information Compromised in Ransomware Attack

British news organisation The Guardian has confirmed that personal information was compromised in a ransomware attack in December 2022.

The company fell victim to the attack just days before Christmas, when it instructed staff to work from home, announcing network disruptions that mostly impacted the print newspaper.

Right from the start, the Guardian said it suspected ransomware to have been involved in the incident, and this week the company confirmed that this was indeed the case. In an email to staff on Wednesday, The Guardian Media Group’s chief executive and the Guardian’s editor-in-chief said that the sophisticated cyber attack was likely the result of phishing.

They also announced that the personal information of UK staff members was compromised in the attack, but said that reader data and the information of US and Australia staff was not impacted. “We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely,” the Guardian representatives said. While the attack forced the Guardian staff to work from home, online publishing has been unaffected, and production of daily newspapers has continued as well.

“We believe this was a criminal ransomware attack, and not the specific targeting of the Guardian as a media organisation,” the Guardian said.

The company continues to work on recovery and estimates that critical systems would be restored in the next two weeks. Staff, however, will continue to work from home until at least early February. “These attacks have become more frequent and sophisticated in the past three years, against organisations of all sizes, and kinds, in all countries,” the Guardian said.

https://www.securityweek.com/guardian-confirms-personal-information-compromised-ransomware-attack

• Ransomware Gang Releases Info Stolen from 14 UK Schools, Including Passport Scans

Another month, another release of personal information stolen from a school system. This time, it's a group of 14 schools in the United Kingdom.

Once again, the perpetrator appears to be Vice Society, which is well known for targeting educational systems in the US. As the Cybersecurity and Infrastructure Security Agency (CISA) pointed out in a bulletin from Sept. 6, "K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers."

The UK hack may have turned up even more confidential information than the Los Angeles school system breach last year. As the BBC reported on Jan. 6, "One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions."

Some prominent school cyber attacks in the US include public school districts in Chicago, Baltimore, and Los Angeles. A new study from digital learning platform Clever claims that one in four schools experienced a cyber-incident over the past year, and according to a new report from security software vendor Emsisoft, at least 45 school districts and 44 higher learning institutions suffered ransomware attacks in 2022.

Schools are an attractive target as they are typically data-rich and resource-poor. Without proper resources in terms of dedicated staffing and the necessary tools and training to protect against cyber-attacks, schools can be a soft target. Many of the 14 schools hit by this latest leak are colleges and universities, but primary and secondary schools were also hit, according to the BBC's list.

https://www.darkreading.com/attacks-breaches/vice-society-releases-info-stolen-uk-schools-passport-scans

• The Dark Web’s Criminal Minds See Internet of Things as Next Big Hacking Prize

Cyber security experts say 2022 may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.

Criminal groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when they realise that it works to do damage or to get people to pay. Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.

For the past decade, manufacturers, software companies and consumers have been rushing to the promise of Internet of Things devices. Now there are an estimated 17 billion in the world, from printers to garage door openers, each one packed with software (some of it open-source software) that can be easily hacked.

What many experts are anticipating is the day enterprising criminals or hackers affiliated with a nation-state figure out an easy-to-replicate scheme using IoT devices at scale. A group of criminals, perhaps connected to a foreign government, could figure out how to take control of many things at once – like cars, or medical devices. There have already been large-scale attacks using IoT, in the form of IoT botnets. In that case, actors leveraging unpatched vulnerabilities in IoT devices used control of those devices to carry out denial of service attacks against many targets. Those vulnerabilities are found regularly in ubiquitous products that are rarely updated.

In other words, the possibility already exists. It’s only a question of when a criminal or a nation decides to act in a way that targets the physical world at a large scale. There are a handful of companies, new regulatory approaches, a growing focus on cars as a particularly important area, and a new movement within the software engineering world to do a better job of incorporating cyber security from the beginning.

https://www.cnbc.com/2023/01/09/the-dark-webs-criminal-minds-see-iot-as-the-next-big-hacking-prize.html

• Corrupted File to Blame for Computer Glitch which Grounded Every US Flight

A corrupted file has been blamed for a glitch on the Federal Aviation Administration's computer system which saw every flight grounded across the US.

All outbound flights were grounded until around 9am Eastern Time (2pm GMT) on Wednesday as the FAA worked to restore its Notice to Air Missions (NOTAM) system, which alerts pilots of potential hazards along a flight route.

On Wednesday 4,948 flights within, into or out of the US had been delayed, according to flight tracker FlightAware.com, while 868 had been cancelled. Most delays were concentrated along the East Coast. Normal air traffic operations resumed gradually across the US following the outage to the NOTAM system that provides safety information to flight crews.

A corrupted file affected both the primary and the backup systems, a senior government official told NBC News on Wednesday night, adding that officials continue to investigate. Whilst Government officials said there was no evidence of a cyber attack, it shows the real world impacts that an outage or corrupted file can cause.

https://news.sky.com/story/all-flights-across-us-grounded-due-to-faa-computer-system-glitch-us-media-12784252

Threats

Ransomware, Extortion and Destructive Attacks

• Royal Mail unable to despatch items abroad after 'cyber incident' | UK News | Sky News

• Lorenz ransomware gang plants backdoors to use months later (bleepingcomputer.com)

• Quarter of UK SMBs Hit by Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Worldwide Ransomware Attacks Trend (informationsecuritybuzz.com)

• LastPass Faces Class-Action Lawsuit Over Password Vault Breach (pcmag.com)

• 10 of the biggest ransomware attacks of 2022 | TechTarget

• Rackspace: Ransomware actor accessed 27 customers' data | TechTarget

• Hackers demand £15 million ransom from Hull and Yorkshire schools after cyber attack - Hull Live (hulldailymail.co.uk)

• Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)

• Risk & Repeat: Analysing the Rackspace ransomware attack | TechTarget

• Guardian confirms it was hit by ransomware attack | The Guardian | The Guardian

• Post-ransomware attack, The Guardian warns staff their personal data was accessed • Graham Cluley

• The Guardian Confirms Personal Information Compromised in Ransomware Attack | SecurityWeek.Com

• Royal Mail cyber attack linked to LockBit ransomware operation (bleepingcomputer.com)

• The Guardian Confirms UK Members' Data Was Accessed in Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Hive Ransomware leaked 550 GB stolen from Consulate Health Care - Security Affairs

• Iowa’s largest school district cancels classes after cyber attack (bleepingcomputer.com)

• Hackers leak sensitive files after attack on San Francisco transit police (nbcnews.com)

• Vice Society ransomware claims attack on Australian firefighting service (bleepingcomputer.com)

• Ransomware attack at Hope Sentamu Learning Trust in York | York Press

Phishing & Email Based Attacks

• AI-generated phishing emails just got much more convincing • The Register

• Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)

• AI-generated phishing attacks are becoming more convincing | Tripwire

• Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED

• New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Telegram Bot Abuse For Phishing Increased By 800% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing campaign targets government institution in Moldova - Security Affairs

Malware

• Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)

• Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED

• ChatGPT Used to Develop New Malicious Tools - Infosecurity Magazine (infosecurity-magazine.com)

• Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly

• Many of 13 New Mac Malware Families Discovered in 2022 Linked to China | SecurityWeek.Com

• Dridex Malware Now Attacking macOS Systems with Novel Infection Method (thehackernews.com)

• New Spyware Variant with RAT Capabilities Targeting Financial Institutions, Social Media - MSSP Alert

• Over 1,300 fake AnyDesk sites push Vidar info-stealing malware (bleepingcomputer.com)

• Attackers abuse business-critical cloud apps to deliver malware - Help Net Security

• New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors (thehackernews.com)

• 6 PyPI Packages Detour Firewall Using Cloudflare Tunnels (informationsecuritybuzz.com)

• Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL (bleepingcomputer.com)

• Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls (bleepingcomputer.com)

• Gootkit Loader Actively Targets Australian Healthcare Industry (trendmicro.com)

• Raspberry Robin's botnet second life - SEKOIA.IO Blog

• Telegram Bot Abuse For Phishing Increased By 800% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours (thehackernews.com)

• Android TV box on Amazon came pre-installed with malware (bleepingcomputer.com)

• VLC media player is being hiajcked to send out malware | TechRadar

• RAT malware campaign tries to evade detection using polyglot files (bleepingcomputer.com)

• Italian Users Warned of Malware Attack Targeting Sensitive Information (thehackernews.com)

• Hackers push fake Pokemon NFT game to take over Windows devices (bleepingcomputer.com)

• How to protect yourself from bot-driven account fraud - Help Net Security

Mobile

• Android spyware strikes again targeting financial institutions and your money | Fox News

• Messenger billed as better than Signal is riddled with vulnerabilities | Ars Technica

• StrongPity hackers target Android users via trojanized Telegram app (bleepingcomputer.com)

• Threema claims encryption flaws never had a real-world impact (bleepingcomputer.com)

• Latest Firmware Flaws in Qualcomm Snapdragon Need Attention (darkreading.com)

• Threat actors claim access to Telegram servers through insiders - Security Affairs

• $20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)

Denial of Service/DoS/DDOS

• How to Defend Against any Type of DNS Attack | A10 Networks

• The most significant DDoS attacks in the past year - Help Net Security

• Multiple Danish Banks Disrupted By DDoS Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)

• New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks (thehackernews.com)

• Serbia Slammed With DDoS Attacks (darkreading.com)

Internet of Things – IoT

• The dark web's criminal minds see IoT as the next big hacking prize (cnbc.com)

• Android TV box on Amazon came pre-installed with malware (bleepingcomputer.com)

• Hackers can trick Wi-Fi devices into draining their own batteries | New Scientist

Data Breaches/Leaks

• Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED

• 14 UK schools hit by cyber attack and documents leaked - BBC News

• Air France and KLM notify customers of account hacks (bleepingcomputer.com)

• Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans (darkreading.com)

• Twitter's mushrooming data breach crisis could prove costly | CSO Online

• Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (thehackernews.com)

• 6 oversights that enable data breaches - Help Net Security

• CircleCI – code-building service suffers total credential compromise – Naked Security (sophos.com)

• Aflac's Japan says US partner leaked cancer customer info • The Register

• Data leak exposes information of 10,000 French social security beneficiaries | CSO Online

• Chick-fil-A investigates reports of hacked customer accounts (bleepingcomputer.com)

• Oxford University dating website for staff and students shut down after ‘huge data breach’ | News | The Times

• SolarWinds shareholders appeal Orion breach lawsuit to Delaware Supreme Court | SC Media (scmagazine.com)

Organised Crime & Criminal Actors

• JP Morgan must face suit over $272m cybertheft • The Register

• Cyber criminals are already using ChatGPT to own you | SC Media (scmagazine.com)

• Russian Cyber Crew Targets Ukraine Financial Sector Via Infected USB Drives - MSSP Alert

• 2022 Was the Biggest Year Yet for Crypto, if You're a Crook (gizmodo.com)

• Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• 2022 Was the Biggest Year Yet for Crypto, if You're a Crook (gizmodo.com)

• European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)

• European cops shut down fake crypto call centres • The Register

• Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL (thehackernews.com)

Fraud, Scams & Financial Crime

• European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)

• Nationwide warns ‘checking is important’ as thousands targeted in online scam | Personal Finance |

• How to protect yourself from bot-driven account fraud - Help Net Security

Insurance

• Insurance Co. Beazley Launches $45M 'Cyber Catastrophe Bond' (gizmodo.com)

• Insurer Beazley launches first catastrophe bond for cyber threats | Financial Times (ft.com)

• 4 Cyber Insurance Requirement Predictions for 2023 (trendmicro.com)

Dark Web

• Threat actors claim access to Telegram servers through insiders - Security Affairs

• $20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)

• Pakistan tells government agencies to avoid the dark web • The Register

Software Supply Chain

• Software Supply Chain Security Needs a Bigger Picture (darkreading.com)

Cloud/SaaS

• Attackers abuse business-critical cloud apps to deliver malware - Help Net Security

• Top SaaS Cyber security Threats in 2023: Are You Ready? (thehackernews.com)

• Why Do User Permissions Matter for SaaS Security? (thehackernews.com)

Attack Surface Management

• Why the atomized network is growing, and how to protect it - Help Net Security

• Web 3.0 Shifts Attack Surface and Highlights Need for Continuous Security (darkreading.com)

Identity and Access Management

• 4 identity security trends to watch in 2023 - Help Net Security

Encryption

• RSA crypto cracked? Or perhaps not! – Naked Security (sophos.com)

• What is Triple DES and why is it being disallowed? | TechTarget

Passwords, Credential Stuffing & Brute Force Attacks

• A fifth of passwords used by federal agency cracked in security audit | Ars Technica

• Why FIDO and passwordless authentication is the future - Help Net Security

• 'Copyright Infringement' Lure Used for Facebook Credential Harvesting (darkreading.com)

• Why it might be time to consider using FIDO-based authentication devices | CSO Online

Social Media

• Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED

• Twitter's mushrooming data breach crisis could prove costly | CSO Online

• New Spyware Variant with RAT Capabilities Targeting Financial Institutions, Social Media - MSSP Alert

• Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (thehackernews.com)

• If governments are banning TikTok, why is it still on your corporate devices? | CSO Online

• 'Copyright Infringement' Lure Used for Facebook Credential Harvesting (darkreading.com)

Training, Education and Awareness

• 1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite a Majority of Employees Having Access to Critical Data (darkreading.com)

Regulations, Fines and Legislation

• Technical And Legal Risks Of ChatGPT: How Prepared Are We With Laws On AI? (informationsecuritybuzz.com)

Governance, Risk and Compliance

• US cyber security director: The tech ecosystem has ‘become really unsafe’ (yahoo.com)

• Global Cyber-Attack Volume Surges 38% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Customer and Employee Data the Top Prize for Hackers – Imperva - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite a Majority of Employees Having Access to Critical Data (darkreading.com)

• Global Risks Report: Understand the risk landscape in 2023 and beyond - Help Net Security

• 6 oversights that enable data breaches - Help Net Security

• Why Analysing Past Incidents Helps Teams More Than Usual Security Metrics (darkreading.com)

• Cyber security spending and economic headwinds in 2023 | CSO Online

• How to Ensure Cyber Security Investments Remain a Priority Across Your Organisation (darkreading.com)

• Practical Risk Management - Beyond Certification (informationsecuritybuzz.com)

• Vulnerable software, low incident reporting raises risks | TechTarget

• How Will a Recession Will Affect CISOs? | SecurityWeek.Com

Careers, Working in Cyber and Information Security

• Cyber security staff are struggling. Here's how to support them better | ZDNET

Law Enforcement Action and Take Downs

• European cops shut down fake crypto call centres • The Register

• European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Hidden Chinese tracking device 'found in UK Government car' sparks national security fears (inews.co.uk)

Artificial Intelligence

• AI-generated phishing emails just got much more convincing • The Register

• ChatGPT: The infosec assistant that is jack of all trades, master of none - Help Net Security

• How hackers might be exploiting ChatGPT | Cybernews

• Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)

• VALL-E AI can mimic a person’s voice from a 3-second snippet • The Register

• ChatGPT Artificial Intelligence: An Upcoming Cyber security Threat? (darkreading.com)

• Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware (hackread.com)

• Cyber criminals are already using ChatGPT to own you | SC Media (scmagazine.com)

• Trojan Puzzle attack trains AI assistants into suggesting malicious code (bleepingcomputer.com)

• The ChatGPT bot is causing panic now – but it’ll soon be as mundane a tool as Excel | John Naughton | The Guardian

• How hackers might be exploiting ChatGPT | Cybernews

• ChatGPT Used to Develop New Malicious Tools - Infosecurity Magazine (infosecurity-magazine.com)

• Technical And Legal Risks Of ChatGPT: How Prepared Are We With Laws On AI? (informationsecuritybuzz.com)

• DHS, CISA plan AI-based cyber security analytics sandbox • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED

• Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly

• Hidden Chinese tracking device 'found in UK Government car' sparks national security fears (inews.co.uk)

• Ukraine: Russian Cyber-Attacks Should Be Considered War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters

• Russian cyber attacks on Ukraine halved with help from Amazon and Microsoft (telegraph.co.uk)

• Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organisations (cyberscoop.com)

• New Dark Pink APT group targets govt and military with custom malware (bleepingcomputer.com)

• Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)

• Phishing campaign targets government institution in Moldova - Security Affairs

• Serbia Slammed With DDoS Attacks (darkreading.com)

• Russian and Belarusian men charged with spying for Russian GRU - Security Affairs

Nation State Actors

Nation State Actors – Russia

• Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED

• Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly

• Ukraine: Russian Cyber-Attacks Should Be Considered War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters

• Russian cyber attacks on Ukraine halved with help from Amazon and Microsoft (telegraph.co.uk)

• How Elon Musk’s Starlink has changed warfare | The Economist

• Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)

• Phishing campaign targets government institution in Moldova - Security Affairs

• Serbia Slammed With DDoS Attacks (darkreading.com)

• Russian and Belarusian men charged with spying for Russian GRU - Security Affairs

• Musk's Starlink Satellite's Role In Ukraine War Inspires Taiwan To Thwart Potential China Attack

Nation State Actors – China

• Hidden Chinese tracking device 'found in UK Government car' sparks national security fears (inews.co.uk)

• Many of 13 New Mac Malware Families Discovered in 2022 Linked to China | SecurityWeek.Com

• If governments are banning TikTok, why is it still on your corporate devices? | CSO Online

• Musk's Starlink Satellite's Role In Ukraine War Inspires Taiwan To Thwart Potential China Attack

Nation State Actors – Iran

• Iran says it foiled cyber attack on central bank | Reuters

Nation State Actors – Misc

• New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organisations (cyberscoop.com)

• New Dark Pink APT group targets govt and military with custom malware (bleepingcomputer.com)

Vulnerability Management

Applications Five Years or Older Likely to have Security Flaws - Infosecurity Magazine (infosecurity-magazine.com)

Patch Where it Hurts: Effective Vulnerability Management in 2023 (thehackernews.com)

70% of apps contain at least one security flaw after 5 years in production - Help Net Security

Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)

Does a hybrid model for vulnerability management make sense? • Graham Cluley

Vulnerabilities

• Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day | SecurityWeek.Com

• Microsoft plugs actively exploited zero-day hole (CVE-2023-21674) - Help Net Security

• The Roadmap to Secure Access Service Edge (SASE) - MSSP Alert

• Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica

• Chrome 109 Patches 17 Vulnerabilities | SecurityWeek.Com

• Cyber criminals bypass Windows security with driver-vulnerability exploit | CSO Online

• Google Chrome 'SymStealer' Vulnerability Could Affect 2.5 Billion Users - Infosecurity Magazine (infosecurity-magazine.com)

• Attackers target govt networks exploiting Fortinet SSL-VPN CVE-2022-42475 - Security Affairs

• Adobe Plugs Security Holes in Acrobat, Reader Software | SecurityWeek.Com

• Zoom Patches High Risk Flaws on Windows, MacOS Platforms | SecurityWeek.Com

• Cisco warns of auth bypass bug with public exploit in EoL routers (bleepingcomputer.com)

• Swiss Threema messaging app found to have vulnerabilities • The Register

• Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability (thehackernews.com)

• Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica

• Critical bug in Cisco Small Business Routers will receive no patch - Security Affairs

• Severe Vulnerabilities Allow Hacking of Asus Gaming Router | SecurityWeek.Com

• JsonWebToken Security Bug Opens Servers to RCE (darkreading.com)

• Latest Firmware Flaws in Qualcomm Snapdragon Need Attention (darkreading.com)

Tools and Controls

• How to prevent and detect lateral movement attacks | TechTarget

• 65% of Organisations Plan to Adopt a Security Service Edge Platform in Next 2 Years: Axis Security (darkreading.com)

• How Will a Recession Will Affect CISOs? | SecurityWeek.Com

• What is Red Teaming & How it Benefits Orgs (trendmicro.com)

• Data Loss Prevention Capability Guide (informationsecuritybuzz.com)

• 4 key shifts in the breach and attack simulation (BAS) market - Help Net Security

• How to prioritize effectively with threat modeling • The Register

• XDR and the Age-old Problem of Alert Fatigue | SecurityWeek.Com

• 11 top XDR tools and how to evaluate them | CSO Online

• Why FIDO and passwordless authentication is the future - Help Net Security

• Why it might be time to consider using FIDO-based authentication devices | CSO Online

• How to Defend Against any Type of DNS Attack | A10 Networks

• DHS, CISA plan AI-based cyber security analytics sandbox • The Register

• ChatGPT: The infosec assistant that is jack of all trades, master of none - Help Net Security

Other News

• Better Include Physical Security With Cyber security | T&D World

• 6 oversights that enable data breaches - Help Net Security

• It’s official: Digital trust really matters to everyone online - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.