Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices

Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.

Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.

Source: [Dark Reading]

How an Eight-Character Password Could be Cracked in Just a Few Minutes

Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.

Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.

Source: [Techrepublic]

Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits

The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.

In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.

The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.

Source: [Dark Reading]

How Executives’ Personal Devices Threaten Business Security

Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.

A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.

Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.

Sources: [Help Net Security] [Security Affairs]

77% of Financial Firms Saw an Increase in Cyber Attack Frequency

According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).

Source: [SecurityMagazine]

Protecting Against Sophisticated Cyber Attacks Requires Layered Defences

Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.

Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.

Source: [Forbes]

Managing Human Cyber Risks Matters Now More Than Ever

As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.

A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.

Source: [Help Net Security]

Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins

Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.

The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.

Sources: [Help Net Security] [Security Affairs]

UK Shaken by Major Data Breaches

Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.

Sources: [Telegraph] [Tech Crunch]

Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack

The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.

Sources: [ITPro] [Infosecurity Magazine]

Mac Users are Facing More Dangerous Security Threats Than Ever Before

Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.

In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.

Source: [Techradar]

Cyber Attack to Cost Outsourcing Firm Capita up to £25m

Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.

The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.

Source: [Guardian]

Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources

A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.

Source: [Financial Express]

Governance, Risk and Compliance

• SMB cyber security: Cyber Security challenge: SMBs and large enterprises face common threat but separate response routes - The Economic Times (indiatimes.com)

• Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)

• Managing human cyber risks matters now more than ever - Help Net Security

• Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)

• How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)

• Recent threat intelligence study indicates reactive measures are prioritized by most organisations over proactive | SC Media (scmagazine.com)

• Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru

• Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian

• 9 common risk management failures and how to avoid them | TechTarget

• Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE

• Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)

• How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)

• What happens if cyber insurance becomes unviable? - Raconteur

• Only 22% of Firms Have Mature Threat Intelligence Programs - Infosecurity Magazine (infosecurity-magazine.com)

• NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro

• Protection is No Longer Straightforward – Why More Cyber Security Solutions Must Incorporate Context - Security Week

• Cyber Security Must Focus on the Goals of Criminals (informationweek.com)

• Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)

• Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)

• Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network

• 'Confusing, misleading or just plain wrong': Researchers explain why cyber security is needlessly complex - Study Finds

• It's Time for Cyber security to Talk About Climate Change (darkreading.com)

• Prioritizing cyber attacks still needs a lot of work, according to new Picus Labs report - SiliconANGLE

• It's not always malware (betanews.com)

• Act Before You're Hacked (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert

• Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online

• Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro

• UK Think Tank Proposes Greater Ransomware Reporting From Cyber Insurance to Government – Security Week

• The ransomware rollercoaster continues as criminals advance their business models - Help Net Security

• Data exfiltration is now the go-to cyber extortion strategy - Help Net Security

• Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)

• Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)

• The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO - Security Affairs

• New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)

• Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)

• Recent ransomware attacks share curiously similar tactics - Help Net Security

• Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)

• Ransomware attacks cost manufacturing sector $46 billion in downtime since 2018, report claims | Tripwire

• Navigating the gray zone of ransomware payment practices - Help Net Security

• Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert

• Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)

• Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)

• The volume of ransomware attacks is dropping - but it’s no time to get complacent (networkingplus.co.uk)

• FortiGuard Labs: Organisations Detecting Ransomware Decline as the Volume and Impact of Targeted Attacks Continue to Rise (fortinet.com)

• Suspected Vietnamese hacker targets Chinese, Bulgarian organisations with new ransomware (therecord.media)

• Ransomware gangs are targeting public schools | Fortune

• New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)

• White House Holds First-Ever Summit on Ransomware Crisis Plaguing Public Schools (insurancejournal.com)

• Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)

• Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)

• Best practices for reporting ransomware attacks | TechTarget

• Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online

• Microsoft OneDrive is a willing 'ransomware double agent' • The Register

• Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)

• Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com

• The Ransomware Prevention Guide For SMBs - GovInfoSecurity

Ransomware Victims

• Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)

• ‘Data Security Incident’: 16 Hospitals across Four States Forced to Close after Cyber attack - News18

• Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics

• Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)

• Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)

• Israel hospital hacking disrupts services; cyber attackers unknown - Israel News - The Jerusalem Post (jpost.com)

• Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel

• LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)

• Breach Connected to MOVEit Flaw Affects Missouri Medicaid Recipients - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)

Phishing & Email Based Attacks

• Hackers are targeting top executives to steal their work logins | TechRadar

• Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security

• 9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times

• First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar

• RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age

• 100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com

• Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg

• Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)

BEC – Business Email Compromise

• 37% of third-party applications have high-risk permissions - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Social engineering biggest threat to online safety - Avast (securitybrief.co.nz)

Artificial Intelligence

• 75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices (darkreading.com)

• When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online

• Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)

• How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)

• AI chatbots like ChatGPT could be security nightmares - and experts are trying to contain the chaos | TechRadar

• Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian

• White House offers prize money for hacker-thwarting AI (techxplore.com)

• Criminals Have Created Their Own ChatGPT Clones | WIRED UK

• AI making cyber attacks more effective - Tech Monitor

• AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times

• Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)

• Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)

• Cyber security In The Age Of AI (forbes.com)

• In the age of ChatGPT, Macs are under malware assault | Digital Trends

• AI can now steal your passwords with almost 100% accuracy | Digital Trends

• Microsoft AI Red Team building future of safer AI | Microsoft Security Blog

• ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)

• Why We Need to Manage the Risk of AI Browser Extensions - Infosecurity Magazine (infosecurity-magazine.com)

• AI hacking gets White House backing; some already go rogue (9to5mac.com)

• Zoom trains its AI model with some user data, without giving them an opt-out option - Security Affairs

• OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt

• 5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)

2FA/MFA

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News

• LastPass removes the master password from customers’ login with FIDO2 authenticators - Help Net Security

Malware

• In the age of ChatGPT, Macs are under malware assault | Digital Trends

• Mac users are facing more dangerous security threats than ever before | TechRadar

• Threat intelligence's key role in mitigating malware threats - Help Net Security

• This PowerPoint could help hackers empty your bank account | Digital Trends

• Safeguarding Against Silent Cyber Threats: Exploring the Stealer Log Lifecycle (bleepingcomputer.com)

• Israel cyber security agency says no breach after senior official self-infects home PC with malware | TechCrunch

• Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)

• Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)

• New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs (thehackernews.com)

• Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)

• QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)

• This Mac Utility Is Now Malware (howtogeek.com)

• Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)

• New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)

• Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)

• CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)

Mobile

• Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)

• Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International

• Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)

• How executives' personal devices threaten business security - Help Net Security

• Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)

• Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)

• 40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week

• Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)

Botnets

• QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)

• Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)

• How to accelerate and access DDoS protection services using GRE - Help Net Security

• Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica

Internet of Things – IoT

• What is IoT Security? | TechTarget

• Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED

• Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)

• The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)

Data Breaches/Leaks

• Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)

• Over 200 Million Brits Have Data Compromised in Four Years - Infosecurity Magazine (infosecurity-magazine.com)

• The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)

• UK Shaken by Major Data Breaches: Security Concerns Surge Over Data Protection Changes | Open Rights Group

• UK Electoral Commission hacked by 'hostile actors' | Reuters

• PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)

• Northern Ireland police investigate second data breach after documents containing officers' names stolen | UK News | Sky News

• Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

• How safe is my data after a hack or leak? - BBC News

Organised Crime & Criminal Actors

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs (thehackernews.com)

• IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)

• Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)

• Cyber security Must Focus on the Goals of Criminals (informationweek.com)

• How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• BlackBerry Discloses Major Crypto-Based Malware - The Tech Report

• FBI warns of phishing scams and social media account hijackers (cointelegraph.com)

• Crypto heavyweights back new cyber security standards after nearly $4 billion was lost to hacks in 2022 | Fortune Crypto

• Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

Insider Risk and Insider Threats

• Managing human cyber risks matters now more than ever - Help Net Security

• History’s Greatest Insider Threats - IT Security Guru

• US Navy sailors charged with stealing secret info for China • The Register

• Get consent before you monitor your staff, UK MPs suggest • The Register

Fraud, Scams & Financial Crime

• Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly

• Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)

• Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian

• Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)

Impersonation Attacks

• Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly

Insurance

• What happens if cyber insurance becomes unviable? - Raconteur

• Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)

• 5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)

• 10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

Dark Web

• Dark web activity targeting the financial sector - Help Net Security

• ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)

• Dark Web Threat Actors Targeting macOS | Accenture

Supply Chain and Third Parties

• Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)

• 37% of third-party applications have high-risk permissions - Help Net Security

Software Supply Chain

• Unravelling the importance of software supply chain security - Help Net Security

• OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)

• 37% of third-party applications have high-risk permissions - Help Net Security

Cloud/SaaS

• Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)

• 100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com

• Credentials Account For Over Half of Cloud Compromises - Infosecurity Magazine (infosecurity-magazine.com)

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• Microsoft OneDrive is a willing 'ransomware double agent' • The Register

• Managing and Securing Distributed Cloud Environments - Security Week

• How hybrid cloud is transforming cyber security | ITPro

• Microsoft 365 guests + Power Apps = security nightmare • The Register

Containers

• Kubernetes clusters under attack in hundreds of organisations | CSO Online

Identity and Access Management

• CrowdStrike observes massive spike in identity-based attacks | TechTarget

• Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)

• Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)

• 91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru

• Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)

• WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

Encryption

• Cyber security Breakthrough: New Cipher System Protects Computers Against Spy Programs (scitechdaily.com)

• UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian

• Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)

• What if WhatsApp really does leave the UK? - Tech Monitor

Open Source

• Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• Kemba Walden: We need to secure open source software | TechTarget

Passwords, Credential Stuffing & Brute Force Attacks

• Credentials Account For Over Half of Cloud Compromises - Infosecurity Magazine (infosecurity-magazine.com)

• How an 8-character password could be cracked in just a few minutes (techrepublic.com)

• AI can now steal your passwords with almost 100% accuracy | Digital Trends

• US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)

• LastPass removes the master password from customers’ login with FIDO2 authenticators - Help Net Security

Biometrics

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

• Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)

Social Media

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

Malvertising

• Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)

• Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)

• Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News

Training, Education and Awareness

• Managing human cyber risks matters now more than ever - Help Net Security

• Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)

Travel

• I'm a cyber security expert, here's why your airport selfie is a gift to scammers | Daily Mail Online

• Free Airline Miles, Hotel Points, and User Data Put at Risk by Flaws in Points Platform | WIRED

Parental Controls and Child Safety

• Cyber security expert warns parents of online predators, social media usage (wptv.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Most domestic abuse cases feature spyware and remote monitoring, MPs warn | E&T Magazine (theiet.org)

• Baby monitors and smart speakers enabling abuse, say MPs - BBC News

Regulations, Fines and Legislation

• SEC Adopts Final Rules on Cyber security Risk Management, Strategy, Governance and Incident Disclosure by Public Companies | Akin Gump Strauss Hauer & Feld LLP - JDSupra

• How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)

• What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro

• The Problem With Cyber security (and AI Security) Regulation (darkreading.com)

• CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week

• The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)

• What if WhatsApp really does leave the UK? - Tech Monitor

• America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

• UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian

Models, Frameworks and Standards

• NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST

• Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack

• OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)

• Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru

• 5 steps to ensure HIPAA compliance on mobile devices | TechTarget

Data Protection

• UK Shaken by Major Data Breaches: Security Concerns Surge Over Data Protection Changes | Open Rights Group

• Regulator: “Harmful” Web Design Could Break Data Protection Laws - Infosecurity Magazine (infosecurity-magazine.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

Careers, Working in Cyber and Information Security

• Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru

• Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE

• Using creative recruitment strategies to tackle the cyber security skills shortage - Help Net Security

• Why cyber security is a blue-collar job - Help Net Security

• Will AI kill cyber security jobs? - Help Net Security

• Will CISOs become obsolete in the future? (betanews.com)

• 6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)

• Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security

Law Enforcement Action and Take Downs

• IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)

• Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)

Privacy, Surveillance and Mass Monitoring

• Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update

• China drafts rules for using facial recognition data - Japan Today

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• Zoom trains its AI model with some user data, without giving them an opt-out option - Security Affairs

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

• Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Electoral Commission cyber attack: Everything we know about the hack as Russia 'tops list' of suspects (inews.co.uk)

• BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs

• The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO - Security Affairs

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• SpaceX's private control of satellite internet concerns military leaders | Space

• Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)

• Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)

• Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR

• Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop

• Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)

• Victor Zhora on cataloging cyber war crime evidence against Russian hackers targeting Ukraine | CyberScoop

• Microsoft addresses Office vulnerability attacked by Russian spooks in latest update | Computer Weekly

• Hackers with links to Pro-Russian groups compromised foreign embassies in Belarus, researchers say | CyberScoop

• New Cyber Threat 'MoustachedBouncer' Targets Embassies in Belarus - Infosecurity Magazine (infosecurity-magazine.com)

• Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop

• US, Ukraine cyber leaders talk resilience, collaboration | TechTarget

• Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)

• North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs

• LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)

China

• China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)

• Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)

• UK security must not be sacrificed to net zero (telegraph.co.uk)

• Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia

• China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget

• Why the China cyber threat demands an airtight public-private response (federaltimes.com)

• China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW

• China drafts rules for using facial recognition data - Japan Today

• US Navy sailors charged with stealing secret info for China • The Register

• RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)

• US Navy sailors charged with stealing secret info for China • The Register

• APT31 Linked to Recent Industrial Attacks in Eastern Europe - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg

Iran

• Iranian state ‘now biggest threat to UK’ (thetimes.co.uk)

• Iranian cyber spies are targeting dissidents in Germany, warns intelligence service (therecord.media)

North Korea

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule (securityintelligence.com)

• North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs

Misc/Other/Unknown

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• Security News This Week: The Cloud Company at the Center of a Global Hacking Spree | WIRED

Vulnerability Management

• Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week

• How an unpatched Microsoft Exchange 0-day likely caused one of the UK’s biggest hacks ever | Ars Technica

• Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online

• Microsoft hits back at Tenable’s criticism of its infosec • The Register

• The Four Pillars of Vulnerability Management - GovInfoSecurity

• Has Microsoft cut security corners once too often? | Computerworld

• Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)

• The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)

Vulnerabilities

• Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs

• Microsoft, Intel lead this month's security fix emissions • The Register

• Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)

• Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register

• Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)

• New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)

• Google Chrome will get weekly security updates - gHacks Tech News

• Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week

• Adobe Releases Security Updates for Multiple Products | CISA

• New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week

• Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs (thehackernews.com)

• Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)

Tools and Controls

• Managing human cyber risks matters now more than ever - Help Net Security

• Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)

• MDR: Empowering Organisations with Enhanced Security (thehackernews.com)

• 9 common risk management failures and how to avoid them | TechTarget

• Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)

• Only 22% of Firms Have Mature Threat Intelligence Programs - Infosecurity Magazine (infosecurity-magazine.com)

• Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)

• What Is Content Disarm and Reconstruction? How CDR Tools Protect You From Malicious Files (makeuseof.com)

• Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)

• Managing and Securing Distributed Cloud Environments - Security Week

• How to handle API sprawl and the security threat it poses - Help Net Security

• Threat intelligence's key role in mitigating malware threats - Help Net Security

• What Is Comprehensive Cyber-Resiliency? - The Futurum Group

• The Role of AI in Cyber security and Threat Detection: 5 Use Cases | by David Silva | Aug, 2023 | UX Planet

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

• 10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

• AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)

Other News

• UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)

• British Government Report Highlights Pressing Risks: Terrorism, Cyber Attacks, and International Conflicts - Shafaq News

• Budget constraints threaten cybersecurity in government bodies - Help Net Security

• Threat of cyber attacks to national security compared to that of chemical weapons | ITPro

• UK Government: Cyber Attacks Could Kill or Maim Thousands - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates | Microsoft Security Blog

• Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News

• Government and public services face 40% more cyberattacks, struggle to protect due to lack of resources: Report | The Financial Express

• Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore

• Venture Capital Investments at Risk: DynaRisk Identifies Critical Cybersecurity Gaps in Companies Backed By Some Of London’s Biggest VC Funds | Pressat

• Cyber Security Threats From Online Gaming – Analysis – Eurasia Review

• Satellites easier to hack than a Windows device | Cybernews

• Cyber attack cost Interserve more than £11m | News | Building

• Exploitable Vulnerabilities That Expose Healthcare Facilities Surged Nearly 60% Since 2022, New Research Report Finds (prweb.com)

• Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• How Confident Are Companies In Managing Their Current Threat Exposure?

Crossword Cybersecurity has released a report based on the findings of a survey of over 200 CISOs and senior UK cyber security professionals. The paper reveals companies are more concerned and exposed to cyber threats than ever before, with 61 percent describing themselves as at best only “fairly confident” at managing their current cyber security threat exposure, which should raise some eyebrows around the boardroom.

Respondents also feared their cyber strategy would not keep pace with the rate of tech innovation and changes in the threat landscape. 40 percent of organisations believe their existing cyber strategy will be outdated in two years, and a further 37 percent within three years. Additional investment is needed to address longer term planning, with 44 percent saying they only have sufficient resources in their organisation to focus on the immediate and mid-term cyber threats and tech trends.

https://www.helpnetsecurity.com/2022/05/26/organizations-cyber-strategy/

• 'There's No Ceiling': Ransomware's Alarming Growth Signals A New Era, Verizon DBIR Finds

Ransomware has become so efficient, and the underground economy so professional, that traditional monetisation of stolen data may be on its way out.

The past year has seen a staggering acceleration in ransomware incidents, with 25% of all breaches containing a ransomware component.

That's the top-line finding in the 2022 Verizon Data Breach Investigations Report (DBIR), which found that ransomware events in conjunction with breaches ballooned 13% in the past year — last year's report found that just 12% of incidents were ransomware-related. That translates into a rate of increase that's more than the previous five years of growth combined.

The 15th annual DBIR analysed 23,896 security incidents, of which 5,212 were confirmed breaches. About four in five of those were the handiwork of external cyber criminal gangs and threat groups, according to Verizon. And according to Alex Pinto, manager of the Verizon Security Research team, these nefarious types are finding it easier and easier to earn an ill-gotten living with ransomware, making other types of breaches increasingly obsolete.

"Everything in cyber crime has become so commoditised, so much like a business now, and it's just too darn efficient of a methodology for monetising their activity," he tells Dark Reading, noting that with the emergence of ransomware as-a-service (RaaS) and initial-access brokers, it takes very little skill or effort to get into the extortion game.

"Before, you had to get in somehow, look around, and find something worth stealing that would have a reseller on the other end," he explains. "In 2008 when we started the DBIR, it was by and large payment-card data that was stolen. Now, that has fallen precipitously because they can just pay for access someone else established and install rented ransomware, and it's so much simpler to reach the same goal of getting money."

https://www.darkreading.com/attacks-breaches/ransomware-alarming-growth-verizon-dbir

• Paying Ransom Doesn’t Guarantee Data Recovery

A Veeam report has found that 72% of organisations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom.

Additionally, 76% of organisations admitted to paying the ransom. But while 52% paid the ransom and were able to recover data, 24% paid the ransom but were still not able to recover data.

https://www.helpnetsecurity.com/2022/05/24/paying-ransom-recover-data-video/

• Report: Frequency Of Cyber Attacks in 2022 Has Increased By Almost 3M

Kaspersky has released a new report revealing a growing number of cyber attacks on small businesses in 2022 so far. Researchers compared the period between January and April 2022 to the same period in 2021, finding increases in the numbers of Trojan-PSW detections, internet attacks and attacks on Remote Desktop Protocol.

In 2022, the number of Trojan-PSW (Password Stealing Ware) detections increased globally by almost a quarter compared to the same period in 2021 一 4,003,323 to 3,029,903. Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the company network and steal sensitive information.

Internet attacks grew from 32,500,000 globally in the analysed period of 2021 to almost 35,400,000 in 2022. These can include web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet command & control centres and more.

The number of attacks on Remote Desktop Protocol grew in the U.S. (while dropping slightly globally), going from 47.5 million attacks in the first trimester of 2021 to 51 million in the same period of 2022. With the widespread shift toward remote work, many companies have introduced Remote Desktop Protocol (RDP), a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home.

With small business owners typically handling numerous responsibilities at the same time, cyber security is often an afterthought. However, this disregard for IT security is being exploited by cyber criminals. The Kaspersky study sought to assess the threats that pose an increasing danger to entrepreneurs.

https://venturebeat.com/2022/05/20/report-frequency-of-cyberattacks-in-2022-has-increased-by-almost-3m/

• New Zoom Flaws Could Let Attackers Hack Victims Just By Sending Them A Message

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code.

With Zoom's chat functionality built on top of the XMPP standard, successful exploitation of the issues could enable an attacker to force a vulnerable client to masquerade a Zoom user, connect to a malicious server, and even download a rogue update, resulting in arbitrary code execution stemming from a downgrade attack.

https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html

• VMware, Airline Targeted As Ransomware Chaos Reigns

Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.

Ransomware incidents are on the rise and this week proved no exception, with the discovery of a Linux-based ransomware family called Cheerscrypt targeting VMware ESXi servers and an attack on SpiceJet, India’s second largest airline.

Meanwhile, an oddball "GoodWill" variant purports to help the needy.

The Cheerscrypt ransomware variant was uncovered by Trend Micro and relies on the double-extortion scheme to coerce victims to pay the ransom – i.e., stealing data as well and threatening to leak it if victims don’t pay up.

Because of the popularity of ESXi servers for creating and running multiple virtual machines (VMs) in enterprise settings, the Cheerscrypt ransomware could be appealing to malicious actors looking to rapidly distribute ransomware across many devices.

Meanwhile, low-cost carrier SpiceJet faced a ransomware attack this week, causing flight delays of between two and five hours as well as rendering unavailable online booking systems and customer service portals.

While the company’s IT team announced on Twitter that it had successfully prevented the attempted attack before it was able to fully breach all internal systems and take them over, customers and employees are still experiencing the ramifications.

https://www.darkreading.com/attacks-breaches/vmware-airline-targeted-as-ransomware-chaos-reigns

• Crypto Hacks Aren't A Niche Concern; They Impact Wider Society

Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.

The attack against the Ronin Network in March was quickly speculated to be one of the largest cryptocurrency hacks of all time. Approximately $540 million was stolen from the cryptocurrency and NFT games company in a combination of USDC and Etherium, with $400 million of the stolen funds owned by customers playing the game Axie Infinity.

This attack was the latest in a string of thefts perpetrated against crypto and should be a jolt to both the digital asset and cyber security communities to bring the security of cryptocurrencies into line.

The current vogue of large-scale crypto heists goes as far back as the 2014 Mt. Gox hack (another cryptocurrency exchange built around a game, Magic: The Gathering), which went into bankruptcy after losing $460 million of assets.

However, the trend has been gathering pace. In the months leading up to the Ronin Network attack, cyber criminals stole nearly $200 million worth of cryptocurrency from the crypto trading platform BitMart, attacked 400 Crypto.com users, and orchestrated NFT-related scams, to name but a few incidents.

There is often an uncomfortable tendency to see these attacks as something that takes place in isolation in a remote part of the Internet when they actually have a huge impact on thousands of people.

https://www.darkreading.com/attacks-breaches/crypto-hacks-aren-t-a-niche-concern-they-impact-wider-society

• State Of Cyber Security Report 2022 Names Ransomware And Nation-State Attacks As Biggest Threats

Ransomware is the biggest concern for cyber security professionals, according to results of the Infosecurity Group’s 2022 State of Cybersecurity Report, produced by Infosecurity Europe and Infosecurity Magazine.

Cyber Security Professionals' Number One Concern: Ransomware.

This attack vector was voted as the biggest cyber security trend (28%) by the survey respondents (including CISOs, CTOs, CIOs and academics), marking a significant change from the previous report in 2020, where ransomware did not break the top three. This follows surging ransomware incidents in 2021, with ransom demands and payments growing significantly last year. A number of these attacks have also impacted critical industries, for example, taking down the US’ largest fuel pipeline.

The survey respondents also highlighted the evolving tactics and capabilities of ransomware attackers. This includes threat actors becoming more sophisticated as they evolve into loosely coupled service-based operations.

A number of cyber security professionals believe that cyber-criminal groups will become more guarded in their approach due to new initiatives by governments and law enforcement to tackle these activities.

Cyber Security Professionals' Number Two Concern: Nation-State Attacks.

The second biggest concern for survey respondents was geopolitics/nation-state attacks (24%), particularly the shifting hostilities from the Russia-Ukraine conflict into cyberspace. Russia already had a reputation for conducting offensive cyber operations prior to the conflict, and the Ukrainian government and critical services have experienced numerous attacks both before and since the war began.

https://www.infosecurity-magazine.com/news/2022-state-industry-report/

• Vishing (Voice Phishing) Cases Reach All Time High

Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months (Q1 2021 to Q1 2022), according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs.

In Q1 2022, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.

According to the findings, vishing attacks have overtaken business email compromise (BEC) as the second most reported response-based email threat since Q3 2021. By the end of the year, more than one in four of every reported response-based threat was a vishing attack, and this makeup continued through Q1 2022.

https://www.helpnetsecurity.com/2022/05/24/vishing-cases-increased/

• DeFi (Decentralised Finance) Is Getting Pummelled By Cyber Criminals

Decentralised finance lost $1.8 billion to cyber attacks last year — and 80% of those events were the result of vulnerable code, analysts say.

Decentralised finance (DeFi) platforms — which connect various cryptocurrency blockchains to create a decentralised infrastructure for borrowing, trading, and other transactions — promise to replace banks as a secure and convenient way to invest in and spend cryptocurrency. But in addition to attracting hordes of new users with dreams of digital fortune, cyber criminals have discovered them to be an easy target, wiping out wallets to zero balances in a moment, tanking whole markets while profiting, and more, according to a new report.

Analysts with Bishop Fox found that DeFi platforms lost $1.8 billion to cyber attacks in 2021 alone. With a total of 65 events observed, 90% of the losses came from unsophisticated attacks, according to the report, which points to the lax cyber security practices of the sector.

DeFi averaged five attacks per week last year, with most of them (51%) coming from the exploitation of "smart contracts" bugs, the analysts found. Smart contracts are essentially records of transactions, stored on the blockchain.

Other top DeFi attack vectors include cryptowallets, protocol design flaws, and so-called "rug-pull" scams (where investors are lured to a new cryptocurrency project that is then abandoned, leaving targets with a worthless currency). But taken together, 80% of all events were caused by the use (and re-use) of buggy code, according to the report.

https://www.darkreading.com/attacks-breaches/defi-pummeled-by-cybercriminals

Threats

Ransomware

• Ransomware Attacks Increasing at “Alarming” Rate - Infosecurity Magazine

• VMware, Airline Targeted as Ransomware Chaos Reigns (darkreading.com)

• Clop ransomware gang is back, hits 21 victims in a single month (bleepingcomputer.com)

• Link Found Connecting Chaos, Onyx and Yashma Ransomware | Threatpost

• Ransomware demands three good demands to restore files • The Register

• Ransomware Cheerscrypt targets VMware ESXi systems • The Register

• New Chaos Malware Variant Ditches Wiper for Encryption (darkreading.com)

• CLOP Ransomware Activity Spiked in April (darkreading.com)

• Industrial Spy data extortion market gets into the ransomware game (bleepingcomputer.com)

• BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state (bleepingcomputer.com)

• Conti Ransomware Operation Shut Down After Splitting into Smaller Groups (thehackernews.com)

• Suspected phishing email crime boss arrested in Nigeria • The Register

BEC – Business Email Compromise

• Interpol arrests alleged leader of the SilverTerrier BEC gang (bleepingcomputer.com)

• Cyber security breach at the city of Portland led to fraudulent $1.4M transaction | KATU

Phishing & Email Based Attacks

• Intuit warns of QuickBooks phishing threatening to suspend accounts (bleepingcomputer.com)

• NCSC Report Reveals Phishing Lures Increasingly Disguised as Vaccine Appointments - Infosecurity Magazine

• Suspected phishing email crime boss arrested in Nigeria • The Register

Other Social Engineering

• Vishing Attacks Reach All Time High, According to Latest Agari and PhishLabs Report (darkreading.com)

Malware

• BPFDoor malware uses Solaris vulnerability to get root privileges (bleepingcomputer.com)

• Snake Keylogger Spreads Through Malicious PDFs | Threatpost

• New Windows Subsystem for Linux malware steals browser auth cookies (bleepingcomputer.com)

• This Windows malware uses PowerShell to subvert Chrome • The Register

• Hackers have found a new way to smuggle malware onto your device | TechRadar

• Cyber Security Community Warned of Fake PoC Exploits Delivering Malware | SecurityWeek.Com

• Popular Python and PHP libraries hijacked to steal AWS keys (bleepingcomputer.com)

• New Attack Shows Weaponized PDF Files Remain a Threat (darkreading.com)

Mobile

• Microsoft finds severe bugs in Android apps from large mobile providers (bleepingcomputer.com)

• Google warns Android smartphones targeted by dangerous Predator spyware | TechRadar

• New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps (bleepingcomputer.com)

BYOD

• Spring Cleaning Checklist for Keeping Your Devices Safe at Work (darkreading.com)

Data Breaches/Leaks

• GM Discloses Data Breach of Cars' Locations, Mileage, Service (gizmodo.com)

• MGM Resorts' customer data now leaked on Telegram for free • The Register

Organised Crime & Criminal Actors

• REvil prosecutions reach a 'dead end,' Russian media reports - CyberScoop

• Scammer Behind $568M International Cyber Crime Syndicate Gets 4 Years (darkreading.com)

• Multi-Continental Operation Leads to Arrest of Cyber Crime Gang Leader - Infosecurity Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

• Hacker Steals $1.4 Million in NFTs From Collector In One Sweep (vice.com)

• 8 ways to avoid NFT scams (techtarget.com)

Insider Risk and Insider Threats

• 68% of Legal Sector Data Breaches Caused by Insider Threats - Infosecurity Magazine

• Verizon Report: Ransomware, Human Error Among Top Security Risks | Threatpost

Dark Web

• Military cyber weapons could become available on dark web: Interpol (cnbc.com)

• Darknet market Versus shuts down after hacker leaks security flaw (bleepingcomputer.com)

Supply Chain and Third Parties

• Use of Obfuscated Beacons in ‘pymafka’ Supply Chain Attack Signals a New Trend in macOS Attack TTPs - SentinelOne

Denial of Service DoS/DDoS

• Cybergang Claims REvil is Back, Executes DDoS Attacks | Threatpost

• DDoS Extortion Attack Flagged as Possible REvil Resurgence (darkreading.com)

• Anatomy of a DDoS amplification attack - Microsoft Security Blog

Cloud/SaaS

• Security has become more difficult, IT leaders say - Help Net Security

Attack Surface Management

• Where is attack surface management headed? - Help Net Security

Open Source

• Open source is becoming a national security risk | CSO Online

Privacy

• Twitter fined $150M for misusing 2FA data (techtarget.com)

• Zuckerberg sued by DC attorney general over Cambridge Analytica data scandal | Meta | The Guardian

Passwords & Credential Stuffing

• Strong Password Policy Isn't Enough, Study Shows (darkreading.com)

• Verizon DBIR: Stolen credentials led to nearly 50% of attacks (techtarget.com)

Regulations, Fines and Legislation

• How to navigate GDPR complexity - Help Net Security

• GDPR Anniversary, Expert Insight On What Lead To GDPR Fines – Information Security Buzz

• Indian stock markets given ten day deadline to file reports • The Register

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Network of hyperlocal Russian Telegram channels spew disinformation in occupied Ukraine - CyberScoop

• Predator spyware uses in Chrome, Android zero-day exploits • The Register

• Unknown APT group is targeting Russian government entities - Security Affairs

• Hackers target Russian govt with fake Windows updates pushing RATs (bleepingcomputer.com)

• Remote bricking of Ukrainian tractors raises agriculture security concerns | CSO Online

• Anonymous Declares Cyber-War On Pro-Russian Hacker Gang Killnet – Information Security Buzz

• Ex-spymaster and fellow Brexiteers' emails stolen, leaked • The Register

Nation State Actors

Nation State Actors – Russia

• Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns (thehackernews.com)

• Russian Hackers Believed to Be Behind Leak of Hard Brexit Plans - Infosecurity Magazine

• Russian Gamaredon APT could fuel a new round of DDoS attacks - Security Affairs

• Putin aimed cyber attack at me, says former MI6 chief Sir Richard Dearlove | News | The Times

Nation State Actors – China

• Trend Micro Patches Vulnerability Exploited by Chinese Cyber Spies | SecurityWeek.Com

• Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes (thehackernews.com)

Nation State Actors – Iran

• Pro-Iran Group ALtahrea Hits Port of London Website by DDoS Attack (hackread.com)

Vulnerabilities

• CISA ‘Strongly Urges’ You To Patch 75 Actively Exploited Security Bugs (forbes.com)

• CISA adds 41 vulnerabilities to list of bugs used in cyber attacks (bleepingcomputer.com)

• Exploit released for critical VMware auth bypass bug, patch now (bleepingcomputer.com)

• Zoom Patches ‘Zero-Click’ RCE Bug | Threatpost

• Zyxel addresses four flaws affecting APs, AP controllers, and firewalls - Security Affairs

• Critical New Google Chrome Security Warning For All Users, Update Now (forbes.com)

• Patching the latest Active Directory vulnerabilities is not enough | CSO Online

• Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021 (darkreading.com)

• Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched (thehackernews.com)

• 'Fixed' Chrome extension flaw could allow hackers to record both your webcam and desktop feeds | PC Gamer

Sector Specific

SMBs – Small and Medium Businesses

• Small Business Cyber Security: Do SMB Owners Underestimate Risk? - MSSP Alert

Legal

• 68% of Legal Sector Data Breaches Caused by Insider Threats - Infosecurity Magazine

Health/Medical/Pharma Sector

• teiss - News - American healthcare tech giant Omnicell suffers a major ransomware attack

• Web app attacks on the rise in healthcare as insider challenges remain (scmagazine.com)

Retail/eCommerce

• Microsoft: Credit card stealers are getting much stealthier (bleepingcomputer.com)

• Microsoft warns of new highly evasive web skimming campaigns - Security Affairs

Transport and Aviation

• Hundreds Stranded After Ransomware Attack on Indian Airline | SecurityWeek.Com

• SpiceJet airline passengers stranded after ransomware attack (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Taking the Danger Out of IT/OT Convergence (darkreading.com)

• Critical Flaws in Popular ICS Platform Can Trigger RCE | Threatpost

Energy & Utilities

• Can we trust the cyber security of the energy sector? - Help Net Security

Oil, Gas and Mining

• Oil and gas companies take cyber resilience pledge - IT Security Guru

Education and Academia

• FBI: compromised US academic credentials available on crime forums - Security Affairs

• Ed tech illegally tracked school children during pandemic - IT Security Guru

Reports Published in the Last Week

• 2022 Data Breach Investigations Report | Verizon

• State of Cyber Security Report 2022 - Infosecurity Magazine

• 2022 Voice of the CISO | Proofpoint US

Other News

• IP and cyber security disputes are top legal concerns for tech companies | TechCrunch

• Verizon DBIR: Stolen credentials led to nearly 50% of attacks (techtarget.com)

• Managed Detection and Response (MDR): Who's Responsible for the R? - MSSP Alert

• Survey Evidences Leaders Lack Confidence in Cyber-Risk Management - Infosecurity Magazine

• Flaw in PayPal can allow attackers to steal money from users' account - Security Affairs

• When it comes to remote work, 71% of IT leaders say security is the main challenge - Help Net Security

• Most organisations do not follow data backup best practices - Help Net Security

• There are systems 'guarding' your data in cyberspace – but who is guarding the guards? (theconversation.com)

• Why are current cyber security incident response efforts failing? - Help Net Security

• Nation-state malware will be a commodity on dark web soon, Interpol warns - Security Affairs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.