Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 20 October 2023

Black Arrow Cyber Threat Intelligence Briefing 20 October 2023:

-Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

-Cyber Security Investments Show Mature Business Mindset

-SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

-Phishing Attacks Reach Record Highs as Banks, Financial Services Remain Top Targets with HR Remaining the Most Effective Phishing Lure

-Cyber Attacks are a Matter of When not if, The Best Time to Deal With Them is Before They Happen

-Lloyd's Of London Warns Of Worst-Case-Scenario Cyber Attack

-20,000 Britons Approached By Chinese Agents On LinkedIn, Says MI5 Head

-Ransomware - All it Takes is One Employee Mistake, Criminals are Aiming at Third-Party Vendors

-39% of Individuals Use the Same Password for Multiple Accounts

-Why Fourth-Party Risk Management Is a Must-Have

-AI Adoption Surges But Security Awareness Lags Behind

-UK watchdog fines Equifax £11 million for role in cyber breach

-Why Boards Must Understand and Govern Cyber Security Risk

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.

Sources: [PR Newswire] [TechRadar]

Cyber Security Investments Show Mature Business Mindset

Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.

Source: [Insider Media] [Compare the Cloud]

SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.

SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).

Source: (IT Security Guru)

Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure

Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.

In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.

Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]

Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen

Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.

Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Euronews] [The Times] [AI-CIO]

Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack

In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.

The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.

Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]

20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head

An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.

A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.

Sources: [Computer Weekly] [Tech Monitor] [Guardian]

Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors

According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the  organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.

Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Sources: [Security Affairs] [Claims Journal]

39% of Individuals Use the Same Password for Multiple Accounts

According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.

Source: [Security Magazine]

Why Fourth-Party Risk Management Is a Must-Have

Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.

Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.

Source: [Tech Target]

AI Adoption Surges but Security Awareness Lags Behind

A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.

Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.

Source: [Infosecurity Magazine]

UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach

Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six  weeks after their parent company discover the hack.

Source: [Reuters]

Why Boards Must Understand and Govern Cyber Security Risk

The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Forbes]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats

Misc Nation State/Cyber Warfare

Geopolitical Threats/Activity

China

Russia

Iran

North Korea



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 13 October 2023

Black Arrow Cyber Threat Intelligence Briefing 13 October 2023:

-Small Businesses Hit by Frequent Cyber Attacks as 90% of CISOs Faced at least One Attack Last Year

-The Most Effective Cyber Attacks Never Touch Your Organisation's Firewall, HR’s Role in Defending the Organisation

-Ransomware Infection Times Fall from 5 Days to 5 Hours

-80% of Security Leaders See AI as the Biggest Threat to Business

-Is Your Board Cyber-Ready?

-Cyber Security Should Be a Business Priority for CEOs

-The Looming Threat of a Single Phishing Click to Your Business

-40% of Organisations Leave Ransomware to IT

-Auditors Growing Concern About Cyber Security

-The Cyber Villains Are Getting Bolder: Businesses Need to Up Their Game

-Preparing for the Unexpected: A Proactive Approach to Operational Resilience

-Staggering Losses to Social Media and Social Engineering Since 21, as Victims Take $2.7 Billion Hit in US Alone

-Organisations Grapple with Detection and Response Despite Rising Security Budgets

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year

A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.

In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.

Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.

Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]

The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation

In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.

Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.

Source: [News Week] [Beta News]

Ransomware Infection Times Fall from 5 Days to 5 Hours

The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.

This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.

The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.

Sources: [Cision] [PC Mag] [Security Magazine]

80% of Security Leaders See AI as the Biggest Threat to Business

A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.

In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.

With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.

Sources: [Diginomica] [Infosecurity Magazine]

Is Your Board Cyber-Ready?

With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.

Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.

Sources: [Harvard.edu] [JDSupra]

Cyber Security Should Be a Business Priority for CEOs

A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.

Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.

Source: [HelpNet Security]

The Looming Threat of a Single Phishing Click to Your Business

A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.

Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CMS-lawnow]

40% of Organisations Leave Ransomware to IT

A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.

By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [MSSP Alert]

Auditors’ Growing Concern About Cyber Security

The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.

Source: [Accounting Today]

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.

Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.

Source: [Dark Reading]

Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone

The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.

It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.

Sources: [Bleeping Computer] [Infosecurity Magazine]

Organisations Grapple with Detection and Response Despite Rising Security Budgets

A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.

The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.

Source: [CSO Online]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Identity and Access Management

Encryption

API

Open Source and Linux

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Parental Controls and Child Safety

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State/Cyber Warfare

Russia

China

Iran

North Korea


Vulnerability Management

Vulnerabilities



Reports Published in the Last Week



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More