Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Over Half of Companies Experienced Cyber Security Incidents Last Year

According to a recent global survey, over half of the participating companies faced major security incidents in the past year, necessitating additional resources to tackle these challenges. Despite these incidents, many organisations claim improved performance on key cyber security indicators and express confidence in their threat detection capabilities. The research highlights a concerning discrepancy between perceived security measures and the actual state of security operations, underscoring a lack of comprehensive visibility and effective response mechanisms within companies. Particularly concerning is the finding that organisations can typically monitor only two-thirds of their IT environments, exposing significant vulnerabilities. Furthermore, the study points to a greater need for greater automation and third-party assistance in threat detection and response, suggesting that while companies are aware of their shortcomings, the path to enhanced security involves embracing AI-driven solutions to close these gaps. This insight highlights to leadership the importance of investing in advanced cyber security technologies and expertise to safeguard the organisation’s digital assets effectively.

Sources: [Beta News] [Verdict]

Deepfake Video Conference Costs Business $25 Million

There has been a surge in the number of artificial intelligence deepfake attacks where technology is being used to impersonate individuals. In one case, a finance professional at a multinational was reportedly swindled out of $25 million (HK$200 million) of company money when scammers created a deepfake of his London-based chief financial officer in a video conference call, faking both the CFO’s look and voice. The scam involved the fake CFO making increasingly urgent demands to execute money transfers, resulting in 15 transfers from the victim employee. The reality of the attack was only discovered by the victim after he had contacted the company’s corporate head office.

Sources: [The Register] [Help Net Security] [TechCentral ] [Tripwire]

Watershed Year for Ransomware as Victims Rose by Almost 50% And Payments Hit $1 Billion All-Time High

Even with enforcers shutting down some ransomware gangs, the business of ransomware is booming. A recent report from Palo Alto Networks Unit 42 found a 49% increase in the number of victims reported on ransomware leak sites; this does not include those who were victims but did not appear on sites. This comes as ransomware hit an all time high, with over $1b made in ransomware payments. Of note, this is just ransom payments; this does not take in to account reputational damage, recovery costs and loss in share value. The real effects of a ransomware attack may take months or even years to materialise. As ransomware remains a constant threat, it is important for organisations to be prepared.

Sources: [The Verge ] [Malwarebytes] [Infosecurity Magazine] [CSO Online] [ITPro] [TechRadar]

Malware-as-a-Service Now the Top Threat to Organisations

Recent studies have underscored a significant shift in the cyber threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) now dominating. These ‘as-a-service’ tools are particularly concerning as they lower the barrier to entry for cyber criminals, enabling even those with limited technical knowledge to launch sophisticated attacks. The report found that the most common as-a-Service tools were Malware loaders (77% of investigated threats), crypto-miners (52% of investigated threats) and botnets (39% of investigated threats). These findings underscore the adaptability of these threats, with malware strains being developed with multiple functions to maximise damage. Despite these trends, traditional methods like phishing continue to pose significant challenges for security teams. It’s clear that staying ahead of these evolving threats requires a proactive and comprehensive approach to cyber security.

Sources:[Infosecurity Magazine] [Beta News] [Help Net Security]

Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances

A recent report has found that over 97% of UK firms have paid a ransom in the last two years, finding even more reason to operate in a when-not-if environment. When asked about their recovery in an event, 38% said they could recover in four to six days, and 34% need one to two weeks to recover; almost one in four (24%) need over three weeks to recover data and restore business processes. Only 12% said their company had stress-tested their data security, data management, and data recovery processes or solutions in the six months prior to being surveyed, and 46% had not tested their processes or solutions in over 12 months.

Sources: [The FinTech Times] [ Help Net Security]

Chinese State Hackers Hid in National Infrastructure for at Least 5 Years

US cyber officials have said that they discovered China-sponsored hackers lurking in American computer networks, positioning themselves to disrupt communications, energy, transportation and water systems; and this had been going on for at least 5 years. This has led to a joint warning from the US FBI, National Security Agency and Cyber Infrastructure and Security Agency, which has been cosigned by Britain, Canada, Australia and New Zealand. This dwell time isn’t just something that is encountered in critical infrastructure networks; attackers lurk on networks, undiscovered often for years, allowing them to see everything going on in the corporate environment.

Sources: [NTD] [Washington Times]

Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor

Email attacks against businesses have increased dramatically as hackers continually use generative AI tools to optimise their content and streamline malicious campaigns, new research has claimed.

The report from Acronis is based on data collected from more than a million unique endpoints across 15 countries, and found AI-powered phishing affected more than 90% of organisations last year. AI helped has email attacks grow by 222% since the second half of 2023.

Sources: [New Electronics] [TechRadar]

Security Leaders, C-Suite Unite to Tackle Cyber Threats

A recent survey found that CEOs are taking a more hands-on approach and prioritising cyber resilience in 2024, leading to the breakdown of traditional silos between IT operations and security teams. The survey polled over 200 C-Suite and senior-level IT executives globally, and revealed a growing recognition of the importance of collaboration in combating sophisticated cyber threats, with 99% of respondents observing increased connectivity between the teams over the past year. While progress has been made, challenges remain, with only 48% of organisations establishing joint protocols for incident mitigation or recovery. Looking ahead, respondents anticipate a significant role for artificial intelligence (AI) in enhancing security efforts, with 68% expecting AI to streamline threat detection and response. Despite advancements, fragmented data protection solutions persist as a challenge, impacting over 90% of organisations' cyber resiliency. This underscores the need for a top-down approach to cyber security, with CEOs and boards driving collaboration between IT operations and security teams to optimise cyber preparedness initiatives and mitigate cyber risks effectively.

Source: [Security Boulevard]

UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons

UN sanction monitors are investigating dozens of suspected cyber attacks by North Korea that have raked in $3 billion to help North Korea further its nuclear weapons programme, according to excerpts of an unpublished UN report. “The panel is investigating 58 suspected DPRK cyber attacks on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help fund DPRK’s WMD development,” according to the monitors, who report twice a year to the 15-member security council.

Source: [The Guardian]

What Does a ‘Cyber Security Culture’ Actually Entail?

Fostering a robust cyber security culture emerges as a critical imperative for organisations in 2023, as revealed by ITPro Today's "State of Cybersecurity in 2023" study. Despite this recognition, organisations grapple with various challenges, including budget constraints, staffing shortages, and the failure to implement fundamental security practices like the principle of least privilege and zero trust. Insufficient staffing and constrained budgets elevate the risk of breaches, emphasising the need for a collective effort to bolster security measures.

Cultivating a cyber security culture entails educating every employee on security risks and holding them accountable for risk reduction efforts. While security teams play a pivotal role in setting expectations and providing guidance, a culture of cyber security necessitates continuous training, integration of security into everyday work, and clear delineation of risk ownership throughout the organisation. By prioritising proactive measures and fostering individual responsibility, organisations can fortify their defences against evolving cyber threats and mitigate risks effectively.

Source: [ITPro Today]

Beyond Checkboxes: Security Compliance as a Business Enabler

In today's complex business landscape, regulatory requirements are increasingly intricate, especially concerning cyber security compliance. While compliance might evoke images of stringent regulations and time-consuming audits, reframing our perspective reveals its potential as a vital business enabler. Security leaders, in collaboration with senior management, must cultivate a culture where commitment to cyber security compliance permeates the organisation, emphasising its role in fostering trust, facilitating global market access, and even serving as a competitive advantage. Moreover, robust compliance programs drive operational efficiency, innovation, and cost savings in the long run. Embracing cyber security compliance as a strategic enabler, rather than a regulatory burden, positions businesses for success, innovation, and resilience in an ever-evolving digital landscape.

Source: [Forbes]

No One in Cyber Security Is Ready for the SolarWinds Prosecution

The concept of "materiality" has taken centre stage for Chief Information Security Officers (CISOs) in light of new SEC regulations, requiring US public companies to disclose "material cyber security incidents" within four days. The SolarWinds breach and subsequent SEC charges against the company and its CISO highlight the seriousness of these regulations. This shift necessitates a deeper understanding of what constitutes "material" risk in cyber security and a more transparent approach to risk communication. However, many CISOs face challenges in quantifying and communicating cyber risks effectively to boards and executives, who often lack familiarity with cyber security terminology. This regulatory change underscores the need for CISOs to bridge the gap between cyber security and financial reporting, ensuring accurate and precise risk communication at the C-Suite level. Additionally, policymakers should incentivise C-Suite accountability for cyber risk management, fostering a culture where cyber risks are addressed proactively and transparently.

Source:[Council on Foreign Relations]

Governance, Risk and Compliance

• Over half of companies experienced cyber security incidents last year (betanews.com)

• Beyond Checkboxes: Security Compliance As Business Enabler (forbes.com)

• What Goes Into a Strong Cyber Security Culture? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Why an HR-IT Partnership is Critical for Managing Cyber Security Risk - Security Boulevard

• The Cyber Threats Every C-Level Exec Should Care About In 2024 (forbes.com)

• Never Mind the Buzz; Here's the Consequences: No One in Cyber Security Is Ready for the SolarWinds Prosecution | Council on Foreign Relations (cfr.org)

• Security Leaders, C-Suite Unite to Tackle Cyberthreats - Security Boulevard

• Cyber Security, Hybrid Workforce Management Among Top 2024 Business Challenges (allwork.space)

• How CISOs navigate policies and access across enterprises - Help Net Security

• Resisting Hindsight Bias: A Proposed Framework for CISO Liability - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• The ransomware business is booming, even as enforcers shut down some players - The Verge

• Ransomware victim numbers rose by 50% in 2023 | CSO Online

• Known ransomware attacks up 68% in 2023 | Malwarebytes

• Paying ransoms is becoming a cost of doing business for many - Help Net Security

• Ransomware Payments Hit $1bn All-Time High Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• Chainalysis: 2023 a 'watershed' year for ransomware | TechTarget

• The hidden cost of ransomware is more painful than many realize | ITPro

• Cohesity Reveals over 9 in 10 UK Firms Have Paid Ransoms Despite Alleged "No Pay" Stances | The Fintech Times

• Is critical infrastructure prepared for OT ransomware? • The Register

• Akira and 8Base are the ransomware gangs to watch in 2024 • The Register

• Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)

• ‘These are threat-to-life crimes’: How hospitals are responding to a rise in ransomware attacks – NBC4 Washington (nbcwashington.com)

• NCC Group records the most ransomware victims ever in 2023 | TechTarget

• LockBit Reigns Supreme in Soaring Ransomware Landscape - Infosecurity Magazine (infosecurity-magazine.com)

• How security experts unravel ransomware (engadget.com)

• Cyber Attacks by North Korea raked in $3bn to build nuclear weapons, UN monitors suspect | North Korea | The Guardian

• US govt ups bounty on Hive ransomware gang members to $15M • The Register

Ransomware Victims

• Industry giants Clorox and Johnson Controls report financial losses from cyber attacks (therecord.media)

• Clorox says cyber attack caused $49 million in expenses (bleepingcomputer.com)

• Blackbaud blasted for failing to prevent customer breaches | Computer Weekly

• Lurie Children's Hospital cyber attack forces systems offline • The Register

• Blackbaud settles FTC data security probe into 2020 ransomware attack | K-12 Dive (k12dive.com)

• Thanks to a shadowy hacker group, the British Library is still on its knees. Is there any way to stop them? | Lamorna Ash | The Guardian

• California union confirms ransomware attack following LockBit claims (therecord.media)

• Another Chicago hospital announces cyber attack (therecord.media)

• Scots care charity target of huge cyber attack - TFN

• Funerals reportedly canceled due to ransomware attack on Austrian town (therecord.media)

Phishing & Email Based Attacks

• Fake board meeting nets cyber criminals more than €28m - TechCentral.ie

• QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security (darkreading.com)

• 222% surge in email attacks during 2023

• Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar

• South African Railways Lost Over $1M in Phishing Scam (darkreading.com)

• These were the most common phishing emails of 2023 — make sure you don't get caught out as well | TechRadar

Artificial Intelligence

• Fake board meeting nets cyber criminals more than €28m - TechCentral.ie

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

• Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar

• Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft uncovers extensive Iranian AI-based cyber ops against Israel amid Gaza war | Ctech (calcalistech.com)

• Could a threat actor socially engineer ChatGPT? (securityintelligence.com)

• Current approaches can’t mitigate the AI cyber security threat. What can? (networkingplus.co.uk)

Malware

• Malware-as-a-Service Now the Top Threat to Organisations - Infosecurity Magazine (infosecurity-magazine.com)

• Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• macOS Malware Campaign Showcases Novel Delivery Technique (darkreading.com)

• China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)

• FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network (thehackernews.com)

• Netherlands accuses China of cyber spying after security service makes malware discovery | NL Times

• Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials (thehackernews.com)

• Fresh 'Mispadu Stealer' Variant Emerges (darkreading.com)

• Mini PC maker ships systems with factory-installed spyware — AceMagic says issue was contained to the 'first shipment' | Tom's Hardware (tomshardware.com)

• Raspberry Robin Evolves With Stealth Tactics, New Exploits - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar

• Google Links Over 60 Zero-Days to Commercial Spyware Vendors - SecurityWeek

• 'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps (darkreading.com)US insurance firms sound alarm after 66,000 individuals impacted by SIM swap attack (bitdefender.com)

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunchWizz Removed from Apple and Google Stores for Sextortion Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Top Mobile App Security Risks | MSSP Alert

• February 2024 Android security patch here for Pixels - Android Authority

• Google fixed an Android critical remote code execution flaw (securityaffairs.com)

• Warning from LastPass as fake app found on Apple App Store | Malwarebytes

• Android XLoader malware can now auto-execute after installation (bleepingcomputer.com)

• This Android malware can steal all your photos and texts without being opened — how to stay safe | Tom's Guide (tomsguide.com)

Denial of Service/DoS/DDOS

• That electric toothbrush DDoS story you saw might have been a case of mistranslation | ITPro

Internet of Things – IoT

• The toothbrush DDoS attack: How misinformation spreads in the cyber security world • Graham Cluley

• Global cities unprepared for emerging risks warns study

• Understanding the Connection Between IoT Vulnerabilities and Home Network Intrusions - Security Boulevard

• As Smart Cities Expand, So Do the Threats (darkreading.com)

Data Breaches/Leaks

• AnyDesk forces password reset for customers as 18k credentials go up for sale online | SC Media (scmagazine.com)

• Cloudflare hacked — company reveals details of November 2023 cyber attack, blames previous Okta breach | TechRadar

• HPE investigates new breach after data for sale on hacking forum (bleepingcomputer.com)

• Alleged data breach sees names, addresses and phone numbers of serving police staff shared on email - North Wales Live (dailypost.co.uk)

• Blackbaud Comments on FTC Settlement, Continues to Strengthen Cyber Security - MarketWatch

• FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach | TechCrunch

• Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)

• Millions of User Records Stolen From 65 Websites via SQL Injection Attacks - SecurityWeek

• 'ResumeLooters' Attackers Steal Millions of Career Records (darkreading.com)

• Data breach at French healthcare services firm puts millions at risk (bleepingcomputer.com)

• Verizon Says Data Breach Impacted 63,000 Employees - SecurityWeek

• Data breaches at Viamedis and Almerys impact 33 million in France (bleepingcomputer.com)

• Report: More Than Half of Americans Have Had Their Data Exposed (govtech.com)

• Data of half the population of France stolen in its largest ever cyber attack. This is what we know | Euronews

• HopSkipDrive says personal data of 155,000 drivers stolen in data breach | TechCrunch

Organised Crime & Criminal Actors

• Over half of companies experienced cyber security incidents last year (betanews.com)

• Malware-as-a-Service Now the Top Threat to Organisations - Infosecurity Magazine (infosecurity-magazine.com)

• As-a-Service tools empower criminals with limited tech skills - Help Net Security

• Teens Committing Scary Cyber Crimes, What's Behind the Trend? (darkreading.com)

• Nigerian President Dismisses Nation's 'Cyber Crime Haven' Image (darkreading.com)

• Lessons Learned From Tracing Cyber Crime’s Evolution On The Dark Web (forbes.com)

• US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW

• Report: Blocked IP addresses increased by 116.42% | Security Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Pig-butchering scams morph into DeFi threats (cointelegraph.com)

• Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)

Insider Risk and Insider Threats

• Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register

• How bias can undermine insider threat monitoring | TechRadar

• What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard

• Engineer accused of stealing secret US government tech used to detect nuclear missile launches (nbcnews.com)

Supply Chain and Third Parties

• Cloudflare hacked — company reveals details of November 2023 cyber attack, blames previous Okta breach | TechRadar

• Blackbaud blasted for failing to prevent customer breaches | Computer Weekly

• Removing the weakest link: Strengthen the security of your supply chain (techuk.org)

Cloud/SaaS

• Stop chasing shadow IT: Tackle the root causes of cloud breaches | SC Media (scmagazine.com)

• Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard

• Organisations Left Grappling for Solutions Amid Alarming Cloud Security Gaps | Network Computing

Identity and Access Management

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

Encryption

• Raspberry Pi Pico cracks BitLocker in under a minute • The Register

Linux and Open Source

• Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• Credential Harvesting Vs. Credential Stuffing Attacks: What’s the Difference? - Security Boulevard

• Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)

• AnyDesk downplays impact of cyber attack | SC Media (scmagazine.com)

• Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard

Social Media

• Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials (thehackernews.com)

• Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook fatal accident scam still rages on | Malwarebytes

Regulations, Fines and Legislation

• Never Mind the Buzz; Here's the Consequences: No One in Cyber Security Is Ready for the SolarWinds Prosecution | Council on Foreign Relations (cfr.org)

• How the SEC's Rules on Cyber Security Incident Disclosure Are Exploited (darkreading.com)

• Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say (databreaches.net)

• No one's happy with latest US cyber incident reporting plan • The Register

• 2023 Cyber Security Regulation Recap (Part 3): Privacy Protection - Security Boulevard

Models, Frameworks and Standards

• Exploring NIST Cyber Security Framework 2.0 - Help Net Security

Careers, Working in Cyber and Information Security

• Combatting Stress In The Cyber Security Industry (forbes.com)

• IT Security Hiring Must Adapt to Skills Shortages (informationweek.com)

Law Enforcement Action and Take Downs

• Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register

• Romance fraudster jailed after conning women out of £300k - BBC News

• Cops arrest 17-year-old suspected of hundreds of swattings nationwide | Ars Technica

• How security experts unravel ransomware (engadget.com)

• US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW

• Report: Blocked IP addresses increased by 116.42% | Security Magazine

Misinformation, Disinformation and Propaganda

• The toothbrush DDoS attack: How misinformation spreads in the cyber security world • Graham Cluley

• Report Details Scope of Global Threat to Elections - Security Boulevard

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)

• NCSC and partners issue warning about state-sponsored attackers hiding out in critical infrastructure networks... - NCSC.GOV.UK

Nation State Actors

China

• Chinese Hackers Preparing ‘Destructive Attacks,’ CISA Warns (govinfosecurity.com)

• Chinese Hackers Hid in US Infrastructure for 5 Years | Newsmax.com

• China's Cyber Attackers Target US and Allied Militaries (newsweek.com)

• FBI Issues Ominous Warning of Imminent Cyber Attack on Critical Infrastructure - Security Boulevard

• Dutch intelligence finds Chinese hackers spying on secret Defence Ministry network (therecord.media)

• Shutting Down the Grid: Possible Cyber Attacks From Chinese Hackers | NTD

• China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)

• Top US venture capitalists invest in China tech for big returns (nypost.com)

• Classified Japanese diplomatic info leaked after Chinese cyber attacks - The Japan Times

• Philippines Says Hacker in China Behind Foiled Attack on Government Website - Bloomberg

• Chinese hackers fail to rebuild botnet after FBI takedown (bleepingcomputer.com)

Russia

• EU capitals fear Russian retaliation and cyber attacks after asset freezes – POLITICO

• The Kremlin threatens the West with years of trials and cyber attacks for trying to use its assets for Ukraine. - UBN

• Russia’s Countervalue Cyber Approach: Utility or Futility? - Carnegie Endowment for International Peace

Iran

• Designating Iranian Cyber Officials - United States Department of State

• Microsoft: Iran is refining its cyber operations | CyberScoop

• Microsoft uncovers extensive Iranian AI-based cyber ops against Israel amid Gaza war | Ctech (calcalistech.com)

• US sanctions Iranian officials over cyber attacks on water plants - BBC News

North Korea

• Cyber attacks by North Korea raked in $3bn to build nuclear weapons, UN monitors suspect | North Korea | The Guardian

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch

• Google: Half of all zero-days used against our products are developed by spyware vendors (therecord.media)

• Spyware business booming despite government crackdowns • The Register

Vulnerability Management

• How To Address OT And ICS Cyber Attack Vulnerabilities (forbes.com)

Vulnerabilities

• Fortinet FortiSIEM hit by two 10/10 severity vulns • The Register

• Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (bleepingcomputer.com)

• Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services (thehackernews.com)

• Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products (thehackernews.com)

• Ivanti: Patch new Connect Secure auth bypass bug immediately (bleepingcomputer.com)

• Newest Ivanti SSRF zero-day now under mass exploitation (bleepingcomputer.com)

• Critical vulnerability in Mastodon sparks patching frenzy • The Register

• Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account (thehackernews.com)

• February 2024 Android security patch here for Pixels - Android Authority

• Google: Half of all zero-days used against our products are developed by spyware vendors (therecord.media)

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch

• JetBrains warns of new TeamCity auth bypass vulnerability (bleepingcomputer.com)

• Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica

• Google fixed an Android critical remote code execution flaw (securityaffairs.com)

• Cisco fixes critical Expressway Series CSRF vulnerabilities (securityaffairs.com)

• QNAP Patches High-Severity Bugs in QTS, Qsync Central - SecurityWeek

Tools and Controls

• What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard

• How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

• Close security gaps with attack path analysis and management | TechTarget

• Using Proactive Intelligence Against Adversary Infrastructure - Security Boulevard

• A Hacker’s Perspective For Building Proactive Organisational Defences (forbes.com)

Reports Published in the Last Week

• Acronis Cyber Threats Report H2 2023 | Acronis Resource Center

Other News

• Report: Mac security threats on the rise, here’s what to watch out for - 9to5Mac

• Trustees urged to review cyber incident frameworks following NCSC changes - Pensions Age Magazine

• Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm - SecurityWeek

• ‘Elevated’ risk of hackers targeting UK drinking water, says credit agency | Cyber Crime | The Guardian

• What Will the Future of Cyber Security Bring? - Security Boulevard

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• Cyber attacks on knowledge institutions are increasing: what can be done? (nature.com)

• McPartland Review - Driving Economic Growth through Cyber Security (techuk.org)

• A view from Brussels: ENISA celebrates 20th anniversary amid 'grim times' (iapp.org)

• Revealed – top 10 cyber incidents of 2023 | Insurance Business America (insurancebusinessmag.com)

• NCSC warns CNI operators over ‘living-off-the-land’ attacks | Computer Weekly

• Serious threats, unserious responses (reason.com)

• Super Bowl LVIII Presents a Vast Attack Surface for Threat Actors (darkreading.com)

• We Need Cyber Security in Space to Protect Satellites | Scientific American

• Inquiry to explore cyber risk to Sunak-Starmer showdown | Computer Weekly

• Three predictions for responding to the cyber threat landscape in 2024 | Computer Weekly

• How Hospitals Can Help Improve Medical Device Data Security (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cloud Hosting Firm Loses All Customer Data After Ransomware Attack

CloudNordic, a Danish cloud hosting provider, has told customers to consider all of their data as having been lost following a ransomware infection that encrypted the large Danish cloud provider. The threat actors had destroyed the organisation’s backups, which prevented the firm from recovering effectively. The attack also impacted AzeroCloud, which is owned by the same company.

Worryingly, many organisations believe that having backups and using the cloud is enough for them to be able to recover from any cyber incident; unfortunately, as shown in the CloudNordic and AzeroCloud attacks, it is not enough. Organisations need to have a recovery plan in place which is tested and improved, to best strengthen themselves in the event of a cyber incident.

Sources: [The Register] [Bleeping Computer] [Help Net Security]

Would You Infect Others to Rid Yourself of Ransomware?

Hackers continually develop ransomware with new and creative attack methods that keep internet security professionals on their toes and pose challenges for people trying to detect threats. Victims of ransomware usually see messages asking them to pay for file access restoration; however, the Popcorn Time ransomware group takes a different approach to getting victims involved.

The Popcorn Time ransomware approach works via the referral method. The ransomware group is willing to give victims access to their files if they send the referral link to two other people, extending the attacker’s reach. Most people would hesitate to distribute a ransomware link through email, WhatsApp, or another method that is easy for victims to identify them as the perpetrators. Law enforcement bodies categorise ransomware attacks as crimes that come with hefty fines and prison time. Even those choosing to send the links to people they know face disastrous consequences beyond law enforcement, including the loss of jobs and relationships.

Source: [CyberNews]

Artificial Intelligence and USBs Drive 8% Rise in Cyber Attacks

Checkpoint’s 2023 Mid-Year Security Report shows an 8% surge in global weekly cyber attacks during Q2, marking the most significant increase in two years. The report highlights the fusion of advanced artificial intelligence (AI) technology with traditional tools like USB devices used for disruptive cyber attacks.

Other significant findings include the evolution of ransomware tactics. The report found that ransomware groups are exploiting vulnerabilities in common corporate software and shifting focus from encrypting data to stealing it. USB devices have resurfaced as threats, employed by both state-affiliated groups and cyber-criminals to distribute malware globally. The misuse of AI has escalated, as attackers use generative AI tools for phishing emails, keystroke monitoring malware and basic ransomware code.

Source: [InfoSecurity Magazine]

Ransomware Attacks Broke Records in July, Mainly Driven By One Group

A number of ransomware actors are utilising the threat of releasing sensitive data to get organisations to pay ransoms; in some cases this is combined with encryption to give the actor two avenues of payment. A report has found there were over 500 attacks last month, an increase of 153% compared to one year ago, and a 16% increase compared to June. Within Europe, there was a 59% increase in ransomware attacks from June to July.

Part of the significant rise is due to the ransomware group called Cl0p, whose attack on the MOVEit software has accounted for hundreds of victims this year. The Cl0p ransomware group has kept its promise to publish files on the clearweb of all its victims if contact was not made. The clearweb is simply what we know as the internet; anyone can access it. As such, there will be many organisations who are now having their sensitive data published and readily viewable for anyone who has access to the internet.

Sources: [Gov Info Seccurity] [Security Week] [ZDNET] [Cyber News]

Cyber Risk in The Boardroom

The relationship between the CISO and the wider boardroom has become increasingly cooperative, with 77% of CEO’s seeing cyber as a strategic function and a potential source of competitive advantage. While it is ultimately up to the board to take steps to keep cybersecurity high on the agenda, the CISO also has a responsibility to press the message and bridge any gaps.

CISOs must deliver concerns, strategies and recommendations in a business-first manner, while avoiding jargon and overly technical language. Attracting and retaining good quality senior security professionals is very challenging in the current market and Black Arrow offer a fractional CISO service, giving access to a whole team of specialists with wider expertise, experience and backgrounds, for less than the cost of hiring one individual.

Sources: [Security Week] [TechRadar]

Malware-Infected Advertising Grows Ever More Sophisticated, And More Damaging

The malware exploits known as malware-infected ads, or malvertising, have been around for decades, but new reports point to a steady rise in efficacy. With malvertising, the infected ads are typically placed on legitimate ad networks, which makes them more difficult to spot and remove. The technique continues to use more and more sophisticated mechanisms for getting their infections spread throughout the web and keeping them running for a long time. The exploits can operate in one of several ways, including intercepting a user’s clickstream on random hyperlinks and substituting them with redirects to advertising websites.

Adblockers either on endpoints or at the network level can also help to prevent malvertising from causing harm.

Source: [SiliconAngle]

Cyber Security is Everyone’s Responsibility

A recent survey found that 41% of respondents said that poor quality training, or a lack of training altogether, and insider threats were impacting their organisation’s security. Cyber security involves everyone as any employee can be an entry point for a cyber incident, but they also have the power to prevent one. It is important to make sure all employees are provided adequate training. Not every role requires the same training however, so it is important for organisations to identify and provide training that is appropriate to employees. Black Arrow provide live in person and online instructor lead cyber security training, both through Cyber Risk and Governance Workshops for Senior Leadership and Awareness, Behaviour and Culture Training for employees and contractors.

Source: [IT Pro Today]

QR Code Hacks Are Another Thing to Worry About Now

One of the upcoming technologies thrust upon us is QR codes. At this point, you can find them at most restaurants and parking sites. You simply scan the code and you are taken to the relevant site, for example, the menu for the restaurant. Attackers have cottoned on to this and started to use QR codes in phishing attacks; the idea being that the victim will scan the code without scrutinising it and be taken to a malicious website instead.

Source: [Bloomberg]

Security Basics Aren’t So Basic Anymore

The basics of cyber security, it turns out, aren’t so basic anymore. What was considered basic has moved way beyond just having firewalls and antivirus, and the most basic controls nowadays include more advanced controls such as robust identity and access management, multi-factor authentication (MFA) and patching and vulnerability management. Many of these now basic controls are lacking or non-existent across the economy according to cyber security experts. A report found that only 28% of Microsoft users had MFA enabled as 2022 closed.

You can’t solve all the problems at once. However, progress on these fronts also relies heavily on the need for a cultural shift. Organisations need to get to the point where they view cyber security in the same light as locks on doors and seatbelts in cars.

Source: [CioDive]

Apple MacOS Security Myths

Apple has maintained a reputation as being more secure than other manufacturers, and whilst Apple has put many different security mechanisms into its operating system, no technology is bulletproof. Assuming an Apple device is invulnerable can lead users to believe that their Mac will not get viruses or be subject to a plethora of other cyber threats. As a result, this can lead to poor cyber hygiene from the individual, as they assume they are safe regardless of what they do. Apple users need to remain every bit as aware of risks, social engineering, keeping devices up to date, and having appropriate security controls.

Source: [Huntress]

Security Leaders Report Misalignment of Investments and Risk Reduction

The cyber risk landscape was analysed in a recent report that examined the amount of risk that organisations are willing to accept, their resource constraints and key priorities for approaching cyber risk in the future. The report found 66% of respondents indicating that they have limited visibility and insight into their cyber risk profiles, hindering their ability to prioritise investments and allocate resources effectively. 67% of organisations experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place. Further, 61% of security executives expressed concerns over the current misalignment between cyber security investments and their organisation's risk reduction priorities.

Source: [InfoSecurity Magazine]

Many CISOs Tout SaaS (Cloud) Cyber Security Confidence, but 79% Admit to Incidents

Cyber security, IT, and business leaders alike recognise SaaS (cloud) cyber security as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cyber security as 85% answered that they are confident or very confident in their company's or customer's data security in sanctioned SaaS apps.

Despite the confidence, 79% of respondents confirmed that their organisation had identified SaaS cyber security incidents over the past 12 months. Many of those incidents occurred in environments with cyber security policies in place and enforced, as 66% of respondents claimed in their responses.

Source: [The Hacker News]

If You Ever Used Duolingo, Watch Out for Phishing Email

Users of Duolingo, past and present, should be wary of phishing emails as data on about 2.6 million accounts were scraped through an exposed application programming interface (API), and then offered on a hacking forum back in January. Login and real names, email addresses, phone numbers, and courses studied were part of the collection, which went for $1,500. Now that data has resurfaced on a different forum, and at a substantially lower cost of just a few dollars, users of the service can expect this data to be used in fresh phishing campaigns.

Source: [PCWorld]

91% of Security and IT Professionals: Criminals are Already Using AI in Email Attacks

Recent research found that 91% of security and IT professionals are noticing cyber criminals already using AI as part of email attack campaigns, with 74% indicating they have experienced an increase in the use of AI by cyber criminals in the past six months. This is worrying as 52% reported that email security is among one of their top three concerns.

Organisations need to make sure that their technologies, procedures and policies are updated to factor in AI-enabled email attacks to help reduce the risk they pose to the organisation. Such improvements should also include employees.

Source: [PR Newswire]

Governance, Risk and Compliance

• Cyber security 'number one on the agenda in boardrooms,' Cramer says (cnbc.com)

• Firms have mere hours to deflect cyber attacks, warns cyber security CEO (cointelegraph.com)

• The End of “Groundhog Day” for the Security in the Boardroom Discussion? - SecurityWeek

• Cyber risk: the view across the boardroom table | TechRadar

• Too many businesses struggling to hire and retain talent, amplifying security risks – Digital Journal

• How Cyber Security Leaders Can Help Lower Expenses While Reducing Risk (informationweek.com)

• Who’s Your Next Cyber Chief? Good Question. (wsj.com)

• Cyber crime: A Multi-Billion-Dollar Industry (thecyberwire.com)

• How the downmarket impacted enterprise cyber security budgets - Help Net Security

• What is Risk Analysis? | Definition from TechTarget

• When Leadership Style Is a Security Risk (darkreading.com)

• The Changing Landscape of Cyber Security Education (inforisktoday.com)

• Protect Your Cyber Security Budget and Your Organisation | Dell USA

• Rapid cyber attacks demand modernised security, says Palo Alto CEO (crypto.news)

• Cyber security Is Everyone’s Responsibility | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• The Cost of 'Good Enough' Security - GovInfoSecurity

Threats

Ransomware, Extortion and Destructive Attacks

• Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy | Cybernews

• Cuba ransomware gang looking for unpatched Veeam installations: Report | IT Business

• Ransomware attacks broke records in July, mainly driven by this one group | ZDNET

• Hosting firm says it lost all customer data after ransomware attack (bleepingcomputer.com)

• FE News | 70% of secondary schools have experienced a cyber incident. BIP shares three ways they can protect against attacks ahead of results day

• Cyber Attacks have left some hospital computers offline for 2 weeks, closing ERs and postponing surgeries

• Continued MOVEit Exploitation Drives Record Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Would You Infect Others to Rid Yourself of Ransomware? (makeuseof.com)

• How Application Allowlisting Combats Ransomware Attacks (securityintelligence.com)

• Akira ransomware gang spotted targeting Cisco VPN products to hack organisations-Security Affairs

• Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset - Infosecurity Magazine (infosecurity-magazine.com)

• Why Ransomware Gangs Opt for Encryption-Less Attacks (govinfosecurity.com)

• MOVEit Health Data Breach Tally Keeps Growing (inforisktoday.com)

• British intelligence is tipping off ransomware targets to disrupt attacks (therecord.media)

• What the Hive Ransomware Case Says About RaaS and Cryptocurrency (darkreading.com)

• 6 Ransomware Trends & Evolutions For 2023 (trendmicro.com)

• New Study Sheds Light on ADHUBLLKA Ransomware Network - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI | Tripwire

• Ransomware dwell time hits new low - Help Net Security

• Three trends to watch in the growing threat landscape (betanews.com)

Ransomware Victims

• Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy | Cybernews

• Hosting firm says it lost all customer data after ransomware attack (bleepingcomputer.com)

• Cyber attacks have left some hospital computers offline for 2 weeks, closing ERs and postponing surgeries

• BlackCat ransomware group claims the hack of Seiko network -Security Affairs

• Ransomware gang threatens Raleigh Housing Authority months after devastating attack (therecord.media)

• The Estée Lauder Cos. Addresses Cyber security Attack – WWD

• Mysterious Cyber Attack Shuts Down Yet More Telescopes For Weeks | IFLScience

• St Helens Council hit by suspected Ransomware cyber attack | St Helens Star

Phishing & Email Based Attacks

• 91% of security pros say cyber criminals are using AI in email attacks | Security Magazine

• Insurer Denies Coverage Under Professional Liability Policy for Lawyer’s Email Compromise | Robinson+Cole Data Privacy + Security Insider - JDSupra

• Cyber criminals turn to AI to bypass modern email security measures - Help Net Security

• New Generation of Phishing Hides Behind Trusted Services (securityintelligence.com)

• New phishing campaign recognised in Europe and South America | Security Magazine

• If you ever used Duolingo, watch out for phishing emails | PCWorld

• Open redirect flaws increasingly exploited by phishers - Help Net Security

• How to spot phishing on a hacked WordPress website | Kaspersky official blog

• The Dual Role of AI in Email Security - GovInfoSecurity

• New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia (thehackernews.com)

• eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot (darkreading.com)

• Phish in a Barrel: Real-World Cyber Attack Examples (govinfosecurity.com)

• Email Security: Top 5 Threats and How to Protect Your Business - ReadWrite

BEC – Business Email Compromise

• 91% of security pros say cyber criminals are using AI in email attacks | Security Magazine

• Breaking Down BEC: The Modern CISO’s Framework for Identifying, Classifying and Stopping Email Fraud (govinfosecurity.com)

Other Social Engineering; Smishing, Vishing, etc

• Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)

• What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)

Artificial Intelligence

• 91% of Security and IT Professionals Agree Cyber Criminals are Already Using AI in Email Attacks, per Report from SlashNext and Osterman Research (prnewswire.com)

• Artificial Intelligence and USBs Drive 8% Rise in Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Deceptive AI Bots Spread Malware, Raise Security Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals turn to AI to bypass modern email security measures - Help Net Security

• Compliance, Risk Management and Security Are Being Impact by Generative AI... But How? | The Fintech Times

• Tricks for making AI chatbots break rules are freely available online | New Scientist

• What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)

• Generative AI Is Scraping Your Data. So, Now What? (darkreading.com)

• Fake versions of Google Bard are spreading malware | TechRadar

• AI and the evolution of surveillance systems - Help Net Security

• The Dual Role of AI in Email Security - GovInfoSecurity

• Thinking of Deploying Generative AI? You May Already Have (govinfosecurity.com)

• Three trends to watch in the growing threat landscape (betanews.com)

• Careful -- Hackers are targeting Google Bard ads for malware | Digital Trends

Malware

• Deceptive AI Bots Spread Malware, Raise Security Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Serious WinRAR Flaw Can Be Exploited to Launch Malware (pcmag.com)

• Hackers use VPN provider's code certificate to sign malware (bleepingcomputer.com)

• HiatusRAT Malware Resurfaces: Taiwan Firms and US Military Under Attack (thehackernews.com) Ask the Mac Guy: macOS Security Myths (huntress.com)

• New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App (thehackernews.com)

• New "Whiffy Recon" Malware Triangulates Infected Device Location via Wi-Fi Every Minute (thehackernews.com)

• Researchers Uncover New Lazarus Group Malware Details | Decipher (duo.com)

Mobile

• New stealthy Android malware stumps antivirus, poses huge threat to phones, study reveals | Tech News (hindustantimes.com)

• Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection (thehackernews.com)

• “Snakes in airplane mode” – what if your phone says it’s offline but isn’t? – Naked Security (sophos.com)

• Google wants to fight pre-installed Android malware | TechSpot

• Children and smartphones: How to protect and guide them from bullying, phishing and grooming – The Irish Times

Denial of Service/DoS/DDOS

• DDoS Attacks in H1 2023 Up 200% from 2022 According to New Zayo Data | Business Wire

Internet of Things – IoT

• TP-Link smart bulbs can let hackers steal your WiFi password (bleepingcomputer.com)

• When Your Home Security System Turns the Camera on You | The Epoch Times

• Anticipating the next wave of IoT cyber security challenges - Help Net Security

• The Physical Impact of Cyber Attacks on Cities (darkreading.com)

• Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick? - SecurityWeek

• Yes, Your Electric Vehicle Could Be Hacked - IEEE Spectrum

Data Breaches/Leaks

• Insurer Denies Coverage Under Professional Liability Policy for Lawyer’s Email Compromise | Robinson+Cole Data Privacy + Security Insider - JDSupra

• Tesla Data Breach Investigation Reveals Inside Job (darkreading.com)

• Leak of 75k staff records was insiders' fault, Tesla claims • The Register

• Guernsey CCTV investigation widened after more footage leaked | Bailiwick Express Jersey

• Scraped data of 2.6 million Duolingo users released on hacking forum (bleepingcomputer.com)

• Thousands of Charity Donors Have Details Leaked Onto Dark Web | The Epoch Times

• How a Christie’s website revealed where people kept their art | The Seattle Times

• Defence contractor Belcan leaks admin password with a list of flaws-Security Affairs

• Critical Insight Report: 15% Drop in Breaches, 31% Surge in Victims - Infosecurity Magazine (infosecurity-magazine.com)

• What lessons must be learned from the Electoral Register cyber attack? | theHRD (thehrdirector.com)

• 5 Early Warning Indicators That Are Key to Protecting National Secrets (darkreading.com)

• Sensitive Data of 10m at Risk After French Employment Agency Breach - Infosecurity Magazine (infosecurity-magazine.com)

• University of Minnesota Confirms Data Breach, Says Ransomware Not Involved - SecurityWeek

Organised Crime & Criminal Actors

• Check Point reveals 8% spike in global cyber attacks by mid-2023 (securitybrief.co.nz)

• Attack Dwell Times Fall but Threat Actors Are Moving Faster - Infosecurity Magazine (infosecurity-magazine.com)

• UK Court Convicts Lapsus$ Hacker for Breaching ISP BT and EE UPDATE - ISPreview UK

• Cyber crime: A Multi-Billion-Dollar Industry (thecyberwire.com)

• Bruce Schneier gets inside the hacker's mind | CyberScoop

• Hacking group KittenSec claims to 'pwn anything we see' to expose corruption | CyberScoop

• Ransomware dwell time hits new low - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)

• What the Hive Ransomware Case Says About RaaS and Cryptocurrency (darkreading.com)

• North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI | Tripwire

Insider Risk and Insider Threats

• Leak of 75k staff records was insiders' fault, Tesla claims • The Register

• Police Insider Tipped Off Criminal Friend About EncroChat Bust - Infosecurity Magazine (infosecurity-magazine.com)

• Three trends to watch in the growing threat landscape (betanews.com)

• Phish in a Barrel: Real-World Cyber Attack Examples (govinfosecurity.com)

Fraud, Scams & Financial Crime

• Interpol arrest 14 who allegedly scammed $40m from victims • The Register

• Germany Hunts for Cyber Criminals Amid Billion-Euro Scams - Bloomberg

• Billion Dollar Heist: The simple typo that stopped the Bangladesh bank robbers from stealing $1 billion (ladbible.com)

• Sneaky Amazon Google ad leads to Microsoft support scam (bleepingcomputer.com)

• Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)

• Surge in identity crime victims reporting suicidal thoughts - Help Net Security

Impersonation Attacks

• How to spot phishing on a hacked WordPress website | Kaspersky official blog

Deepfakes

• What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)

Insurance

• Insurer Denies Coverage Under Professional Liability Policy for Lawyer’s Email Compromise | Robinson+Cole Data Privacy + Security Insider - JDSupra

• Cyber security insurance is missing the risk - Help Net Security

• Cyber Security Insurance Market worth $17.6 billion by 2028 - Exclusive Report by MarketsandMarkets™ (prnewswire.com)

• Cyber Security Insurance Market Size & Share Analysis - (globenewswire.com)

• The Shifting Dynamics of Cyber Insurance - BankInfoSecurity

• Global Cyber Security Insurance Market to Reach USD 33.4 Billion by 2028, Driven by Rising Cyber Threats and Regulatory Compliance (prnewswire.com)

Dark Web

• Thousands of Charity Donors Have Details Leaked Onto Dark Web | The Epoch Times

Supply Chain and Third Parties

• New Chinese APT Group Launches Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China | WIRED

• Supply chain as kill chain | ITPro

Cloud/SaaS

• The Importance Of SaaS Backup And Disaster Recovery: Reasons To Consider (informationsecuritybuzz.com)

• Cloud hosting firms hit by devastating ransomware attack - Help Net Security

• Warning: Attackers Abusing Legitimate Internet Services (inforisktoday.com)

• How to conduct a cloud security assessment | TechTarget

• Maintaining consistent security in diverse cloud infrastructures - Help Net Security

• How API authentication vulnerabilities are at the center of cloud security concerns | CSO Online

• CISOs Tout SaaS Cyber Security Confidence, But 79% Admit to SaaS Incidents, New Report Finds (thehackernews.com)

• Lack of visibility into cloud access policies leaves enterprises flying blind - Help Net Security

• Cloud services are creating more cyber-risks for telcos   - Mobile Europe

Identity and Access Management

• Ongoing Duo outage causes Azure Auth authentication errors (bleepingcomputer.com)

• Cisco's Duo Security suffers major authentication outage • The Register

Encryption

• Apple security updates could be banned by British government (9to5mac.com)

API

• Understanding how attackers exploit APIs is more important than ever - Help Net Security

• How API authentication vulnerabilities are at the centre of cloud security concerns | CSO Online

Biometrics

• ICO publishes guidance on use of biometric data in the UK - Tech Monitor

• Is Facial Recognition Technology Becoming a Privacy Risk? (makeuseof.com)

• Facial Recognition Technology (FRT) Statistics for 2023 (techreport.com)

• Biometric payment systems raise privacy concerns (iapp.org)

Social Media

• Global warning issued on social media data scraping (iapp.org)

Malvertising

• Sneaky Amazon Google ad leads to Microsoft support scam (bleepingcomputer.com)

• Malware-infected advertising grows ever more sophisticated, and lethal - SiliconANGLE

• Careful -- Hackers are targeting Google Bard ads for malware | Digital Trends

Training, Education and Awareness

• 2023 Cyber Security Awareness Month Appeal: Make Online Security Easier (govtech.com)

• The Changing Landscape of Cyber Security Education (inforisktoday.com)

Parental Controls and Child Safety

• Report reveals insights on cyber security conversations with children | Security Magazine

• Children and smartphones: How to protect and guide them from bullying, phishing and grooming – The Irish Times

Cyber Bullying, Cyber Stalking and Sextortion

• Nearly a third of young people preyed on by "text pest" delivery drivers (bitdefender.com)

Regulations, Fines and Legislation

• Apple security updates could be banned by British government (9to5mac.com)

• How EU lawmakers can make mandatory vulnerability disclosure responsible - Help Net Security

• Cyber Security Laws and Regulations in Germany | UpGuard

• Morgan Stanley Fined for UK Energy Trading WhatsApp Breach (yahoo.com)

• New NCUA Rule Requires Swift Cyber Incident Reporting - Infosecurity Magazine (infosecurity-magazine.com)

• SEC Cyber Security Rules: Considerations for Incident Response Planning | Holland & Knight LLP - JDSupra

• Controversial Cyber crime Law Passes in Jordan (darkreading.com)

• Experian Pays $650,000 to Settle Spam Claims - Infosecurity Magazine (infosecurity-magazine.com)

• Strengthening Cyber Security In Finance: A Look At EU DORA Regulations (forbes.com)

• Proposed bill would require vulnerability disclosure policies for all federal contractors (therecord.media)

Backup and Recovery

• The Importance Of SaaS Backup And Disaster Recovery: Reasons To Consider (informationsecuritybuzz.com)

Data Protection

• ICO publishes guidance on use of biometric data in the UK - Tech Monitor

• Experian Pays $650,000 to Settle Spam Claims - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Too many businesses struggling to hire and retain talent, amplifying security risks – Digital Journal

• Unrealistic expectations exacerbate the cyber security talent shortage - Help Net Security

• It's Time to Approach The Cyber Security Skills Gap Differently - IT Security Guru

• How To Become Chief Information Security Officer - The Economic Times (indiatimes.com)

• 4 ways simulation training alleviates team burnout - Help Net Security

• Government Urges More Students to Be Cyber Explorers - Infosecurity Magazine (infosecurity-magazine.com)

• Tens of thousands of students receive free training to build cyber skills - The Business Magazine

• 90% of Consumers Worry Cyber Security’s Future Is in Jeopardy if Students Aren’t Exposed to the Field at an Earlier Age - IT Security Guru

• 5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast

• The Importance of Accessible and Inclusive Cyber Security (securityintelligence.com)

Law Enforcement Action and Take Downs

• Interpol arrest 14 who allegedly scammed $40m from victims • The Register

• UK Court Convicts Lapsus$ Hacker for Breaching ISP BT and EE UPDATE - ISPreview UK

• Two dozen arrested, hundreds of malicious IPs taken down in African cyber crime operation | CyberScoop

• Germany Hunts for Cyber Criminals Amid Billion-Euro Scams - Bloomberg

• Police Insider Tipped Off Criminal Friend About EncroChat Bust - Infosecurity Magazine (infosecurity-magazine.com)

Privacy, Surveillance and Mass Monitoring

• Is Facial Recognition Technology Becoming a Privacy Risk? (makeuseof.com)

• When Your Home Security System Turns the Camera on You | The Epoch Times

• Biometric payment systems raise privacy concerns (iapp.org)

• AI and the evolution of surveillance systems - Help Net Security

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Intelligence agencies warn foreign spies are targeting US space companies - Times of India (indiatimes.com)

• Incident response lessons learned from the Russian attack on Viasat | CSO Online

• Ukrainian hackers claim to leak emails of Russian parliament deputy chief (therecord.media)

• New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia (thehackernews.com)

China

• Mounting Cyber Espionage and Hacking Threat from China - Modern Diplomacy

• Cyberespionage campaign by China's Ministry of State Security. CSRB will look into cyberespionage against Microsoft Exchange. Attacks against industrial systems. Threats to satellite communications. (thecyberwire.com)

• HiatusRAT Malware Resurfaces: Taiwan Firms and US Military Under Attack (thehackernews.com)

• New Chinese APT Group Launches Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China | WIRED

• Exposed: the Chinese spy using LinkedIn to hunt UK secrets (thetimes.co.uk)

• FBI: Suspected Chinese actors continue Barracuda ESG attacks | TechTarget

• Microsoft says Chinese hacking crew is targeting Taiwan | CyberScoop

• US space companies face foreign spy threat, intelligence agencies say (usatoday.com) 

North Korea

• N. Korean Kimsuky APT targets S. Korea-US military exercises-Security Affairs

• Researchers Uncover New Lazarus Group Malware Details | Decipher (duo.com)

• North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI | Tripwire

Misc/Other/Unknown

• Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware (thehackernews.com)

Vulnerability Management

• NCSC issues warning on cyber vulnerabilities (ukdefencejournal.org.uk)

• How EU lawmakers can make mandatory vulnerability disclosure responsible - Help Net Security

Vulnerabilities

• Juniper Networks fixes flaws leading to RCE in firewalls and switches - Help Net Security

• Serious WinRAR Flaw Can Be Exploited to Launch Malware (pcmag.com)

• Ivanti issues fix for third zero-day flaw exploited in the wild | TechTarget

• Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability - SecurityWeek

• FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective - SecurityWeek

• GDS: Microsoft, Intel confirm "Downfall" of 7th, 8th, 9th, 10th, 11th Gen CPUs, firmware out - Neowin

• Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog (thehackernews.com)

• 3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability - SecurityWeek

• Western Digital patches potentially dangerous security flaw, so update now | TechRadar

Tools and Controls

• The Importance Of SaaS Backup And Disaster Recovery: Reasons To Consider (informationsecuritybuzz.com)

• How Cyber Security Leaders Can Help Lower Expenses While Reducing Risk (informationweek.com)

• Security leaders report misalignment of investments and risk reduction | Security Magazine

• Cyber security insurance is missing the risk - Help Net Security

• Cyber security Insurance Market worth $17.6 billion by 2028

• Bolstering Cyber Security: Why Browser Security Is Crucial (inforisktoday.com)

• How Application Allowlisting Combats Ransomware Attacks (securityintelligence.com)

• The Vanishing Data Loss Prevention (DLP) Category - IT Security Guru

• Cyber Security: CASB vs SASE-Security Affairs

• Unveiling the Hidden Risks of Routing Protocols (darkreading.com)

• Hackers use VPN provider's code certificate to sign malware (bleepingcomputer.com)

• Network detection and response in the modern era - Help Net Security

• What’s Beyond SASE? The Next Steps (informationsecuritybuzz.com)

• Prevention First: Don’t Neglect Endpoint Security | CSO Online

• More Than Half of Browser Extensions Pose Security Risks (darkreading.com)

• Protect Your Cyber Security Budget and Your Organisation | Dell USA

• How the downmarket impacted enterprise cyber security budgets - Help Net Security

• Compliance, Risk Management and Security Are Being Impact by Generative AI... But How? | The Fintech Times

• SEC Cyber Security Rules: Considerations for Incident Response Planning

• How to conduct a cloud security assessment | TechTarget

• Maintaining consistent security in diverse cloud infrastructures - Help Net Security

• How API authentication vulnerabilities are at the centre of cloud security concerns | CSO Online

• The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)

• 2023 Cyber Security Awareness Month Appeal: Make Online Security Easier (govtech.com)

• The MOVEit hack and what it taught us about application security (bleepingcomputer.com)

• The Changing Landscape of Cyber Security Education (inforisktoday.com)

• The Dual Role of AI in Email Security - GovInfoSecurity

• Akamai Survey Finds Third-Party Defences Help Reduce Risk from Online Threats (prnewswire.com)

• The Shifting Dynamics of Cyber Insurance - BankInfoSecurity

• Global Cyber Security Insurance Market to Reach USD 33.4 Billion by 2028, Driven by Rising Cyber Threats and Regulatory Compliance (prnewswire.com)

• 5 Best Practices for Implementing Risk-First Cyber Security (darkreading.com)

• What's Going on With LastPass, and is it Safe to Use? (securityintelligence.com)

• Malicious web application transactions skyrocket 500% (securitybrief.co.nz)

Other News

• Our health care system may soon receive a much-needed cyber security boost | Ars Technica

• Swan Retail cyber attack: 300 retailers crippled by breach (techmonitor.ai)

• Cyber Attackers lie in wait as federal tech agencies brace for a mass exit of top officials - Washington Times

• Cyber Attack on Energy One affects corporate systems in Australia and the UK | CSO Online

• Vendors criticize Microsoft for repeated security failings | TechTarget

• Microsoft's become a cyber security titan. That could be a problem - Tech Monitor

• Global Naval Communication Market Research Report (globenewswire.com)

• The CSO guide to top security conferences | CSO Online

• IT's rising role in physical security technology - Help Net Security

• Construction businesses are at risk as nation-state attacks are on the rise - Construction & Civil Engineering magazine (ccemagazine.com)

• Hackers knocked out San Francisco's main real estate database | Fortune

• Microsoft's 6 Biggest Hacks: Is Better Security Needed? (makeuseof.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Turbulent Cyber Insurance Market Sees Rising Prices And Sinking Coverage

As insurers and brokers reckon with unexpected losses, they're charging more for policies and setting higher requirements.

Chaos reigns in the cyber insurance market. Brokers and cyber insurance carriers — the companies that actually offer the policies — are tightening requirements on what applicants need to do to obtain policies due to losses the insurers have suffered from ransomware coverage. During the past year, premiums grew 18% in the first quarter of 2021 and were up 34% in the fourth quarter of 2021, according to Jess Burn, senior analyst at Forrester.

Organisations often find they cannot obtain cyber insurance, are not being renewed for coverage they already have, or are faced with soaring prices and shrinking coverage. Despite the value many organisations put on cyber insurance — in some cases, they're required to carry it to comply with regulations — obtaining such policies is getting more difficult.

While raising premiums, some insurers are reducing coverage. If an organisation bought $10 million worth of coverage for a given price in 2021, for example, renewing that policy in 2022 might see the coverage amount fall to $3 million and the premiums for that lower coverage rise. This phenomenon is due, in part, to insurers trying to strike the right balance of customers' risk profile versus their risk-mitigation efforts.

https://www.darkreading.com/edge-articles/turbulent-cyber-insurance-market-sees-rising-prices-and-sinking-coverage

• Ransomware Attacks Still The #1 Threat To Businesses And Organisations

In 2021, ransomware attacks continued to be one of the most prominent threats targeting businesses and organisations worldwide.

High-profile attacks disrupted operations of companies in various sectors.

For example, the Colonial Pipeline attack interrupted critical infrastructure, the JBS Foods attack influenced food processing, and the CNA breach disrupted the insurance industry.

Following the attacks, pressure of law enforcement on ransomware gangs intensified, though simultaneously these threat actors continued to evolve.

They are not only becoming more technologically sophisticated but are also extensively leveraging the growing cyber crime ecosystem looking to find new partners, services and tools for their operations.

https://www.helpnetsecurity.com/2022/05/30/ransomware-trends-video/

• Third Of UK Firms Have Experienced A Security Breach Since 2020

Cyber threats are behind soaring fraud and economic crime in the UK, where rates are now second only globally to South Africa, according to PwC.

The consulting giant’s latest Global Economic Crime Survey revealed that nearly two-thirds (64%) of UK businesses experienced fraud, corruption or other economic/financial crime during the past 24 months, a significant increase on the 56% recorded in 2020, and 50% in 2018.

It’s also much higher than the 2022 global average of 46%, PwC said.

Cyber crime was the most commonly reported fraud type, although figures here dropped from 42% in 2020 to 32% in 2022. Included for the first time in the report, supply chain incidents accounted for 19%.

Most (51%) reported fraud cases in the UK were traced back to external parties, versus just 43% globally. The top three culprits were cited as customers, hackers and vendors/suppliers.

https://www.infosecurity-magazine.com/news/third-uk-security-breach-2020/

• There Is No Good Digital Transformation Without Cyber Security

Network engineers and CIOs agree that cyber security issues represent the biggest risk for organisations that fail to put networks at the heart of digital transformation plans. According to research commissioned by Opengear, 53% of network engineers and 52% of CIOs polled in the US, UK, France, Germany, and Australia rank cyber security among the list of their biggest risks.

The concerns are fuelled by an escalating number of cyber attacks. In fact, 61% of CIOs report an increase in cyber security attacks/breaches from 2020-21 compared to the preceding two years. For digital transformation of networking, 70% of network engineers say security is the most important focus area, and 31% say network security is their biggest networking priority.

Digital transformation is a priority, but cyber security risk remains. CIOs also understand the importance of the issues. 51% of network engineers say their CIOs have consulted them on investments to deliver digital transformation plans, the highest priority in the survey.

What’s more, 41% of CIOs rank cyber security among their organisation’s most important investment priorities over the next year, with 35% stating it is among the biggest over the next five years. In both cases, cyber security ranks higher than any other factor.

https://www.helpnetsecurity.com/2022/05/31/digital-transformation-cybersecurity-risk/

• Ransomware Gang Now Hacks Corporate Websites To Show Ransom Notes

A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes.

This new extortion strategy is being conducted by Industrial Spy, a data extortion gang that recently began using ransomware. As part of their attacks, Industrial Spy will breach networks, steal data, and deploy ransomware on devices. The threat actors then threaten to sell the stolen data on their Tor marketplace if a ransom is not paid.

When ransomware gangs extort a victim, they typically give them a short window, usually a few weeks, to negotiate and pay a ransom before they start leaking data.

During this negotiation process, the threat actors promise to keep the attack secret, provide a decryption key, and delete all data if a ransom is paid.

After this period, the threat actors will use various methods to increase pressure, including DDoS attacks on corporate websites, emailing customers and business partners, and calling executives with threats.

These tactics are all done privately or with minimal exposure on their data leak sites, which are usually only visited by cyber security researchers and the media.

However, this is the first time we have seen a ransomware gang defacing a website to very publicly display a ransom note.

https://www.bleepingcomputer.com/news/security/ransomware-gang-now-hacks-corporate-websites-to-show-ransom-notes/

• Attackers Are Leveraging Follina, A Critical Microsoft Windows Vulnerability Affecting Nearly All Versions of Windows and Windows Server. What Can You Do?

As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns.

Microsoft has described CVE-2022-30190 as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability, confirmed it affects an overwhelming majority of Windows and Windows Server versions, and advised on a workaround to be implemented until a patch is ready.

https://www.helpnetsecurity.com/2022/06/03/patch-cve-2022-30190/

• Ransomware Attacks Need Less Than Four Days To Encrypt Systems

The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019.

This change reflects a more streamlined approach that developed gradually over the years to make large-scale operations more profitable.

At the same time, improvements in incident response and threat detection have forced threat actors to move quicker, to leave defenders with a smaller reaction margin.

The data was collected by researchers at IBM's X-Force team from incidents analysed in 2021. They also noticed a closer collaboration between initial access brokers and ransomware operators.

Previously, network access brokers might wait for multiple days or even weeks before they found a buyer for their network access.

In addition, some ransomware gangs now have direct control over the initial infection vector, an example being Conti taking over the TrickBot malware operation.

Malware that breaches corporate networks is quickly leveraged to enable post-exploitation stages of the attack, sometimes completing its objectives in mere minutes.

https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/

• 57% Of All Digital Crimes In 2021Were Scams

Group-IB shares its analysis of the landscape of the most widespread cyber threat in the world: scams. Accounting for 57% of all financially motivated cyber crime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups.

The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to SaaS (Scam-as-a-Service), in 2021 the number of cyber criminals in one scam gang increased 10 times compared to 2020 and now reaches 100.

Traffic has become the circulatory system of scam projects: researchers emphasise that the number of websites used for purchasing and providing “grey” and illegal traffic and that lure victims into fraudulent schemes has increased by 1.5 times. Scammers are going into 2022 on a new level of scam attack automation: no more non-targeted users. Scammers are now attracting specific groups of victims to increase conversion rates. Social media are more often becoming the first point of contact between scammers and their potential victims.

https://www.helpnetsecurity.com/2022/05/31/scams-widespread-cyber-threat/

• Intelligence Is Key To Strategic Business Decisions

Businesses have a growing need for greater relevance in the intelligence they use to inform critical decision-making. Currently just 18% of professionals responsible for security, risk, or compliance in their organisation feel that the intelligence they receive is “very specific and focused on their business”, a S-RM research reveals.

6 in 10 respondents also say the intelligence they receive takes too much time to analyse, meaning it does not always result in better informed decision making. This was the top reason behind dissatisfaction with external intelligence, identified by over 200 professionals working at companies with revenues of over $250 million.

The second most likely reason was that information was not tailored to business needs (47%), followed by too much information (35%).

Growing demand for the use of strategic intelligence has been prompted by increasing cyber (51%) and regulatory concerns (50%). And while these two factors have been climbing the boardroom agenda for years, geopolitical uncertainty has made the need to respond to these developments more acute. In particular, the Russia-Ukraine conflict has created a complex sanctions regime for businesses to operate.

Additionally, navigating the complexities of the COVID-19 pandemic has been a key challenge for businesses in the past three years, with 40% citing this as a catalyst in driving a growing need for strategic intelligence.

https://www.helpnetsecurity.com/2022/06/03/intelligence-decision-making/

• How Cyber Criminals Are Targeting Executives At Home And Their Families

Top executives and their families are increasingly being targeted on their personal devices and home networks, as sophisticated threat actors look for new ways to bypass corporate security and get direct access to highly sensitive data.

https://www.helpnetsecurity.com/2022/06/01/cybercriminals-targeting-executives-video/

Threats

Ransomware

• Cyber criminals Expand Attack Radius and Ransomware Pain Points | Threatpost

• FBI, CISA warn: Don't get caught in Karakurt's web • The Register

• Conti ransomware targeted Intel firmware for stealthy attacks (bleepingcomputer.com)

• GoodWill Ransomware victims have to perform socially driven activities to decryption their dataSecurity Affairs

• YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links (darkreading.com)

• Conti Leaks Reveal Ransomware Gang's Interest in Firmware-based Attacks (thehackernews.com)

• Evil Corp switches to LockBit ransomware to evade sanctions (bleepingcomputer.com)

• Ransomware attack sends New Jersey county back to 1977 • The Register

• Ransomware roundup: System-locking malware dominates headlines | CSO Online

• What if ransomware evolved to hit IoT in the enterprise? • The Register

• How Costa Rica found itself at war over ransomware | CSO Online

• Experts warn of ransomware attacks on government orgs of small states - Security Affairs

• Foxconn confirms ransomware attack disrupted production in Mexico (bleepingcomputer.com)

• Hanesbrands says it suffered a ransomware attack on May 24 and has informed law enforcement - MarketWatch

• Why Ransomware Timeline Shrinks By 94%? – Information Security Buzz

• Hundreds of Elasticsearch databases targeted in ransom attacks (bleepingcomputer.com)

BEC – Business Email Compromise

• Why Stopping Business Email Compromise (BEC) Needs To Be A Priority For MSPs - MSSP Alert

• Language-based BEC attacks rising - Help Net Security

Phishing & Email Based Attacks

• Watch out for phishing emails that inject spyware trio • The Register

• Existential Phishing Schemes | The New Yorker

• Telegram’s blogging platform abused in phishing attacks (bleepingcomputer.com)

Other Social Engineering

• Hacker steals Verizon employee database after tricking worker into granting remote access (bitdefender.com)

• Vishing attacks: What they are and how organisations can protect themselves - Help Net Security

• Beware the Smish! Home delivery scams with a professional feel… – Naked Security (sophos.com)

Malware

• New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers (thehackernews.com)

• LuoYu APT delivers WinDealer malware via man-on-the-side attacks - Security Affairs

• EnemyBot malware adds enterprise flaws to exploit arsenal • The Register

• Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network (thehackernews.com)

• Logic bombs explained: Definition, examples, and prevention | CSO Online

Mobile

• Top 10 Android banking trojans target apps with 1 billion downloads (bleepingcomputer.com)

• WhatsApp accounts hijacked by call forwarding | Malwarebytes Labs

• SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities (thehackernews.com)

• SMSFactory Android malware sneakily subscribes to premium services (bleepingcomputer.com)

• Phishers Having a Field Day on WhatsApp, Telegraph (darkreading.com)

• Apple blocked 1.6 millions apps from defrauding users in 2021 (bleepingcomputer.com)

Organised Crime & Criminal Actors

• FBI warns of Ukrainian charities impersonated to steal donations (bleepingcomputer.com)

• Euro Cops Bust $47m Money Laundering Operation - Infosecurity Magazine (infosecurity-magazine.com)

• Three Nigerian Users of Agent Tesla RAT Arrested | SecurityWeek.Com

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

• Americans report losing over $1 billion to cryptocurrency scams (bleepingcomputer.com)

• Clipminer malware gang stole $1.7M by hijacking crypto payments (bleepingcomputer.com)

• Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack (bleepingcomputer.com)

• WatchDog hacking group launches new Docker cryptojacking campaign (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• $39.5 billion lost to phone scams in last year - Help Net Security

• Fast loan scam: Here's how it works and why Lloyds Bank has put out an urgent warning | This is Money

• Britain's biggest bank issues 'urgent warning' over new scam (telegraph.co.uk)

• Scams account for most of all financially motivated cyber crime - Help Net Security

AML/CFT/Sanctions

• Evil Corp Pivots LockBit to Dodge US Sanctions | Threatpost

Supply Chain and Third Parties

• To better manage cyber security risk, extend zero-trust principles to third parties | TechCrunch

Denial of Service DoS/DDoS

• DDoS threats growing in sophistication, size, and frequency - Help Net Security

• DDoS attackers continue to innovate, devising new threats and altering attack strategies - Help Net Security

Open Source

• Linux malware is on the rise—6 types of attacks to look for | CSO Online

• The Open Source Software Security Mobilization Plan: Takeaways for security leaders | CSO Online

Privacy

• Vodafone plans carrier-level user tracking for targeted ads (bleepingcomputer.com)

• Europe's hope to scan devices for unlawful files criticized • The Register

Passwords & Credential Stuffing

• Why are many businesses still not using a password manager? - Help Net Security

Regulations, Fines and Legislation

• ExpressVPN Removes Servers in India After Refusing to Comply with Government Order (thehackernews.com)

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• NSA general confirms US offensive cyber ops in Ukraine war • The Register

• Deadly Secret: Electronic Warfare Shapes Russia-Ukraine War | SecurityWeek.Com

• Anonymous: Operation Russia after 100 days of war - Security Affairs

• Chinese LuoYu hackers deploy cyber-espionage malware via app updates (bleepingcomputer.com)

Nation State Actors

Nation State Actors – Russia

• Germany issues fresh warning to banks of cyber attacks due to Ukraine war | Reuters

Nation State Actors – China

• China-linked TA413 group actively exploits Microsoft Follina Zero-Day flawSecurity Affairs

• Chinese state media propaganda found in 88% of Google, Bing news searches - CyberScoop

• Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor (thehackernews.com)

• How Beijing’s surveillance cameras crept into Britain’s corridors of power (telegraph.co.uk)

Nation State Actors – North Korea

• The day the NHS was held to ransom by North Korean cyber hackers (telegraph.co.uk)

Nation State Actors – Iran

• Microsoft Disables Iran-Linked Lebanese Hacking Group Polonium (darkreading.com)

• Iranian hackers planned attack on Boston Children's Hospital last summer, FBI director says - CyberScoop

Nation State Actors – Misc APT

• Microsoft blocks Polonium hackers from using OneDrive in attacks (bleepingcomputer.com)

• Snake carried out over 1,000 attacks since April 2020 - Security Affairs

• SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years (thehackernews.com)

Vulnerability Management

• Focus resources on patching most threatening vulns: research • The Register

Vulnerabilities

• CISA adds 75 vulnerabilities to catalogue in 3 days- IT Security Guru

• Fighting Follina: Application Vulnerabilities and Detection Possibilities (darkreading.com)

• Yet another zero-day (sort of) in Windows “search URL” handling – Naked Security (sophos.com)

• Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation (thehackernews.com)

• Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover (darkreading.com)

• Microsoft Azure vulnerabilities pose new cloud security risk - Protocol

• GitLab Issues Security Patch for Critical Account Takeover Vulnerability (thehackernews.com)

• New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email (thehackernews.com)

Sector Specific

Financial Services Sector

• Germany issues fresh warning to banks of cyber attacks due to Ukraine war | Reuters

Government

• Experts warn of ransomware attacks on government orgs of small states - Security Affairs

Health/Medical/Pharma Sector

• Twice as Many Healthcare Organisations Now Pay Ransom - Infosecurity Magazine

• Novartis says no sensitive data was compromised in cyber attack (bleepingcomputer.com)

• Costa Rica’s public health agency hit by Hive ransomware (bleepingcomputer.com)

Transport and Aviation

• Turkish airline suffers 6.5TB data leak - IT Security Guru

CNI, OT, ICS, IIoT and SCADA

• Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms | SecurityWeek.Com

• Industrial IoT ransomware attacks control systems directly (scmagazine.com)

• Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks (thehackernews.com)

Food and Agriculture

• JBS Foods cyber attack highlights industry vulnerabilities to Russian hackers - ABC News

Web3

• Why web3 companies get hacked so often, according to crypto VC Grace Isford | TechCrunch

Other News

• How Failing to Prioritize Cyber Security can Hurt Your Company (analyticsinsight.net)

• Cyber security needs a whole-of-society effort | The Hill

• 40% of enterprises don't include business-critical systems in their cyber security monitoring - Help Net Security

• Bad news: The cyber security skills crisis is about to get even worse | ZDNet

• Nearly Three-Quarters of Firms Suffer Downtime from DNS Attacks - Infosecurity Magazine

• CIOs and network engineers rank cyber security among the biggest risks - Help Net Security

• How USB Drives Can Be a Danger to Your Computer (howtogeek.com)

• Australian digital driver's licenses hackable in minutes • The Register

• Over 3.6 million MySQL servers found exposed on the Internet (bleepingcomputer.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.