Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities

Attackers continue to aggressively target small and mid-size businesses using specific high-profile vulnerabilities dating back a decade or more, network telemetry shows. Findings have shown that this is due to these vulnerabilities featuring in a wide range of products. Due to their prevalence, they can often become missed by organisations conducting patch management and therefore leave the organisation open.

For this reason it is critical that all organisations, including smaller organisations, have internal as well as external vulnerability scanning. You might believe your systems are patched up to date but there is no way to confirm without scanning , or to know which patches might have been missed.

Sources: [Infosecurity Magazine]

91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit

Ransomware attacks saw a significant surge in 2023, following a dip in 2022. The number of victims increased by 66% from 2022 to 2023, with 91% of those affected paying at least one ransom. 58% of organisations have been targeted six times or more.

The Sophos State of Ransomware 2023 report highlighted ransom payments rose by 500%; nearly two-thirds exceeded $1m or more, with an average payment of $2m. Furthermore, 30% of the demands were for over $5m.

In the US, 18% of incidents led to litigation, with 123 lawsuits filed in 2023 and 355 over five years. Data breaches, affecting 283.3 million records, primarily triggered these lawsuits, especially in healthcare and finance sectors. The resolution rate is 59%, with the highest settlement at $8.7m. Regulatory fines added nearly $10m to the financial impact. These figures underscore the significant financial implications of ransomware attacks and the urgent need for robust cyber security measures.

Sources: [ZD Net] [Infosecurity Magazine] [Security Magazine] [PrNewsWire] [Infosecurity Magazine]

BEC and Fund Transfer Fraud Top Insurance Claims

Cyber Insurer Coalition's 2024 Cyber Claims Report highlights a significant trend in cyber security threats, identifying email-based fraud as the predominant cause of insurance claims in 2023, accounting for 53% of all claims. Business email compromise (BEC) and funds transfer fraud (FTF) topped the list, contributing to 28% of claims and increasing claim amounts by 24% to an average loss exceeding $278,000. In contrast, ransomware, while less frequent at 19% of claims, also saw a rise in both frequency and severity, with average losses climbing to over $263,000. The report also notes a 13% year-on-year surge in overall claims, with substantial losses tied to compromised network security devices and a notable vulnerability in organisations using exposed remote desktop protocols.

Source: [Infosecurity Magazine]

Correlating Cyber Investments with Business Outcomes

The US Securities and Exchange Commission (SEC) has implemented stringent new rules compelling organisations to report significant cyber incidents within four days and to annually disclose details concerning their cyber security risk management, strategy, and governance. These mandates are seen as giving “more teeth to the idea that cyber security is a business problem” and “bringing an element of cyber security to the boardroom” according to cyber security solutions provider SecurityGate. Highlighted in the "Cybersecurity Insights" podcast, experts argue for simplifying cyber security strategies, advocating sustained resource allocation over reactive measures, and emphasising the importance of training over expensive solutions. These steps are deemed crucial for enhancing organisational resilience and security in a landscape where cyber threats are increasingly sophisticated and pervasive.

Source: [InfoRisk Today] 

Verizon: Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link

Verizon has released the findings of its 17th Annual Data Breach Investigations Report, which showed security incidents doubled year over year in 2023 to a record high 30,458 security events and 10,626 confirmed breaches. Some of the key takeaways from the 100-page report include zero-day attacks on unpatched systems and devices rising 180% in 2023, most breaches (68%) involving a non-malicious human element and the median time for users to fall for phishing emails falling just south of 60 seconds. In its first inclusion as a separate metric, supply chain attacks were found to contribute to 15% of all attacks.

Sources: [MSSP Alert] [Verizon]

MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer

Verisk’s Property Claim Services (PCS) has recently identified the MOVEit and Change Healthcare cyber attacks as significant Cyber Catastrophe Loss Events. These designations are part of PCS’s Global Cyber solution, which tracks cyber incidents and their potential impact on the insurance market. The designation indicates that each attack is anticipated to result in insurance industry losses exceeding USD 250 million.

The MOVEit attack, linked to the Russian-affiliated group Cl0p, compromised over 2,700 organisations globally, affecting up to 90 million individuals. The Change Healthcare attack, attributed to the ALPHV/Blackcat gang, notably disrupted UnitedHealth Group’s operations, with projected costs and lost revenue totalling up to USD 1.6 billion. These designations highlight the escalating scale and financial impact of cyber incidents on global markets.

Source: [Reinsurance News]

Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties

Nearly every organisation is part of a supply chain, where a significant amount of data is transferred. When data leaves your infrastructure, its security depends on the third party. The risks of a cyber incident increases as the supply chain increases.

Organisations need to mitigate the risks that their third party brings. This requires an understanding of the supply chain actors, and performing cyber security assessments of the most critical ones. The objective is to ensure that your organisation is satisfied with the third party’s security controls, or to work together to remediate any gaps.

Source: [Help Net Security]

Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats

In the era of hybrid work, remote desktop tools have become crucial yet vulnerable points within corporate networks, attracting significant cyber criminal attention. A study by Barracuda Networks underscores the challenges of securing these tools. Virtual Network Computing (VNC) is particularly susceptible; it is targeted in 98% of these types of attacks due to its use of multiple, sometimes unsecured ports. VNC attacks predominantly exploit weak password practices, notably through brute force methods. Conversely, Remote Desktop Protocol (RDP) accounts for about 1.6% of these attacks but is favoured for more extensive network breaches, often involving ransomware or crypto mining. The study highlights a pressing need for robust endpoint management and heightened security measures to mitigate these threats.

Source: [ITPro]

95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right

A recent report found that 95% of companies have altered their cyber security strategies in the last twelve months. This was driven by keeping pace with the shifting regulatory landscape (98%), the need to meet customer expectations for data protection and privacy (89%), and the rise of AI-driven threats and solutions (65%). Almost half (44%) of non-security executives do not understand the regulatory requirements their organisation must adhere to.

When it came to reporting, the study found that security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact. It is evident that there is a disconnect between security and non-security professionals when it comes to the business strategy.

Sources: [Business Wire] [Security Magazine]

Human Factor a Significant Risk for Small and Medium-Sized Businesses.

A survey of business and IT security in small and medium-sized businesses (SMBs) conducted by LastPass found that roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. The survey found that password management is critically important to cyber security, with nearly half (47%) reporting recent breaches due to compromised passwords.

Sources: [Beta News] [Business Wire]

Microsoft CEO Says it is Putting Security Above All Else in Major Refocus

Following a series of high-profile attacks in recent months and a report by the US Cyber Safety Review Board (CSRB), Microsoft’s CEO has revealed it will now focus its efforts on an increase in the commitment to security. Investigating a summer 2023 attack, Microsoft was deemed to have made a series of “avoidable errors”, including the failure to detect several compromises, the CSRB said.

Sources: [TechRadar]

Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams

A recent discussion on workplace errors highlights the significant repercussions of cyber breaches compared to typical office mistakes. In the UK, nearly a third of businesses face cyber attacks weekly, with each breach costing approximately £4,000. However, a concerning trend is that 41% of these breaches are not reported to internal leadership, often due to fears among staff about the consequences of admitting faults. A three-pronged approach has been suggested to foster a blame-free culture: providing tailored and evolving cyber training, establishing safe zones for admitting mistakes, and implementing robust recovery plans. This approach not only prepares employees to handle potential breaches more effectively but also encourages them to report incidents promptly, reducing the overall impact and aiding quicker recovery. Such strategies are essential for maintaining resilience against increasingly sophisticated cyber threats.

Source: [Minute Hack]

Governance, Risk and Compliance

• Verizon 2024 Data Breach Investigations Report: 5 Takeaways | MSSP Alert

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Verizon DBIR: Vulnerability exploitation in breaches up 180% | TechTarget

• Verizon DBIR: Basic Security Gaffes Cause Breach Surge (darkreading.com)

• 95% of Organisations Revamped Their Cyber Security Strategies in the Last Year | Business Wire

• 95% of organisations adjusted cyber security strategies this past year | Security Magazine

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerability Exploits Triple as Initial Access Point for Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Are Enterprises Overconfident About Cyber Security Readiness? (govinfosecurity.com)

• How CISOs Can Contend with Increasing Scrutiny from Regulators (informationweek.com)

• Correlating Cyber Investments with Business Outcomes (inforisktoday.com)

• Ending The Culture of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Should Cyber Security Leadership Finally be Professionalized? - SecurityWeek

• What needs to change to overcome nonchalant security approaches | TechRadar

• Agile by Design: Cyber Security at the Heart of Transformation (noeticcyber.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Ransomware Rising Despite Takedowns, Says Corvus Report - Infosecurity Magazine (infosecurity-magazine.com)

• Impact of organisational structure on ransomware outcomes: Where does your org fit in? | SC Media (scmagazine.com)

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• 91% of ransomware victims paid at least one ransom in the past year, survey finds | ZDNET

• Ransom Payments Surge by 500% to an Average of $2m - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• There was an 81% year-over-year increase in ransomware attacks | Security Magazine

• Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings 2024 Global Threat Intelligence Report (prnewswire.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• LockBit, Black Basta, Play Dominate Ransomware in Q1 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Ransom recovery costs reach $2.73 million - Help Net Security

• Cactus Ransomware Group Targets Qlik Sense Servers | Decipher (duo.com)

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• How Businesses Should Grapple With Ransomware Threats (eetimes.eu)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

Ransomware Victims

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Almost all US hospitals took financial hit from Change hack, AHA says | Reuters

• Another major pharmacy chain shuts following possible cyber attack | TechRadar

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Cyber attack to cost Western Isles Council half a million pounds (holyrood.com)

• LockBit publishes confidential data stolen from Cannes hospital in France (therecord.media)

• French hospital CHC-SV refuses to pay LockBit extortion demand (bleepingcomputer.com)

• 'Cybersecurity incident' closes London Drugs' pharmacies • The Register

Phishing & Email Based Attacks

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• US Post Office phishing sites get as much traffic as the real one (bleepingcomputer.com)

• If you receive a Shein mystery box, do not open it | TechRadar

• Why the automotive sector is a target for email-based cyber attacks - Help Net Security

BEC

• BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• FBI warns of fake verification schemes targeting dating app users (bleepingcomputer.com)

• A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts | PCMag

Artificial Intelligence

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• State of Security 2024 Report Reveals Growing Impact of Generative AI on Cyber Security Landscape | Business Wire

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Understanding emerging AI and data privacy regulations - Help Net Security

• To understand the risks posed by AI, follow the money – O’Reilly (oreilly.com)

• From Risk to Resilience: Managing Data Security in AI-Driven Enterprises | Inc.com

• Security in the AI Sector: Understanding Infostealer Exposures and Corporate Risks - Security Boulevard

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• US Government Releases New AI Security Guidelines for Critical Infrastructure (thehackernews.com)

• Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues - SecurityWeek

• Why the Military Can’t Trust AI | Foreign Affairs

2FA/MFA

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

Malware

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

• Bogus npm Packages Used to Trick Software Developers into Installing Malware (thehackernews.com)

• Stealthy malware: The threats hiding in plain sight | ITPro

• Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (thehackernews.com)

• ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (thehackernews.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

Mobile

• Powerful 'Brokewell' Android Trojan Allows Attackers to Takeover Devices - SecurityWeek

• Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (thehackernews.com)

• New Wpeeper Android malware hides behind hacked WordPress sites (bleepingcomputer.com)

• NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Android Flaw Affected Apps With 4 Billion Installs - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft warns of "Dirty Stream" attack impacting Android apps (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Target New NATO Member Sweden with Surge of DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• A glaring Android TV security flaw might put your Gmail at risk | Android Central

Data Breaches/Leaks

• PSNI data breach: Almost 5,000 officers and staff in legal action - BBC News

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Kaiser Permanente data breach may have impacted 13.4 million patients (securityaffairs.com)

• Social exclusion charity Extern “urgently reviewing” impact of data breach following ransomware attack – The Irish News

• FBCS data breach impacted 2M individuals (securityaffairs.com)

• States shares health debt data of 5,000 in an email | Guernsey Press

• Qantas app exposed sensitive traveller details to random users (bleepingcomputer.com)

• DropBox says hackers stole customer data, auth secrets from eSignature service (bleepingcomputer.com)

• Mitre Shares Lessons Learned from Breach | MSSP Alert

• Hull City Council pays £30K in data breach claims and suffers nine cyber attacks in three years - Hull Live (hulldailymail.co.uk)

• Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach (bleepingcomputer.com)

• Australian pubgoers' personal info posted to leak site • The Register

• Monash Health data breach exposes sexual assault and family violence claims (smh.com.au)

• Panda Restaurant Group disclosed a data breach (securityaffairs.com)

Organised Crime & Criminal Actors

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

Insider Risk and Insider Threats

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element - Help Net Security

• Survey: Human Factors Create Significant Cyber Security Risks for Small and Medium-Sized Businesses, Despite Increased Technology Investment | Business Wire

• How insider threats can cause serious security breaches - Help Net Security

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

Insurance

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Cyber facility in capacity raise as risk severity grows (emergingrisks.co.uk)

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Alarming Insurance Gaps and Soaring Breach Rates Call for a United Front in Cyber Security | HaystackID - JDSupra

Supply Chain and Third Parties

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• Securing your organisation's supply chain: Reducing the risks of third parties - Help Net Security

Cloud/SaaS

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• 97% of security leaders have increased SaaS security budgets - Help Net Security

Encryption

• UK's Investigatory Powers Bill approved to become law • The Register

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• White Swan, Black Swan and QuantumBleed (forbes.com)

Linux and Open Source

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

Passwords, Credential Stuffing & Brute Force Attacks

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• Nvidia's flagship gaming GPU can crack complex passwords in under an hour | Tom's Hardware (tomshardware.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

• Five Ways to Dramatically Reduce the Risk of Password Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Google Online Security Blog: Your Google Account allows you to create passkeys on your phone, computer and security keys (googleblog.com)

• How to use a YubiKey to log into Windows and macOS (xda-developers.com)

Social Media

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook at 20: Contemplating the Cost of Privacy (darkreading.com)

Training, Education and Awareness

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Everyone's an Expert: How to Empower Your Employees for Cyber Security Success (thehackernews.com)

Regulations, Fines and Legislation

• UK's Investigatory Powers Bill approved to become law • The Register

• UK rolls out new consumer safeguards for smart devices (betanews.com)

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• FCC fines major wireless carriers over illegal location data sharing - Help Net Security

• Understanding emerging AI and data privacy regulations - Help Net Security

• CISA's incident reporting requirements go too far, trade groups and lawmakers say | CyberScoop

Data Protection

• How AI and data protection intersect in today's threat era - SiliconANGLE

Careers, Working in Cyber and Information Security

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says | CyberScoop

• Cyber Security Degrees, Are They Really Worth It? | HackerNoon

• Beyond the Buzz: Rethinking Alcohol as a Cyber Security Bonding Ritual - SecurityWeek

Law Enforcement Action and Take Downs

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• Police shuts down 12 fraud call centres, arrests 21 suspects (bleepingcomputer.com)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

• CEO who sold fake Cisco devices to US military gets 6 years in prison (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Think tank: Tech companies spread China's propaganda • The Register

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

• Why China Is So Bad at Disinformation | WIRED

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 'DuneQuixote' Shows Stealth Cyber Attack Methods Are Evolving (darkreading.com)

Nation State Actors

China

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Philippines Pummelled by Cyber Attacks & Misinformation Tied to China (darkreading.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Think tank: Tech companies spread China's propaganda • The Register

• China's attacks on critical infrastructure ‘tip of the iceberg' | SC Media (scmagazine.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why China Is So Bad at Disinformation | WIRED

• Chinese government website security has big problems • The Register

• Espionage breaches account for 25% in APAC, report reveals (securitybrief.co.nz)

Russia

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

• Russian Hackers Target Industrial Systems in North America, Europe - SecurityWeek

• Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say | CyberScoop

• Critical infrastructure operators urged to harden systems against pro-Russia hackers (therecord.media)

• Ukraine's military intelligence launches cyber attack against United Russia party (kyivindependent.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• The Dangerous Rise of GPS Attacks | WIRED

• Russia’s Pawprints on Aircraft Jamming Outbreak - CEPA

• Germany Warns Of Consequences For Alleged Russian Cyber Attack (rferl.org)

• Hackers Claim to Have Infiltrated Belarus’ Main Security Service - SecurityWeek

• Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyber Attack (darkreading.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

• Two British men charged with helping Russian intelligence - BBC News

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

Iran

• Israel winning cyber war against Iran, says former officer of elite IDF intelligence unit | All Israel News

North Korea

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

Vulnerability Management

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Vulnerability exploitation nearly tripled in 2023 (telecoms.com)

Vulnerabilities

• Cisco devices again targeted by state-linked threat campaign - TechCentral.ie

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• 1,200+ Vulnerabilities Detected In Microsoft Products In 2023 (gbhackers.com)

• Most attacks affecting SMBs target five older vulnerabilities | CSO Online

• Severe Flaws Disclosed in Brocade SANnav SAN Management Software (thehackernews.com)

• UnitedHealth hackers took advantage of Citrix vulnerability to break in, CEO says (yahoo.com)

• Palo Alto Updates Remediation for Max-Critical Firewall Bug (darkreading.com)

• Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades - Help Net Security

• WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (thehackernews.com)

• Grafana Tool Vulnerability Let Attackers Inject SQL Queries (gbhackers.com)

• Microsoft says April Windows updates break VPN connections (bleepingcomputer.com)

• NTLM auth traffic spikes after Windows Server patch • The Register

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (thehackernews.com)

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• 1,400 GitLab Servers Impacted by Exploited Vulnerability - SecurityWeek

Tools and Controls

• Why remote desktop tools are facing an onslaught of cyber threats | ITPro

• Correlating Cyber Investments With Business Outcomes (inforisktoday.com)

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• Can automating security relieve CISO pressure? (techinformed.com)

• 10 Critical Endpoint Security Tips You Should Know (thehackernews.com)

• 7 antivirus myths that are dead wrong | PCWorld

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• EDR vs. EPP: What's the difference? | TechTarget

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Organisations Struggle with Zero Trust: Gartner | MSSP Alert

• Tech Tip: Why Haven't You Set Up DMARC Yet? (darkreading.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• Communication gaps between IT departments and senior corporate leadership worsening application security risks - Tech Monitor

• Continuous threat exposure management (CTEM): What it is and how to achieve it | SC Media (scmagazine.com)

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

• Fortifying Cyber Defence With the Power of Linux Intrusion Detection and Prevention Systems | Linux Journal

• How to Red Team GenAI: Challenges, Best Practices, and Learnings (darkreading.com)

• What is API Security? - Security Boulevard

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why LLMs are predicting the future of compliance and risk management | VentureBeat

• Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM (thehackernews.com)

Reports Published in the Last Week

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Global Threat Intelligence Report 2024 by NTT Security Holdings

• 2024 Data Breach Investigations Report | Verizon

• The State of Security 2024 | Splunk

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

Other News

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• 3 Key Business Areas Cyber Security Falls Short | Inc.com

• 7 antivirus myths that are dead wrong | PCWorld

• A Season Of Health Breaches, A Season Of Changes (forbes.com)

• Bank of England tells payment firms to step up disruption mitigation plans (yahoo.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• NCSC updates warning over hacktivist threat to CNI | Computer Weekly

• Cyber Space: EU and partners discuss ways to strengthen cooperation in promoting international security and stability | EEAS (europa.eu)

• The EU's Strategy for a Cyber Secure Digital Single Market | UpGuard

• Cyber attack at Irish telecoms firm? – The Irish Times

• To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware (darkreading.com)

• During National Small Business Week, Take Steps to Secure Your Business | CISA

• At Microsoft, years of security debt come crashing down | Cybersecurity Dive

• National Small Business Week: IRS warns entrepreneurs to take precautions on data security; protect their businesses, employees, customers | Internal Revenue Service

• Zelenskyy fires security service chief accused of "weaponized draft" against journalist - Euromaidan Press

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• The ultimate cyber spring-cleaning checklist (avast.com)

• European New Space Companies Prepare to Counter Growing Security Threat - Via Satellite (satellitetoday.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape

The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.

The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.

Sources: [ITPro] [The Debrief]

Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge

The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.

However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.

Sources: [ITPro] [Law Society] [Security Brief] [Financial Times]  [Infosecurity Magazine]

Researcher Uncovers One of The Biggest Password Dumps in Recent History

Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.

Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.

Source: [Ars Technica]

Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023

Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.

Source: [Infosecurity Magazine]

75% of Organisations Hit by Ransomware in 2023

A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.

Source: [Infosecurity Magazine]

The Dangers of Quadruple Blow Ransomware Attacks

With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.

This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.

Source: [TechRadar]

Human Error and Insiders Expose Millions in UK Law Firm Data Breaches

UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.

Source: [Infosecurity Magazine]

It’s a New Year and a Good Time for a Cyber Security Checkup

2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.

Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.

Source: [JDSupra]

Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster

Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.

In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.

Source: [The Hacker News]

Cyber Threats Top Global Business Risk Concern for 2024

Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.

Source: [Insurance Journal]

Generative AI has CEOs Worried About Cyber Security, PwC Survey Says

A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company.  When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.

Source: [Quartz]

With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too

As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.

Source: [Dark Reading]

Digital Resilience: a Step Up from Cyber Security

In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [CSO Online] [Financial Times]

Governance, Risk and Compliance

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• JPMorgan suffers 45bn cyber attacks a day (ft.com)

• Improving Supply Chain Security, Resiliency (informationweek.com)

• Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)

• As hacks worsen, SEC turns up the heat on CISOs | TechCrunch

• It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Digital resilience – a step up from cyber security | CSO Online

• How to Recover After Failing a Cyber Security Audit - Security Boulevard

• Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK

• Cyber incident response impaired by stress | SC Media (scmagazine.com)

• Key Considerations for Successful Cyber Security Supply Chain Risk Management (C-SCRM) - Security Boulevard

• Security considerations during layoffs: Advice from an MSSP - Help Net Security

• Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)

• InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

• Applying the Tyson Principle to Cyber Security: Why Attack Simulation is Key to Avoiding a KO (thehackernews.com)

• How to improve cyber resilience across your workforce (ft.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• UK finance firms faced a torrent of ransomware attacks in 2023 as threat actors ramped up activities | ITPro

• Veeam Data Protection Trends Report 2024 Finds Cyber Attacks the #1 Cause of Business Outages | Business Wire

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

• Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)

• The Top 10 Ransomware Groups of 2023 - Security Boulevard

• 3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)

• Ransomware causes mental, physical trauma to security pros • The Register

• The dangers of quadruple blow ransomware attacks | TechRadar

• Ransomware: how financial institutions can prepare to react quickly through regulatory compliance (finextra.com)

• Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert

• Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security

• Outsmarting Ransomware’s New Playbook - SecurityWeek

• TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)

• Ransomware negotiation: When cyber security meets crisis management - Help Net Security

Ransomware Victims

• Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)

• Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)

• British Library to share learning from cyber attack - Museums Association

• British Library starts restoring services online after hack - BBC News

• British cosmetics firm Lush confirms cyber attack (therecord.media)

• Delay to Manx Care dental services after cyber attack - BBC News

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

• Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)

• A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar

• Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)

Phishing & Email Based Attacks

• Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar

• Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Vendor Email Attacks Surged by 137% in Financial Sector in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Modular laptop maker Framework contacts customers after phishing scheme hooks internal spreadsheet packed with personal data | Tom's Hardware (tomshardware.com)

• US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar

• Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)

• Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security

• US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

• Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard

Artificial Intelligence

• AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)

• Adversaries exploit trends, target popular GenAI apps - Help Net Security

• The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)

• The power of AI in cyber security - Help Net Security

• Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security

• AI Could Make Cyber Threats Harder to Detect (newswise.com)

• If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

2FA/MFA

• Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)

• Out with the old and in with the improved: MFA needs a revamp - Help Net Security

• MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)

Malware

• GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)

• Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)

• Data-theft malware exploits Windows Defender SmartScreen • The Register

• Windows PCs targeted by dangerous new threat that even gets around Defender - and even though there's a fix, you could still be at risk | TechRadar

• MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)

• 5 malware mistakes most people make while traveling and trying to charge (nypost.com)

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine (infosecurity-magazine.com)

• Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)

• Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar

• JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard

• $80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)

• Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)

• Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)

• Securing Public Sector Against IoT Malware in 2024 - Security Boulevard

Mobile

• 5 malware mistakes most people make while traveling and trying to charge (nypost.com)

• New Tool Identifies Pegasus and Other iOS Spyware - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Environmental Websites Hit by DDoS Surge in COP28 Crossfire - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Your washing machine could be sending 3.7 GB of data a day — LG washing machine owner disconnected his device from Wi-Fi after noticing excessive outgoing daily data traffic | Tom's Hardware (tomshardware.com)

• Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)

• Modernising print security for today’s working world | TechRadar

• Securing Public Sector Against IoT Malware in 2024 - Security Boulevard

Data Breaches/Leaks

• Human Error and Insiders Expose Millions in UK Law Firm Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Insufficient cyber security caused PSNI data breach  (iapp.org)

• Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360

• Modular laptop maker Framework contacts customers after phishing scheme hooks internal spreadsheet packed with personal data | Tom's Hardware (tomshardware.com)

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

Organised Crime & Criminal Actors

• Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)

• GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)

• Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard

• Illegal online casinos spread crypto-crime across Asia • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine (infosecurity-magazine.com)

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Illegal online casinos spread crypto-crime across Asia • The Register

Insider Risk and Insider Threats

• Human Error and Insiders Expose Millions in UK Law Firm Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Preventing insider access from leaking to malicious actors - Help Net Security

Insurance

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)

• Fighting ransomware: A guide to getting the right cyber security insurance | SC Media (scmagazine.com)

Supply Chain and Third Parties

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)

• Improving Supply Chain Security, Resiliency (informationweek.com)

• Key Considerations for Successful Cyber Security Supply Chain Risk Management (C-SCRM) - Security Boulevard

Cloud/SaaS

• Insurance website's buggy API leaked Office 365 password • The Register

• As Enterprise Cloud Grows, So Do Challenges (darkreading.com)

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• 3 ways to combat rising OAuth SaaS attacks - Help Net Security

• FBI: Beware of cloud-credential thieves building botnets • The Register

• Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)

Identity and Access Management

• Digital nomads amplify identity fraud risks - Help Net Security

Encryption

• New Report Charts Roadmap To A Quantum-Secure Financial System – Eurasia Review

Passwords, Credential Stuffing & Brute Force Attacks

• Researcher uncovers one of the biggest password dumps in recent history | Ars Technica

• GitHub scrambles to rotate keys after credentials in production containers were potentially exposed | ITPro

• Insurance website's buggy API leaked Office 365 password • The Register

• FBI: Beware of cloud-credential thieves building botnets • The Register

Social Media

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Latest Adblock update causes massive YouTube performance hit (bleepingcomputer.com)

Training, Education and Awareness

• The right strategy for effective cyber security awareness - Help Net Security

• Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard

• How to improve cyber resilience across your workforce (ft.com)

Regulations, Fines and Legislation

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

• As hacks worsen, SEC turns up the heat on CISOs | TechCrunch

• IT consultant in Germany fined for exposing shoddy security • The Register

• Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register

• A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK

• Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard

• Home improvement marketers dial up trouble from regulator • The Register

Models, Frameworks and Standards

• 10 cyber security frameworks you need to know about - Help Net Security

• NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST

Backup and Recovery

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

Data Protection

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

Careers, Working in Cyber and Information Security

• Ransomware causes mental, physical trauma to security pros • The Register

• Protecting the protectors: combating stress in the cyber security industry | The Independent

• Best practices to mitigate alert fatigue - Help Net Security

• Universities not delivering the right skills for cyber security (betanews.com)

Law Enforcement Action and Take Downs

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK

Misinformation, Disinformation and Propaganda

• Staying cyber secure in the age of misdirection | The Independent

• FBI Warns of More Election Chaos in 2024 (darkreading.com)

• Election Security 2024: Biggest Cyber Threats and Practical Solutions - Infosecurity Magazine (infosecurity-magazine.com)

• OODA Loop - Elections Are Coming: Time to Sound Misinformation’s Clarion Call… Again

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• Cyberwar continues to underperform (reason.com)

Nation State Actors

China

• End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)

• Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)

• Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)

• China warns of AirDrop de-anonymisation flaw • The Register

Russia

• FBI Warns of More Election Chaos in 2024 (darkreading.com)

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)

• Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)

• Russia finds way around sanctions on battlefield tech: report – POLITICO

• Moscow imports a third of battlefield tech from western companies (ft.com)

• Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop

• Ukrainian hackers successfully attack payment website of one of Russia's regional energy companies (yahoo.com)

Iran

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Threat-hunter says Iran is stepping up the sophistication of its cyber attacks (therecord.media)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• Ukrainian hackers successfully attack payment website of one of Russia's regional energy companies (yahoo.com)

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)

• New Tool Identifies Pegasus and Other iOS Spyware - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Why we must bring order to cyber vulnerability chaos | TechRadar

Vulnerabilities

• CISA: Critical SharePoint vuln is under active exploitation • The Register

• Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)

• Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)

• Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)

• VMware Urges Customers to Patch Critical Aria Automation Vulnerability  - SecurityWeek

• Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)

• Two more Citrix NetScaler bugs exploited in the wild • The Register

• Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)

• Millions of GPUs from Apple, AMD and Qualcomm have a serious security flaw — and it could put literally all your data at risk if it isn't fixed | TechRadar

• End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)

• Apple Magic Keyboards are at risk from security attacks – update now to protect your Mac or iPad | TechRadar

• Windows 10 security update requires some major changes - experts only need apply | TechRadar

• GitLab Patches Critical Password Reset Vulnerability - SecurityWeek

• Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)

• Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek

• Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek

• Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)

• New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica

• China warns of AirDrop de-anonymisation flaw • The Register

• Drupal Releases Security Advisory for Drupal Core | CISA

• Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)

Tools and Controls

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Digital resilience – a step up from cyber security | CSO Online

• If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online

• Key elements for a successful cyber risk management strategy - Help Net Security

• Preventing insider access from leaking to malicious actors - Help Net Security

• Applying the Tyson Principle to Cyber Security: Why Attack Simulation is Key to Avoiding a KO (thehackernews.com)

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• As Enterprise Cloud Grows, So Do Challenges (darkreading.com)

• Best practices to mitigate alert fatigue - Help Net Security

• Modernising print security for today’s working world | TechRadar

• APIs in peril: Wallarm's latest report exposes uptick in API attacks and highlights security predictions for 2024 | Business Wire

• MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)

• Cyber incident response impaired by stress | SC Media (scmagazine.com)

• Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)

• InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)

• Digital nomads amplify identity fraud risks - Help Net Security

• Out with the old and in with the improved: MFA needs a revamp - Help Net Security

• The right strategy for effective cyber security awareness - Help Net Security

• SOC-as-a-Service: The Five Must-Have Features - Security Boulevard

Other News

• Post Office scandal latest: MPs 'shocked' by evidence from Fujitsu and Post Office boss - as victims Alan Bates and Jo Hamilton say they were 'gaslit' | UK News | Sky News

• Post Office syndrome: why we’re more vulnerable than ever to Horizon-like computer systems | The Independent

• What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)

• How news organisations became a prime target for cyber attacks (pressgazette.co.uk)

• UK doubles spending on overseas cyber security projects (ft.com)

• Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)

• NCSC Builds New “Cyber League” Threat Tracking Community - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.