Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Despite Recent NCA and FBI Disruptions, a Rise in Ransomware Means 2024 Will be a Volatile Year for Cyber Security

There has been a lot of high profile coverage this week of the infamous and prolific LockBit gang’s infrastructure having been seized by law enforcement following an international Police operation led by the UK’s National Crime Agency. Whilst the international operation shows the seriousness of the matter, and the success of the operation should be celebrated, those celebrations should be muted and organisations should not become lax. Like the Hydra of Greek mythology, when one head disappears, a few more appear in its place. Ransomware really is a case of if, not when, and your organisation needs to be prepared.

Further, a recent threat report has found that the median ransom demand rose by 20% year on year, hitting an average of $600,000 and it is expected that 2024 will be even more volatile. Ransomware groups are expanding their target lists and exploring new pressure tactics in response to increasingly effective law enforcement efforts, and this is coupled with the increasing regulatory impact on organisations.

Sources: [Sky News] [GOV Infosecurity] [Bleeping Computer] [Infosecurity Magazine] [Cyber Reason]

The Old, Not the New: Basic Security Issues Still the Biggest Threat to Enterprises

In the latest IBM X-Force Threat Intelligence Index, it was revealed that basic security issues remain the most significant threat to enterprises. Cyber criminals are increasingly turning to credential stuffing, using and exploiting valid accounts harvested from the darkweb and previous breaches, with a 266% uptick in info-stealing malware. This tactic is harder to detect and elicits a costly response from enterprises. On the other hand, it is also important to adopt an attacker mindset for effective security. Understanding the attacker’s tools, motives, and efforts can help in limiting access, compartmentalising the impact of any successful attack, and minimising the time to attack detection. In essence, while organisations continue to grapple with complex cyber threats, the biggest security problem boils down to the basic and the already known. Therefore, it is crucial to focus on strengthening basic security measures and thinking like an attacker to proactively mitigate the risk for a more secure attack surface.

Source: [Help Net Security] [Forbes]

Reevaluating Your Cyber Security Priorities

Both technology and cyber criminals are evolving, yet many companies and organisations are not. For many corporate leaders, they may not know where to begin. Organisations looking to evolve their cyber security posture should look to elevate cyber to the C-suite and board, conduct audits of their sensitive information, create or update and test their incident response plan and finally, revisit their cyber hygiene training to ensure it is doing more than just ticking boxes. Organisations doing the above will find themselves improving their cyber security posture, and mitigating their risk to threats.

Source: [Dark Reading]

Cyber Threat Environment at its Most Dangerous for SMBs, as Geopolitical Tenison, Extortion and Attacks Present Biggest Risks

A new study has found that extortion campaigns, geopolitical threats, and attacks on small and medium-sized businesses (SMBs) are amongst the greatest threats to cyber security defences currently. The report, conducted by Mimecast, highlights how individual ransom groups have claimed over 1,000 victims and over $300 million in payments. Regarding SMBs, the report found that these businesses encountered twice the normal number of threats, at over 30 threats per user, as compared to larger companies who saw approximately 15. Not only are SMBs at more risk, but they also do not have the same resources a large company would have to mitigate such threats. SMBs must be efficient in the way they prioritise and address their cyber risk as part of their larger risk management strategy.

Sources: [Emerging Risks] [The HR Director]

Legal Sector Grows as a Target, with Cyber Attacks on Law Firms Surging by Over a Third

A new report has found that the number of reported cyber breaches on UK law firms has increased 30% from the previous year, as attackers increasingly target the profession. As a note, this does not include firms who may be unaware that they have been breached. Law firms are an attractive target to attackers due to the sensitive information such as M&A activity, divorce information and big ticket litigation; many attackers believe that law firms will pay handsomely to have this data back.

Sources: [Emerging Risks] [Legal Cheek]

It’s Not Only Ransomware Seeing Huge Rises: Business Email Compromise (BEC) Attacks are Also Seeing a Huge Rise. Is Your Business Prepared?

A recent report found that business email compromise (BEC) saw a staggering increase of 10 time the amount compared to the previous year. BEC involves a genuine business email account being compromised by a threat actor; this could be your supplier, a client, or anyone you have legitimate contact with. With such an increase, organisations must consider if they would be able to spot and mitigate BEC in their corporate environment through robust operational controls such as callback procedures for example. Due to the rise in deep fake fraud with voice cloning and video, the efficacy of traditional safeguards such as callbacks are not providing the assurance they once did. Firms and employees need to be on their guard to these changing tactics to safeguard the business.

Source: [TechRadar]

Deepfake Phishing Grew by 3,000% in 2023, and it’s Just the Beginning

Phishing remains one of the most prevalent cyber security threats, and with the emergence of artificial intelligence it is only going to carry on getting worse. According to a recent report, the number of deepfake fraud attempts rose by 3,000%. In one instance, the CEO of an energy enterprise sent €220,000 to a supplier after getting a call from the parent company’s leader requesting the exchange; the call was a deepfake.

Source: [HackerNoon]

Cyber Attacks are Getting Faster, More Common and More Successful, Although Detection is More Advanced Than Ever. New Report Signals the Threats to Businesses, Supply Chains, and Democracy

A recent report from CrowdStrike sheds light on the increasing speed and sophistication of cyber attacks. Breakout times have plummeted to an average of 62 minutes, with a record time of just two minutes and seven seconds observed. Hackers are now targeting the cloud, exploiting its vulnerabilities and leveraging AI assistance to escalate attacks. The human factor remains a primary entry point for threat actors, with social engineering and phishing campaigns on the rise. As organisations transition to the cloud, threat actors follow suit, with cloud intrusions soaring by 75%. CrowdStrike warns of state-sponsored adversaries targeting critical elections, emphasising the need for a platform-based approach bolstered by threat intelligence to safeguard against evolving threats.

Source: [TechRadar]

Report Finds Malicious Emails Bypassing Secure Email Gateways Rose by 105%

A report by Cofense has found a 105% increase in malicious emails that successfully bypassed Secure Email Gateways (SEGs), with approximately one malicious email navigating their way past SEGs every 57 seconds. The report suggests that phishing efforts are outpacing that of SEGs, and such phishing efforts are responsible for 90% of data breaches. Whilst SEGs may be filtering out a number of malicious emails, they, like everything in cyber security, are not a silver bullet. Organisations should not fall foul of believing that they are impenetrable because they have a SEG.

Sources: [SiliconANGLE] [Security Magazine] [Help Net Security]

Rising Cyber Threats Identified as Major Business Risk for 2024

In the latest Allianz risk barometer, cyber incidents have been identified as the most significant concern for companies globally in 2024. This is particularly true for remote desktop connections, which have become a prime target for cyber attacks since the shift to a work-from-home environment. The report also highlights that the risk landscape is being shaped by digitalisation, climate change, and geopolitical uncertainties. Meanwhile, a report from Coalition reveals that the cyber attack surface has expanded due to new ways of working. The report found that smaller businesses often lack the resources to prepare for a wide range of risk scenarios, which can lead to longer recovery times after an unexpected incident. These findings underscore the importance of robust cyber security measures and the need for continuous monitoring and improvement of an organisation’s digital defences.

Sources: [Reinsurance News] [Allianz]

Huge Cyber Security Leak Lifts the Lid on China’s Hackers for Hire

A huge leak of data from a Chinese cyber security firm, iSoon, has revealed state security agents paying tens of thousands of pounds to harvest data on targets, including the likes of foreign governments, and the leak shows this has been going on for years. Since the release, CrowdStrike has drawn overlaps between the firm and multiple known Chinese threat actors who are well resourced and conduct attacks over an extended period (referred to as advanced persistent threats, APTs). Among some of the 500 leaked documents are product manuals, lists of clients and employees, and WeChat instant messages. The leaks show over 14 governments have been attacked, as well as gambling and telecommunications companies.

Sources: [Dark Reading] [The Guardian]

Fifth of British Kids Have Broken the Law Online

In a recent study by the UK National Crime Agency (NCA), one in five children aged 10 to 16 have engaged in online offences with the figure rising to 25% among online gamers. These "low-level" cyber crimes, such as attempting to access protected servers or launching distributed denial of service (DDoS) attacks, may not be perceived by young individuals as violating the Computer Misuse Act. The consequences, however, are severe, including potential arrest, criminal records, and restrictions on future opportunities. The NCA stresses the importance of educating both children and adults about the legal and ethical implications of such actions, highlighting the transition from minor offences to more serious cyber crimes. With a significant shortage of cyber security professionals globally, fostering positive digital skills among young individuals is crucial for meeting industry demands and deterring cyber crime. Parents, teachers, and children are encouraged to explore resources provided by the NCA's Cyber Choices website to prevent inadvertent involvement in illegal online activities.

Source: [Infosecurity Magazine]

Over 40% of Firms Struggle with Cyber Security Talent Shortage

A recent report from Kaspersky has unveiled a critical global challenge: over 40% of companies are struggling to fill essential cyber security roles, with information security research and malware analysis roles particularly affected. This scarcity is felt most acutely in Europe and Latin America. Roles within security operations centres (SOCs) and network security are also understaffed, with figures around 35% and 33% respectively. The government sector faces the most significant demand for cyber security experts, followed closely by the telecoms and media sectors. While efforts like offering competitive salaries and enhanced training are underway, the gap persists due to the rapid pace of technological advancement outstripping educational initiatives. The report emphasises the need for innovative solutions to bridge this shortfall, highlighting recruitment, training, and technological advancements as key components of a comprehensive strategy to bolster cyber security resilience in the face of evolving threats.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• Cyber attacks are getting faster, more common and more successful, even though detection is more advanced than ever | TechRadar

• 7 Ways Companies’ Cyber Related Governance Disclosures Will Evolve Post-SEC Rule Change (harvard.edu)

• Cyber security professionals admit “knowledge gaps” have led to serious security blunders | ITPro

• The old, not the new: Basic security issues still biggest threat to enterprises - Help Net Security

• Cyber threat environment more dangerous then ever - Mimecast (emergingrisks.co.uk)

• Over two-thirds of IT security decision-makers report an increase in cyber security budgets for 2024 | IT Reseller Magazine (itrportal.com)

• Geopolitical tension, extortion and attacks present biggest cyber security risks | theHRD (thehrdirector.com)

• 2024 CrowdStrike Global Threat Report: From Breakout to Breach in Under Three Minutes; Cloud Infrastructure Under Attack | Business Wire

• Gartner: Three top trends in cyber security for 2024 | Computer Weekly

• Barracuda report highlights rise of high-risk business security threats in 2023 (securitybrief.co.nz)

• Coalition report reveals rising cyber threats amidst business vulnerabilities - Reinsurance News

• Over 40% of Firms Struggle With Cyber Security Talent Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• Thinking Like An Attacker—Another Look At Enterprise Security (forbes.com)

• Hackers using stolen credentials to launch attacks as info-stealing peaks | CSO Online

• The evolution of the CISO - Compare the Cloud

• How CISOs Balance Business Growth, Security in Cyber Threat Landscape (darkreading.com)

• Allianz Risk Barometer: Identifying the major business risks for 2024

• How to mitigate C-Suite cyber risks | Professional Security

• Why cyber security can boost organisational innovation | TechRadar

• 4 Key Steps to Reevaluate Your Cyber Security Priorities (darkreading.com)

• Cyber security success -- elevate your defence against cyber threats (betanews.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransom demands surge by 20% in 2023, hitting key industries hardest - SiliconANGLE

• Police arrests LockBit ransomware members, release decryptor in global crackdown (bleepingcomputer.com)

• LockBit takedown is a “huge win for law enforcement”, but let’s not celebrate too soon, security experts warn | ITPro

• LockBit Attempts to Stay Afloat with a New Version (trendmicro.com)

• LockBit registered nearly 200 "affiliates" over the past two years | TechRadar

• 2024 will be a volatile year for cyber security as ransomware groups evolve - Help Net Security

• Ransomware Experts See Problems With Banning Ransom Payments (govinfosecurity.com)

• Initial Ransomware Demands Jump 20% to $600,000 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware: True Cost to Business 2024 (cybereason.com)

• Ransomware and BEC are seeing a huge rise — is your business ready? | TechRadar

• ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns | SC Media (scmagazine.com)

• 3 trends set to drive cyber attacks and ransomware in 2024 | World Economic Forum (weforum.org)

• Year-over-year, the median initial ransom has risen by 20% | Security Magazine

• Alpha ransomware linked to NetWalker operation dismantled in 2021 (bleepingcomputer.com)

• Why are ransomware gangs making so much money? | TechCrunch

• Akira Ransomware Exploiting Cisco Anyconnect Vulnerability (gbhackers.com)

• Knight ransomware source code for sale after leak site shuts down (bleepingcomputer.com)

• Exclusive: eSentire Confirms Rhysida Ransomware Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Stuck in cyber attack nightmare? Call the negotiators (techxplore.com)

• Why some cyber attacks hit harder than others - BBC News

• Report: Manufacturing bears the brunt of industrial ransomware | CyberScoop

Ransomware Victims

• eSentire Confirms Rhysida Ransomware Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Why some cyber attacks hit harder than others - BBC News

• ALPHV ransomware claims loanDepot, Prudential Financial breaches (bleepingcomputer.com)

• Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric (securityaffairs.com)

• Dead Man's Fingers maker cuts over 500 jobs and enters the red after cyber attack hits sales (cityam.com)

• 147 ransomware attacks on large Dutch companies, institutions last year; 18% paid ransom | NL Times

• Pharmacy Delays Across US Blamed on Nation-State Hackers (darkreading.com)

Phishing & Email Based Attacks

• New report warns of ongoing rise of malicious emails bypassing secure email gateways - SiliconANGLE

• Secure email gateways struggle to keep pace with sophisticated phishing campaigns - Help Net Security

• The phishing bait you're most likely to take (betanews.com)

• Deepfake Phishing Grew by 3,000% in 2023 — And It's Just Beginning | HackerNoon

• SMBs at Risk From SendGrid-Focused Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• What ‘psychological warfare’ tactics do scammers use, and how can you protect yourself? (theconversation.com)

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• What Is Social Engineering? Types Of Attacks To Beware Of (forbes.com)

Artificial Intelligence

• AI models can be weaponized to hack websites on their own • The Register

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• Deepfake Phishing Grew by 3,000% in 2023 — And It's Just Beginning | HackerNoon

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• As adversaries harness AI, tech firms peer through chat logs to catch them - Defense One

• Here Comes the Flood of AI-Generated Clickbait | WIRED

• Air Canada Has to Honor a Refund Policy Its Chatbot Made Up | WIRED

• 36% of code generated by GitHub CoPilot contains security flaws - Help Net Security

• Employees input sensitive data into generative AI tools despite the risks | ZDNET

• Ransomware Declines as InfoStealers and AI Threats Gain Ground: IBM X-Force - SecurityWeek

• Gartner: Three top trends in cyber security for 2024 | Computer Weekly

• Global AI Regulatory Update - Lexology

Malware

• PDF Malware on the Rise, Used to Spread WikiLoader, Ursnif and DarkGat - Infosecurity Magazine (infosecurity-magazine.com)

• FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty (thehackernews.com)

• Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor (thehackernews.com)

• VIPRE report predicts 276% rise in malware in 2024 (securitybrief.co.nz)

• Anatsa Android malware downloaded 150,000 times via Google Play (bleepingcomputer.com)

• 'Lucifer' Botnet Turns Up the Heat on Apache Hadoop Servers (darkreading.com)

• What are Botnets and Why are MSSPs So Concerned? | MSSP Alert

• New SSH-Snake malware steals SSH keys to spread across the network (bleepingcomputer.com)

• Ransomware Declines as InfoStealers and AI Threats Gain Ground: IBM X-Force - SecurityWeek

• Your Mac Is Not Virus Proof. It Never Has Been. (gizmodo.com)

• Click: Your innocent mouse could be a cyber criminal's silent weapon - Digital Journal

• Vibrator virus steals your personal information | Malwarebytes

Mobile

• Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices (thehackernews.com)

• New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe (darkreading.com)

• Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks | Tom's Hardware (tomshardware.com)

• VoltSchemer attacks use wireless chargers to inject voice commands, fry phones (bleepingcomputer.com)

• New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers (thehackernews.com)

• Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft (darkreading.com)

Denial of Service/DoS/DDOS

• Cyber attacks in Malta, Hungary, Ukraine, Bosnia are a 'wake-up call', IPI warns (timesofmalta.com)

• Average DDoS attack cost businesses £325,000 in 2023, according to new Zayo data | IT Reseller Magazine (itrportal.com)

• Top UK Universities Recovering Following Targeted DDoS Attack - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• 'Anywhere there's a camera, now there's a risk': Billions of users at risk of Peeping Toms — scientists devise incredibly simple eavesdropping system costing only a few hundred dollars | TechRadar

• Wyze camera glitch gave 13,000 users a peek into other homes (bleepingcomputer.com)

• As Cyber attacks Ramp Up, Electric Vehicles Are Vulnerable (autoweek.com)

• Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries -- smart security systems vulnerable as tech becomes cheaper and easier to acquire | Tom's Hardware (tomshardware.com)

• Is new technology making cars less secure? - Verdict

Data Breaches/Leaks

• Bank of America Suffers Massive Data Breach, Exposing Social Security Numbers, Addresses and Additional Sensitive Data To Hackers - The Daily Hodl

• Infosys subsidiary named as source of Bank of America leak • The Register

• Why Data Breaches Spiked in 2023 (hbr.org)

• Massive Cloud Database Leak Exposes 380 Million Records (hackread.com)

• UK council's sneaky insider steals 79k email addresses • The Register

• Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million - SecurityWeek

Cyber Crime General & Criminal Actors

• Fifth of British Kids Have Broken the Law Online - Infosecurity Magazine (infosecurity-magazine.com)

• Despite Knowing Risks, Brits Continue to Expose Themselves to Cyber Criminals Finds IDnow | The Fintech Times

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Criminals Are Employing New Tactics To Launder Money, Warns Report - Benzinga

Insider Risk and Insider Threats

• UK council's sneaky insider steals 79k email addresses • The Register

Insurance

• Personal cyber insurance nascent but growing in demand as digital crimes increase - Victoria Times Colonist

• Insurers Use Claims Data to Recommend Cyber Security Technologies (darkreading.com)

• Cyber Insurance Needs to Evolve to Ensure Greater Benefit (darkreading.com)

• What is Cyber Insurance and Does Your Small Business Need It? (smallbiztrends.com)

Supply Chain and Third Parties

• Infosys subsidiary named as source of Bank of America leak • The Register

• North Korean hackers linked to defence sector supply-chain attack (bleepingcomputer.com)

Cloud/SaaS

• 2024 CrowdStrike Global Threat Report: From Breakout to Breach in Under Three Minutes; Cloud Infrastructure Under Attack | Business Wire

• Cyber security report reveals 75% spike in cloud attacks (securitybrief.co.nz)

• Cyber security fears drive a return to on-premise infrastructure from cloud computing - Help Net Security

• Massive Cloud Database Leak Exposes 380 Million Records (hackread.com)

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

• Cyber attacks follow businesses to the cloud (betanews.com)

• Six steps for stronger cloud security | SC Media (scmagazine.com)

Identity and Access Management

• Why identity fraud costs organisations millions - Help Net Security

• Orgs are having a major identity crisis • The Register

• Active Directory outages can cost organisations $100,000 per day - Help Net Security

Encryption

• European Court of Human Rights rules against government backdoors in end-to-end encryption - Neowin

Linux and Open Source

• New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Hackers using stolen credentials to launch attacks as info-stealing peaks | CSO Online

• How to proactively prevent password-spray attacks on legacy email accounts | CSO Online

Social Media

• EU Watchdog Urged to Reject Meta 'Pay for Privacy' Scheme - SecurityWeek

• Social Media Platforms Are in an ‘Information Trafficking Business’: Cyber Security Adviser | NTD

• ChatGPT Used by North Korean Hackers to Scam LinkedIn Users (tech.co)

• 76% of Super Bowl Traffic From Elon Musk's X to Advertisers Could Be Fake (thewrap.com)

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• European Union deepens its investigation of TikTok • The Register

Training, Education and Awareness

• People cannot be patched (betanews.com)

Regulations, Fines and Legislation

• European Court of Human Rights rules against government backdoors in end-to-end encryption - Neowin

• Hedge Funds Warn SEC Cyber Lapses Risk Exposing Trading Secrets (bloomberglaw.com)

• One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem (securityintelligence.com)

• 7 Ways Companies’ Cyber Related Governance Disclosures Will Evolve Post-SEC Rule Change (harvard.edu)

• European Union deepens its investigation of TikTok • The Register

• Decoding DORA: Navigating the digital regulatory landscape | World Finance

• 81 Percent of Security Leaders Say SEC Cyber Security Rules Will Substantially Impact Their Business | Business Wire

• FTC Fines Avast $16.5 Million For Selling Browsing Data Harvested by Antivirus (404media.co)

• Avast settles claims of customer data peddling for $17M • The Register

• Global AI Regulatory Update - Lexology

Careers, Working in Cyber and Information Security

• Over 40% of Firms Struggle With Cyber Security Talent Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• The Psychology of Cyber Security Burnout (informationweek.com)

• How can we adapt work practices to protect CISO mental health? | Computer Weekly

Misinformation, Disinformation and Propaganda

• Feds deliver stark warnings to state election officials ahead of November - Iowa Capital Dispatch

• UK election cyber attack warning after Putin's hackers target US (inews.co.uk)

• Social Media Platforms Are in an ‘Information Trafficking Business’: Cyber Security Adviser | NTD

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• Election security threats in 2024 range from AI to … anthrax • The Register

• 76 percent of Super Bowl LVIII traffic from Twitter dubbed 'fake' (awfulannouncing.com)

• Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative (thehackernews.com)

• Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (thehackernews.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Countries fear state-sponsored cyber war | The World from PRX

• Cyberwar: What Is It Good For? - GovInfoSecurity

Nation State Actors

• Cyber attacks are getting faster, more common and more successful, even though detection is more advanced than ever — new report signals the threats to businesses, supply chains, and democracy | TechRadar

• Countries fear state-sponsored cyber war | The World from PRX

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• Pharmacy Delays Across US Blamed on Nation-State Hackers (darkreading.com)

China

• In the evolving cyberwar, China aims to take down our critical infrastructure | SC Media (scmagazine.com)

• 'Major Chinese hack' on Foreign Office urgently investigated by UK spies (inews.co.uk)

• Leaked Chinese Hacking Files Reveal How Compromised the US Could Be (businessinsider.com)

• iSoon's Secret APT Status Exposes China's Foreign Hacking Machination (darkreading.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• China’s Cyber Security and Statecraft – The Diplomat

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• China’s Spy Agency Sees Threats Everywhere in Data Security Push - Bloomberg

Russia

• FBI disrupts hacking network 'linked to Russian intelligence services' | US News | Sky News

• Russian APT 'Winter Vivern' Targets European Governments, Military (darkreading.com)

• Russian Cyber attackers Launch Multiphase PsyOps Campaign (darkreading.com)

• Russian-Linked Hackers Target 80+ Organisations via Roundcube Flaws (thehackernews.com)

• Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers | Tom's Hardware (tomshardware.com)

• NHS hospitals ‘easy targets’ for Russian hackers (thetimes.co.uk)

• Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (recordedfuture.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• Russian Turla Cyber Spies Target Polish NGOs With New Backdoor - SecurityWeek

• Russian-Aligned Network Doppelgänger Targets German Elections - Infosecurity Magazine (infosecurity-magazine.com)

• Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (thehackernews.com)

• NATO's chief information officer on what Ukraine did right in its cyberwar with Russia (therecord.media)

• Russian Government Software Backdoored to Deploy Konni RAT Malware (thehackernews.com)

• Three terms sure to grab attention: Russia, nuclear, anti-satellite weapon | Ars Technica

Iran

• Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor (thehackernews.com)

• Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops (darkreading.com)

• Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative (thehackernews.com)

• Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets (darkreading.com)

• Israeli Aircraft Survive “Cyber Hijacking” Attempts - Infosecurity Magazine (infosecurity-magazine.com)

North Korea

• ChatGPT Used by North Korean Hackers to Scam LinkedIn Users (tech.co)

• North Korean hackers linked to defence sector supply-chain attack (bleepingcomputer.com)

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• Russian Government Software Backdoored to Deploy North Korean Konni RAT Malware (thehackernews.com)

Vulnerability Management

• CVEs expected to increase 25% in 2024 | Security Magazine

• Coalition: Vulnerability scoring systems falling short | TechTarget

Vulnerabilities

• Ransomware Warning as CVSS 10.0 ConnectWise ScreenConnect Bug is Exploited - Infosecurity Magazine (infosecurity-magazine.com)

• ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns | SC Media (scmagazine.com)

• Exploiting critical ConnectWise bug is 'embarrassingly easy' • The Register

• Akira Ransomware Exploiting Cisco AnyConnect Vulnerability (gbhackers.com)

• New Ivanti Vulnerability Observed as Widespread Security Concerns Grow - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers (securityaffairs.com)

• VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk (thehackernews.com)

• VMware issues no-patch advisory for critical flaw in old SSO plugin | SC Media (scmagazine.com)

• Russian-Linked Hackers Target 80+ Organisations via Roundcube Flaws (thehackernews.com)

• ESET fixed high-severity local privilege escalation bug in Windows products (securityaffairs.com)

• SolarWinds addressed critical RCEs in Access Rights Manager (securityaffairs.com)

• Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities - SecurityWeek

• Critical Vulnerability in VMware vSphere Plug-in Allows Session Hijacking (darkreading.com)

• Joomla XSS Bugs Open Millions of Websites to RCE (darkreading.com)

• Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft (darkreading.com)

• Urgent patches available for QNAP vulnerabilities, one 0-day • The Register

• Hackers exploit critical RCE flaw in Bricks WordPress site builder (bleepingcomputer.com)

Tools and Controls

• Secure email gateways struggle to keep pace with sophisticated phishing campaigns - Help Net Security

• NCSC Sounds Alarm Over Private Branch Exchange Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Stuck in cyber attack nightmare? Call the negotiators (techxplore.com)

• New Google Chrome feature blocks attacks against home networks (bleepingcomputer.com)

• How Businesses Can Safeguard Their Communication Channels Against Hackers (thehackernews.com)

• Limiting remote access exposure in hybrid work environments | CSO Online

• Cyber Insurance Needs to Evolve to Ensure Greater Benefit (darkreading.com)

• The double-edged sword of zero trust - Help Net Security

• Orgs are having a major identity crisis • The Register

• Active Directory outages can cost organisations $100,000 per day - Help Net Security

• SOC Landscapes: Insights from SANS' 2023 SOC Report (trendmicro.com)

• 36% of code generated by GitHub CoPilot contains security flaws - Help Net Security

• Microsoft expands free logging capabilities after May breach (bleepingcomputer.com)

• Why ransomware gangs love using RMM tools—and how to stop them | Malwarebytes

• People cannot be patched (betanews.com)

• “Ruthlessly prioritize what’s critical”: Check Point expert on CISOs and the evolving attack surface | ITPro

Reports Published in the Last Week

• VIPRE report predicts 276% rise in malware in 2024 (securitybrief.co.nz)

• CrowdStrike 2024 Global Threat Report | CrowdStrike

• IBM XForce Threat Intelligence Index 2024.pdf

• Cyber Threat Index 2024: Scans, Honeypots, and CVEs  (coalitioninc.com)

Other News

• Israeli Aircraft Survive “Cyber-Hijacking” Attempts - Infosecurity Magazine (infosecurity-magazine.com)

• The Power Sector’s High-Stakes Battle for Cyber-Resiliency (powermag.com)

• Ways to elevate public sector cyber security | Professional Security

• Increasing Europe's cyber resilience - government.lu (gouvernement.lu)

• Industries most targeted by active adversaries | SC Media (scmagazine.com)

• Library Cyber Defences Are Falling Down (darkreading.com)

• How conveyancers can protect themselves against a cyber attack | Today's Conveyancer (todaysconveyancer.co.uk)

• US govt shares cyber attack defence tips for water utilities (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Overconfident Organisations Prone to Cyber Breaches

A study found that 95% of UK enterprises were very confident or somewhat confident that they do not have gaps in their security controls, yet despite this, 69% have fallen victim to a cyber attack in the last two years. One of the reasons given for this false sense of confidence was the belief that more tools meant more security; worryingly, 45% of organisations struggled with the implementation of tools due to the need for expertise. Attackers are constantly adapting their tactics to bypass the security controls that most organisations implement. It is difficult for IT teams and business leaders to maintain an objective assessment of how effective their chosen security controls are against today’s attackers. Black Arrow provides the impartial and expert advice that businesses require, including a free initial assessment, with no vested interest other than helping our clients achieve pragmatic and proportionate security.

Source: [IT Security Guru]

Board Members Struggling to Understand Cyber Risks

Board members frequently struggle to understand cyber risks, putting businesses at higher risk of attacks, a new report has found. The report noted that Board interest is being piqued as a result of growing media reporting of cyber incidents, a heightened Board focus on operational resilience post-pandemic, investor pressure and a tightening regulatory environment.

Worryingly, despite the increase in interest and increased internal and external focus on cyber risk, a number of Board-level respondents reported that they felt scared or embarrassed to ask their CISO for fear of exposing their lack of understanding.

Source: [Infosecurity Magazine]

Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them

Senior executives in today's evolving work landscape face growing cyber security threats, including extortion and device theft. The rise of ‘workcations’, which blend work and leisure, has blurred professional and personal boundaries, exposing leaders to heightened risks, and necessitating a strong focus on cyber security.

These executives are particularly attractive targets due to their access to critical information and decision-making authority. To protect their organisations, they must prioritise robust security measures, such as stronger passwords, anti-theft safeguards for devices, multi factor authentication, and, where appropriate or necessary, the use of virtual private networks. As guardians of their businesses' well-being, executives carry the responsibility of upholding stringent cyber security practices, ensuring that the benefits of remote work do not compromise their organisations' security.

Source: [Fortune]

Cyber Attacks Reach Fever Pitch in Q2 2023

A report has found the global landscape of increasing digitisation, political unrest, the emergence of AI and the widespread adoption of work from home, have all contributed to an increase in attacks, which have increased 314% in the first half of this year compared the first half of 2022.  Rather worryingly, between the first and second quarter this year, there was a 387% increase in activity.

Source: [Data Centre & Network News]

Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats

A report from the Information Commissioner’s Office (ICO) in the UK found ransomware attacks on UK organisations reached record levels last year, impacting over 700 organisations. This isn’t the true count though, as it does not factor the overwhelming majority of victims who do not report attacks, so the true number will be many times this. This increase comes as reports are finding that UK companies are struggling to address the growing threats, and this includes a lack of understanding at the Board level. In fact, 59% of directors say their Board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.

Sources: [The Record] [The Fintech Times] [Financial Times]

Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. Referring to one of the groups, Microsoft said “In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,". This tactic has also been used by Russian Nation State Actors.

Source: [Bleeping Computer]

Europol - Financial Crime Makes “Billions” and Impacts “Millions”

The European policing alliance’s first ever European Financial and Economic Crime Threat Assessment was compiled from “operational insights and strategic intelligence” contributed by member states and Europol partners. The assessment highlighted a criminal economy worth billions of euros and that impacts millions of victims each year.

Source: [Infosecurity Magazine]

Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security

A recent report found that 30% of parents have never spoken to their children about cyber security. Additionally, over 40% of parents, who themselves admitted that they didn’t know how to create strong passwords, still give their child access to their mobile phones and almost a third (32%) give them access to their computers. By doing so, parents are not only putting their children at risk, but inadvertently, themselves and the organisations they work for as well.

Black Arrow offers a range of training, including formal and informal training, for individuals, employees and business leaders. Contact us today for a free initial conversation.

Source: [IT Security Guru]

Hackers are Dropping USB Drives Outside Buildings to Target Networks

A mid-year cyber security report found that along with the explosive growth in AI, bad actors are still using tried and tested, but unfortunately still very effective, tactics such as dropping USB drives outside target buildings in the hope that an employee will pick them up and plug them into devices connected to the corporate network. Many times, these actors are banking on their targets lacking protections against these attacks. Think about your organisation, would someone plug a device they found in the street into their work computer out of curiosity? Does your organisation have controls in place to prevent this type of attack?

Source: [Tech Republic]

Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night

According to a recent survey, 55% of IT decision-makers cited data theft as their main concern, with ransomware placed third, after phishing. This comes as ransomware attackers are moving towards more exfiltration-based techniques. Exfiltration creates a significant number of issues for an organisation including the regulatory requirements of telling customers, to not knowing what data has been exfiltrated.

Source: [Information Security Buzz]

If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now

Criminals have had plenty of time to use encryption keys stolen in the 2022 LastPass hack to open vaults, and there has been a reported increase in the number of vaults that have been cracked. For those attackers that haven’t been able to crack your password, they're under no time constraints.

Whilst successful attackers may not directly target your email accounts, PayPal wallets, or banks, these assets can be packaged and sold to other criminal third parties. If any of the passwords stored in a LastPass vault prior to 2022 are still in use, you should change them immediately.

Source: [Make Use Of]

Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web

IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report. The latest haul of new CVEs brings the total number tracked by the vendor to 3,900; a number that has doubled since 2019. Similarly, a separate report from Palo Alto Networks found that 80% of security exposures exist in the cloud.

IBM highlighted that this has led to a number of cloud credentials being actively sold on the dark web, in some cases for the same price as a dozen doughnuts. These credentials are believed to account for almost 90% of goods and services for sale on the dark web.

Sources: [Infosecurity Magazine] [The Register] [TechTarget]

Governance, Risk and Compliance

• More UK companies failing to tackle cyber security, reveals new report - The Intermediary - Latest UK mortgage news

• Deputy PM urges UK plc not to lose focus on cyber | Computer Weekly

• Cyber criminals are now targeting top executives–and could be using sensitive information to extort them | Fortune

• Why Data Theft Is Now The #1 Cyber Security Threat Keeping IT Pros Awake At Night (informationsecuritybuzz.com)

• Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru

• Global companies to hike security spending as threats rise - survey | Reuters

• CISOs need to be forceful to gain leverage in the boardroom - Help Net Security

• Board Members Struggling to Understand Cyber Risks - Infosecurity Magazine (infosecurity-magazine.com)

• Board And CISO Disconnect On Cyber Security Preparedness 'Rings Alarm Bells'– Expert Comments (informationsecuritybuzz.com)

• Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru

• Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard

• Cyber Security risks dampen corporate enthusiasm for tech investments - Help Net Security

• CISOs and Board Reporting – an Ongoing Problem - SecurityWeek

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks hit record level in UK, according to neglected official data (therecord.media)

• Ransomware tracker: The latest figures [September 2023] (therecord.media)

• Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)

• Ransomware thrives as cyber security remains lax, says UK report | Financial Times (ft.com)

• Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family (thehackernews.com)

• Ransomware and the cyber crime ecosystem - NCSC.GOV.UK

• Ransomware in top three threats for 65% of organisations | Security Magazine

• The 10 biggest ransomware attacks in history | TechTarget

• Sophos on the State of Ransomware - GovInfoSecurity

• TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)

• Don’t focus on ransomware variants, say UK’s national cyber and crime agencies (therecord.media)

• Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor (darkreading.com)

• Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors (darkreading.com)

Ransomware Victims

• Greater Manchester Police officers' details targeted in 'ransomware attack' | Breaking News News | Sky News

• A phone call to helpdesk was likely all it took to hack MGM | Ars Technica

• MGM Resorts cyber attack: Casinos warned to be on 'high alert' as £11bn firm remains crippled | Science & Tech News | Sky News

• MGM, Caesars File SEC Disclosures on Cyber Security Incidents (darkreading.com)

• Caesars paid millions in ransom to cybercrime group prior to MGM hack – NECN

• Group in Casino Hacks Skilled at Duping Workers for Access (1) (bloomberglaw.com)

• Ransomware tracker: The latest figures [September 2023] (therecord.media)

• IT Systems Encrypted After UK School Hit By Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Attack Wipes Out Four Months of Sri Lankan Government Data - Infosecurity Magazine (infosecurity-magazine.com)

• Rhysida gang claims to have hacked three more US hospitals (securityaffairs.com)

• Ransomware crew claims to have hit Save The Children • The Register

• Shell says Australian unit BG Group hit by MOVEit cyber security breach | Reuters

• Dutch football association pays ransom to Russian cyber criminals – EURACTIV.com

• Cyber security incident affects services at The Weather Network | CFJC Today Kamloops

Phishing & Email Based Attacks

• New Microsoft Teams Phishing Campaign Targets Corporate Employees - Infosecurity Magazine (infosecurity-magazine.com)

• Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security

• Attackers Abuse Google Looker Studio to Evade DMARC, Email Security (darkreading.com)

• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper (thehackernews.com)

• $24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack

• Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar

• Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)

• Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)

• Journalists, authors, and other writers targeted by phishing emails | TechRadar

• Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach - SecurityWeek

• Windows Systems Targeted in Multi-Stage Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• How should SMBs navigate the phishing minefield? - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Understanding the dangers of social engineering - Help Net Security

• How to Avoid Smishing Attacks Targeting Subscription Service Users (securityintelligence.com)

Artificial Intelligence

• Cyber Criminals Feasting On Artificial Intelligence (forbes.com)

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

• ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)

• Cloud security in the era of artificial intelligence (securityintelligence.com)

• Deepfake cyberthreats keep rising. Here's how to prevent them - SiliconANGLE

2FA/MFA

• Organisation Still Aren't Adopting Enterprisewide Multifactor Authentication — What's the Holdup? (securityintelligence.com)

Malware

• Microsoft Teams phishing attack pushes DarkGate malware (bleepingcomputer.com)

• Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)

• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper (thehackernews.com)

• Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)

• Windows Systems Targeted in Multi-Stage Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Intel-based Macs under attack from new MetaStealer malware — how to stay safe | Tom's Guide (tomsguide.com)

• Protecting Your Microsoft IIS Servers Against Malware Attacks (thehackernews.com)

• 3 Strategies to Defend Against Resurging Infostealers (darkreading.com)

• New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (thehackernews.com)

• Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)

• 'Steal-It' Campaign Uses OnlyFans Models as Lures (darkreading.com)

• Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (welivesecurity.com)

• Cybersecurity alert: Malware hidden in Microsoft Teams messages targeting users - OnMSFT.com

• Iranian Cyberspies Deployed New Backdoor to 34 Organizations - SecurityWeek

Mobile

• 'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users (darkreading.com)

• France halts iPhone 12 sales over radiation levels - BBC News

Denial of Service/DoS/DDOS

• Massive DDoS attack on US financial company thwarted by cyber firm (therecord.media)

• Akamai prevented largest DDoS attack on a US financial company (securityaffairs.com)

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek

• Yukon gov't website back after cyber attack, Nunavut gov't site still down | CBC News

Internet of Things – IoT

• Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)

• Wyze security camera owners report seeing strangers' camera feeds | Mashable

• Hackers Are Salivating Over Electric Cars - The Atlantic

• Hackers will hack anything — including your sex toys - The Hustle

Data Breaches/Leaks

• Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru

• LastPass Hackers Cracking Password Vaults - Experts Warns - Cyber Kendra

• Dymocks Booksellers suffers data breach impacting 836k customers (bleepingcomputer.com)

• Lessons from the DuoLingo data breach – Digital Journal

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Capita class action: 2,000 sign up in wake of data theft • The Register

• Airbus data leaked via infected customer computer • The Register

• Threat actor leaks sensitive data belonging to Airbus (securityaffairs.com)

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Organised Crime & Criminal Actors

• Cyber criminals are now targeting top executives–and could be using sensitive information to extort them | Fortune

• Europol: Financial Crime Makes “Billions” and Impacts “Million" - Infosecurity Magazine (infosecurity-magazine.com)

• How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Influx of Russian fraudsters gives Turkish cyber crime hub new lease of life | Financial Times (ft.com)

• Europol's spotlight report sheds light on evolving cyber attacks (amlintelligence.com)

• Ransomware in the underworld. (thecyberwire.com)

• Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Criminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks (thehackernews.com)

• Top blockchain Cyber security threats to watch out for (att.com)

• $24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack

• Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin

• Hackers steal $53 million worth of cryptocurrency from CoinEx (bleepingcomputer.com)

• Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News

Insider Risk and Insider Threats

• Human behaviour as both threat and defence | Professional Security

Fraud, Scams & Financial Crime

• Latest fraud schemes targeting the payments ecosystem - Help Net Security

• Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News

• Glasgow firm issues warning following recent cyber attack | Glasgow Times

Impersonation Attacks

• Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security

• Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)

Deepfakes

• Deepfake cyber threats keep rising. Here's how to prevent them - SiliconANGLE

AML/CFT/Sanctions

• TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)

Insurance

• Insurance industry grapples with rising cyber crime threat, climate change concerns: PwC - Reinsurance News

• Cyber security is top insurance concern as global attacks increase - Insurance Post (postonline.co.uk)

Dark Web

• Dark Web Threats to Businesses - DevX

• ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)

• Cloud credentials are the hot ticket item on the dark web • The Register

Supply Chain and Third Parties

• Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard

• Lazarus Group Targets macOS in Supply Chain Assault - Infosecurity Magazine (infosecurity-magazine.com)

• Airbus Cyber Attack: Over 3,200 Vendor Data Accessed by Hackers (cybersecuritynews.com)

• Capita class action: 2,000 sign up in wake of data theft • The Register

• The rise and evolution of supply chain attacks - Help Net Security

• A 2-Week Prescription for Eliminating Supply Chain Threats (darkreading.com)

Cloud/SaaS

• New Microsoft Teams Phishing Campaign Targets Corporate Employees - Infosecurity Magazine (infosecurity-magazine.com)

• Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar

• Finding Your Way in Cloud Security - SecurityWeek

• 7 Steps to Kickstart Your SaaS Security Program (thehackernews.com)

• Cloud storage security: What's new in the threat matrix | Microsoft Security Blog

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Cloud credentials are the hot ticket item on the dark web • The Register

• Palo Alto Networks: 80% of security exposures exist in cloud | TechTarget

• Cloud security in the era of artificial intelligence (securityintelligence.com)

Containers

• Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns (darkreading.com)

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)

Identity and Access Management

• Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)

• Companies need to rethink how they implement identity security - Help Net Security

• Enterprises persist with outdated authentication strategies - Help Net Security

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

Encryption

• OpenSSL 1.1.1 reaches end of life... unless you can pay up • The Register

• When a Quantum Computer Is Able to Break Our Encryption, It Won’t Be a Secret | Lawfare (lawfaremedia.org)

API

• API Expanding Attack Surfaces: 74% Reporting Multiple Breaches – Approov Comments (informationsecuritybuzz.com)

• How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)

• Elevating API security to reinforce cyber defence - Help Net Security

• Machine Learning is a Must for API Security - IT Security Guru

Open Source

• Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)

• Linux Malware! Read This If You Use Free Download Manager (itsfoss.com)

Passwords, Credential Stuffing & Brute Force Attacks

• If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now (makeuseof.com)

• Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)

• New WiKI-Eve attack can steal numerical passwords over WiFi (bleepingcomputer.com)

• Wi-Fi radio signal data can be used 'to predict passwords' • The Register

• Cloud credentials are the hot ticket item on the dark web • The Register

• Iranian hackers breach defence orgs in password spray attacks (bleepingcomputer.com)

Social Media

• Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek

• How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)

• Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)

Training, Education and Awareness

• How to Transform Security Awareness Into Security Culture (darkreading.com)

• Elevating Cyber Awareness: A Strategic Approach (informationweek.com)

• How end-user phishing training works (and why it doesn’t) (bleepingcomputer.com)

• Great security training is a real challenge - Help Net Security

Digital Transformation

• Was the digital transformation worth it security-wise? (securityintelligence.com)

Parental Controls and Child Safety

• Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security- IT Security Guru

• Parents, children and cyber security: Time for a big conversation – Digital Journal

Cyber Bullying, Cyber Stalking and Sextortion

• How To Answer The General Counsel’s Questions After A Cyber Incident (forbes.com)

Regulations, Fines and Legislation

• SEC Issues Final Rules on Cyber Security Disclosures | Kelley Drye & Warren LLP - JDSupra

• Cyber risk is business risk, and the SEC knows it (fdd.org)

• What Makes an Incident ‘Material’? | Calloquy, PBC - JDSupra

• The International Criminal Court will now prosecute cyberwar crimes | Ars Technica

• Preparing For Cyber Security Disclosures Set For Public Companies (forbes.com)

• UK ICO and NCSC Set to Share Anonymized Threat Intelligence - Infosecurity Magazine (infosecurity-magazine.com)

• One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem (securityintelligence.com)

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Models, Frameworks and Standards

• Understanding the HITRUST CSF and its Benefits | UpGuard

Backup and Recovery

• How to develop a cloud backup ransomware protection strategy | TechTarget

• How To Backup Data From NAS: A Complete Guide (informationsecuritybuzz.com)

Data Protection

• UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (therecord.media)

Careers, Working in Cyber and Information Security

• Cyber Security Skills Gap: Roadies & Gamers Are Untapped Talent (darkreading.com)

• Three ways to overcome cyber security staff shortages (securitybrief.co.nz)

Privacy, Surveillance and Mass Monitoring

• Wyze security camera owners report seeing strangers' camera feeds | Mashable

• Your Car Is Spying On You, From Your Sex Life To How Fast You Go | Carscoops

• Google Chrome just rolled out a new way to track you and serve ads. Here's what you need to know (theconversation.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

China

• Risk & Repeat: Big questions remain on Storm-0558 attacks | TechTarget

• Parliamentary researcher ‘who spied for China’ arrested | UK news | The Guardian

• Arrest of alleged spy raises questions around UK’s China policy | Financial Times (ft.com)

• Microsoft, Apple versus China, spyware actors (techrepublic.com)

• Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)

• Powerful Ethnic Militia in Myanmar Repatriates 1,200 Chinese Suspected of Involvement in Cyber Crime - SecurityWeek

• Spies, Hackers, Informants: How China Snoops on the West - SecurityWeek

• Jen Easterly and Sami Khoury: Threats From China, Russia, AI Top US, Canada Cyber Agenda (foreignpolicy.com)

• China caught with its malware in another nation's power grid • The Register

• China Threat Recap: A Deeper Insight (informationsecuritybuzz.com)

• As China steps up cyber security enforcement, smaller businesses are feeling the heat | South China Morning Post (scmp.com)

• British and Chinese academic research collaborations quadruple despite security fears (telegraph.co.uk)

Iran

• Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)

• ‘Scan-and-exploit’ campaign snares unpatched Exchange servers | SC Media (scmagazine.com)

• Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors (thehackernews.com)

North Korea

• Lazarus Group Targets macOS in Supply Chain Assault - Infosecurity Magazine (infosecurity-magazine.com)

• Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin

Misc Nation State/Cyber Warfare

• ‘Cyber attacks lower warfare bar, rules key’ | Mint (livemint.com)

• Polish election questioned after Pegasus spyware used to smear opposition, investigation finds | Computer Weekly

• How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek

• How Cyber Attacks Are Transforming Warfare (thehackernews.com)

• OODA Loop - The ICC Will Now Investigate Cyber War Crimes

• The Double-Edged Sword of Cyber Espionage (darkreading.com)

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

Vulnerability Management

• Severe vulnerability found in all browsers, and it's being attacked | PCWorldOvercoming the Rising Threat of Session Hijacking (darkreading.com)

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica

Vulnerabilities

• Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws (bleepingcomputer.com)

• Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) - Help Net Security

• Severe vulnerability found in all browsers, and it's being attacked | PCWorld

• Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now (thehackernews.com)

• After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery - SecurityWeek

• CISA Adds Critical RocketMQ Bug to Must-Patch List - Infosecurity Magazine (infosecurity-magazine.com)

• Notepad++ 8.5.7 released with fixes for four security vulnerabilities (bleepingcomputer.com)

• Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (bleepingcomputer.com)

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)

• Cisco warns of VPN zero-day exploited by ransomware gangs (bleepingcomputer.com)

• Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

Tools and Controls

• Global companies to hike security spending as threats rise - survey | Reuters

• Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru

• What Is XDR and Why It's Changing the Security Industry - ReadWrite

• Organisations Still Aren't Adopting Enterprisewide Multifactor Authentication — What's the Holdup? (securityintelligence.com)

• Remote Desktop Protocol exposures leave 85% of organisations vulnerable to attack - SiliconANGLE

• How CISOs Can Effectively Manage Firewall Vulnerabilities | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• The Dark Web Is Expanding (As Is the Value of Monitoring It) (darkreading.com)

• How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)

• Elevating Cyber Awareness: A Strategic Approach (informationweek.com)

• Great security training is a real challenge - Help Net Security

• Companies need to rethink how they implement identity security - Help Net Security

• Enterprises persist with outdated authentication strategies - Help Net Security

• Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)

• Easy Configuration Fixes Can Protect Your Server from Attack (securityintelligence.com)

Reports Published in the Last Week

• Ransomware and the Cyber Crime ecosystem - NCSC.GOV.UK

• Sophos on the State of Ransomware - GovInfoSecurity

• The State of Pentesting 2023 Report | Cobalt

Other News

• Record number of cyber attacks targeting critical IT infrastructure reported to UK gov’t this year (therecord.media)

• The Weaponization of Operational Technology (securityintelligence.com)

• ICS Computers in Western Countries See Increasing Attacks: Report - SecurityWeek

• Cyber Trends: The Gunpowder of the Twenty-First Century (e-ir.info)

• The 9 Top Technology Trends That Are Shaping the Future of Cyber Security (makeuseof.com)

• Some of TOP universities wouldn’t pass cyber security exam: left websites vulnerable - Security Affairs

• The Cyber Security Risks In Education Cannot Be Ignored (forbes.com)

• A new Repojacking attack exposed over 4,000 GitHub repositories to hack (securityaffairs.com)

• Cyber attacks reach fever pitch in Q2 2023 - Data Centre & Network News (dcnnmagazine.com)

• Rising OT/ICS cyber security incidents reveal alarming trend - Help Net Security

• Building cyber resiliency in public services | UKAuthority

• Brits happy to break cyber law if the price is right | Computer Weekly

• Chilling Lack of Cyber Experts in UK Government: Parliamentary Inquiry - Infosecurity Magazine (infosecurity-magazine.com)

• British Military Hit by Six Million Cyber Attacks in 2022 (thedefensepost.com)

• Trustwave report on hospitality industry security threats | Cyber Magazine

• Cyber security impact on construction, engineering projects (csemag.com)

• Cyber criminals come for schools — and schools aren’t ready (hechingerreport.org)

• Professional Sports: The Next Frontier of Cyber Security? (darkreading.com)

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Poison in the Water: The Physical Repercussions of IoT Security Threats (securityintelligence.com)

• Australia Inc roiled by raft of cyber attacks since late 2022 | Reuters

• Death by digital: attacks on healthcare put people at risk (synack.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.