Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 20 October 2023
Black Arrow Cyber Threat Intelligence Briefing 20 October 2023:
-Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment
-Cyber Security Investments Show Mature Business Mindset
-SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High
-Phishing Attacks Reach Record Highs as Banks, Financial Services Remain Top Targets with HR Remaining the Most Effective Phishing Lure
-Cyber Attacks are a Matter of When not if, The Best Time to Deal With Them is Before They Happen
-Lloyd's Of London Warns Of Worst-Case-Scenario Cyber Attack
-20,000 Britons Approached By Chinese Agents On LinkedIn, Says MI5 Head
-Ransomware - All it Takes is One Employee Mistake, Criminals are Aiming at Third-Party Vendors
-39% of Individuals Use the Same Password for Multiple Accounts
-Why Fourth-Party Risk Management Is a Must-Have
-AI Adoption Surges But Security Awareness Lags Behind
-UK watchdog fines Equifax £11 million for role in cyber breach
-Why Boards Must Understand and Govern Cyber Security Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment
A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.
Sources: [PR Newswire] [TechRadar]
Cyber Security Investments Show Mature Business Mindset
Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.
Source: [Insider Media] [Compare the Cloud]
SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High
Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.
SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).
Source: (IT Security Guru)
Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure
Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.
In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.
Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]
Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen
Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.
Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Euronews] [The Times] [AI-CIO]
Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack
In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.
The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.
Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]
20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head
An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.
A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.
Sources: [Computer Weekly] [Tech Monitor] [Guardian]
Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors
According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.
Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.
Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.
Sources: [Security Affairs] [Claims Journal]
39% of Individuals Use the Same Password for Multiple Accounts
According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.
Source: [Security Magazine]
Why Fourth-Party Risk Management Is a Must-Have
Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.
Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.
Source: [Tech Target]
AI Adoption Surges but Security Awareness Lags Behind
A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.
Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.
Source: [Infosecurity Magazine]
UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach
Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six weeks after their parent company discover the hack.
Source: [Reuters]
Why Boards Must Understand and Govern Cyber Security Risk
The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Forbes]
Governance, Risk and Compliance
Many cyber bosses just aren't confident in their company's defences | TechRadar
SMBs seek help as cyber threats reach an all-time high - Help Net Security
SMBs seek cyber training, support as attack risk surges | CIO Dive
The real impact of the cyber security poverty line on small organisations - Help Net Security
Cyber security investments show mature business mindset, says IT expert | Insider Media
Is Cyber security Finally Becoming a Business Enabler? - Compare the Cloud
The best time to deal with cyber attacks is before they happen (thetimes.co.uk)
Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)
Over 70% of firms hit by cyber attack in last 12 months (rte.ie)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
Getting ready for NIS2 with strong identity controls | ITPro
10 Ways Boards Are Setting Their Companies Up For Cyber security Failure (forbes.com)
NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)
AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)
Cyber attacks to cost $23 trillion in 2027: US official | ABS-CBN News
How Cyber security Provides the Green Light for Business Innovation (govinfosecurity.com)
Essential cyber hygiene: Making cyber defence cost effective - Help Net Security
The Need for a Cyber security-Centric Business Culture (darkreading.com)
The double-edged sword of heightened regulation for financial services - Help Net Security
Report: Cyber attacks No. 1 cause of downtime and data loss | Security Magazine
Will CISOs Become Personally Liable for Breach Response? (inforisktoday.com)
Keeping control in complex regulatory environments - Help Net Security
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
7 risk mitigation strategies to protect business operations | TechTarget
How to go from collecting risk data to actually reducing risk? - Help Net Security
SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra
Regulations are still necessary to compel adoption of cyber security measures | ZDNET
CISOs and board members are finding a common language - Help Net Security
IT Disaster Recovery Best Practices: Preparing For The Worst (informationsecuritybuzz.com)
When And How To Hire A vCISO For Your Company's Cyber security Program (forbes.com)
18 Factors And Metrics To Show The Value Of Cyber security Initiatives (forbes.com)
Improve your cyber threat understanding with geopolitical context | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats? (thehackernews.com)
Ransomware realities in 2023: one employee mistake can cost a company millions (securityaffairs.com)
Ransomware Criminals Aiming at Third-Party Vendors in Hunt for ‘Big Game’ (claimsjournal.com)
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure (darkreading.com)
Giant health insurer struck by ransomware didn't have antivirus protection (malwarebytes.com)
CISA shares vulnerabilities, misconfigs used by ransomware gangs (bleepingcomputer.com)
What Are the Legal Implications of Paying Ransomware Demands? | HackerNoon
63% of organisations restore data after a ransomware attack | Security Magazine
Black Basta ransomware is out and about, again. (thecyberwire.com)
Ukrainian activists hack Trigona ransomware gang, wipe servers (bleepingcomputer.com)
Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire
Scammers are targeting plastic surgery clinics with extortion scams | TechRadar
BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks (bleepingcomputer.com)
Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)
Ransomware Victims
Lockbit ransomware gang demanded an 80 million ransom to CDW (securityaffairs.com)
Alphv gang stole 5TB of data from Morrison Community Hospital (securityaffairs.com)
Kansas Supreme Court Probes Potential Ransomware Attack (govinfosecurity.com)
KwikTrip all but says IT outage was caused by a cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
More than 95 per cent of phishing attacks target the banking and finance sectors (bizhub.vn)
Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE
VIPRE finds 233.9 million malicious emails detected in Q3 2023 (securitybrief.co.nz)
Make sure that email from HR is legit - it could be another phishing scam | TechRadar
Human resources emails remain top phishing targets - SiliconANGLE
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)
Artificial Intelligence
AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge (thehackernews.com)
AI-generated cyber attacks pose new risk to key UK infrastructure, experts warn | The Independent
North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar
Generative AI is scaring CISOs – but adoption isn’t slowing down | CSO Online
Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online
2FA/MFA
Malware
Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE
DarkGate malware spreads through compromised Skype accounts (bleepingcomputer.com)
BLOODALCHEMY provides backdoor to ASEAN secrets • The Register
Discord still a hotbed of malware activity — Now APTs join the fun (bleepingcomputer.com)
Researchers warn of increased malware delivery via fake browser updates - Help Net Security
Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)
Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica
Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)
Beware - that Google Chrome update alert might actually just be malware | TechRadar
Mobile
SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls (thehackernews.com)
The top 9 mobile security threats and how you can avoid them | ZDNET
Hackers exploit security flaw to target iOS 17 iPhones with 'notification attack' | Macworld
Google Play Protect adds real-time scanning to fight Android malware (bleepingcomputer.com)
Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Inadequate IoT protection can be a costly mistake - Help Net Security
Israelis told to secure their home security cameras against hackers • Graham Cluley
Logistics Matters - Alert: How hackers use printers to gain access
Data Breaches/Leaks
UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters
Casio discloses data breach impacting customers in 149 countries (bleepingcomputer.com)
530K people's info stolen from cloud PC gaming's Shadow • The Register
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)
Hackers stole a million people's DNA. But what will they do with it? | Tech News | Metro News
23AndMe Hacker Leaks New Tranche of Stolen Data (darkreading.com)
Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)
Lost and Stolen Devices: A Gateway to Data Breaches and Leaks - SecurityWeek
Twitter glitch allows CIA informant channel to be hijacked - BBC News
Care provider under fire over response to cyber attack (thetimes.co.uk)
Organised Crime & Criminal Actors
Cyber attacks -- where they come from and the tactics they use (betanews.com)
Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online
Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)
Single Sign On and the Cyber crime Ecosystem (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Employees leaving businesses open to cyber attack – QBE research - CIR Magazine
Why disaffected employees are your greatest cyber security risk | Federal News Network
Ex-Navy IT head gets 5 years for selling people’s data on darkweb (bleepingcomputer.com)
Insurance
How MOVEit Is Likely to Shift Cyber Insurance Calculus (darkreading.com)
How Data Changes the Cyber Insurance Market Outlook (darkreading.com)
What to Look for in Cyber Insurance Coverage | Proofpoint US
Supply Chain and Third Parties
Identity and Access Management
Encryption
Linux and Open Source
Open To Attack: The Risks Of Open-Source Software Attacks (informationsecuritybuzz.com)
Can open source be saved from the EU's Cyber Resilience Act? • The Register
Report Finds Few Open Source Projects are Actively Maintained - Slashdot
Passwords, Credential Stuffing & Brute Force Attacks
IT Admins Are Just as Guilty For Weak Password Use- IT Security Guru
Over 40,000 admin portal accounts use 'admin' as a password (bleepingcomputer.com)
39% of individuals use the same password for multiple accounts | Security Magazine
Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)
Passkeys Are Cool, But They Aren't Enterprise-Ready (darkreading.com)
A worrying amount of corporate IDs still aren't properly protected | TechRadar
Social Media
Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)
Twitter glitch allows CIA informant channel to be hijacked - BBC News
Malvertising
Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)
Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica
Clever malvertising attack uses Punycode to look like KeePass's official website (malwarebytes.com)
Training, Education and Awareness
Regulations, Fines and Legislation
UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters
One year left for companies to implement NIS2 cyber security directive (wbj.pl)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)
Can open source be saved from the EU's Cyber Resilience Act? • The Register
Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky (darkreading.com)
The double-edged sword of heightened regulation for financial services - Help Net Security
Top US Cyber Agency Pushing Toward First Hack Reporting Rule (bloomberglaw.com)
Keeping control in complex regulatory environments - Help Net Security
UN cyber crime treaty: A menace in the making – EURACTIV.com
SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra
Models, Frameworks and Standards
One year left for companies to implement NIS2 cyber security directive (wbj.pl)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)
NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)
Backup and Recovery
Principles for ransomware-resistant cloud backups - NCSC.GOV.UK
63% of organisations restore data after a ransomware attack | Security Magazine
Data Protection
Careers, Working in Cyber and Information Security
Over half of cyber security pros say they want to switch jobs (betanews.com)
Compelling Reasons Why You Should Study Cyber Security - Minutehack
Your guide to landing a job in cyber security (fastcompany.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats
Misc Nation State/Cyber Warfare
‘Only a matter of time’ before cyber attacks are viewed as acts of war: Ex-NSA chief
Five Eyes issues five tips on thwarting nation state threats | Computer Weekly
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure (thehackernews.com)
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
The evolution of deception tactics from traditional to cyber warfare - Help Net Security
Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)
Government officials debate effectiveness of multilateral relations in cyber security | ZDNET
Defence leaders recognise need to adapt to win in ‘information battlespace’ | BAE Systems
Geopolitical Threats/Activity
How Cyber attacks Could Affect the Israel-Hamas War (govinfosecurity.com)
Israelis told to secure their home security cameras against hackers • Graham Cluley
Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)
Pro-Israeli Hacktivist Group Predatory Sparrow Reappears (darkreading.com)
AI-Powered Israeli 'Cyber Dome' Defence Operation Comes to Life (darkreading.com)
Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)
Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)
Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems (darkreading.com)
China
Mandia: China replaces Russia as top cyber threat | CyberScoop
FBI boss slams ‘unprecedented’ Chinese cyberespionage and IP theft | SC Media (scmagazine.com)
Five Eyes warn of growing threat of IP 'theft' by China's hackers (techmonitor.ai)
20,000 Britons approached by Chinese agents on LinkedIn, says MI5 head | MI5 | The Guardian
Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration (thehackernews.com)
BLOODALCHEMY provides backdoor to ASEAN secrets • The Register
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)
Huawei wants to know why EU labelled it high security risk • The Register
Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw (thehackernews.com)
Russia
Mandia: China replaces Russia as top cyber threat | CyberScoop
Russia-based Wizard Spider is Top Threat Group: Netskope Report | MSSP Alert
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
Russian Sandworm hackers breached 11 Ukrainian telcos since May (bleepingcomputer.com)
Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)
Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)
Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)
Iran
Iranian hackers lurked in Middle Eastern govt network for 8 months (bleepingcomputer.com)
Hamas-linked app offers window into cyber infrastructure, possible links to Iran | CyberScoop
North Korea
Vulnerability Management
Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)
Microsoft Needs to Get Serious About Its Windows 10 Upgrade Problem (pcmag.com)
Vulnerabilities
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 - SecurityWeek
Cisco working on fix for critical IOS XE zero-day | TechTarget
Oracle Patches 185 Vulnerabilities With October 2023 CPU - SecurityWeek
Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms (thehackernews.com)
Juniper Networks Patches Over 30 Vulnerabilities in Junos OS - SecurityWeek
Hackers exploit critical flaw in WordPress Royal Elementor plugin (bleepingcomputer.com)
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software (thehackernews.com)
Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
Tools and Controls
Well-informed employees act as 1st line of defence against cyber threats
SMBs seek cyber training, support as attack risk surges | CIO Dive
Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)
Essential cyber hygiene: Making cyber defence cost effective - Help Net Security
Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)
Improve your cyber threat understanding with geopolitical context | CSO Online
Why Zero Trust Is the Cloud Security Imperative (darkreading.com)
3 Essential Steps to Strengthen SaaS Security (darkreading.com)
Google Authenticator synchronization raises MFA concerns | TechTarget
Email Security Best Practices for Phishing Prevention (trendmicro.com)
What to Look for in Cyber Insurance Coverage | Proofpoint US
How to go from collecting risk data to actually reducing risk? - Help Net Security
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
OSINT isn't immediate ground truth--it's the result of analysis. (thecyberwire.com)
How Data Changes the Cyber Insurance Market Outlook (darkreading.com)
What is Structured Threat Information eXpression (STIX)? (techtarget.com)
Other News
SMBs Struggle to Keep Pace with Cyber Security Threats - IT Security Guru
Many SMBs really don't know exactly what security tools they need | TechRadar
Hackers Hit The IT Industry: 12 Companies Targeted In 2023 | CRN
What the Hollywood Writers Strike Resolution Means for Cyber security (darkreading.com)
Progress gets SEC subpoena over MOVEit breach – and more! • The Register
Cyber attacks on healthcare organisations affect patient care - Help Net Security
Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)
Thinking about the phrase 'cyber security' | Microscope (computerweekly.com)
Space industry group turns up volume on satellite vulnerabilities - SpaceNews
5 Tips for Improving Security in Public Sector (govinfosecurity.com)
Marketers Must Make Cyber security A Priority Every Day (forbes.com)
UK at risk of massive security breach from national HMRC IT meltdown | The Independent
UK warns nuclear power plant operator of cyber security failings (therecord.media)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 13 October 2023
Black Arrow Cyber Threat Intelligence Briefing 13 October 2023:
-Small Businesses Hit by Frequent Cyber Attacks as 90% of CISOs Faced at least One Attack Last Year
-The Most Effective Cyber Attacks Never Touch Your Organisation's Firewall, HR’s Role in Defending the Organisation
-Ransomware Infection Times Fall from 5 Days to 5 Hours
-80% of Security Leaders See AI as the Biggest Threat to Business
-Is Your Board Cyber-Ready?
-Cyber Security Should Be a Business Priority for CEOs
-The Looming Threat of a Single Phishing Click to Your Business
-40% of Organisations Leave Ransomware to IT
-Auditors Growing Concern About Cyber Security
-The Cyber Villains Are Getting Bolder: Businesses Need to Up Their Game
-Preparing for the Unexpected: A Proactive Approach to Operational Resilience
-Staggering Losses to Social Media and Social Engineering Since 21, as Victims Take $2.7 Billion Hit in US Alone
-Organisations Grapple with Detection and Response Despite Rising Security Budgets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year
A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.
In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.
Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.
Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]
The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation
In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.
Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.
Source: [News Week] [Beta News]
Ransomware Infection Times Fall from 5 Days to 5 Hours
The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.
This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.
The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.
Sources: [Cision] [PC Mag] [Security Magazine]
80% of Security Leaders See AI as the Biggest Threat to Business
A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.
In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.
With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.
Sources: [Diginomica] [Infosecurity Magazine]
Is Your Board Cyber-Ready?
With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.
Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.
Sources: [Harvard.edu] [JDSupra]
Cyber Security Should Be a Business Priority for CEOs
A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.
Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.
Source: [HelpNet Security]
The Looming Threat of a Single Phishing Click to Your Business
A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.
Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CMS-lawnow]
40% of Organisations Leave Ransomware to IT
A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.
By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [MSSP Alert]
Auditors’ Growing Concern About Cyber Security
The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.
Source: [Accounting Today]
Preparing for the Unexpected: A Proactive Approach to Operational Resilience
Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.
Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.
Source: [Dark Reading]
Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone
The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.
It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.
Sources: [Bleeping Computer] [Infosecurity Magazine]
Organisations Grapple with Detection and Response Despite Rising Security Budgets
A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.
The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.
Source: [CSO Online]
Governance, Risk and Compliance
Auditors more worried about cyber security than AI risks | Accounting Today
Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert
Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar
Warning as more businesses fall victim to cyber attacks | Insurance Times
PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News
The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)
90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)
The world was already horrifying — technology is making it more so - The Hustle
Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)
Cyber security should be a business priority for CEOs - Help Net Security
Organisations grapple with detection and response despite rising security budgets | CSO Online
The undeniable benefits of making cyber resiliency the new standard | CSO Online
Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)
Cyber insurance costs pressure business budgets - Help Net Security
C-suite weighs in on generative AI and security (securityintelligence.com)
Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023
New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)
Should businesses follow Google’s footsteps in cyber security? | TechRadar
Cyber security is booming but it comes at a human cost (betanews.com)
A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)
A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)
Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)
Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)
6 steps to getting the board on board with your cyber security program (welivesecurity.com)
Threats
Ransomware, Extortion and Destructive Attacks
First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine
Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert
Cyber criminals can go from click to compromise in less than a day - Help Net Security
Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)
Ransomwared health insurer wasn't using anti-virus software • The Register
Everest searching for corporate insiders amid rare pivot • The Register
HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)
How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)
SEC Investigating Progress Software Over MOVEit Hack - Security Week
Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)
Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)
Ransomware Victims
Cyber attack victim Estes making ‘steady progress’ - FreightWaves
Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews
Ransomwared health insurer wasn't using anti-virus software • The Register
BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)
Phishing & Email Based Attacks
The looming threat of a single phishing click to your business (cms-lawnow.com)
What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog
LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)
Phishing, the campaigns that are affecting Italy (securityaffairs.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News
'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)
Cyber security pros predict rise of malicious AI - Help Net Security
Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)
C-suite weighs in on generative AI and security (securityintelligence.com)
68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)
US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)
Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)
How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)
2FA/MFA
Malware
Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)
Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)
How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)
Endpoint malware attacks decline as campaigns spread wider - Help Net Security
Mobile
Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar
China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert
Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)
Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)
Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)
5 quick tips to strengthen your Android phone security today | ZDNET
Botnets
Denial of Service/DoS/DDOS
HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)
Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert
Internet of Things – IoT
Automotive cyber security: A decade of progress and challenges - Help Net Security
Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD
Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)
Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)
Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week
Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)
Data Breaches/Leaks
3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)
23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)
DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)
Lyca Mobile says customer data was stolen during cyber attack | TechCrunch
Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)
Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews
Air Europa customers urged to cancel cards following hack on payment system (therecord.media)
Dymocks breach happened while changing providers | Information Age | ACS
Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)
Organised Crime & Criminal Actors
The cyber villains are getting bolder. Businesses need to up their game - Raconteur
Protecting your business against the cyber criminal enterprise (techuk.org)
Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)
Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
Insider Risk and Insider Threats
Everest searching for corporate insiders amid rare pivot • The Register
Former US soldier accused of trying to pass secrets to China • The Register
Understanding the human factor of digital safety | TechRadar
Fraud, Scams & Financial Crime
Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media
Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)
FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)
The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)
Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)
‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog
Never click on bank-draining words if message pops up, expert warns (ladbible.com)
Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian
Deepfakes
AML/CFT/Sanctions
Insurance
Cyber insurance costs pressure business budgets - Help Net Security
Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News
Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)
Keeping up with the demands of the cyber insurance market - Help Net Security
Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)
Supply Chain and Third Parties
Software Supply Chain
Why open-source software supply chain attacks have tripled in a year | CSO Online
New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)
Cloud/SaaS
The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)
Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology
Securely Moving Financial Services to the Cloud (darkreading.com)
Identity and Access Management
Encryption
New cryptographic protocol aims to bolster open-source software security | ZDNET
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week
API
Open Source and Linux
New cryptographic protocol aims to bolster open-source software security | ZDNET
Why open-source software supply chain attacks have tripled in a year | CSO Online
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week
Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)
Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)
New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
CISA publishes top 10 most common security misconfigurations • The Register
Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)
Social Media
FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)
LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)
Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)
What should you do if your Facebook is hacked? (pocket-lint.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Work-related stress “keeps cyber professionals up at night” | ITPro
Cyber security is booming but it comes at a human cost (betanews.com)
eBook: Cyber security career hacks for newcomers - Help Net Security
Turning military veterans into cyber security experts - Help Net Security
CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week
Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)
Law Enforcement Action and Take Downs
European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Misc Nation State/Cyber Warfare
Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)
Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)
Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)
Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week
Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)
Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)
The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)
Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)
Russia
Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)
Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)
Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba
Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)
Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)
Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)
China
A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)
Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)
Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)
Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)
China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert
Former US soldier accused of trying to pass secrets to China • The Register
Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)
Iran
Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)
North Korea
Vulnerability Management
Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)
Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert
Vulnerabilities
Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)
Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week
Google Chrome 118 is a massive security update - gHacks Tech News
Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)
Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)
Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)
Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)
WhatsApp exploits commanding multi-million prices (computing.co.uk)
High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)
Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week
Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)
Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica
New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)
D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)
Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)
Apple releases iOS 16.7.1 to plug critical security holes | Macworld
The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)
35 Squid proxy bugs still unpatched after 2 years • The Register
Fortinet Releases Security Updates for Multiple Products | CISA
Tools and Controls
Organisations grapple with detection and response despite rising security budgets | CSO Online
Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)
A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)
Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)
16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)
A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)
Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)
Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)
You can't avoid APIs, so you need to secure them (betanews.com)
What is External Attack Surface Management (EASM)? | UpGuard
Why You Should Phish In Your Own (informationsecuritybuzz.com)
Why zero trust delivers even more resilience than you think - Help Net Security
Unmasking the limitations of yearly penetration tests - Help Net Security
Keeping up with the demands of the cyber insurance market - Help Net Security
Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)
Keep on keeping your organisation informed to stay cyber secure (techuk.org)
Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)
Reports Published in the Last Week
Other News
Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)
Large law firms experiencing two 'cyber incidents' a month - Legal Futures
Small businesses growing target for cyber criminals (planetradio.co.uk)
The world was already horrifying — technology is making it more so - The Hustle
Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)
Subsea cable business seeks to plug its security holes (lightreading.com)
Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)
Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)
Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star
Proactive not reactive: adjusting the approach to cyber crime in education
Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)
As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security
Electric Power System Cyber Security Vulnerabilities (trendmicro.com)
Securing the Food Pipeline from Cyber Attacks (newswise.com)
US construction giant reports cyber security incident • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.