Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.

https://www.msspalert.com/cybersecurity-research/majority-of-smbs-lack-dedicated-cyber-experts-incident-response-plan/

• Controlling Third-Party Data Risk Should be a Top Cyber Security Priority

Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.

https://www.darkreading.com/attacks-breaches/controlling-third-party-data-risk-should-be-a-top-cybersecurity-priority-

• IT Security Spending to Reach Nearly $300 Billion by 2026

Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.

https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/

• 2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th  globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.

https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

• Board Cyber Shortage: Don’t Get Caught Swimming Naked

The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors. 

https://www.forbes.com/sites/forbestechcouncil/2023/03/20/board-cyber-shortage-dont-get-caught-swimming-naked/?sh=6ea732895af8

• Should your Organisation be Worried about Insider Threats?

Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.

https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/

• UK Ransomware Incident Volumes Surge 17% in 2022

According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.

https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/

• Financial Industry Hit by Rising Ransomware Attacks and BEC

According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.

https://www.bloomberg.com/news/articles/2023-03-21/banks-financial-industry-buffeted-by-rising-ransomware-attacks?

• 55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.

https://www.csoonline.com/article/3691609/55-zero-day-flaws-exploited-last-year-show-the-importance-of-security-risk-management.html#tk.rss_news

• Security Researchers Spot $36m BEC Attack

Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.

https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/

• New Victims Come Forward After Mass Ransomware Attack

Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

• Ransomware Gangs’ Harassment of Victims is Increasing

Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.

https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/

• Wartime Hacktivism is Spilling Over into the Financial Services Industry

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.

https://www.scmagazine.com/analysis/risk-management/report-wartime-hacktivism-is-spilling-over-into-the-financial-services-industry

Threats

Ransomware, Extortion and Destructive Attacks

• LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)

• UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg

• BianLian ransomware crew swaps encryption for extortion • The Register

• New victims come forward after mass-ransomware attack | TechCrunch

• Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)

• LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)

• Free decryptor released for Conti-based ransomware following data leak | Tripwire

• New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek

• Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert

• US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs

• Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK

• CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online

• Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)

• Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)

• Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO

• Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)

• Ransomware Attacks Double in Europe's Transport Sector - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent Ransomware with Cyber security Monitoring (trendmicro.com)

• Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organisations Stop Attacks Before Damage Occurs | CISA

• Ferrari in a spin as crims steal customer data • The Register

• Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)

Phishing & Email Based Attacks

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Security Researchers Spot $36m BEC Attack - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Campaign Targets Social Security Administration - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors are experimenting with QR codes - Help Net Security

• Over 2400 Fake Pages Found Targeting Job Seekers in Middle East, Africa - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Massive Phishing Campaign Bypasses MFA and Mimics Microsoft Office (techrepublic.com)

• How Cyber-Criminals are Circumventing Multifactor Authentication - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)

• Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (thehackernews.com)

• Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)

Mobile

• Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Android apps are spying on you — with no easy way to stop them | Digital Trends

• Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar

• UK emergency alert system launched to warn of life-threatening events - with test set for next month | UK News | Sky News

• Google Pixel phones had a serious data leakage bug – here’s what to do! – Naked Security (sophos.com)

• How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)

Botnets

• New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks (thehackernews.com)

Denial of Service/DoS/DDOS

• New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)

• KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

Internet of Things – IoT

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Google sounds alarm on Samsung modem bugs in Android devices • The Register

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

Data Breaches/Leaks

• Complacency of staff to blame for data breaches (thesundaily.my)

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• Latitude customers are furious: some have had data hacked before through Medibank and Optus - ABC News

• Data breaches cost businesses nearly $6M on average: Mastercard | CTV News

• Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)

• NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs

• Lowe’s Market chain leaves client data up for grabs- Security Affairs

• Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)

• South Korea fines McDonalds for data leak from raw SMB share • The Register

• A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs

Organised Crime & Criminal Actors

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt

• General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Insider Risk and Insider Threats

• Should Your Organisation Be Worried About Insider Threats? - IT Security Guru

• Top 5 Insider Threats to Look Out For in 2023- Security Affairs

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

Fraud, Scams & Financial Crime

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• ‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)

Deepfakes

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

Insurance

• SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET

• Cyber insurance carriers expanding role in incident response | TechTarget

Supply Chain and Third Parties

• Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)

• Companies vulnerable to cyber-attack via suppliers - research | RNZ News

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Software Supply Chain

• Why Business Software Buyers Are Demanding Baked-in Security - MSSP Alert

Cloud/SaaS

• How access management helps protect identities in the cloud | VentureBeat

• Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)

• The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch

• Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)

• 4 cloud API security best practices | TechTarget

• 8 cloud detection and response use cases | TechTarget

• How to Transfer Data Securely When Moving to the Cloud - Infosecurity Magazine (infosecurity-magazine.com)

• The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley

• New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)

• 4 Tips for Better AWS Cloud Workload Security (trendmicro.com)

Hybrid/Remote Working

• Bridging the cyber security readiness gap in a hybrid world - Help Net Security

Identity and Access Management

• How access management helps protect identities in the cloud | VentureBeat

• The impact of AI on the future of ID verification - Help Net Security

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

• CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)

API

• 4 cloud API security best practices | TechTarget

Open Source

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Post-Exploitation Method Exposes User Passwords (darkreading.com)

Social Media

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• TikTok cannot be considered a private company: report • The Register

• TikTok CEO plans rigorous defences in Congress against claims the app is a US security threat | CyberScoop

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Training, Education and Awareness

• Complacency of staff to blame for data breaches (thesundaily.my)

Regulations, Fines and Legislation

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• India’s infosec reporting rules observed by just 15 orgs • The Register

• Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)

Governance, Risk and Compliance

• How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)

• CIOs Build New Bonds With CISOs - WSJ

• How to best allocate IT and cyber security budgets in 2023 - Help Net Security

• IT security spending to reach nearly $300 billion by 2026 - Help Net Security

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• How Your Cyber security Strategy Enables Better Business (trendmicro.com)

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• How Can CISOs Connect With the Board of Directors? (darkreading.com)

• Achieving The Five Levels Of Information Security Governance (forbes.com)

• Enhance security while lowering IT overhead in times of recession - Help Net Security

• Why organisations shouldn't fold to cyber criminal requests - Help Net Security

Models, Frameworks and Standards

• Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Backup and Recovery

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Data Protection

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How training and recognition can reduce cyber security stress and burnout | CSO Online

Law Enforcement Action and Take Downs

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• How to protect online privacy in the age of pixel trackers - Help Net Security

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• French govt clears AI facial scans for Paris Olympics • The Register

Artificial Intelligence

• EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews

• ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg

• ‘We are a little bit scared’: OpenAI CEO warns of risks of artificial intelligence | Artificial intelligence (AI) | The Guardian

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• We need to create guardrails for AI | Financial Times (ft.com)

• GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)

• Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom

• The impact of AI on the future of ID verification - Help Net Security

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• AI news latest: Google lets people talk to ‘Bard’ bot as ChatGPT taken offline after it goes haywire | The Independent

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch

• French govt clears AI facial scans for Paris Olympics • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• TikTok cannot be considered a private company: report • The Register

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• The pressing threat of Chinese-made drones flying above US critical infrastructure  | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online

Vulnerability Management

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

• From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022 (thehackernews.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• 10 Vulnerabilities Types to Focus On This Year (darkreading.com)

• Vulnerability vs. Risk: How MSSPs Can Prioritize Remediating Cyber security Vulnerabilities - MSSP Alert

• What Is the Microsoft Print Spooler Vulnerability? - ReHack

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Vulnerabilities

• Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)

• CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)

• Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)

• Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs

• Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)

• Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs

• WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)

• Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)

• Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar

• Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)

• ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours (securityintelligence.com)

• If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica

• Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

Tools and Controls

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Complacency of staff to blame for data breaches (thesundaily.my)

• How access management helps protect identities in the cloud | VentureBeat

• Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware

• The Ethics of Network and Security Monitoring (darkreading.com)

• Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

• How network perimeters secure enterprise networks | TechTarget

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Reports Published in the Last Week

• State of Cybersecurity for Mid-Sized Businesses in 2023 | Huntress

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

Other News

• Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News

• Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica

• What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)

• Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)

• Top ways attackers are targeting your endpoints - Help Net Security

• What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)

• 5 rules to make security user-friendly - Help Net Security

• Techno-nationalism explained: What you need to know (techtarget.com)

• How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru

• Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of IT Leaders Consider Security as an Afterthought

A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.

https://www.itsecurityguru.org/2023/03/14/almost-half-of-it-leaders-consider-security-as-an-afterthought-research-reveals

• Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.

https://www.darkreading.com/application-security/pig-butchering-investment-scams-3b-cybercrime-threat-overtaking-bec

• Over 721 Million Passwords were Leaked in 2022

A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.

https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/

• How Much of a Cyber Security Risk are Suppliers?

When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.

https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2

• 90% of £5m+ Businesses Hit by Cyber Attacks

A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.

https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/

• Rushed Cloud Migrations Result in Escalating Technical Debt

A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.

https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.

https://www.securityweek.com/microsoft-17-european-nations-targeted-by-russia-in-2023-as-espionage-ramping-up/

• Microsoft Warns of Large-Scale Use of Phishing Kits

Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.

https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html

• BEC Volumes Double on Phishing Surge

The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.

https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/

• The Risk of Pasting Confidential Company Data in ChatGPT

Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.

https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html

• Ransomware Attacks have Entered a Heinous New Phase

With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.

https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

• MI5 Launches New Agency to Tackle State-Backed Attacks

British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.

https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/

• Why Cyber Awareness Training is an Ongoing Process

A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.

https://www.hornetsecurity.com/en/security-information/why-cyber-awareness-training-is-an-ongoing-process/

Threats

Ransomware, Extortion and Destructive Attacks

• BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)

• The changing face of ransomware attacks (pandasecurity.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)

• Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)

• CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)

• LockBit Ransomware gang claims to have stolen SpaceX confidential data from Maximum Industries- - Security Affairs

• Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs

• The Prolificacy of LockBit Ransomware (thehackernews.com)

• Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register

• CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking - SentinelOne

• Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• Dish customers kept in the dark as ransomware fallout continues | TechCrunch

• Cancer patient sues hospital over stolen naked photos • The Register

• ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)

• Lawyers suspect Arnold Clark hackers have now leaked 45GB of personal data on dark web – Car Dealer Magazine

• Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert

• Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)

• Universities and colleges cope silently with ransomware attacks | CSO Online

Phishing & Email Based Attacks

• Top 50 most impersonated brands in phishing attacks and new tools you can use to protect your employees from them (cloudflare.com)

• Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily (thehackernews.com)

• Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica

• Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)

• 6 reasons why your anti-phishing strategy isn’t working | CSO Online

• Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• How two-step phishing attacks evade detection and what you can do about it - Help Net Security

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)

• Organizations need to re-examine their approach to BEC protection - Help Net Security

• BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica

Malware

• SpyCloud Report: Malware Infections the Most Prolific & Persistent Threat to Businesses | Business Wire

• Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)

• Law enforcement seized the website selling the NetWire RAT- - Security Affairs

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

• KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (thehackernews.com)

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)

• What is Zeus Trojan Malware? - CrowdStrike

• Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)

• Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)

• Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)

• Tracking the global spread of malware - Help Net Security

Mobile

• Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)

• GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)

Botnets

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

Denial of Service/DoS/DDOS

• Record Breaking DDoS Attack - 158.2 Million Packets Per Second (gbhackers.com)

Internet of Things – IoT

• Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)

• Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)

Data Breaches/Leaks

• Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert

• Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)

• BMW exposes data of clients in Italy, experts warn- - Security Affairs

• Acronis states that only one customer's account was compromised- - Security Affairs

• Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch

• Key aerospace player leaks sensitive data | Cybernews

• Hundreds of thousands of customer records stolen from lender Latitude in cyber-attack | Business | The Guardian

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

Organised Crime & Criminal Actors

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing Campaigns Use SVB Collapse to Harvest Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

• CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Insider Risk and Insider Threats

• Future-Proofing Your Business Against Insider Threats (informationsecuritybuzz.com)

Fraud, Scams & Financial Crime

• ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Investment Fraud is Now Biggest Cyber crime Earner - Infosecurity Magazine (infosecurity-magazine.com)

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• The SVB demise is a fraudster's paradise, so take precautions - Help Net Security

• Fighting financial fraud through fusion centers - Help Net Security

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Impersonation Attacks

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

Deepfakes

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

AML/CFT/Sanctions

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

Dark Web

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Supply Chain and Third Parties

• Top 10 operational risks: focus on third-party risk - Risk.net

• How much of a cyber security risk are my suppliers? (thetimes.co.uk)

Software Supply Chain

• We can't wait for SBOMs to be demanded by regulation - Help Net Security

• Best practices for securing the software application supply chain - Help Net Security

• Addressing Software Supply Chain Security - DevOps.com

Cloud/SaaS

• Rushed cloud migrations result in escalating technical debt - Help Net Security

• CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

Hybrid/Remote Working

• Orgs Have a Long Way to Go in Securing Remote Workforce (darkreading.com)

Attack Surface Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

Identity and Access Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

• Navigating the future of digital identity - Help Net Security

Encryption

• Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

Passwords, Credential Stuffing & Brute Force Attacks

• Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert

• Study: Over 721 million passwords were leaked in 2022 - Neowin

• Understanding password behavior key to developing stronger cyber security protocols - Help Net Security

Social Media

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Spies, lies and influenced children: What TikTok must overcome to show us it can be trusted (telegraph.co.uk)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

Malvertising

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

Training, Education and Awareness

• Forgetting Curve according to Dr Ebbinghaus: Why cyber awareness training is an ongoing process - Hornetsecurity

Regulations, Fines and Legislation

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors (databreaches.net)

• When and how to report a breach to the SEC | CSO Online

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop

Governance, Risk and Compliance

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• 6 principles for building engaged security governance | TechTarget

Models, Frameworks and Standards

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Data Protection

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

Law Enforcement Action and Take Downs

• International authorities bring NetWire's malware infrastructure to a standstill | TechSpot

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Privacy, Surveillance and Mass Monitoring

• German states rethink reliance on Palantir technology | Financial Times (ft.com)

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Artificial Intelligence

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• How to stop AI waging war on humans (thetimes.co.uk)

• ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek

• How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News

• Why red team exercises for AI should be on a CISO's radar | CSO Online

• GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)

Misinformation, Disinformation and Propaganda

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek

• UK’s Royal Navy, Ukraine Jointly Repel Simulated, Russian Cyber attack on National Infrastructure - MSSP Alert

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Polish intelligence dismantled a network of Russian spies- Security Affairs

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Nation State Actors

• MI5 Launches New Agency to Tackle State-Backed Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop

• A new Chinese era: security and control | Financial Times (ft.com)

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

• APT29 abuses EU information exchange systems in recent attacks- Security Affairs

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Vulnerabilities

• Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)

• Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• Microsoft and Fortinet fix bugs under active exploit • The Register

• CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)

• Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)

• Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)

• Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)

• Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek

• Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

• Bitwarden's password manager browser extension has a known exploit it hasn't addressed in five years | TechSpot

Tools and Controls

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Set up PowerShell script block logging for added security | TechTarget

• Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• 5 Steps to Effective Cloud Detection and Response  - The New Stack

• Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)

• ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)

• Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

Other News

• CASPER attack steals data using air-gapped computer's internal speaker (bleepingcomputer.com)

• US govt web server attacked by 'multiple' criminal gangs • The Register

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.