Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Cyber Attacks Begin by Breaking Human Trust

One of the most visible cyber attacks in recent months has reminded us that we all play a role in security, and people remain a favourite route for attackers. In the recent attack on MGM Resorts, an employee unwittingly helped the attacker to access the organisation’s systems and information. The attack highlights the power of social engineering as an attack vector, and that any size of business can fall victim.

One of the ways organisations can help to protect themselves is to provide social engineering training to employees. This builds resilience by helping employees to understand, recognise and avoid becoming a victim, recognising that cyber security involves more than just technology.

Despite some improvements in awareness programs, organisations face hurdles including budget constraints, limited training time and understaffing. Training should be continuous and target major risk areas such as phishing, vishing and password management, while fostering a proactive security culture.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes ensure employee engagement and build a cyber security culture to protect the organisation.

Sources: [GovTech] [Bloomberg] [Security Week]

BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data

Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices. Many organisations welcome a bring your own device (BYOD) policy, yet are not managing these devices effectively.

Without appropriate management of BYOD devices, organisations are allowing a number of unknown devices onto the corporate scene; these devices can be unpatched, unregulated and can lack adequate security measures, without the organisation even being aware.

Source: [The Register]

SME Cyber Security Knowledge Gap Widens

Recent findings underscore a growing concern: a significant cyber security knowledge gap among small and medium size enterprises (SMEs). The report found that 22% of employees are concerned their actions could contribute to a cyber attack or data breach. Alarmingly, more than three-quarters of senior executives are unable to identify cyber threats or distinguish phishing emails from legitimate ones.

Despite the clear risks, three out of four SMEs do not provide any form of cyber security training to their staff. This reveals a concerning disconnect: while the majority of business owners do not perceive their staff as potential cyber security risks, many employees themselves acknowledge that they could inadvertently cause such issues.

Adding to the concern, 60% of SMEs have no plans to increase their security budget in the coming year. Two-thirds of these businesses do not view cyber security as a priority. In fact, only one in five SMEs are even considering investing in cyber insurance. This widening knowledge gap in SME cyber security is indeed troubling and calls for immediate attention.

Sources: [Insurance Journal] [Dealer Support] [IT Security Guru]

UK Security Budgets Under Strain as Cyber Incidents Soar

A recent report found that UK businesses have suffered a 25% increase in cyber incidents in the last year, against a backdrop of budgetary constraints on implementing cyber security strategies. The report found that, despite spending more than £40,000 a year on cyber security protection, more than a quarter of organisations think their cyber security budget is inadequate to fully protect them from growing threats. This is as UK businesses have experienced, on average, 30 cyber incidents over the last 12 months, a 25% increase compared to last year.

The report identified that a lack of key skills remains one of the main concerns in tackling rising cyber threats. So much so that 30% of cyber staff admit to currently facing burnout. This pressure also means that less than half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56%) and malware (55%).

Sources: [Silicon] [Verdict] [CSO Online]

Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount

A recent EY survey of cyber security leaders reported that just 1 in 5 found their organisation’s approach to cyber defences to  effective and just 36% are satisfied with the levels of best practices by teams outside the IT department. The report also found that despite higher levels of spending, the organisation’s cyber security detection and response appeared slow; 76% of respondents took six months or longer to detect and respond to an incident.

Source: [EY]

FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours

The FBI has flagged dual ransomware attacks, where attackers will attack a company twice within a few hours, as an emerging trend. This comes as an increasing number of ransomware actors are deploying their ransomware within 24 hours of initial access, and in 10% of cases, within just a few hours. Comparing this to last year, where the median time was four and a half days, organisations have significantly less time to enact their response, if they have one.

Sources: [Tech Monitor] [The Cord] [Information Security] [Beta News] [Cision] [The Record] [Malware Bytes]

Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business

A new report from Ivanti into hidden threats finds that one in three employees believe their actions do not impact their organisation's security. The research shows that Millennial and Gen Z office workers are more likely to have unsafe cyber security habits when compared to Gen X and older (those above 40 years of age). The report also finds that men and leaders are more comfortable contacting a security employee with a question or concern, with leaders at an organisation the most likely to reach out with a question at 72%.

The report also highlighted that phishing scams were found to be greatly underreported by those aged 40 and under, with 23% saying that they did not report the last phishing attempt they received, the most the most likely reason for this being “I didn’t think it was important”. In contrast, of the older demographic only 12% failed to report. Cyber security has only recently become the leading concern among C-suites and executives; however, security leaders need to enable all employees to play defence against threat actors and proactively build an open and welcoming security culture.

Sources: [Techradar] [Beta News] [HelpNet Security]

Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported

Over half (52%) of cyber security professionals are experiencing an increase in cyber attacks compared to a year ago, according to new research. Further findings revealed that only 40% of organisations conducted a cyber risk assessment annually. By conducting risk assessments, organisations are able to identify their vulnerabilities and address them, before an attacker gets the chance to exploit them.

Further, in a recent survey conducted by ISACA, which collated insights from over 2,000 security leaders globally, a significant 62% of respondents say that organisations are under-reporting cyber crime incidents. The report also revealed 59% indicate their cyber security teams are undermanned, and the challenge of retaining skilled cyber security professionals remains, with 56% experiencing retention issues.

Sources: [MSSP Alert] [Security Brief] [InfoSecurity Magazine ]

Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums

According to a recent survey, budgets for cyber security have grown 70% in the last five years and whilst these have risen, so have cyber insurance premiums (50%), due to the increase in ransomware attacks.

Insurance firms have not been able to sustain losses they were incurring without passing on these costs to their customers. At the same time, obtaining cyber insurance is getting exponentially harder, with more and more stringent controls and measures being mandated by insurance companies before underwriting to minimise their exposure.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Global Reinsurance]

Evolving Conversations: Cyber Security as a Business Risk

According to a report, only 53% of board members report having regular interactions with their cyber security experts, leaving nearly half without a strong and distinct Chief Information Security Officer (CISO) perspective in the decision making process.

By including CISOs or virtual CISOS (vCISOS) in board processes, the board can better understand the cyber implications of decisions, after all, you wouldn’t make a board-level financial decision without involving the CFO.

Source: [HelpNet Security]

Threats in Cloud Top the List of Executive Cyber Concerns

A recent report published by PwC has found that cloud-related threats are the top concern for organisations that have adopted the technology. These security concerns intensify for organisations with multiple clouds or hybrid infrastructures, with the report finding more than half of respondents citing cloud security as their most pressing concern.

The report highlighted that despite the focus on cloud security, nearly every organisation had risk management lapses. Nearly a third of respondents had yet to address disaster recovery and backup with their cloud service provider, and more than two in five pointed to in-house cloud skills gaps as a lingering risk factor.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [CIO Dive]

Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection

Recent research shows that hackers are increasingly using sophisticated tactics to get their phishing emails past companies’ cyber security defences. One key finding of the report is the percentage of phishing emails that use obfuscation techniques to avoid detection jumped by 24.4% in 2023. More than half of malicious emails, or 55.2%, now use such tactics. The report found that the most widely used obfuscation technique is HTML smuggling. This is the practice of hiding malicious raw code in a seemingly legitimate HTML page; the code only turns into malware after clearing the cyber security filtering.

The use of chatbots or large language models have lowered the barrier for entry to cyber crime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone. The reports found that tools designed to detect AI-generated phishing emails work unreliability or don’t work at all in 71.4% of cases.

Source: [Silicon Angle]

Governance, Risk and Compliance

• Small Businesses Underestimate Cyber Risks Despite Increased Threats: IBC Survey (insurancejournal.com)

• Half of Cyber security Professionals Report Increase in Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security: Still No. 1 on Every CIO's Agenda (govtech.com)

• SME cyber security knowledge gap widens | Dealer Support

• UK SME cyber threat concerns on the rise in last 12 months as a quarter admit to being breached - IT Security Guru

• Poor cyber security habits are common among younger employees - Help Net Security

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• After MGM and Caesars hacks, cyber security experts warn ‘anybody is vulnerable’  - The Nevada Independent

• People Still Matter in Cyber security Management (darkreading.com)

• UK businesses face tightening cyber security budgets as incidents spike | CSO Online

• Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive

• Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot (darkreading.com)

• Evolving conversations: Cyber security as a business risk - Help Net Security

• Cyber security preparedness pays big dividends for businesses - Help Net Security

• Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)

• Your Company's Cyber security Depends on Every Employee--Train Them Well and Instill the Importance of Security | Inc.com

• Gartner: Spending On Cyber security Services Is Outpacing Expectations In 2023 | CRN

• Cyber leaders’ confidence in their organisation’s defences plummets, but costs mount | EY - Global

• CISO's compass: Mastering tech, inspiring teams, and confronting risk - Help Net Security

• Kroll Launches Detection and Response Maturity Model and Finds 91% of Businesses Overestimate Their Cyber Maturity, Increasing Their Vulnerability to Cyber attacks

• Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024 (darkreading.com)

• A Tool to Help Boards Measure Cyber Resilience (hbr.org)

• High-business-impact outages are incredibly expensive - Help Net Security

• 78% of organisations under-report cyber attacks: ISACA (securitybrief.co.nz)

• Moody’s cyber survey reveals growing budgets and improved governance - Reinsurance News

• How To Talk To Your Board And C-suite About Cyber Preparedness | Scoop News

Threats

Ransomware, Extortion and Destructive Attacks

• Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance

• Ransomware is deployed faster as cyber criminals seek to avoid detection (betanews.com)

• Ransomware Dwell Time Hits Low of 24 Hours (prnewswire.com)

• Microsoft: Human-operated ransomware attacks tripled over past year (therecord.media)

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Dual ransomware attacks: FBI warns of twin threat to businesses (techmonitor.ai)

• Ransomware gangs destroying data, using multiple strains during attacks: FBI (therecord.media)

• Why the public sector is an easy target for ransomware | TechCrunch

• Banks beware: Why one ransomware victim decided to pay up | American Banker

• LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)

• Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers - Infosecurity Magazine (infosecurity-magazine.com)

• Feds hopelessly behind the times on ransomware trends • The Register

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Ransomware reinfections on the rise from improper remediation (malwarebytes.com)

• Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (bleepingcomputer.com)

• Ransomware gangs now exploiting critical TeamCity RCE flaw (bleepingcomputer.com)

• Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV (securityaffairs.com)

• Ransomware disrupts hospitality, healthcare in September | TechTarget

• Ransomware Attacks: Bad for Hospitals, Deadly for Patients - Tradeoffs

• Lorenz ransomware embroiled in its own two-year data leak • The Register

Ransomware Victims

• LockBit crime spree includes FDF and UK law firm (techmonitor.ai)

• Motel One discloses data breach following ransomware attack (bleepingcomputer.com)

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Record Numbers of Ransomware Victims Named on Leak Sites - Infosecurity Magazine (infosecurity-magazine.com)

• MGM Resorts Refused to Pay Ransom in Cyber attack on Casinos - WSJ

• BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care (securityaffairs.com)

• Ransomware attack on Johnson Controls may have exposed sensitive DHS data (securityaffairs.com)

• South African insurance clients hit in massive global cyber attack (mybroadband.co.za)

• Sony sent data breach notifications to about 6,800 individuals (securityaffairs.com)

• Clorox Warns of a Sales Mess After Cyber attack - WSJ

Phishing & Email Based Attacks

• EvilProxy Phishing Attack Strikes Indeed, Targets Executives - Infosecurity Magazine (infosecurity-magazine.com)

• Report: Over half of phishing emails now use obfuscation tactics to avoid detection - SiliconANGLE

• Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)

• Will generative AI really supercharge phishing attacks? - Tech Monitor

Other Social Engineering; Smishing, Vishing, etc

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• MGM Cyber attack Shows How Hackers Deploy Social Engineering - Bloomberg

• Casino Hackers Use Low-Tech Tricks to Exploit Corporate Targets (bloomberglaw.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• USPS Anchors Snowballing Smishing Campaigns (darkreading.com)

• Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• Bing Chat's ads unleash malware mayhem: Users lured into dangerous websites - OnMSFT.com

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• Protecting against FraudGPT, ChatGPT's evil twin - Help Net Security

• GenAI in software surges despite risks - Help Net Security

• Boardroom Blueprint: AI's Cyber security Risks (forbes.com)

• The top AI cyber crime threats and solutions | Inquirer Technology

• Kaspersky Issues Crimeware Report, Uncovers “WormGPT” | MSSP Alert

• The big debate: is AI a blessing or curse for cyber security? - Raconteur

• Global internet freedoms fell again last year as the threat of AI looms (therecord.media)

• Survey Finds Most Cyber security Experts Believe Offensive AI Will Outpace Defensive AI (thefastmode.com)

• LLMs lower the barrier for entry into cyber crime - Help Net Security

• Will generative AI really supercharge phishing attacks? - Tech Monitor

• Are we doomed to make the same security mistakes with AI? (securityintelligence.com)

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• From Cyber crime to Cyber security: Fighting AI With AI | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Malware

• Hackers are spreading malware through Indeed job messages | Digital Trends

• Cyber criminals Using New ASMCrypt Malware Loader Flying Under the Radar (thehackernews.com)

• There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar

• BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cyber crime Underground (thehackernews.com)

• North Korea's Lazarus Group upgrades its main malware • The Register

• Malware-Infected Devices Sold Through Major Retailers - Infosecurity Magazine (infosecurity-magazine.com)

• Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE

• Hundreds of malicious Python packages found stealing sensitive data (bleepingcomputer.com)

Mobile

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Android's October 2023 Security Updates Patch Two Exploited Vulnerabilities - Security Week

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

• Are executives adequately guarding their gadgets? - Help Net Security

Botnets

• AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week

Denial of Service/DoS/DDOS

• Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)

• Cloudflare DDoS protections ironically bypassed using Cloudflare (bleepingcomputer.com)

• Royal Family's official website targeted in cyber attack | UK News | Sky News

• Global events fuel DDoS attack campaigns - Help Net Security

BYOD

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Are executives adequately guarding their gadgets? - Help Net Security

Internet of Things – IoT

• Malware-Infected Devices Sold Through Major Retailers - Infosecurity Magazine (infosecurity-magazine.com)

• IoT and the law | Professional Security

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

• Eyes everywhere: How to safely navigate the IoT video revolution - Help Net Security

• FDA cyber mandates for medical devices goes into effect | CyberScoop

Data Breaches/Leaks

• European Telecommunications Standards Institute Discloses Data Breach - Security Week

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers - Infosecurity Magazine (infosecurity-magazine.com)

• NATO says it is addressing an apparent cyber attack after strategy documents posted online | CNN Politics

• SiegedSec Hacktivists Claim to Have Stolen 3,000 NATO Files in Second Attack | MSSP Alert

• Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)

• PSNI: Concerns over computer security as new figures reveal 161 data incidents | BelfastTelegraph.co.uk

• Sony confirms data breach impacting thousands in the US (bleepingcomputer.com)

• DNA testing service 23andMe investigating theft of user data | CyberScoop

Organised Crime & Criminal Actors

• Odds Are 1 in 4 Americans Will Fall Victim to Online Crime (prnewswire.com)

• People Still Matter in Cyber security Management (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)

• Scammers Impersonate Companies to Steal Cryptocurrency from Job Seeker - Infosecurity Magazine (infosecurity-magazine.com)

• There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar

• BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cyber crime Underground (thehackernews.com)

• The crypto market bears the scars of FTX's collapse | Reuters

Insider Risk and Insider Threats

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• Tech-savvy young workers might be the biggest cyber liability to your business | TechRadar

• Younger employees more likely to have unsafe cyber security habits (betanews.com)

• Addressing the People Problem in Cyber security - Security Week

Fraud, Scams & Financial Crime

• FBI warns phantom hacker scams are emptying financial accounts — how to stay safe | Tom's Guide (tomsguide.com)

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

• Online fraud can cost you more than money - Help Net Security

• The crypto market bears the scars of FTX's collapse | Reuters

• How to deal with your brand's doppelgangers | Kaspersky official blog

• Visa Program Combats Friendly Fraud Losses For Small Businesses Globally (darkreading.com)

Impersonation Attacks

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)

• Scammers Impersonate Companies to Steal Cryptocurrency from Job Seeker - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

Insurance

• Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance

• Insurance Companies Have a Lot to Lose in Cyber attacks (darkreading.com)

• 5 Cyber Insurance Trends To Watch Right Now | CRN

Supply Chain and Third Parties

• Tackling cyber risks head-on using security questionnaires - Help Net Security

Software Supply Chain

• Software firms under cyber attack | Microscope (computerweekly.com)

• Upstream Supply Chain Attacks Triple in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)

Cloud/SaaS

• Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive

• Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance (thehackernews.com)

• LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)

• AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week

• Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)

• EvilProxy uses indeed.com open redirect for Microsoft 365 phishing (bleepingcomputer.com)

Hybrid/Remote Working

• Employers must be clear with staff over workplace monitoring, warns privacy watchdog | UK News | Sky News

• Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro

Encryption

• New Marvin attack revives 25-year-old decryption flaw in RSA (bleepingcomputer.com)

• Quantum Computers Could Crack Encryption Sooner Than Expected With New Algorithm (singularityhub.com)

API

• The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)

• APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)

Open Source

• New 'Looney Tunables' Linux bug gives root on major distros (bleepingcomputer.com)

• The root cause of open-source risk - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Your Long Password Is Still Easy to Crack (pcmag.com)

• Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)

Biometrics

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• The rise and fall of Clearview.AI and the evolution of facial recognition - SiliconANGLE

• The inadequacy of voice biometrics | TechRadar

Social Media

• Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger

Malvertising

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

Training, Education and Awareness

• Your Company's Cyber security Depends on Every Employee--Train Them Well and Instill the Importance of Security | Inc.com

• Addressing the People Problem in Cyber security - Security Week

• How to Improve Cyber security Awareness and Training (trendmicro.com)

Parental Controls and Child Safety

• Child abuse site taken down, organised child exploitation crime suspected – exclusive (securityaffairs.com)

Regulations, Fines and Legislation

• Cyber experts urge EU to rethink vulnerability disclosure plans | Computer Weekly

• EU Cyber Resilience Act Could be Exploited for Surveillance, Experts W - Infosecurity Magazine (infosecurity-magazine.com)

• Keeping SEC-ure: Using Threat Intelligence to Stay Ahead of the New SEC Regulations (recordedfuture.com)

• Many Companies Far From Ready for Fast-Approaching SEC Cybersecurity Deadline | Corporate Counsel (law.com)

• Companies are already feeling the pressure from upcoming US SEC cyber rules | CSO Online

• Employers must be clear with staff over workplace monitoring, warns privacy watchdog | UK News | Sky News

• Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)

Models, Frameworks and Standards

• Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)

• What is Compliance as a Service (CaaS)? - Definition from WhatIs.com (techtarget.com)

Careers, Working in Cyber and Information Security

• UK government plans 2,500 new tech recruits by 2025 with focus on cyber security | CSO Online

• Up to 500,000 staff required to field off growing cyber security threat to Europe | Business Post

• The State of Cyber security: Cyber Skills Gap Leaves Business Vulnerable to Attacks, New Research Reveals | Business Wire

• Blue teams on the edge: cyber pros seem to hate their jobs | Cybernews

• Soft skills continue to challenge the cyber security sector - Help Net Security

Law Enforcement Action and Take Downs

• Child abuse site taken down, organised child exploitation crime suspected – exclusive (securityaffairs.com)

• Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

• UK student found guilty of 3D printing 'kamikaze' drone • The Register

Privacy, Surveillance and Mass Monitoring

• EU Cyber Resilience Act Could be Exploited for Surveillance, Experts W - Infosecurity Magazine (infosecurity-magazine.com)

• Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)

Misinformation, Disinformation and Propaganda

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State, Cyber Warfare and Cyber Espionage

• Espionage fuels global cyber attacks - Microsoft On the Issues

• Microsoft: Nation-state cyber espionage on rise in 2023 | Computer Weekly

• ‘Cyberwar Is Going on All Day, Every Day’: CEO | NTD

• CISA and UK NCSC Hold Inaugural Meeting of Strategic Dialogue on Cyber security of Civil Society Under Threat of Transnational Repression | CISA

• US and UK Lead Fight Against Civil Society Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• The sixth domain: The role of the private sector in warfare - Atlantic Council

• How this unassuming cable became the world’s most powerful weapon (telegraph.co.uk)

• Joint Statement from 21 Countries and the Organisation of American States Following the Department of Homeland Security Western Hemisphere Cyber Conference | Homeland Security (dhs.gov)

Russia

• Russian Cyber Attacks in 2023: Shifting Patterns, Goals, and Capacities

• Russian Hacktivism Takes a Toll on Organisations in Ukraine, EU, US (darkreading.com)

• Russia-Ukraine war: Cyber space is the latest frontline | Semafor

• Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)

• Joint Statement from 21 Countries and the Organisation of American States Following the Department of Homeland Security Western Hemisphere Cyber Conference | Homeland Security (dhs.gov)

• Ukrainian Man Calls Russian Tech Support to Help With Captured Tank: Report (businessinsider.com)

China

• China Poised to Disrupt US Critical Infrastructure with Cyber Attacks, - Infosecurity Magazine (infosecurity-magazine.com)

• How digital threats from East Asia are increasing in breadth and effectiveness | CSO Online

• Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege (securityaffairs.com)

Iran

• Iran-Linked APT34 Spy Campaign Targets Saudis (darkreading.com)

North Korea

• North Korea's Lazarus Group upgrades its main malware • The Register

• Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• North Korean hackers are targeting aerospace - Lazarus Group tricks employees into installing malware themselves | TechRadar

• North Korea goes phishing in South’s shipyards • The Register

Vulnerability Management

• How to Measure Patching and Remediation Performance (darkreading.com)

Vulnerabilities

• CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs | CISA

• October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty - Help Net Security

• Exploit released for Microsoft SharePoint Server auth bypass flaw (bleepingcomputer.com)

• Microsoft Edge, Teams get fixes for zero-days in open-source libraries (bleepingcomputer.com)

• A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day | Ars Technica

• Apple fixed the 17th zero-day flaw exploited in attacks (securityaffairs.com)

• Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day - Security Week

• Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software (darkreading.com)

• Mass exploitation attempts against WS_FTP have begun • The Register

• Millions of Exim mail servers exposed to zero-day RCE attacks (bleepingcomputer.com)

• Critical zero-days in Exim revealed, only 3 have been fixed - Help Net Security

• Patch Confusion for Critical Exim Bug Puts Email Servers at Risk--Again (darkreading.com)

• Microsoft won’t say if its products were exploited by spyware zero-days | TechCrunch

• Companies Address Impact of Exploited Libwebp Vulnerability  - Security Week

• Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) - Help Net Security

• Arm warns of Mali GPU flaws likely exploited in targeted attacks (bleepingcomputer.com)

• Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers (bleepingcomputer.com)

• Atlassian patches critical Confluence zero-day exploited in attacks (bleepingcomputer.com)

• Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits | Ars Technica

Tools and Controls

• Does your security program suffer from piecemeal detection and response? (securityintelligence.com)

• Keeping SEC-ure: Using Threat Intelligence to Stay Ahead of the New SEC Regulations (recordedfuture.com)

• The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)

• APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)

• 5 common browser attacks and how to prevent them | TechTarget

• Rationalizing Your Hybrid Cloud Security Tools (securityintelligence.com)

• Protecting your IT infrastructure with Security Configuration Assessment (SCA) (thehackernews.com)

• The big debate: is AI a blessing or curse for cyber security? - Raconteur

• Is your threat protection giving you a false sense of cyber security? | The Independent

• 5 Cyber Insurance Trends To Watch Right Now | CRN

• Quash EDR/XDR Exploits With These Countermeasures (darkreading.com)

• How to Improve Cyber security Awareness and Training (trendmicro.com)

Reports Published in the Last Week

• Microsoft Digital Defence Report 2023 (MDDR) | Microsoft Security Insider

• STUDY: 37% Intimidated, 39% Frustrated with Online Security (globenewswire.com)

• Oh Behave! The Annual Cyber security Attitudes and Behaviours Report 2023 - National Cyber security Alliance (staysafeonline.org)

Other News

• Cyber attacks on UK pension funds on the rise – study | Pensions & Investments (pionline.com)

• Are we smart enough for smart cities? | TechRadar

• The trust deficit in CNI: How to address a growing concern | Computer Weekly

• Third sector highly exposed to cyber risk - CIR Magazine

• 10 Emerging Cyber security Threats And Hacker Tactics In 2023 | CRN

• Lyca Mobile UK Confirm Cyber Attack Responsible for Disruption - ISPreview UK

• Global internet freedoms fell again last year as the threat of AI looms (therecord.media)

• Cyber security in the Age of Industry 4.0 (automation.com)

• How Private Equity Firms Can Protect ‘Treasure Trove’ from Digital Threats (ai-cio.com)

• 10 Routine Security Gaffes the Feds Are Begging You to Fix (darkreading.com)

• NSA: Here Are the Dumbest Cyber security Mistakes We See at Large Organisations (pcmag.com)

• The changing face of cyber security threats in 2023 | CIO

• Edinburgh Trams websites targeted by 'potential cyber attack' - Edinburgh Live

• Making Sense of Today's Payment Cyber security Landscape (darkreading.com)

• GAO tears into State Department's cyber security management • The Register

• First pan-European cyber analysis centre opens (airportsinternational.com)

• Nearly 100,000 Industrial Control Systems Exposed to the Internet - Infosecurity Magazine (infosecurity-magazine.com)

• Mobile customers unable to make or receive calls after firm hit by cyber attack - Mirror Online

• Malicious HDMI Cables Steals Photos, Videos, and Location Data (gbhackers.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Ransomware Victims Surge by 47% as Small Businesses Targeted

Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.

Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.

Source [Infosecurity Magazine]

MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards

The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.

The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens. 

Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]

SMEs Overestimate Their Cyber Security Preparedness

According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.

The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Helpnet Security] [Security Magazine]

China’s Hacking Power Bigger Than Rest of World Combined

In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.

This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.

Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]

Cyber Insurance Claims for Ransomware Reach Record High

A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.

The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA)  released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.

Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]

Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives

Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).

C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.

This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.

Sources: [MSSP Alert] [Tech Radar]

Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats

Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.

One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.

Source: [Synack]

Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company

A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.

The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?

Sources [PC Mag]

Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them

With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.

The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.

Sources: [Computer Weekly] [CSO Online]

Half of Executives Expect Supply Chain Challenges

With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.

One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.  

Sources [PRnewswire] [SiliconANGLE]

How Social Engineering Takes Advantage of Your Kindness

Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.

Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.

Source: [Engadget]

Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually

A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.

Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.  

Source: [Information Security Buzz]

Governance, Risk and Compliance

• Cyber security still remains the greatest concern for many executives | TechRadar

• Cyber attacks are constant and test even the best | Newsroom

• Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)

• SMEs overestimate their cyber security preparedness - Help Net Security

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert

• Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)

• How to Get Your Board on Board With Cyber security (darkreading.com)

• Security concerns and outages elevate observability from IT niche to business essential - Help Net Security

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)

• Over a Third of UK Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• Poor digital experience a blocker for cyber resilience | Computer Weekly

• What is Governance, Risk and Compliance (GRC)? | TechTarget Definition

• How to prevent and prepare for a cyber catastrophe (securityintelligence.com)

• The rise of CISO stress: Recognising and reconciling the threat of litigation for CISOs (securitybrief.co.nz)

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

• The realities of modern cyber security: CrowdStrike CSO weighs in on how businesses must adapt - SiliconANGLE

• Why more security doesn’t mean more effective compliance - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com

• New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines - Infosecurity Magazine (infosecurity-magazine.com)

• Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)

• ‘Top’ ransomware gangs favour smaller businesses | Computer Weekly

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Ransomware group's evolving tactics pose growing threat - Nextgov/FCW

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian

• NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)

• Scattered Spider, Alphv, and the MGM hack, explained - The Hustle

• Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)

• What is Extortionware? How is it Different from Ransomware? (techtarget.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

• Cyber insurance claims for ransomware reach record high (betanews.com)

• Ransomware gang targeting defence firms, FBI warns - Defence One

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)

• FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)

• Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week

• Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)

• Ransomware vs. resources: A higher education dilemma - eCampus News

Ransomware Victims

• Two Vegas casinos fell victim to cyber attacks, shattering the image of impenetrable casino security | AP News

• Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k

• Clorox expects August’s cyber security attack to have a ‘material’ impact on first-quarter results - MarketWatch

• Clorox products in short supply after cyber attack disrupts operations | CNN Business

• Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)

• UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)

• Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)

• Major trucking software provider confirms ransomware incident (therecord.media)

• Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)

Phishing & Email Based Attacks

• Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• HR phishing: self-evaluation questionnaire | Kaspersky official blog

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

BEC – Business Email Compromise

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

Other Social Engineering; Smishing, Vishing, etc

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• How social engineering takes advantage of your kindness (engadget.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

Artificial Intelligence

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

• NSA Report: Deepfakes Threaten National Security | MSSP Alert

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• WormGPT: AI tool designed to help cyber criminals will let hackers develop attacks on large scale, experts warn | Science & Tech News | Sky News

• Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)

• Companies still don’t know how to handle generative AI risks - Help Net Security

• 85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)

• McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)

• Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)

• Poland investigates OpenAI over privacy concerns | Reuters

2FA/MFA

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

Malware

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)

• Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)

• Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

• ‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

Mobile

• Dangerous permissions detected in top Android health apps (securityaffairs.com)

• Android security updates: Everything you need to know | Android Central

• Google releases an update for compatible Pixel devices; Android 14 no, September security patch yes - PhoneArena

• Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

Botnets

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

Internet of Things – IoT

• DDoS 2.0: IoT Sparks New DDoS Alert (thehackernews.com)

• IoT threats in 2023 | Securelist

• Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)

• No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)

Data Breaches/Leaks

• Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• Police data breach: 20,000 data points 'at risk' (computing.co.uk)

• CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)

• Pizza Hut Australia hack: data breach exposes customer information and order details | Australia

• Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)

• T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK

• Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• TransUnion says dump of customer data came from third party • The Register

• US govt IT worker accused of leaking top secrets • The Register

Organised Crime & Criminal Actors

• Europol lifts the lid on cyber crime tactics (malwarebytes.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• India's biggest tech centres named as cyber crime hotspots • The Register

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

Insider Risk and Insider Threats

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• HR’s role in cyber security and insider threat mitigation - Hindustan Times

• Insider risks are getting increasingly costly | CSO Online

• Can Users Be Trusted to Skirt Hackers’ Lures? | MSSP Alert

Fraud, Scams & Financial Crime

• Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• cyber criminals: Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• Another $40m Dispersed to Western Union Fraud Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

• Illegal Betting Ring Used Satellite Tech to Get Scoop on Results - Infosecurity Magazine (infosecurity-magazine.com)

• Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)

• Court sentences pair for India-based robocall scam • The Register

• Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK

• Singapore to detail fraud liability split for bank & victim • The Register

Deepfakes

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

Insurance

• Cyber insurance claims for ransomware reach record high (betanews.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

Dark Web

• Brits Are in the Dark About the Dark Web - IT Security Guru

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Supply Chain and Third Parties

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)

• High-stakes digital heists: Enterprise software supply chains become new battleground for cyber criminals - SiliconANGLE

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• How cyber attacks on Taiwan are hurting global business - Raconteur

Software Supply Chain

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

Cloud/SaaS

• Cloud to Blame for Almost all Security Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

• Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• The Rise of the Malicious App (thehackernews.com)

Hybrid/Remote Working

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• Spies working from home despite fears they could be hacked by foreign states (telegraph.co.uk)

Shadow IT

• Shadow IT: Security policies may be a problem - Help Net Security

Identity and Access Management

• CISA Releases New Identity and Access Management Guidance - Security Week

Encryption

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)

Open Source

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)

• Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)

Social Media

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

Malvertising

• Probe reveals secret Israeli spyware that infects via ads • The Register

Training, Education and Awareness

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

Parental Controls and Child Safety

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

Regulations, Fines and Legislation

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

Models, Frameworks and Standards

• How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

Data Protection

• UK-US Confirm Agreement for Personal Data Transfers - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Digital Deficit: 93% of UK Employers Identify An IT Skills Gap Within The UK Job Market - IT Security Guru

• Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• IT pros told to accept burnout as normal part of their job - Help Net Security

• Wanted: another 3mn cyber professionals | Financial Times (ft.com)

Law Enforcement Action and Take Downs

• How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)

• Court sentences pair for India-based robocall scam • The Register

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Researchers used Wi-Fi signals to see through walls. Game-changing breakthrough? Or privacy nightmare waiting to happen? | TechRadar

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

Misinformation, Disinformation and Propaganda

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• International Criminal Court hacked amid Russia probe • The Register

• Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

• Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)

• Russian allegedly smuggled US weapons electronics to Moscow • The Register

China

• Chinese Cyber Power Bigger Than the Rest of the World Combined - Infosecurity Magazine (infosecurity-magazine.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• FBI chief says China has bigger hacking program than the competition combined | Reuters

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

• Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

• Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)

• How cyber attacks on Taiwan are hurting global business - Raconteur

• Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities | Recorded Future

• DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)

Iran

• Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)

• Iranian state-backed hackers target global satellite, defence, and pharma companies (databreaches.net)

• Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)

North Korea

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)

Misc Nation State/Cyber Warfare

• New Research Finds Cyber attacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% | Business Wire

• Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• OODA Loop - Is Future Escalation in Cyber Conflict a Foregone Conclusion?

Vulnerability Management

• KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned  | CISA

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

• How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)

Vulnerabilities

• Fortinet Releases Security Updates for Multiple Products | CISA

• Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security

• iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac

• Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability (thehackernews.com)

• If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar

• GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)

• Microsoft releases firmware update for all Surface devices | TechSpot

Tools and Controls

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)

• Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Shadow IT: Security policies may be a problem - Help Net Security

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

• How Choosing Authentication Is a Business-Critical Decision (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• What is DNS over HTTPS (DoH)? (techtarget.com)

Reports Published in the Last Week

• QBE Mid-sized Business Risk Report | QBE US

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

Other News

• Why automakers are worried your car is the next target for cyber attacks - CityAM

• Consumers are being bombarded with billions of threats every year | TechRadar

• Bad torts: Law firms feel the heat from rising cyber threats (synack.com)

• 8 new threats to Mac security in 2023 - TechFruit

• SME Cyber Security – Time for a New Approach? - IT Security Guru

• Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)

• Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online

• Home Office sets up cyber security for Emergency Services Network | UKAuthority

• Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)

• Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)

• Cyber on the battlefield is about more than IT - Nextgov/FCW

• From national threats to click-happy employees: Decoding the multifaceted cyber security landscape - SiliconANGLE

• Hidden dangers loom for subsea cables, the invisible infrastructure of the internet - Help Net Security

• Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week

• Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week

• Singapore's retail banks take steps to enhance cyber security (finextra.com)

• Cyber pros warn Congress that government shutdown will create open season for cyber attacks - Washington Times

• Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)

• Strong compliance management is crucial for fintech-bank partnerships - Help Net Security

• Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)

• Five easy wins in cyber security | Financial Times (ft.com)

• Dairy industry teams with cyber security group to beef up defences | Food Dive

• Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)

• GCHQ chief takes job in private security company | The Independent

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices

Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.

Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.

Source: [Dark Reading]

How an Eight-Character Password Could be Cracked in Just a Few Minutes

Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.

Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.

Source: [Techrepublic]

Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits

The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.

In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.

The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.

Source: [Dark Reading]

How Executives’ Personal Devices Threaten Business Security

Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.

A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.

Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.

Sources: [Help Net Security] [Security Affairs]

77% of Financial Firms Saw an Increase in Cyber Attack Frequency

According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).

Source: [SecurityMagazine]

Protecting Against Sophisticated Cyber Attacks Requires Layered Defences

Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.

Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.

Source: [Forbes]

Managing Human Cyber Risks Matters Now More Than Ever

As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.

A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.

Source: [Help Net Security]

Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins

Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.

The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.

Sources: [Help Net Security] [Security Affairs]

UK Shaken by Major Data Breaches

Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.

Sources: [Telegraph] [Tech Crunch]

Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack

The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.

Sources: [ITPro] [Infosecurity Magazine]

Mac Users are Facing More Dangerous Security Threats Than Ever Before

Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.

In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.

Source: [Techradar]

Cyber Attack to Cost Outsourcing Firm Capita up to £25m

Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.

The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.

Source: [Guardian]

Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources

A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.

Source: [Financial Express]

Governance, Risk and Compliance

• SMB cyber security: Cyber Security challenge: SMBs and large enterprises face common threat but separate response routes - The Economic Times (indiatimes.com)

• Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)

• Managing human cyber risks matters now more than ever - Help Net Security

• Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)

• How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)

• Recent threat intelligence study indicates reactive measures are prioritized by most organisations over proactive | SC Media (scmagazine.com)

• Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru

• Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian

• 9 common risk management failures and how to avoid them | TechTarget

• Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE

• Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)

• How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)

• What happens if cyber insurance becomes unviable? - Raconteur

• Only 22% of Firms Have Mature Threat Intelligence Programs - Infosecurity Magazine (infosecurity-magazine.com)

• NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro

• Protection is No Longer Straightforward – Why More Cyber Security Solutions Must Incorporate Context - Security Week

• Cyber Security Must Focus on the Goals of Criminals (informationweek.com)

• Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)

• Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)

• Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network

• 'Confusing, misleading or just plain wrong': Researchers explain why cyber security is needlessly complex - Study Finds

• It's Time for Cyber security to Talk About Climate Change (darkreading.com)

• Prioritizing cyber attacks still needs a lot of work, according to new Picus Labs report - SiliconANGLE

• It's not always malware (betanews.com)

• Act Before You're Hacked (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert

• Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online

• Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro

• UK Think Tank Proposes Greater Ransomware Reporting From Cyber Insurance to Government – Security Week

• The ransomware rollercoaster continues as criminals advance their business models - Help Net Security

• Data exfiltration is now the go-to cyber extortion strategy - Help Net Security

• Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)

• Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)

• The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO - Security Affairs

• New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)

• Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)

• Recent ransomware attacks share curiously similar tactics - Help Net Security

• Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)

• Ransomware attacks cost manufacturing sector $46 billion in downtime since 2018, report claims | Tripwire

• Navigating the gray zone of ransomware payment practices - Help Net Security

• Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert

• Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)

• Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)

• The volume of ransomware attacks is dropping - but it’s no time to get complacent (networkingplus.co.uk)

• FortiGuard Labs: Organisations Detecting Ransomware Decline as the Volume and Impact of Targeted Attacks Continue to Rise (fortinet.com)

• Suspected Vietnamese hacker targets Chinese, Bulgarian organisations with new ransomware (therecord.media)

• Ransomware gangs are targeting public schools | Fortune

• New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)

• White House Holds First-Ever Summit on Ransomware Crisis Plaguing Public Schools (insurancejournal.com)

• Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)

• Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)

• Best practices for reporting ransomware attacks | TechTarget

• Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online

• Microsoft OneDrive is a willing 'ransomware double agent' • The Register

• Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)

• Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com

• The Ransomware Prevention Guide For SMBs - GovInfoSecurity

Ransomware Victims

• Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)

• ‘Data Security Incident’: 16 Hospitals across Four States Forced to Close after Cyber attack - News18

• Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics

• Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)

• Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)

• Israel hospital hacking disrupts services; cyber attackers unknown - Israel News - The Jerusalem Post (jpost.com)

• Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel

• LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)

• Breach Connected to MOVEit Flaw Affects Missouri Medicaid Recipients - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)

Phishing & Email Based Attacks

• Hackers are targeting top executives to steal their work logins | TechRadar

• Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security

• 9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times

• First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar

• RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age

• 100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com

• Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg

• Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)

BEC – Business Email Compromise

• 37% of third-party applications have high-risk permissions - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Social engineering biggest threat to online safety - Avast (securitybrief.co.nz)

Artificial Intelligence

• 75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices (darkreading.com)

• When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online

• Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)

• How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)

• AI chatbots like ChatGPT could be security nightmares - and experts are trying to contain the chaos | TechRadar

• Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian

• White House offers prize money for hacker-thwarting AI (techxplore.com)

• Criminals Have Created Their Own ChatGPT Clones | WIRED UK

• AI making cyber attacks more effective - Tech Monitor

• AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times

• Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)

• Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)

• Cyber security In The Age Of AI (forbes.com)

• In the age of ChatGPT, Macs are under malware assault | Digital Trends

• AI can now steal your passwords with almost 100% accuracy | Digital Trends

• Microsoft AI Red Team building future of safer AI | Microsoft Security Blog

• ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)

• Why We Need to Manage the Risk of AI Browser Extensions - Infosecurity Magazine (infosecurity-magazine.com)

• AI hacking gets White House backing; some already go rogue (9to5mac.com)

• Zoom trains its AI model with some user data, without giving them an opt-out option - Security Affairs

• OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt

• 5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)

2FA/MFA

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News

• LastPass removes the master password from customers’ login with FIDO2 authenticators - Help Net Security

Malware

• In the age of ChatGPT, Macs are under malware assault | Digital Trends

• Mac users are facing more dangerous security threats than ever before | TechRadar

• Threat intelligence's key role in mitigating malware threats - Help Net Security

• This PowerPoint could help hackers empty your bank account | Digital Trends

• Safeguarding Against Silent Cyber Threats: Exploring the Stealer Log Lifecycle (bleepingcomputer.com)

• Israel cyber security agency says no breach after senior official self-infects home PC with malware | TechCrunch

• Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)

• Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)

• New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs (thehackernews.com)

• Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)

• QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)

• This Mac Utility Is Now Malware (howtogeek.com)

• Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)

• New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)

• Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)

• CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)

Mobile

• Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)

• Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International

• Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)

• How executives' personal devices threaten business security - Help Net Security

• Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)

• Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)

• 40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week

• Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)

Botnets

• QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)

• Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)

• How to accelerate and access DDoS protection services using GRE - Help Net Security

• Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica

Internet of Things – IoT

• What is IoT Security? | TechTarget

• Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED

• Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)

• The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)

Data Breaches/Leaks

• Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)

• Over 200 Million Brits Have Data Compromised in Four Years - Infosecurity Magazine (infosecurity-magazine.com)

• The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)

• UK Shaken by Major Data Breaches: Security Concerns Surge Over Data Protection Changes | Open Rights Group

• UK Electoral Commission hacked by 'hostile actors' | Reuters

• PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)

• Northern Ireland police investigate second data breach after documents containing officers' names stolen | UK News | Sky News

• Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

• How safe is my data after a hack or leak? - BBC News

Organised Crime & Criminal Actors

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs (thehackernews.com)

• IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)

• Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)

• Cyber security Must Focus on the Goals of Criminals (informationweek.com)

• How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• BlackBerry Discloses Major Crypto-Based Malware - The Tech Report

• FBI warns of phishing scams and social media account hijackers (cointelegraph.com)

• Crypto heavyweights back new cyber security standards after nearly $4 billion was lost to hacks in 2022 | Fortune Crypto

• Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

Insider Risk and Insider Threats

• Managing human cyber risks matters now more than ever - Help Net Security

• History’s Greatest Insider Threats - IT Security Guru

• US Navy sailors charged with stealing secret info for China • The Register

• Get consent before you monitor your staff, UK MPs suggest • The Register

Fraud, Scams & Financial Crime

• Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly

• Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)

• Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian

• Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)

Impersonation Attacks

• Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly

Insurance

• What happens if cyber insurance becomes unviable? - Raconteur

• Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)

• 5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)

• 10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

Dark Web

• Dark web activity targeting the financial sector - Help Net Security

• ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)

• Dark Web Threat Actors Targeting macOS | Accenture

Supply Chain and Third Parties

• Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)

• 37% of third-party applications have high-risk permissions - Help Net Security

Software Supply Chain

• Unravelling the importance of software supply chain security - Help Net Security

• OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)

• 37% of third-party applications have high-risk permissions - Help Net Security

Cloud/SaaS

• Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)

• 100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com

• Credentials Account For Over Half of Cloud Compromises - Infosecurity Magazine (infosecurity-magazine.com)

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• Microsoft OneDrive is a willing 'ransomware double agent' • The Register

• Managing and Securing Distributed Cloud Environments - Security Week

• How hybrid cloud is transforming cyber security | ITPro

• Microsoft 365 guests + Power Apps = security nightmare • The Register

Containers

• Kubernetes clusters under attack in hundreds of organisations | CSO Online

Identity and Access Management

• CrowdStrike observes massive spike in identity-based attacks | TechTarget

• Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)

• Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)

• 91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru

• Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)

• WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

Encryption

• Cyber security Breakthrough: New Cipher System Protects Computers Against Spy Programs (scitechdaily.com)

• UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian

• Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)

• What if WhatsApp really does leave the UK? - Tech Monitor

Open Source

• Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• Kemba Walden: We need to secure open source software | TechTarget

Passwords, Credential Stuffing & Brute Force Attacks

• Credentials Account For Over Half of Cloud Compromises - Infosecurity Magazine (infosecurity-magazine.com)

• How an 8-character password could be cracked in just a few minutes (techrepublic.com)

• AI can now steal your passwords with almost 100% accuracy | Digital Trends

• US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)

• LastPass removes the master password from customers’ login with FIDO2 authenticators - Help Net Security

Biometrics

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

• Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)

Social Media

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

Malvertising

• Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)

• Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)

• Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News

Training, Education and Awareness

• Managing human cyber risks matters now more than ever - Help Net Security

• Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)

Travel

• I'm a cyber security expert, here's why your airport selfie is a gift to scammers | Daily Mail Online

• Free Airline Miles, Hotel Points, and User Data Put at Risk by Flaws in Points Platform | WIRED

Parental Controls and Child Safety

• Cyber security expert warns parents of online predators, social media usage (wptv.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Most domestic abuse cases feature spyware and remote monitoring, MPs warn | E&T Magazine (theiet.org)

• Baby monitors and smart speakers enabling abuse, say MPs - BBC News

Regulations, Fines and Legislation

• SEC Adopts Final Rules on Cyber security Risk Management, Strategy, Governance and Incident Disclosure by Public Companies | Akin Gump Strauss Hauer & Feld LLP - JDSupra

• How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)

• What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro

• The Problem With Cyber security (and AI Security) Regulation (darkreading.com)

• CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week

• The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)

• What if WhatsApp really does leave the UK? - Tech Monitor

• America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

• UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian

Models, Frameworks and Standards

• NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST

• Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack

• OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)

• Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru

• 5 steps to ensure HIPAA compliance on mobile devices | TechTarget

Data Protection

• UK Shaken by Major Data Breaches: Security Concerns Surge Over Data Protection Changes | Open Rights Group

• Regulator: “Harmful” Web Design Could Break Data Protection Laws - Infosecurity Magazine (infosecurity-magazine.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

Careers, Working in Cyber and Information Security

• Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru

• Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE

• Using creative recruitment strategies to tackle the cyber security skills shortage - Help Net Security

• Why cyber security is a blue-collar job - Help Net Security

• Will AI kill cyber security jobs? - Help Net Security

• Will CISOs become obsolete in the future? (betanews.com)

• 6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)

• Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security

Law Enforcement Action and Take Downs

• IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)

• Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)

Privacy, Surveillance and Mass Monitoring

• Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update

• China drafts rules for using facial recognition data - Japan Today

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• Zoom trains its AI model with some user data, without giving them an opt-out option - Security Affairs

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

• Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Electoral Commission cyber attack: Everything we know about the hack as Russia 'tops list' of suspects (inews.co.uk)

• BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs

• The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO - Security Affairs

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• SpaceX's private control of satellite internet concerns military leaders | Space

• Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)

• Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)

• Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR

• Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop

• Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)

• Victor Zhora on cataloging cyber war crime evidence against Russian hackers targeting Ukraine | CyberScoop

• Microsoft addresses Office vulnerability attacked by Russian spooks in latest update | Computer Weekly

• Hackers with links to Pro-Russian groups compromised foreign embassies in Belarus, researchers say | CyberScoop

• New Cyber Threat 'MoustachedBouncer' Targets Embassies in Belarus - Infosecurity Magazine (infosecurity-magazine.com)

• Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop

• US, Ukraine cyber leaders talk resilience, collaboration | TechTarget

• Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)

• North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs

• LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)

China

• China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)

• Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)

• UK security must not be sacrificed to net zero (telegraph.co.uk)

• Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia

• China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget

• Why the China cyber threat demands an airtight public-private response (federaltimes.com)

• China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW

• China drafts rules for using facial recognition data - Japan Today

• US Navy sailors charged with stealing secret info for China • The Register

• RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)

• US Navy sailors charged with stealing secret info for China • The Register

• APT31 Linked to Recent Industrial Attacks in Eastern Europe - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg

Iran

• Iranian state ‘now biggest threat to UK’ (thetimes.co.uk)

• Iranian cyber spies are targeting dissidents in Germany, warns intelligence service (therecord.media)

North Korea

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule (securityintelligence.com)

• North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs

Misc/Other/Unknown

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• Security News This Week: The Cloud Company at the Center of a Global Hacking Spree | WIRED

Vulnerability Management

• Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week

• How an unpatched Microsoft Exchange 0-day likely caused one of the UK’s biggest hacks ever | Ars Technica

• Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online

• Microsoft hits back at Tenable’s criticism of its infosec • The Register

• The Four Pillars of Vulnerability Management - GovInfoSecurity

• Has Microsoft cut security corners once too often? | Computerworld

• Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)

• The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)

Vulnerabilities

• Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs

• Microsoft, Intel lead this month's security fix emissions • The Register

• Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)

• Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register

• Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)

• New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)

• Google Chrome will get weekly security updates - gHacks Tech News

• Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week

• Adobe Releases Security Updates for Multiple Products | CISA

• New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week

• Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs (thehackernews.com)

• Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)

Tools and Controls

• Managing human cyber risks matters now more than ever - Help Net Security

• Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)

• MDR: Empowering Organisations with Enhanced Security (thehackernews.com)

• 9 common risk management failures and how to avoid them | TechTarget

• Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)

• Only 22% of Firms Have Mature Threat Intelligence Programs - Infosecurity Magazine (infosecurity-magazine.com)

• Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)

• What Is Content Disarm and Reconstruction? How CDR Tools Protect You From Malicious Files (makeuseof.com)

• Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)

• Managing and Securing Distributed Cloud Environments - Security Week

• How to handle API sprawl and the security threat it poses - Help Net Security

• Threat intelligence's key role in mitigating malware threats - Help Net Security

• What Is Comprehensive Cyber-Resiliency? - The Futurum Group

• The Role of AI in Cyber security and Threat Detection: 5 Use Cases | by David Silva | Aug, 2023 | UX Planet

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

• 10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

• AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)

Other News

• UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)

• British Government Report Highlights Pressing Risks: Terrorism, Cyber Attacks, and International Conflicts - Shafaq News

• Budget constraints threaten cybersecurity in government bodies - Help Net Security

• Threat of cyber attacks to national security compared to that of chemical weapons | ITPro

• UK Government: Cyber Attacks Could Kill or Maim Thousands - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates | Microsoft Security Blog

• Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News

• Government and public services face 40% more cyberattacks, struggle to protect due to lack of resources: Report | The Financial Express

• Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore

• Venture Capital Investments at Risk: DynaRisk Identifies Critical Cybersecurity Gaps in Companies Backed By Some Of London’s Biggest VC Funds | Pressat

• Cyber Security Threats From Online Gaming – Analysis – Eurasia Review

• Satellites easier to hack than a Windows device | Cybernews

• Cyber attack cost Interserve more than £11m | News | Building

• Exploitable Vulnerabilities That Expose Healthcare Facilities Surged Nearly 60% Since 2022, New Research Report Finds (prweb.com)

• Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years

The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.

A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.

https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/

https://www.itpro.com/security/ransomware/weekly-cyber-attacks-reach-two-year-high-amid-ransomware-resurgence

• MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals

The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.

The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.

https://www.theregister.com/2023/07/20/moveit_victim_count/

• IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer

28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.

Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.

https://www.bleepingcomputer.com/news/security/it-worker-jailed-for-impersonating-ransomware-gang-to-extort-employer/

• Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs

In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.

A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.

https://www.forbes.com/sites/theyec/2023/07/14/stabilizing-the-cybersecurity-landscape-the-ciso-exodus-and-the-rise-of-vcisos/

• Risk is Driving Medium-Sized Business Decisions

Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.

In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.

https://www.msspalert.com/cybersecurity-guests/risk-is-driving-small-and-medium-sized-businesses-smb-decisions/

• Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security

For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.

However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.

This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.

https://technative.io/talent-and-governance-not-technology-are-key-to-drive-change-around-cyber-security/

• Hybrid Work, Digital Transformation can Exploit Security Gaps

A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.

The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.

https://www.msspalert.com/cybersecurity-research/digital-transformation-hybrid-work-models-create-perfect-setting-for-cybercriminals-to-exploit-security-gaps-study-finds/

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training

The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.

What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.

https://www.securityweek.com/human-cyber-risk-can-be-demonstrably-mitigated-by-behavior-changing-training-analysis/

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks

A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.

https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/

https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html

• Pro-Russian Hacktivists Increase Focus on Western Targets

‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.

The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.

https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/

• Infosec Doesn't Know What AI Tools Organisations Are Using

With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.

Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.

https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using

• Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk

In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.

https://www.cnbc.com/2023/07/18/google-restricting-internet-access-to-some-employees-for-security.html

https://www.theregister.com/2023/07/19/google_cuts_internet/

• Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset

Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.

The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023

Governance, Risk and Compliance

• Risk is Driving Small and Medium-Sized Businesses (SMB) Decisions - MSSP Alert

• Stabilising The Cyber security Landscape: The Rise Of vCISOs (forbes.com)

• Talent and Governance, not Technology, are Key to Drive Change around Cyber Security - TechNative

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training: Analysis - SecurityWeek

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• CISOs are making cyber security a business problem - Help Net Security

• Top Information Security Threats for Businesses 2023 (cybersecuritynews.com)

• How to Build a Cyber Resilient Company | Entrepreneur

• Best practices for an effective cyber security strategy | CSO Online

• Exploring the macro shifts in enterprise security - Help Net Security

• Google Cloud CISO Phil Venables On Cyber security, Cloud Adoption And The Boardroom (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Costs Financial Services $32bn in Five Years - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register

• Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro

• Ransomware attacks are on the rise—and so are ransom payments (fastcompany.com)

• IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR

• Who are the ransomware gangs wreaking havoc on the world’s biggest companies? | Renee Dudley | The Guardian

• Cyber security firm Sophos impersonated by new SophosEncrypt ransomware (bleepingcomputer.com)

• Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net SecurityFIN8 deploys ALPHV ransomware using Sardonic malware variant (bleepingcomputer.com)

• Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)

• Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop

• Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security (yahoo.com)

• SophosEncrypt Ransomware Fools Security Researchers (darkreading.com)

• Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks (thehackernews.com)

• New Ransomware With RAT Capabilities Impersonating Sophos - SecurityWeek

• Google’s Bard poses ransomware risk, say researchers | Cybernews

• Ransomware review: July 2023 (malwarebytes.com)

• FIN8 Group spotted delivering the BlackCat Ransomware - Security Affairs

• What is Cyber Extortion? | Definition from TechTarget

• Cyber insurers adapting to data-centric ransomware threats | TechTarget

• Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)

Ransomware Victims

• MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register

• Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward | TechCrunch

• MOVEit Transfer vulnerability: New Cl0p 'victims' include Discovery (techmonitor.ai)

• BlackCat and Clop gangs both claim cyber attack on Estée Lauder | Computer Weekly

• Iron ore giant Fortescue Metals targeted by Russian ransomware group | Cybercrime | The Guardian

• Russian medical lab suspends some services after ransomware attack (therecord.media)

• Recycling Giant Tomra Takes Systems Offline Following Cyber attack - SecurityWeek

• Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)

Phishing & Email Based Attacks

• Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft Exchange servers compromised by Turla APT - Help Net Security

• Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica

• Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 - MSSP Alert

• Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | CISA

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

• Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)

BEC – Business Email Compromise

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

Other Social Engineering; Smishing, Vishing, etc

• Meta's Threads app used as a lure - Help Net Security

Artificial Intelligence

• ChatGPT rival WormGPT with ‘no ethical boundaries’ sold to hackers on dark web | The Independent

• Infosec Doesn't Know What AI Tools Orgs Are Using (darkreading.com)

• One in 12 victims of rise in AI scams (telegraph.co.uk)

• AI models must be reconciled with data protection laws • The Register

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 4 Brits play with generative AI and some believe it too • The Register

• OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)

• AI must have better security, says top cyber official - BBC News

• Google Categorises 6 Real-World AI Attacks to Prepare for Now (darkreading.com)

• How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED

• Google’s Bard poses ransomware risk, say researchers | Cybernews

Malware

• Microsoft: Hackers turn Exchange servers into malware control centers (bleepingcomputer.com)

• Malicious USB Drives Targeting Global Targets with SOGU and SNOWYDRIVE Malware (thehackernews.com)

• Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop

• New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)

• LokiBot Malware Targets Windows Users in Office Document Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Target Gamers With Microsoft-Signed Rootkit (darkreading.com)

• Source code of the BlackLotus UEFI Bootkit was leaked on GitHub - Security Affairs

• Are Viruses Still a Threat to Cyber security? (makeuseof.com)

• Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek

• Pernicious Rootkits Pose Growing Blight On Threat Landscape (darkreading.com)

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Apple slams UK surveillance-bill proposals - BBC News

• Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps (thehackernews.com)

• Meta confirms WhatsApp is down worldwide (bleepingcomputer.com)

• Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware (thehackernews.com)

Botnets

• New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Denial of Service/DoS/DDOS

• Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months | CyberScoop

• Attackers intensify DDoS attacks with new tactics - Help Net Security

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• How your internet-connected domestic devices can be a critical tool of cyber attack (mid-day.com)

• US preparing Cyber Trust Mark for more secure smart devices (bleepingcomputer.com)

• Seven new gadgets added to riskiest connected devices list | SC Media (scmagazine.com)

Data Breaches/Leaks

• MOVEit Hack: Number of Impacted Organisations Exceeds 340 - SecurityWeek

• Data compromises on track to set a new record - Help Net Security

• Virustotal data leak exposed data of some registered customers - Security Affairs

• What to do (and what not to do) after a data breach - Help Net Security

• HWL Ebsworth hack: Queensland says its files were taken after criminals release Victorian documents | Cybercrime | The Guardian

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Thousands of images on Docker Hub leak auth secrets, private keys (bleepingcomputer.com)

• Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard

• LastPass: The lessons we learnt from our devastating breach | TechRadar

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• Rogue Azure AD Guests Can Steal Data via Power Apps (darkreading.com)

• FIA World Endurance Championship driver passports leaked - Security Affairs

• Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)

• Old Roblox Data Leak Resurfaces, 4000 Users' Personal Information Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Colorado State University says data breach impacts students, staff (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

• NCA: Nation States Using Cyber crime Groups as Proxies - Infosecurity Magazine (infosecurity-magazine.com)

• Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)

• Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)

• Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek

• Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)

• Taking the Fight to the Cyber Criminals (trendmicro.com)

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

• Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian

• Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat - SecurityWeek

• Go Beyond the Headlines for Deeper Dives into the Cyber criminal Underground (thehackernews.com)

• SA on the brink of being Africa's capital of cyber crime, say digital experts | City Press (news24.com)

• What’s the NCA doing about cyber crime? - Tech Monitor

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net Security

Insider Risk and Insider Threats

• IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)

• Former contractor accused of remotely accessing town's water treatment facility | Tripwire

• Insider Risk Management Starts With SaaS Security (darkreading.com)

Fraud, Scams & Financial Crime

• One in 12 victims of rise in AI scams (telegraph.co.uk)

• A Twitter user found scam numbers for major airlines on Google Maps. Google is working to fix it | CNN Business

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Growing scam activity linked to social media and automation - Help Net Security

• A fresh look at the current state of financial fraud - Help Net Security

• Tech support scammers now accepting cash via snail mail • The Register

• Half of UK company directors struck off linked to alleged Covid loan fraud | Coronavirus | The Guardian

• Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian

• The cruel new holiday scams you need to know about | This is Money

• Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)

AML/CFT/Sanctions

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Cyber insurers adapting to data-centric ransomware threats | TechTarget

• Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)

Dark Web

• Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)

• OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)

• Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations (thehackernews.com)

Supply Chain and Third Parties

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)

• Supply chain executives unaware of growing customer trust issues - Help Net Security

• Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad (trendmicro.com)

Cloud/SaaS

• Microsoft makes cloud security logs available for free • The Register

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

• Top 5 Cloud Security Threats in 2023 (analyticsinsight.net)

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)

• Reducing Security Debt in the Cloud (darkreading.com)

• Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop

• TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)

• How to manage cloud exploitation at the edge | CIO

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

Hybrid/Remote Working

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

• Securing The Hybrid Workforce Begins With Browsing (forbes.com)

Attack Surface Management

• How to Manage Your Attack Surface? (thehackernews.com)

• What is attack surface management? | Intruder

Identity and Access Management

• Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain (securityintelligence.com)

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• The rise of hassle-free and secure authentication | CyberScoop

Encryption

• Real-world examples of quantum-based attacks - Help Net Security

• EU Urged to Prepare for Quantum Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Signal president rejects ‘mass surveillance’ UK law | Fortune

API

• Docker Leaks API Secrets & Private Keys, as Cyber criminals Pounce (darkreading.com)

• API keys: Weaknesses and security best practices | TechTarget

Open Source

• Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)

• Half of AI Open Source Projects Reference Buggy Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• LastPass: The lessons we learnt from our devastating breach | TechRadar

• Millions of Keyboard Walk Patterns Found in Compromised Passwords - IT Security Guru

• TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)

• Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)

Social Media

• Growing scam activity linked to social media and automation - Help Net Security

• Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard

• Meta's Threads app used as a lure - Help Net Security

• TechScape: ‘Lives are ruined in an afternoon’ – social media and the Huw Edwards story | Technology | The Guardian

Training, Education and Awareness

• Human Cyber Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis - SecurityWeek

• Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek

• Companywide Cyber security Training: 20 Tips To Make It ‘Stick’ (forbes.com)

Digital Transformation

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

Travel

• The cruel new holiday scams you need to know about | This is Money

• Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)

• A Twitter user found scam numbers for major airlines on Google Maps. Google is working to fix it | CNN Business

Regulations, Fines and Legislation

• AI models must be reconciled with data protection laws • The Register

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Apple slams UK surveillance-bill proposals - BBC News

• Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard

Models, Frameworks and Standards

• OWASP ZAP 2.13.0 Released – What’s New! (gbhackers.com)

Data Protection

• AI models must be reconciled with data protection laws • The Register

Careers, Working in Cyber and Information Security

• Career Benefits of Learning Ethical Hacking (analyticsinsight.net)

• Should You Be Using a Cyber security Careers Framework? (darkreading.com)

Law Enforcement Action and Take Downs

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

• Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)

• What’s the NCA doing about cyber crime? - Tech Monitor

• Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Privacy, Surveillance and Mass Monitoring

• Apple slams UK surveillance-bill proposals - BBC News

• Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED

Misinformation, Disinformation and Propaganda

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR

• Gamaredon hackers start stealing data 30 minutes after a breach (bleepingcomputer.com)

• Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog

• Microsoft Exchange servers compromised by Turla APT - Help Net Security

• Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. | CyberScoop

• Elon Musk’s Starlink is putting our soldiers at risk, Ukraine warns (telegraph.co.uk)

• New Threat Actor Launches Cyber attacks on Ukraine and Poland - Infosecurity Magazine (infosecurity-magazine.com)

• 1st Case Of Online Killing? Russian Submarine Commander Falls Prey To Fitness Tracking App (eurasiantimes.com)

• Thousands of Russian officials to give up iPhones over US spying fears | Financial Times (ft.com)

• Ukraine innovates on cyber defence | Financial Times (ft.com)

China

• Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop

• Chinese APT Favourite Backdoor Found in Pakistani Government App - Infosecurity Magazine (infosecurity-magazine.com)

• China Espionage Operatives Left Empty Handed in Email Heist, White House Official Says - MSSP Alert

• Xi wants to make the Great Firewall of China even greater • The Register

• Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware (thehackernews.com)

North Korea

• JumpCloud breach traced back to North Korean state hackers (bleepingcomputer.com)

• North Korean hackers breached a US tech company to steal crypto | Reuters

Misc/Other/Unknown

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• NCA: Nation States Using Cyber crime Groups as Proxies - Infosecurity Magazine (infosecurity-magazine.com)

• APT Protection: The Key to Safeguarding Your Business (ts2.space)

• How to Secure Your OT Network Against Advanced Persistent Threats (APTs) (ts2.space)

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

Vulnerability Management

• CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• What is Vulnerability Assessment In Cyber security? (gbhackers.com)

• Half of AI Open Source Projects Reference Buggy Packages - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

• Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits (forbes.com)

• Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organisations via Forged Azure AD Tokens (thehackernews.com)

• Microsoft still unsure how hackers stole Azure AD signing key (bleepingcomputer.com)

• Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica

• CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog

• New critical Citrix ADC and Gateway flaw exploited as zero-day (bleepingcomputer.com)

• OpenSSH Addresses Remote Code Execution Vulnerability: CVE-2023-38408 - VULNERA

• New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices - SecurityWeek

• Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)

• Cisco fixed a critical flaw in SD-WAN vManage - Security Affairs

• Hacking campaign targets sites using WordPress WooCommerce Payments Plugin - Security Affairs

• Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security (sophos.com)

• Chrome 115 Patches 20 Vulnerabilities - SecurityWeek

• 'METIOR' Defence Blueprint Against Side-Channel Vulnerabilities Debuts | Tom's Hardware (tomshardware.com)

• 5 Major Takeaways From Microsoft's July Patch Tuesday (darkreading.com)

• Two Jira Plugin Vulnerabilities in Attacker Crosshairs - SecurityWeek

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Google says Apple employee found a zero-day but did not report it | TechCrunch

Tools and Controls

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training: Analysis - SecurityWeek

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• Reducing Security Debt in the Cloud (darkreading.com)

• Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defences (darkreading.com)

• A Few More Reasons Why RDP is Insecure (Surprise!) (thehackernews.com)

• Enterprise communication security a growing risk, priority | TechTarget

• SBOMs Still More Mandate Than Security (darkreading.com)

• MIT’s Cyber security Metior: A Secret Weapon Against Side-Channel Attacks (scitechdaily.com)

• NCSC Shares Alternatives to Using a SOC - Infosecurity Magazine (infosecurity-magazine.com)

• Building resilience through DevSecOps - Help Net Security

• Microsoft's security roadmap: Protect Azure DevOps secrets • The Register

• CISA shares free tools to help secure data in the cloud (bleepingcomputer.com)

• What is the new Enhanced Safe Browsing for Gmail (and should you enable it)? | ZDNET

• Insider Risk Management Starts With SaaS Security (darkreading.com)

• What is Real-Time Monitoring? | Definition from TechTarget

• How to Manage Your Attack Surface? (thehackernews.com)

• What is attack surface management? | Intruder

• 67% of daily security alerts overwhelm SOC analysts - Help Net Security

• Technical Aspects Of Modern SIEM Systems (forbes.com)

• Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

• 3 Ways AI Could Improve Authentication (darkreading.com)

• Microsoft makes cloud security logs available for free • The Register

• Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek

• The XDR Payoff: Better Security Posture (trendmicro.com)

• API keys: Weaknesses and security best practices | TechTarget

• 10 Steps to Help Secure Your APIs - SecurityWeek

• Threat Actors are Targeting Your Web Applications – Here’s How To Protect Them (bleepingcomputer.com)

Other News

• Google restricting internet access to some employees for security (cnbc.com)

• Enterprise communication security a growing risk, priority | TechTarget

• Healthcare organisations in the crosshairs of cyber attackers - Help Net Security

• Broadband consumers demand security and sustainability - Help Net Security

• Microsoft Exchange Online hit by new outage blocking emails (bleepingcomputer.com)

• Famed Hacker Kevin Mitnick Dead at 59 - SecurityWeek

• Most CNI Firms Think Climate Tech is Increasing Cyber Risk - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security measures SMBs should implement - Help Net Security

• Satellites Are Rife With Basic Security Flaws | WIRED

• How Hackers Can Hijack a Satellite (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves

The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.

Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.

https://www.darkreading.com/attacks-breaches/cyberattacks-are-a-war-we-ll-never-win-but-we-can-defend-ourselves

• Helping Boards Understand Cyber Risks

A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.

It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.

Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.

https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/

• Enterprise Risk Management Should Inform Cyber Risk Strategies

While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.

Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.

https://www.techtarget.com/searchsecurity/tip/Enterprise-risk-management-should-inform-cyber-risk-strategies

• Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention

Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.

This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.

The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/cl0p-hackers-hit-three-of-the-biggest-u-s-law-firms-in-large-ransomware-attack/

https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/

• 20% of Malware Attacks Bypass Antivirus Protection

In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.

The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).

Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.

https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/

• Ransomware Payments and Extortion Spiked Compared to 2022

A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.

It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.

https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/

https://www.bleepingcomputer.com/news/security/ransomware-payments-on-record-breaking-trajectory-for-2023/

• AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers

Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.

The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.

https://www.zdnet.com/article/ai-trust-and-data-security-are-key-issues-for-finance-firms-and-their-customers/

• Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available

Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.

https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/

• Scam Page Volumes Surge 304% Annually

Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.

It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.

https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/

• Financial Industry Faces Soaring Ransomware Threat

The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.

https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/

• The Need for Risk-Based Vulnerability Management to Combat Threats

Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.

By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.

https://www.bleepingcomputer.com/news/security/the-need-for-risk-based-vulnerability-management-to-combat-threats/

• Government Agencies Breached in Microsoft 365 Email Attacks

Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.

Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.

https://www.techtarget.com/searchsecurity/news/366544735/Microsoft-Government-agencies-breached-in-email-attacks

• Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China

Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.

https://www.standard.co.uk/news/politics/britain-risk-china-intelligence-security-committee-report-government-b1094118.html

• Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years

Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.

https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/

Governance, Risk and Compliance

• CISO perspective on why boards don't fully grasp cyber attack risks - Help Net Security

• Top Takeaways From Table Talks With Fortune 100 CISOs (darkreading.com)

• AI, trust, and data security are key issues for finance firms and their customers | ZDNET

• Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies - SecurityWeek

• Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves (darkreading.com)

• Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)

• Enterprise risk management should inform cyber-risk strategies | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Clop: Behind MOVEit Lies a Loud, Adaptable and Persistent Threat Group - Infosecurity Magazine (infosecurity-magazine.com)

• Cl0p Hackers Hit Three of the Biggest US Law Firms in Large Ransomware Attack - MSSP Alert

• UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach | TechCrunch

• Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day | SC Media (scmagazine.com)

• Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch

• Cyber Extortion Cases Surge 39% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Financial Industry Faces Soaring Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware payments on record-breaking trajectory for 2023 (bleepingcomputer.com)

• Beware of Big Head Ransomware: Spreading Through Fake Windows Updates (thehackernews.com)

• Deutsche Bank confirms provider breach exposed customer data (bleepingcomputer.com)

• BigHead and RedEnergy ransomware, more MOVEIt problems (cisoseries.com)

• Staying ahead of the "professionals": The service-oriented ransomware crime industry - Help Net Security

• Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs

• Same code, different ransomware? Leaks kick-start myriad of new variants - Help Net Security

• Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley

• Ransomware, From a Different Perspective (darkreading.com)

• BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days (thehackernews.com)

Ransomware Victims

• Capita admits hackers also stole staff’s personal details (thetimes.co.uk)

• Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch

• Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)

• Barts NHS hack leaves folks on tenterhooks over extortion • The Register

• Deutsche Bank customer data leaked | Cybernews

• Scottish university cyber attack under investigation | The National

Phishing & Email Based Attacks

• New Phishing Attack Spoofs Microsoft 365 Authentication System (hackread.com)

• Number of email-based phishing attacks surges 464% - Help Net Security

• Chinese hackers compromised emails of US Government agencies- -Security Affairs

• Microsoft: Government agencies breached in email attacks | TechTarget

• RomCom hackers target NATO Summit attendees in phishing attacks (bleepingcomputer.com)Facebook and Microsoft remain prime targets for spoofing - Help Net Security

• Top 10 Email Security Best Practices in 2023 (gbhackers.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)

• Evil QR - A new QR Jacking Attack to Take Over User Accounts (cybersecuritynews.com)

• How hackers are now targeting your voice and how to protect yourself | Fox News

Artificial Intelligence

• How the EU AI Act Will Affect Businesses, Cyber Security (darkreading.com)

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)

• NIST Launches Generative AI Working Group (darkreading.com)

• ChatGPT and Cyber Security : 5 Cyber Security Risks of ChatGPT (gbhackers.com)

• WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)

• How to Safely Architect AI in Your Cyber Security Programs (darkreading.com)

• ‘Police are going to have a very difficult time with AI,’ says cyber security advisor – Channel 4 News

• ChatGPT users drop for the first time as people turn to uncensored chatbots | Ars Technica

• Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop

• Civil society, labor and rights groups express concerns about AI at White House meeting | CyberScoop

2FA/MFA

• Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)

Malware

• 20% of malware attacks bypass antivirus protection - Help Net Security

• Malware delivery to Microsoft Teams users made easy - Help Net Security

• WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)

• Truebot Malware Variants Abound, According to CISA Advisory (darkreading.com)

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)

• USB drive malware attacks spiking again in first half of 2023 (bleepingcomputer.com)

• Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)

• What’s up with Emotet? | WeLiveSecurity

• Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign (darkreading.com)

• Over 100 malicious signed Windows drivers blocked by Microsoft - NotebookCheck.net News

• New 'ShadowVault' macOS malware steals passwords, crypto, credit card data | Macworld

• BlackLotus UEFI Bootkit Source Code Leaked on GitHub - SecurityWeek

• PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)

• AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)

• Serious Security: Rowhammer returns to gaslight your computer – Naked Security (sophos.com)

• Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)

Mobile

• Crooks Evolve Antidetect Tooling for Mobile OS-Based Fraud-Security Affairs

• The FCC aims to stop SIM swappers with new rules - The Verge

• Google Play will enforce business checks to curb malware submissions (bleepingcomputer.com)

• Clever Letscall vishing malware targets Android phones | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Industry responses and strategies for navigating the tides of DDoS attacks - Help Net Security

• Archive Of Our Own Down: AO3 DDoS Attack Explained - Dataconomy

Internet of Things – IoT

• Compliance seizes spotlight in the connected devices arena - Help Net Security

Data Breaches/Leaks

• So you gave personal info to a company caught in a data breach. Now what? | CBC News

• HCA confirms breach after hacker steals data of 11 million patients (bleepingcomputer.com)

• US on Track For Record Number of Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter User Exposes Nickelodeon Data Leak - Infosecurity Magazine (infosecurity-magazine.com)

• Capita attackers reportedly stole data from pension fund • The Register

• IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak - CNA (channelnewsasia.com)

• Twenty Manx public authorities reprimanded for data breach - BBC News

• Bangladesh government website leaked data of millions of citizens-Security Affairs

Organised Crime & Criminal Actors

• British teens accused of hacks against Uber and Rockstar Games's Grand Theft Auto 6 (bitdefender.com)

• Staying ahead of the "professionals": The service-oriented ransomware crime industry - Help Net Security

• BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop

• Crimeware Group Asylum Ambuscade Ventures Into Cyber-Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• What’s up with Emotet? | WeLiveSecurity

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers have stolen $3 billion in crypto - Panda Security

• Cyber security professional accused of stealing $9M in crypto | TechCrunch

• Central Bankers Develop Framework For Securing Digital Currencies - Infosecurity Magazine (infosecurity-magazine.com)

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)

Insider Risk and Insider Threats

• How To Protect Your Business From The Security Risks Freelancers Pose (forbes.com)

• Former employee charged for attacking water treatment plant (bleepingcomputer.com)

• Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley

Fraud, Scams & Financial Crime

• E-commerce Fraud Surges By Over 50% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Amazon Prime Day Draws Out Cyber Scammers (darkreading.com)

• Scam Page Volumes Surge 304% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Fewer Than 100 Scammers Responsible For Global Email Extortion - Infosecurity Magazine (infosecurity-magazine.com)

• The FCC aims to stop SIM swappers with new rules - The Verge

• Hackers have stolen $3 billion in crypto - Panda Security

Insurance

• Zurich Unwraps New Cyber Insurance for Mid-Market Companies - MSSP Alert

• Rethinking Cyber Insurance | Mimecast

Dark Web

• Understanding Dark Web vs. Deep Web (geekflare.com)

• BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop

Supply Chain and Third Parties

• Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)

• Capita attackers reportedly stole data from pension fund • The Register

• MOVEit: Testing the Limits of Supply Chain Security - SecurityWeek

• IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak - CNA (channelnewsasia.com)

Cloud/SaaS

• Only 45% of cloud data is currently encrypted - Help Net Security

• Microsoft alleges China behind attack on Exchange Online • The Register

• For stronger public cloud data security, use defence in depth | TechTarget

• Silentbob Campaign: Cloud-Native Environments Under Attack (thehackernews.com)

• Global Retailers Must Keep an Eye on Their SaaS Stack (thehackernews.com)

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)

• Decentralized storage emerging as solution to cloud-based attacks | Cybernews

Hybrid/Remote Working

• Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)

Attack Surface Management

• Attack Surface Management: Identify and protect the unknown - Help Net Security

Identity and Access Management

• Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)

• less than half of SMBs use Privileged Access Management- IT Security Guru

Encryption

• Only 45% of cloud data is currently encrypted - Help Net Security

API

• Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)

• API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek

Open Source

• Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)

• The EU’s Product Liability Directive could kill open source | TechRadar

• Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)

• AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Popular WordPress Security Plugin Caught Logging Plaintext Passwords - SecurityWeek

Social Media

• Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek

• Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? (darkreading.com)

Travel

• Cyber security best practices while working in the summer - Help Net Security

Regulations, Fines and Legislation

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US - SecurityWeek

• How the EU AI Act Will Affect Businesses, Cyber security (darkreading.com)

• A Cyber Security Wish List Ahead of NATO Summit - SecurityWeek

• Central Bankers Develop Framework For Securing Digital Currencies - Infosecurity Magazine (infosecurity-magazine.com)

• The EU’s Product Liability Directive could kill open source | TechRadar

• Microsoft and AWS caution Ofcom against referring UK cloud market over to CMA | Computer Weekly

Models, Frameworks and Standards

• NIST Launches Generative AI Working Group (darkreading.com)

• How to map security gaps to the Mitre ATT&CK framework | TechTarget

• Get started: Threat modeling with the Mitre ATT&CK framework | TechTarget

Data Protection

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US - SecurityWeek

• Twenty Manx public authorities reprimanded for data breach - BBC News

Careers, Working in Cyber and Information Security

• Global Hacking Competition Addresses Critical Increase in Cybersecurity Threats for Businesses (darkreading.com)

• Free entry-level cyber security training and certification exam - Help Net Security

Law Enforcement Action and Take Downs

• Former employee charged for attacking water treatment plant (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• France 's government is giving the police more surveillance power-Security Affairs

Misinformation, Disinformation and Propaganda

• Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog

• NATO Countries Must Work Together to Counter the Russian Cyber-Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-based actor exploited unpatched Office zero day | TechTarget

• SolarWinds Attackers Dangle BMWs to Spy on Diplomats (darkreading.com)

• Russian state hackers lure Western diplomats with BMW car ads (bleepingcomputer.com)

• Killnet Tries Building Russian Hacktivist Clout With Media Stunts (darkreading.com)

• Mandiant Unveils Russian GRU’s Cyber Playbook Against Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs

• APT Profile: FIN7 - SOCRadar® Cyber Intelligence Inc.

• Killer ‘tracked Russian sub commander using Strava jogging app’ (thetimes.co.uk)

• Inside the murky world accelerating Russia’s economic meltdown (telegraph.co.uk)

• Cyber attacks Against Ukrainians Adjoin NATO Summit in Lithuania - MSSP Alert

• Russian Hackers Find Sneaky Way to Infiltrate Embassy Networks in Kyiv (kyivpost.com)

• PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)

China

• China 'aggressively' targeting UK – but government has 'no strategy' to tackle it, Intelligence and Security Committee of MPs says | Politics News | Sky News

• Chinese hackers compromised emails of US Government agencies-Security Affairs

• UK has ‘no strategy’ to tackle China threat as spies target Britain, report warns | The Independent

• Cabinet tensions emerge over labelling China a threat to UK national security (inews.co.uk)

Iran

• Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)

North Korea

• North Korean hackers have stolen $3 billion in crypto - Panda Security

Vulnerability Management

• CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security

• The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)

• Creating a Patch Management Playbook: 6 Key Questions (darkreading.com)

• Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)

Vulnerabilities

• MOVEit Transfer customers warned to patch new critical flaw (bleepingcomputer.com)

• After Zero-Day Attacks, MOVEit Turns to Security Service Packs - SecurityWeek

• Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack (thehackernews.com)

• Microsoft Warns of Office Zero-Day Attacks, No Patch Available - SecurityWeek

• Juniper Networks Patches High-Severity Vulnerabilities in Junos OS - SecurityWeek

• Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)

• SonicWall warns admins to patch critical auth bypass bugs immediately (bleepingcomputer.com)

• Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (bleepingcomputer.com)

• Russia-based actor exploited unpatched Office zero day | TechTarget

• Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari (thehackernews.com)

• Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems (thehackernews.com)

• Raising concerns over Google Authenticator’s new features | TechRadar

• Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)

• VMware warns of exploit available for critical vRealize RCE bug (bleepingcomputer.com)

• Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion - SecurityWeek

• Zimbra urges customers to manually fix actively exploited zero-day-Security Affairs

• Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek

• New StackRot Linux kernel flaw allows privilege escalation (bleepingcomputer.com)

• Exploit Code Published for Remote Root Flaw in VMware Logging Software - SecurityWeek

• API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek

• Experts released PoC exploit for Ubiquiti EdgeRouter flaw-Security Affairs

• Critical RCE found in popular Ghostscript open-source PDF library (bleepingcomputer.com)

• Citrix fixed a critical flaw in Secure Access Client for Ubuntu-Security Affairs

OT/ICS Vulnerabilities

• Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organisations - SecurityWeek

• Critical RCE Vulnerability in Rockwell Automation PLCs Zaps ICS (darkreading.com)

• 3 Critical RCE Bugs Threaten Industrial Solar Panels (darkreading.com)

Tools and Controls

• The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)

• less than half of SMBs use Privileged Access Management- IT Security Guru

• Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)

• Enterprise risk management should inform cyber-risk strategies | TechTarget

• Infrastructure upgrades alone won't guarantee strong security - Help Net Security

• Cyber Security Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions (darkreading.com)

• What is a Network Intrusion Protection System (NIPS)? | Definition from TechTarget

• Overcoming user resistance to passwordless authentication - Help Net Security

• Understanding The Difference Between DDR and EDR - GBHackers - Latest Cyber Security News | Hacker News

• Zero Trust Keeps Digital Attacks From Entering the Real World (darkreading.com)

• New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security (thehackernews.com)

• 3 Strategies For Simplifying And Strengthening Your Data Security (forbes.com)

• The history, evolution and current state of SIEM | TechTarget

• Attack Surface Management: Identify and protect the unknown - Help Net Security

• How to Put Generative AI to Work in Your Security Operations Center (darkreading.com)

• Guide to Operationalizing Zero Trust (trendmicro.com)

• Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)

• Platform Approach to Cyber Security: The New Paradigm (trendmicro.com)

• Intrusion Detection & Prevention Systems Guide (trendmicro.com)

• Decentralized storage emerging as solution to cloud-based attacks | Cybernews

• Wi-Fi AP placement best practices and security policies | TechTarget

• For stronger public cloud data security, use defence in depth | TechTarget

Other News

• Growing reliance on satellites requires new approach to cyber security in space, expert says | CyberScoop

• White House Urged to Quickly Nominate National Cyber Director (darkreading.com)

• The rise of cyber threats in a digital dystopia | Mint #AskBetterQuestions (livemint.com)

• Building the right collective defence against cyber attacks for critical infrastructure | CyberScoop

• Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security

• White House publishes National Cyber Security Strategy Implementation Plan - Help Net Security

• Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.