Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Social Engineering is the Biggest Cyber Threat, as Study Finds Most Workers Have Clicked on a Suspicious Email Link

According to a recent report, half of office workers have clicked on a link or attachment within a suspicious email sent to their work address within the last 12 months, and of those that interacted with the email, half of them claimed to be confident in their ability to identify phishing emails.

With 68% of breaches involving the human element, your organisation must be cognisant of its employees. Hackers know that no matter what your tech stack is, you will always have employees and where there is an employee, there is a way into your organisation. It is far cheaper to exploit an employee who already has the access you require, than to develop a new exploit. It only takes one human to make a mistake by granting access to an attacker.  

When it came to training, only 41% of respondents said their employer had provided formal cyber security awareness training and 79% said their previous training is not sufficient to keep pace with modern cyber threats.

Source: [HackerNoon] [BusinessPlus]

Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor

A recent report commissioned by BT reveals that 86% of UK business leaders suffer from 'tech-related stress,' particularly concerning AI and cyber security, a phenomenon they have termed as 'Bytmares.' The report found that 59% of business leaders worry about the rapid and relentless pace of tech advancement, and whether appropriate controls are in place to protect it.

According to a different survey, 74% of business leaders view cyber security incidents as the main disruptive threat to their organisations either currently or over the next twelve months. This was followed by cloud computing, internet of things and artificial intelligence.

These findings highlight the critical importance of robust cyber security measures in today’s interconnected world. As organisations increasingly rely on digital infrastructure, safeguarding sensitive data and systems becomes paramount. Cyber threats can disrupt operations, compromise customer trust, and result in financial losses. Remember, cyber security is not just an IT concern; it is a strategic imperative for every organisation.

Sources: [Beta News] [Telecoms] [Verdict]

ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before

A recent update from the UK’s Information Commissioner’s Office (ICO) has revealed that ransomware attacks in the UK have surpassed all previous years, up 52% from the previous year. The report found that finance, retail and education sectors are suffering the most incidents.

The leading causes of breaches include phishing, brute force attacks, errors and supply chain attacks. The ICO noted that many organisations still neglect basic cyber security measures and has called for enhanced efforts to combat the escalating threat, emphasising the importance of foundational controls.

Sources: [Tech Monitor] [Government Business] [The Record Media] [Tech Monitor]

Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks

The latest Verizon Business Data Breach Investigations Report (DBIR) highlights that employee error is the leading cause of cyber security incidents in the EMEA region, accounting for 49% of cases. The top reasons for these incidents are “miscellaneous errors, system intrusion, and social engineering,” making up 87% of all breaches. Hackers primarily target personal information (64%), internal data (33%), and login credentials (20%). Despite zero-day vulnerabilities being a significant threat, with exploitation rising to 14% of breaches, the report emphasises the critical need for ongoing employee training and awareness to mitigate these risks.

Source: [TechRadar]

Why Cyber Insurance isn’t a Substitute for Cyber Risk Management

While cyber insurance can be beneficial in mitigating financial loss from cyber attacks, it is not a substitute for comprehensive cyber risk management. Many firms with cyber insurance have still fallen victim to attacks, highlighting that cyber insurance primarily transfers residual risk. Effective cyber risk management includes conducting proper risk assessments and implementing robust cyber security controls. Cyber insurance cannot resolve issues like business disruption, breach of client confidentiality, and compliance with legal obligations; this stresses the need for proactive measures and independent assurance to protect against cyber threats.

Source: [ Law Society of Scotland]

China Presents Defining Challenge to Global Cyber Security, Says GCHQ

A recent speech by the new director of the UK’s GCHQ highlighted China's growing cyber threat, describing it as an "epoch-defining challenge." She warned that China's destabilising actions undermine global internet security. The current head of the UKs’ NCSC echoed these concerns, pointing to the Chinese state-sponsored hacking group Volt Typhoon which has infiltrated critical sectors like energy and transportation. The National Cyber Director at the White House added that China’s cyber capabilities pose a significant threat to global infrastructure, particularly in crisis scenarios, as Chinese hackers increasingly use sophisticated techniques to pre-position within networks.

Source: [Infosecurity Magazine]

Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign

Since April, millions of phishing emails have been sent through a botnet known as “Phorpiex” to conduct a large-scale LockBit Black ransomware campaign. In a warning from New Jersey’s Cybersecurity and Communications Integration Cell, it was explained that the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The emails are sent from 1,500 unique IP addresses worldwide.

Sources: [Bleeping Computer]

Global Financial Stability at Risk Due to Cyber Threats, IMF warns

A new International Monetary Fund (IMF) report highlights the severe threat cyber attacks pose to global financial stability, revealing that nearly 20% of reported cyber incidents in the past two decades targeted the financial sector, causing $12 billion in direct losses. Since 2020, these attacks have led to an estimated $2.5 billion in direct losses. The report underscores that cyber incidents threaten financial institutions' operational resilience, potentially leading to funding challenges and reputational damage. The IMF calls for bolstered cyber security measures, including stress testing, information-sharing arrangements, and enhanced national cyber security strategies to mitigate these growing risks.

Source: [World Economic Forum]

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

An ongoing social engineering campaign that is bombarding enterprises with spam calls and emails has been uncovered. The campaign involves a threat actor overwhelming a user’s email with junk, followed by a call offering to assist in removing the junk. From here, the threat actor aims to convince the victim to download remote monitoring and management software such as AnyDesk or Microsoft’s built in Quick Assist feature to allow the attacker remote access to the victim’s machine.

Source: [The Hacker News]

Santander Data Breach via Third-Party Provider Impacted Customers and Employees

A recent disclosure by the Spanish bank Santander revealed a data breach at a third-party provider affecting customers in Chile, Spain, and Uruguay. Unauthorised access to a database hosted by the provider compromised information on all current and some former employees, but did not include transactional data, online banking details, or passwords. Santander said they swiftly implemented measures to contain the incident, blocking access to the compromised database and enhancing fraud prevention controls. The bank assured that its operations and systems remain unaffected, allowing customers to continue transacting securely. The number of impacted individuals remains unspecified.

There is a continued trend in third party providers being used as the soft underbelly to attack larger and better defended organisations, requiring all organisations to consider the security controls of their third parties.

Source: [securityaffairs.com]

40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs

Recent research has revealed that 40% of cyber teams have not reported a cyber attack due to the fear of losing their job. Unfortunately, this leaves businesses at risk of being non-compliant, without even knowing so. When it came to challenges faced by organisations, it was found that nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyber attacks and 32% did not have the resources to hire new staff. This is not to say however, they are unable to outsource some of their cyber function to cyber specialists. This lack of allocated resources prevents the organisation from being confident that any incidents have been appropriately remediated.

Source: [Business Wire]

Digital Resilience – a Step Up from Cyber Security

In an increasingly digital world, many organisations are unaware of how truly reliant they are on digital technology, and the accompanying risks. As we move toward an even more digitally dependent future, the need for digital resilience is more critical than ever. Digital resilience refers to the ability to maintain, change, or recover technology-dependent operations. Organisations should begin with an internal audit to assess their digital resilience, involving all departments and ensuring senior management oversight, as board involvement is essential for effective cyber security programmes.

Digital resilience goes beyond cyber security to encompass change management, business resilience, and operational risk. Implementing digital resilience strategies requires continuous adaptation, cross-functional collaboration, and embedding resilience thinking throughout the organisation. Businesses must integrate digital resilience into their strategic planning to ensure ongoing competitiveness and adaptability in an ever-evolving digital landscape.

Sources: [CSO Online] [CSO Online]

UK Lags Europe on Exploited Vulnerability Remediation

A new report by Bitsight reveals that UK organisations lag behind their European counterparts in remediating software flaws listed in the US ‘Known Exploited Vulnerability’ (KEV) catalogue. UK organisations take an average of 225 days to address KEVs, compared to 220 days for European entities and just 21 days for German organisations. Non-KEV vulnerabilities are patched at an even slower rate, with UK entities taking over two years (736 days) to patch. Globally, the average time to resolve KEVs is around six months (180 days). Despite fewer KEVs detected in UK environments (30% versus 43% in Europe), the slow remediation poses significant risks, emphasising the need for faster and more proactive cyber security measures, specifically robust vulnerability scanning and patching.

Source: [Infosecurity Magazine]

Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments

A recent discussion at the British Insurance Brokers' Association (BIBA) conference highlighted the increasing importance of cyber security for businesses, driven by the surge in cyber attacks and the use of AI by criminal gangs. Zurich Resilience Solutions UK noted that businesses face greater scrutiny from underwriters over their cyber exposures.

BIBA, together with the Association of British Insurers (ABI), and the International Underwriting Association (IUA), have united with the UK’s National Cyber Security Centre (NCSC) in a joint effort to tackle ransom payments. As a result of their collaboration, they have published new best practice guidance, which aims to reduce the number of payments being made by UK victims as well as the disruption businesses face.

Source: [Emerging Risks] [NCSC] [Infosecurity Magazine]

Governance, Risk and Compliance

• ICO calls on all organisations to boost their cyber security amid growing threat of cyber attacks | Practical Law (thomsonreuters.com)

• Firms neglecting cyber security basics - ICO - CIR Magazine

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Business leaders consider cyber security main disruptor – Q1 2024 survey - Verdict

• 40% of Cyber Teams Have Not Reported Cyber Attacks Over Fear of Losing Jobs, According to New VikingCloud Research | Business Wire

• The Growing Cyber Security Disconnect Leaves Enterprises Exposed (forbes.com)

• Cyber Security Is a Top Investor Concern | HackerNoon

• Cyber threats demand more focus – Zurich (emergingrisks.co.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Keep it secret, keep it safe: the essential role of cyber security in document management | CSO Online

• Cyber anxiety on the rise in the UK (betanews.com)

• UK business leaders are stressing out over pace of technological change (telecoms.com)

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• 44% of Cyber Security Professionals Struggle with Regulatory Compliance - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attacks threaten global financial stability, IMF warns | World Economic Forum (weforum.org)

• BISO: Enhancing cyber security in modern enterprises - SiliconANGLE

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• What Is Cyber Risk Quantification? | HackerNoon

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• A Third of CISOs Have Been Dismissed “Out of Hand” By the Board - Infosecurity Magazine (infosecurity-magazine.com)

• Maximizing cyber security ROI: A strategic approach | TechRadar

• Many CISOs don't feel they get the right respect from their board | TechRadar

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Lloyd’s updates cyber war wordings - Reinsurance News

• Are you meeting your cyber insurance requirements? - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• UK hit by more ransomware and cyber attacks last year than ever before (therecord.media)

• The ups and downs (and ups again) of the ransomware risk - Digital Journal

• Hackers Target Children of Corporate Executives in Ransomware Attacks (businessinsider.com)

• CISA: Black Basta ransomware breached over 500 orgs worldwide (bleepingcomputer.com)

• Cyber attacks leave significant financial impact on hacked organisations (kwch.com)

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• The UK may not have a choice on a ransomware payment ban | Computer Weekly

• 64% Jump in Ransomware Claims on Remote Access Tools, Report Shows (claimsjournal.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Organisations struggle to defend against ransomware - Help Net Security

• Ransomware statistics that reveal alarming rate of cyber extortion - Help Net Security

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Ransomware negotiator weighs in on the payment debate • The Register

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

• INC ransomware source code selling on hacking forums for $300,000 (bleepingcomputer.com)

• What is ransomware recovery? | Definition from TechTarget

• Ransomware Defence Strategies: Never Trust a Criminal (inforisktoday.com)

Ransomware Victims

• More than 470 legal actions against HSE over cyber attack (rte.ie)

• It's been a bad week for public cyber security | TechRadar

• Christie's Just Postponed the Rare Watches Auction Due to Cyber Attack (robbreport.com)

• Singing River Health System: Data of 895,000 stolen in ransomware attack (bleepingcomputer.com)

• Repeat Offenders: Black Basta’s Latest Healthcare Cyber Attack (informationweek.com)

• E-prescription provider MediSecure impacted by a ransomware attack (securityaffairs.com)

Phishing & Email Based Attacks

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Most Workers Have Clicked on a Suspicious Email Link (businessplus.ie)

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• Stay In The Loop On Emerging And Evolving Email Threat Trends (informationsecuritybuzz.com)

• Collaboration tools are now at the frontline in the battle against phishing (securitybrief.co.nz)

• 5 Common Phishing Vectors and Examples - 2024 (cybersecuritynews.com)

BEC

• Visualizing Global Losses from Financial Scams (visualcapitalist.com)

Other Social Engineering

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Low-tech tactics still top the IT security risk chart | CSO Online

• Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls (thehackernews.com)

• What is vishing and quishing, and how do you protect yourself? | PCWorld

• Beware of fake calls, ward off cyber criminals: Govt - The Statesman

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

Artificial Intelligence

• UK Government Unveils New AI Cyber Security Measures as ICO Details Importance of Data Protection | The Fintech Times

• UK agency releases tools to test AI model safety | TechCrunch

• Security industry struggles to consolidate against AI threats - SiliconANGLE

• Cyber Security Races to Unmask New Wave of AI Deepfakes (darkreading.com)

• Only one-third of firms deploy safeguards against generative AI threats, report finds | CIO Dive

• CISOs Reconsider Their Roles in Response to GenAI Integration - Security Boulevard

• AI's rapid growth puts pressure on CISOs to adapt to new security risks - Help Net Security

• Insider Risk in the Generative AI Era - InfoRiskToday

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Concern over AI cyber threats among UK infrastructure organisations | Security News (sourcesecurity.com)

• The Cyber Security Survival Guide For Generative AI (forbes.com)

2FA/MFA

• How to Prevent Attacks that Bypass MFA - InfoRiskToday

Malware

• Malware was almost 50% of threat detections in Q1 2024 | Security Magazine

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Man destroys his laptop after downloading 1,000 viruses to see which anti-virus software works the best (unilad.com)

Mobile

• Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials (thehackernews.com)

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com)

• Apple warns of increased iPhone security risks – Computerworld

• Apple and Google agree on standard to alert people when unknown Bluetooth devices may be tracking them | TechCrunch

• Protect against iPhone trojan GoldPickaxe: How-to - 9to5Mac

• Unwanted Tracking Alerts Rolling Out to iOS, Android - Security Week

• Apple blocked $7 billion in fraudulent App Store purchases in 4 years (bleepingcomputer.com)

• Android boosting security with Theft Detection Lock, factory reset protection  (9to5google.com)

• Data Privacy: All the Ways Your Cellphone Carrier Tracks You and How to Stop It

• Your Android phone could have stalkerware — here’s how to remove it | TechCrunch

Internet of Things – IoT

• Attack makes autonomous vehicle tech ignore road signs • The Register

• Millions of IoT Devices at Risk From Integrated Modem (darkreading.com)

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• IoT Vulnerabilities and BotNet Infections: A Risk for Executives - Security Boulevard

Data Breaches/Leaks

• Over 5.3 billion data records exposed in April 2024 | Computer Weekly

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Notorious threat actor IntelBroker claims the hack of the Europol (securityaffairs.com)

• Hacker claims another breach into Dell systems | SC Media (scmagazine.com)

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• Hacker claims to have stolen Dell customer data, twice. Here's how to protect yourself | ZDNET

• Santander Data Breach Impacts Customers, Employees - Security Week

• Employee data breaches up 41% - Personnel Today

• The legal sector's data breach conundrum: insights from ICO's latest report - Solicitors Journal

• JPMorgan Chase Suffers Data Breach Affecting Personal Information of 451,809 Customers - The Daily Hodl

• JPMorgan Fixes Security Flaw, Affects 450K Retirement Plans | Entrepreneur

• Europol confirms incident after data break-in claims • The Register

• Largest non-bank lender in Australia warns of a data breach (bleepingcomputer.com)

• Guernsey data breaches: More than 1,000 people affected - BBC News

• Up to 120,000 affected by data breach at City of Helsinki (helsinkitimes.fi)

• Billion-Dollar Bank Sued After Revealing Massive Data Breach Affecting Thousands of Customers, Exposing Account Details, Social Security Numbers and Medical Information: Report - The Daily Hodl

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

• Camden Council cyber attack warning after NRS Healthcare cyber attack | Ham & High (hamhigh.co.uk)

• Lessons learned from high-profile data breaches | TechTarget

• Zscaler Confirms Only Isolated Test Server Was Hacked - Security Week

• Nissan North America data breach impacts over 53,000 employees (bleepingcomputer.com)

Organised Crime & Criminal Actors

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• FBI working towards nabbing Scattered Spider hackers, official says | Reuters

• Low-tech tactics still top the IT security risk chart | CSO Online

• The Growing Cyber Threat Landscape: Insights into State-Sponsored and Criminal Cyber Activities | HackerNoon

• Top 5 Most Dangerous Cyber Threats in 2024 (darkreading.com)

• Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Insider Risk and Insider Threats

• Low-tech tactics still top the IT security risk chart | CSO Online

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Insider Risk in the Generative AI Era - InfoRiskToday

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• CISOs call to ditch the 'stigma of blame' in cyber security (computing.co.uk)

Insurance

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• NCSC guide to help businesses facing ransomware demands (biba.org.uk)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• Lloyd’s provides tighter guidance on cyber war wordings | Insurance Insider

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Are you meeting your cyber insurance requirements? - Help Net Security

Supply Chain and Third Parties

• Most Companies Affected by Software Supply Chain Attacks in the Last Year, Struggling to Detect and React Effectively - IT Security Guru

• Santander: a data breach at a third-party provider impacted customers and employees (securityaffairs.com)

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

Cloud/SaaS

• How to create a cloud security policy, step by step | TechTarget

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Secrecy Concerns Mount Over Spy Powers Targeting US Data Centres | WIRED

Encryption

• You want us to think of the children? Couldn't agree more • The Register

Linux and Open Source

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Establishing a security baseline for open source projects - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• The 10 most common 4-digit PIN numbers — are you at risk of a cyber attack? (nypost.com)

Social Media

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

Training, Education and Awareness

• The Future of Security Awareness - GovInfoSecurity

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

Regulations, Fines and Legislation

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

• Nigeria Halts Cyber Security Tax After Public Outrage (darkreading.com)

Models, Frameworks and Standards

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

Careers, Working in Cyber and Information Security

• The cyber security skills shortage: A CISO perspective | CSO Online

• Why cyber security staff burn out, and what to do about it (computing.co.uk)

Law Enforcement Action and Take Downs

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Lloyd’s updates cyber war wordings - Reinsurance News

• Civil society under increasing threats from ‘malicious’ state cyber actors, US (therecord.media)

Nation State Actors

China

• Cyber threat landscape permanently altered by Chinese operations, US officials say (therecord.media)

• GCHQ boss says China's 'genuine' cyber threat 'weakens security of internet for all' | Science & Tech News | Sky News

• Tracking the Progression of Earth Hundun's Cyber espionage Campaign in 2024 | Trend Micro (US)

• When Chinese Nationalist Hackers Go Rogue (globelynews.com)

• Can't blame all Chinese cyber attacks on the government - Asia Times

• How the West has struggled to keep up with China’s spy threat - BBC News

• Stifling Beijing in cyber space big focus for UK operatives • The Register

• China focuses on non-military ways to take Taiwan, reports warn - Washington Times

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• Chinese Crime Ring Uses Franchise Model to Grow Fake Online Shops (businessinsider.com)

• Three men charged with aiding Hong Kong intelligence service, says Met | UK news | The Guardian

Russia

• Russia is ramping up sabotage across Europe (economist.com)

• File Not Found: Russia Is Hacking Evidence of Its War Crimes - War on the Rocks

• NATO Draws a Cyber Red Line in Tensions With Russia - Security Week

• Pro-Russia hackers targeted Kosovo government websites (securityaffairs.com)

• Russian Actors Weaponize Legitimate Services in Multi-Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK 'increasingly concerned' about Russian intelligence links to hacktivists (therecord.media)

• To the Moon and back(doors): Lunar landing in diplomatic missions (welivesecurity.com)

• New backdoors on a European government's network appear to be Russian (therecord.media)

• 'Russian' hackers deface potentially hundreds of local British news sites (therecord.media)

• Investigation: How Russia's Warplanes Get Their 'Brain Power' From The West, Despite Sanctions

• The Three Seas Initiative: A Vanguard in Digitization and Cyber Security | Warsaw Institute

Iran

• Iran most likely to launch destructive cyber attack on US • The Register

North Korea

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

Vulnerability Management

• Not Just MOVEit: 2023 Was a Banner Year for Zero-Days (inforisktoday.com)

• (Cyber) Risk = Probability of Occurrence x Damage (thehackernews.com)

• Critical vulnerabilities take 4.5 months on average to remediate - Help Net Security

• The Fall of the National Vulnerability Database (darkreading.com)

• Backlogs at National Vulnerability Database prompt action from NIST and CISA | CSO Online

• UK Lags Europe on Exploited Vulnerability Remediation - Infosecurity Magazine (infosecurity-magazine.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped - Infosecurity Magazine (infosecurity-magazine.com)

• Heartbleed: When Is It Good to Name a Vulnerability? (darkreading.com)

Vulnerabilities

• Google Chrome emergency update fixes 6th zero-day exploited in 2024 (bleepingcomputer.com)

• Google patches third exploited Chrome zero-day in a week (bleepingcomputer.com)

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com) 

• Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days (thehackernews.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day (darkreading.com)

• New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (thehackernews.com)

• Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  - Security Week

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• CISA and FBI Issue Alert on Path Traversal Vulnerabilities - Security Boulevard

• VMware Patches Severe Security Flaws in Workstation and Fusion Products (thehackernews.com)

• Firefox 126: Telemetry, privacy feature, and security fixes - gHacks Tech News

• SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Security Week

• Adobe Patches Critical Flaws in Reader, Acrobat - Security Week

• Cisco Releases Security Updates for Multiple Products | CISA

• Microsoft shares temp fix for Outlook encrypted email reply issues (bleepingcomputer.com)

Tools and Controls

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• How To Implement Threat Modeling To Protect Your Business - Minutehack

• How to create a cloud security policy, step by step | TechTarget

• Hackers use DNS tunneling for network scanning, tracking victims (bleepingcomputer.com)

• AWS CISO: In AI gold rush, folks forget application security • The Register

• What Is Cyber Risk Quantification? | HackerNoon

• Best Practices for Preparing for a Cyber Breach | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Ridding your network of NTLM | CSO Online

• Maximizing cyber security ROI: A strategic approach | TechRadar

• What is ransomware recovery? | Definition from TechTarget

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• Addressing the Cyber Security Vendor Ecosystem Disconnect (darkreading.com)

• The Future of Security Awareness - GovInfoSecurity

• Microsoft Deploys Generative AI for US Spies | WIRED

• How to Think About Foundation Models for Cyber Security | Andreessen Horowitz (a16z.com)

Reports Published in the Last Week

• Learning from the mistakes of others – A retrospective review | ICO

• 2024 Browser Security Report (layerxsecurity.com)

• At-Bay's 2024 InsurSec Report [Download Now]

• Kaspersky’s Incident Response Analyst report 2023 (kasperskycontenthub.com)

Other News

• Microsoft president summoned to House over security blunders • The Register

• National Cyber Security Centre: Tech market not working - The Business Magazine

• Critical infrastructure security needs everyone's help • The Register

• Your Hospital Is Under Cyber Attack. Now What? (newsweek.com)

• BT, TalkTalk, Virgin Media and Vodafone on UK Router Security and Upgrades - ISPreview UK

• Hackers use DNS tunnelling for network scanning, tracking victims (bleepingcomputer.com)

• NCSC CTO: Broken market must be fixed to usher in new tech • The Register

• Public Sector IT is Broken: Turning the System Back On - IT Security Guru

• The Cyber Security Implications Of Gen Z’s Tech-Savvy Lifestyle (forbes.com)

• Fortify Your Digital Defences: Top Home Cyber Security Strategies for Personal Protection | HackerNoon

• Classes cancelled as 'sinister' school cyber attacks rise - BBC News

• Irony abounds as UK NCSC’s simple door codes revealed • The Register

• Candidates to get cyber security support amid general election interference fears (nation.cymru)

• NCSC launches Share and Defend capability | UKAuthority

• Too many ICS assets are exposed to the public internet - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Turbulent Cyber Insurance Market Sees Rising Prices And Sinking Coverage

As insurers and brokers reckon with unexpected losses, they're charging more for policies and setting higher requirements.

Chaos reigns in the cyber insurance market. Brokers and cyber insurance carriers — the companies that actually offer the policies — are tightening requirements on what applicants need to do to obtain policies due to losses the insurers have suffered from ransomware coverage. During the past year, premiums grew 18% in the first quarter of 2021 and were up 34% in the fourth quarter of 2021, according to Jess Burn, senior analyst at Forrester.

Organisations often find they cannot obtain cyber insurance, are not being renewed for coverage they already have, or are faced with soaring prices and shrinking coverage. Despite the value many organisations put on cyber insurance — in some cases, they're required to carry it to comply with regulations — obtaining such policies is getting more difficult.

While raising premiums, some insurers are reducing coverage. If an organisation bought $10 million worth of coverage for a given price in 2021, for example, renewing that policy in 2022 might see the coverage amount fall to $3 million and the premiums for that lower coverage rise. This phenomenon is due, in part, to insurers trying to strike the right balance of customers' risk profile versus their risk-mitigation efforts.

https://www.darkreading.com/edge-articles/turbulent-cyber-insurance-market-sees-rising-prices-and-sinking-coverage

• Ransomware Attacks Still The #1 Threat To Businesses And Organisations

In 2021, ransomware attacks continued to be one of the most prominent threats targeting businesses and organisations worldwide.

High-profile attacks disrupted operations of companies in various sectors.

For example, the Colonial Pipeline attack interrupted critical infrastructure, the JBS Foods attack influenced food processing, and the CNA breach disrupted the insurance industry.

Following the attacks, pressure of law enforcement on ransomware gangs intensified, though simultaneously these threat actors continued to evolve.

They are not only becoming more technologically sophisticated but are also extensively leveraging the growing cyber crime ecosystem looking to find new partners, services and tools for their operations.

https://www.helpnetsecurity.com/2022/05/30/ransomware-trends-video/

• Third Of UK Firms Have Experienced A Security Breach Since 2020

Cyber threats are behind soaring fraud and economic crime in the UK, where rates are now second only globally to South Africa, according to PwC.

The consulting giant’s latest Global Economic Crime Survey revealed that nearly two-thirds (64%) of UK businesses experienced fraud, corruption or other economic/financial crime during the past 24 months, a significant increase on the 56% recorded in 2020, and 50% in 2018.

It’s also much higher than the 2022 global average of 46%, PwC said.

Cyber crime was the most commonly reported fraud type, although figures here dropped from 42% in 2020 to 32% in 2022. Included for the first time in the report, supply chain incidents accounted for 19%.

Most (51%) reported fraud cases in the UK were traced back to external parties, versus just 43% globally. The top three culprits were cited as customers, hackers and vendors/suppliers.

https://www.infosecurity-magazine.com/news/third-uk-security-breach-2020/

• There Is No Good Digital Transformation Without Cyber Security

Network engineers and CIOs agree that cyber security issues represent the biggest risk for organisations that fail to put networks at the heart of digital transformation plans. According to research commissioned by Opengear, 53% of network engineers and 52% of CIOs polled in the US, UK, France, Germany, and Australia rank cyber security among the list of their biggest risks.

The concerns are fuelled by an escalating number of cyber attacks. In fact, 61% of CIOs report an increase in cyber security attacks/breaches from 2020-21 compared to the preceding two years. For digital transformation of networking, 70% of network engineers say security is the most important focus area, and 31% say network security is their biggest networking priority.

Digital transformation is a priority, but cyber security risk remains. CIOs also understand the importance of the issues. 51% of network engineers say their CIOs have consulted them on investments to deliver digital transformation plans, the highest priority in the survey.

What’s more, 41% of CIOs rank cyber security among their organisation’s most important investment priorities over the next year, with 35% stating it is among the biggest over the next five years. In both cases, cyber security ranks higher than any other factor.

https://www.helpnetsecurity.com/2022/05/31/digital-transformation-cybersecurity-risk/

• Ransomware Gang Now Hacks Corporate Websites To Show Ransom Notes

A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes.

This new extortion strategy is being conducted by Industrial Spy, a data extortion gang that recently began using ransomware. As part of their attacks, Industrial Spy will breach networks, steal data, and deploy ransomware on devices. The threat actors then threaten to sell the stolen data on their Tor marketplace if a ransom is not paid.

When ransomware gangs extort a victim, they typically give them a short window, usually a few weeks, to negotiate and pay a ransom before they start leaking data.

During this negotiation process, the threat actors promise to keep the attack secret, provide a decryption key, and delete all data if a ransom is paid.

After this period, the threat actors will use various methods to increase pressure, including DDoS attacks on corporate websites, emailing customers and business partners, and calling executives with threats.

These tactics are all done privately or with minimal exposure on their data leak sites, which are usually only visited by cyber security researchers and the media.

However, this is the first time we have seen a ransomware gang defacing a website to very publicly display a ransom note.

https://www.bleepingcomputer.com/news/security/ransomware-gang-now-hacks-corporate-websites-to-show-ransom-notes/

• Attackers Are Leveraging Follina, A Critical Microsoft Windows Vulnerability Affecting Nearly All Versions of Windows and Windows Server. What Can You Do?

As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns.

Microsoft has described CVE-2022-30190 as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability, confirmed it affects an overwhelming majority of Windows and Windows Server versions, and advised on a workaround to be implemented until a patch is ready.

https://www.helpnetsecurity.com/2022/06/03/patch-cve-2022-30190/

• Ransomware Attacks Need Less Than Four Days To Encrypt Systems

The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019.

This change reflects a more streamlined approach that developed gradually over the years to make large-scale operations more profitable.

At the same time, improvements in incident response and threat detection have forced threat actors to move quicker, to leave defenders with a smaller reaction margin.

The data was collected by researchers at IBM's X-Force team from incidents analysed in 2021. They also noticed a closer collaboration between initial access brokers and ransomware operators.

Previously, network access brokers might wait for multiple days or even weeks before they found a buyer for their network access.

In addition, some ransomware gangs now have direct control over the initial infection vector, an example being Conti taking over the TrickBot malware operation.

Malware that breaches corporate networks is quickly leveraged to enable post-exploitation stages of the attack, sometimes completing its objectives in mere minutes.

https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/

• 57% Of All Digital Crimes In 2021Were Scams

Group-IB shares its analysis of the landscape of the most widespread cyber threat in the world: scams. Accounting for 57% of all financially motivated cyber crime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups.

The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to SaaS (Scam-as-a-Service), in 2021 the number of cyber criminals in one scam gang increased 10 times compared to 2020 and now reaches 100.

Traffic has become the circulatory system of scam projects: researchers emphasise that the number of websites used for purchasing and providing “grey” and illegal traffic and that lure victims into fraudulent schemes has increased by 1.5 times. Scammers are going into 2022 on a new level of scam attack automation: no more non-targeted users. Scammers are now attracting specific groups of victims to increase conversion rates. Social media are more often becoming the first point of contact between scammers and their potential victims.

https://www.helpnetsecurity.com/2022/05/31/scams-widespread-cyber-threat/

• Intelligence Is Key To Strategic Business Decisions

Businesses have a growing need for greater relevance in the intelligence they use to inform critical decision-making. Currently just 18% of professionals responsible for security, risk, or compliance in their organisation feel that the intelligence they receive is “very specific and focused on their business”, a S-RM research reveals.

6 in 10 respondents also say the intelligence they receive takes too much time to analyse, meaning it does not always result in better informed decision making. This was the top reason behind dissatisfaction with external intelligence, identified by over 200 professionals working at companies with revenues of over $250 million.

The second most likely reason was that information was not tailored to business needs (47%), followed by too much information (35%).

Growing demand for the use of strategic intelligence has been prompted by increasing cyber (51%) and regulatory concerns (50%). And while these two factors have been climbing the boardroom agenda for years, geopolitical uncertainty has made the need to respond to these developments more acute. In particular, the Russia-Ukraine conflict has created a complex sanctions regime for businesses to operate.

Additionally, navigating the complexities of the COVID-19 pandemic has been a key challenge for businesses in the past three years, with 40% citing this as a catalyst in driving a growing need for strategic intelligence.

https://www.helpnetsecurity.com/2022/06/03/intelligence-decision-making/

• How Cyber Criminals Are Targeting Executives At Home And Their Families

Top executives and their families are increasingly being targeted on their personal devices and home networks, as sophisticated threat actors look for new ways to bypass corporate security and get direct access to highly sensitive data.

https://www.helpnetsecurity.com/2022/06/01/cybercriminals-targeting-executives-video/

Threats

Ransomware

• Cyber criminals Expand Attack Radius and Ransomware Pain Points | Threatpost

• FBI, CISA warn: Don't get caught in Karakurt's web • The Register

• Conti ransomware targeted Intel firmware for stealthy attacks (bleepingcomputer.com)

• GoodWill Ransomware victims have to perform socially driven activities to decryption their dataSecurity Affairs

• YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links (darkreading.com)

• Conti Leaks Reveal Ransomware Gang's Interest in Firmware-based Attacks (thehackernews.com)

• Evil Corp switches to LockBit ransomware to evade sanctions (bleepingcomputer.com)

• Ransomware attack sends New Jersey county back to 1977 • The Register

• Ransomware roundup: System-locking malware dominates headlines | CSO Online

• What if ransomware evolved to hit IoT in the enterprise? • The Register

• How Costa Rica found itself at war over ransomware | CSO Online

• Experts warn of ransomware attacks on government orgs of small states - Security Affairs

• Foxconn confirms ransomware attack disrupted production in Mexico (bleepingcomputer.com)

• Hanesbrands says it suffered a ransomware attack on May 24 and has informed law enforcement - MarketWatch

• Why Ransomware Timeline Shrinks By 94%? – Information Security Buzz

• Hundreds of Elasticsearch databases targeted in ransom attacks (bleepingcomputer.com)

BEC – Business Email Compromise

• Why Stopping Business Email Compromise (BEC) Needs To Be A Priority For MSPs - MSSP Alert

• Language-based BEC attacks rising - Help Net Security

Phishing & Email Based Attacks

• Watch out for phishing emails that inject spyware trio • The Register

• Existential Phishing Schemes | The New Yorker

• Telegram’s blogging platform abused in phishing attacks (bleepingcomputer.com)

Other Social Engineering

• Hacker steals Verizon employee database after tricking worker into granting remote access (bitdefender.com)

• Vishing attacks: What they are and how organisations can protect themselves - Help Net Security

• Beware the Smish! Home delivery scams with a professional feel… – Naked Security (sophos.com)

Malware

• New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers (thehackernews.com)

• LuoYu APT delivers WinDealer malware via man-on-the-side attacks - Security Affairs

• EnemyBot malware adds enterprise flaws to exploit arsenal • The Register

• Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network (thehackernews.com)

• Logic bombs explained: Definition, examples, and prevention | CSO Online

Mobile

• Top 10 Android banking trojans target apps with 1 billion downloads (bleepingcomputer.com)

• WhatsApp accounts hijacked by call forwarding | Malwarebytes Labs

• SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities (thehackernews.com)

• SMSFactory Android malware sneakily subscribes to premium services (bleepingcomputer.com)

• Phishers Having a Field Day on WhatsApp, Telegraph (darkreading.com)

• Apple blocked 1.6 millions apps from defrauding users in 2021 (bleepingcomputer.com)

Organised Crime & Criminal Actors

• FBI warns of Ukrainian charities impersonated to steal donations (bleepingcomputer.com)

• Euro Cops Bust $47m Money Laundering Operation - Infosecurity Magazine (infosecurity-magazine.com)

• Three Nigerian Users of Agent Tesla RAT Arrested | SecurityWeek.Com

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

• Americans report losing over $1 billion to cryptocurrency scams (bleepingcomputer.com)

• Clipminer malware gang stole $1.7M by hijacking crypto payments (bleepingcomputer.com)

• Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack (bleepingcomputer.com)

• WatchDog hacking group launches new Docker cryptojacking campaign (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• $39.5 billion lost to phone scams in last year - Help Net Security

• Fast loan scam: Here's how it works and why Lloyds Bank has put out an urgent warning | This is Money

• Britain's biggest bank issues 'urgent warning' over new scam (telegraph.co.uk)

• Scams account for most of all financially motivated cyber crime - Help Net Security

AML/CFT/Sanctions

• Evil Corp Pivots LockBit to Dodge US Sanctions | Threatpost

Supply Chain and Third Parties

• To better manage cyber security risk, extend zero-trust principles to third parties | TechCrunch

Denial of Service DoS/DDoS

• DDoS threats growing in sophistication, size, and frequency - Help Net Security

• DDoS attackers continue to innovate, devising new threats and altering attack strategies - Help Net Security

Open Source

• Linux malware is on the rise—6 types of attacks to look for | CSO Online

• The Open Source Software Security Mobilization Plan: Takeaways for security leaders | CSO Online

Privacy

• Vodafone plans carrier-level user tracking for targeted ads (bleepingcomputer.com)

• Europe's hope to scan devices for unlawful files criticized • The Register

Passwords & Credential Stuffing

• Why are many businesses still not using a password manager? - Help Net Security

Regulations, Fines and Legislation

• ExpressVPN Removes Servers in India After Refusing to Comply with Government Order (thehackernews.com)

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• NSA general confirms US offensive cyber ops in Ukraine war • The Register

• Deadly Secret: Electronic Warfare Shapes Russia-Ukraine War | SecurityWeek.Com

• Anonymous: Operation Russia after 100 days of war - Security Affairs

• Chinese LuoYu hackers deploy cyber-espionage malware via app updates (bleepingcomputer.com)

Nation State Actors

Nation State Actors – Russia

• Germany issues fresh warning to banks of cyber attacks due to Ukraine war | Reuters

Nation State Actors – China

• China-linked TA413 group actively exploits Microsoft Follina Zero-Day flawSecurity Affairs

• Chinese state media propaganda found in 88% of Google, Bing news searches - CyberScoop

• Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor (thehackernews.com)

• How Beijing’s surveillance cameras crept into Britain’s corridors of power (telegraph.co.uk)

Nation State Actors – North Korea

• The day the NHS was held to ransom by North Korean cyber hackers (telegraph.co.uk)

Nation State Actors – Iran

• Microsoft Disables Iran-Linked Lebanese Hacking Group Polonium (darkreading.com)

• Iranian hackers planned attack on Boston Children's Hospital last summer, FBI director says - CyberScoop

Nation State Actors – Misc APT

• Microsoft blocks Polonium hackers from using OneDrive in attacks (bleepingcomputer.com)

• Snake carried out over 1,000 attacks since April 2020 - Security Affairs

• SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years (thehackernews.com)

Vulnerability Management

• Focus resources on patching most threatening vulns: research • The Register

Vulnerabilities

• CISA adds 75 vulnerabilities to catalogue in 3 days- IT Security Guru

• Fighting Follina: Application Vulnerabilities and Detection Possibilities (darkreading.com)

• Yet another zero-day (sort of) in Windows “search URL” handling – Naked Security (sophos.com)

• Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation (thehackernews.com)

• Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover (darkreading.com)

• Microsoft Azure vulnerabilities pose new cloud security risk - Protocol

• GitLab Issues Security Patch for Critical Account Takeover Vulnerability (thehackernews.com)

• New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email (thehackernews.com)

Sector Specific

Financial Services Sector

• Germany issues fresh warning to banks of cyber attacks due to Ukraine war | Reuters

Government

• Experts warn of ransomware attacks on government orgs of small states - Security Affairs

Health/Medical/Pharma Sector

• Twice as Many Healthcare Organisations Now Pay Ransom - Infosecurity Magazine

• Novartis says no sensitive data was compromised in cyber attack (bleepingcomputer.com)

• Costa Rica’s public health agency hit by Hive ransomware (bleepingcomputer.com)

Transport and Aviation

• Turkish airline suffers 6.5TB data leak - IT Security Guru

CNI, OT, ICS, IIoT and SCADA

• Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms | SecurityWeek.Com

• Industrial IoT ransomware attacks control systems directly (scmagazine.com)

• Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks (thehackernews.com)

Food and Agriculture

• JBS Foods cyber attack highlights industry vulnerabilities to Russian hackers - ABC News

Web3

• Why web3 companies get hacked so often, according to crypto VC Grace Isford | TechCrunch

Other News

• How Failing to Prioritize Cyber Security can Hurt Your Company (analyticsinsight.net)

• Cyber security needs a whole-of-society effort | The Hill

• 40% of enterprises don't include business-critical systems in their cyber security monitoring - Help Net Security

• Bad news: The cyber security skills crisis is about to get even worse | ZDNet

• Nearly Three-Quarters of Firms Suffer Downtime from DNS Attacks - Infosecurity Magazine

• CIOs and network engineers rank cyber security among the biggest risks - Help Net Security

• How USB Drives Can Be a Danger to Your Computer (howtogeek.com)

• Australian digital driver's licenses hackable in minutes • The Register

• Over 3.6 million MySQL servers found exposed on the Internet (bleepingcomputer.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.