Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Hacker Gang Clop Deploys Extortion Tactics Against Global Companies

The Russian-speaking gang of hackers that compromised UK groups such as British Airways and the BBC has claimed it has siphoned off sensitive data from more institutions including US-based investment firms, European manufacturers and US universities. Eight other companies this week made it onto Clop’s list on the dark web. That adds to the news last week that UK groups, including Walgreens-owned Boots, informed employees that their data had been compromised. The issue also targeted customers of Zellis, a UK-based payroll provider that about half of the companies on the FTSE 100 use.

The hacking group is pushing for contact with the companies on the list, according to a post on Clop’s dark web site, as the gang demands a ransom that cyber security experts and negotiators said could be as much as several million dollars.

https://www.ft.com/content/c1db9c5c-cdf1-48bc-8e6b-2c2444b66dc9

• Social Engineering Drives BEC Losses to $50B Globally

Business email compromise (BEC) continues to evolve on the back of sophisticated targeting and social engineering, costing businesses worldwide more than $50 billion in the last 10 years - a figure that reflected a growth in business losses to BEC of 17% year-over-year in 2022, according to the FBI.

Security professionals attribute BEC's continued dominance in the cyber threat landscape to several reasons. A key one is that attackers have become increasingly savvy in how to socially-engineer messages so that they appear authentic to users, which is the key to being successful at this scam. And with the increase in availability of artificial intelligence, the continued success of BEC means these attacks are here to stay. Organisations will be forced to respond with even stronger security measures, security experts say.

https://www.darkreading.com/threat-intelligence/social-engineering-drives-bec-losses-to-50b-globally

• Creating A Cyber Conscious Culture—It Must Be Driven from the Top

Businesses are facing more frequent and sophisticated cyber threats and they must continuously learn new ways to protect their revenues, reputation and maintain regulatory compliance. With hybrid and remote working blurring traditional security perimeters and expanding the attack surface, the high volumes of sensitive information held by organisations are at increased risk of cyber attacks.

The increase had led to cyber elevating to the board level; after all the board is responsible for cyber security. It doesn’t stop there however, as everyone in an organisation has responsibility for upholding cyber security. The board must aim to create a cyber-conscious culture, where users are aware of their role in cyber security. One important way such a culture can be achieved is through providing regular education and training to all users.

https://www.forbes.com/sites/forbestechcouncil/2023/06/12/creating-a-cyber-conscious-culture-it-must-be-driven-from-the-top/sh=6a0bb36426cc

• Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?

What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence, which is seemingly in nearly every application released these days?

From word processing documents to the upcoming enhancements to Windows 11, which will include AI prompting in the Explorer platform, organisations should review how they want their employees to treat customer data or other confidential information when using AI platforms. Many will want to build limits and guidelines into their security plans that specify what is allowed to be entered into platforms and websites that may store or share the information online. However, confidential information should not be included in any application that doesn’t have clearly defined protections around the handling of such data. The bottom line is that AI is coming to your network and your desktop sooner than you think. Build your policies now and review your processes to determine if you are ready for it today.

https://www.csoonline.com/article/3698517/artificial-intelligence-is-coming-to-windows-are-your-security-policy-settings-ready.html

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs

Cyber criminals are increasingly targeting an organisation’s employees, figuring to trick an untrained staffer to click on a malicious link that starts a malware attack, Fortinet said in a newly released study of security awareness and training.

More than 80% of organisations faced malware, phishing and password attacks last year, which were mainly targeted at users. This underscores that employees can be an organisation’s weakest point or one of its most powerful defences.

Fortinet’s research revealed that more than 90% of the survey’s respondents believe that increased employee cyber security awareness would help decrease the occurrence of cyber attacks. As organisations face increasing cyber risks, employees serving as an organisation’s first line of defence in protecting their organisation from cyber crime becomes of paramount importance.

https://www.msspalert.com/cybersecurity-research/cyber-crooks-targeting-employees-organizations-fight-back-with-training-programs/

• Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands

A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. The brands impersonated by the phony sites include Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry, Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North Face and others.

A recent report found the campaign relies on at least 3,000 domains and roughly 6,000 sites, including inactive ones. The campaign had a significant activity spike between January and February 2023, adding 300 new fake sites monthly. The domain names follow a pattern of using the brand name together with a city or country, followed by a generic TLD such as ".com." Additionally, any details entered on the checkout pages, most notably the credit card details, may be stored by the website operators and resold to cyber criminals.

https://www.bleepingcomputer.com/news/security/massive-phishing-campaign-uses-6-000-sites-to-impersonate-100-brands/

• Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour

A recent study found that 11% of Brits were tempted to engage in ‘illegal or illicit online behaviour’ in order to help manage the fallout from the cost of living crisis. This statistic becomes even more concerning when focused on younger people, with almost a quarter of 25–35 year old respondents (23%) willing to consider illegal or illicit online activity. Of those willing to engage in this kind of behaviour, 56% suggested it was because they are desperate and struggling to get by, and need to find alternative means of supporting their families.

Nearly half (47%) of UK business leaders believe their organisation has been at a greater risk of attack since the start of the cost-of-living crisis. Against this backdrop, many SME business leaders are understandably worried about the impact on employees. Of those who think their organisation is more exposed to attack, 38% believe it’s due to malicious insiders and 35% to overworked and distracted staff making mistakes. Organisations not doing so already, should look to incorporate insider threat into their security plans. Insider threat should focus on areas such as regular education and monitoring and detection.

The report found that 44% of respondents have also noticed an uptick in online scams hitting their inboxes since the cost of living crisis began in late 2021/early 2022. Another worrying finding is that this uptick is proving devastatingly effective for scammers: over one in ten (13%) of UK respondents have already been scammed since the cost of living crisis began. This rises to a quarter (26%) of respondents in the 18-25 age range, reflecting a hyper-online lifestyle and culture that scammers can work to exploit effectively.

https://www.itsecurityguru.org/2023/06/15/it-security-guru-study-shows-over-one-in-ten-brits-are-willing-to-engage-in-illegal-or-illicit-online-behaviour-as-the-cost-of-living-crisis-worsens 

https://www.infosecurity-magazine.com/news/costofliving-crisis-drives-insider/

• Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign

Recently, Microsoft discovered multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attacks against banking and financial services organisations. The attackers are successfully phishing employees’ accounts with fake Office 365 domains. This allows them to bypass authentication, exfiltrate data and send further phishing emails against other employees and several targeted external organisations. In some cases, threat actors have registered their own device to the employee’s account, to evade MFA defences and achieve persistent access.

https://securityaffairs.com/147327/hacking/aitm-bec-attacks.html

https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html

https://www.csoonline.com/article/3699122/microsoft-office-365-aitm-phishing-reveals-signs-of-much-larger-bec-campaign.html

• Europol Warns of Metaverse and AI Terror Threat

New and emerging technologies like conversational AI, deepfakes and the metaverse could be utilised by terrorists and extremists to radicalise and recruit converts to their cause, Europol has warned. The report stated that the online environment lowers the bar for entering the world of terrorism and extremism, broadens the range of people that can become exposed to radicalisation and increases the unpredictability of terrorism and extremism.

Europol also pointed to the potential use of deepfakes, augmented reality and conversational AI to enhance the efficiency of terrorist propaganda. Both these technologies and internet of things (IoT) tools can also be deployed in more practical tasks such as the remote operation of vehicles and weapons used in attacks or setting up virtual training camps. Digital currencies are also playing a role in helping to finance such groups while maintaining the anonymity of those contributing the funding, Europol said.

https://www.infosecurity-magazine.com/news/europol-warns-metaverse-and-ai/

• What is AI, and is it Dangerous?

Recently, we saw the release of the first piece of EU regulation on AI. This comes after a significant rise in the usage of tools such as ChatGPT. Such tools allow for even those with limited technical ability to perform sophisticated actions. In fact, usage has risen 44% over the last three months alone, according to a report.

Rather worryingly, there is a lack of governance on the usage of AI, and this extends to how AI is used within your own organisation. Whilst the usage can greatly improve actions performed within an organisation, the report found that 6% of employees using AI had pasted sensitive company data into an AI tool. Would your organisation know if this happened, and how damaging could it be to your organisation if this data was to be leaked? Continuous monitoring, risk analysis and real-time governance can help aid an organisation in having an overview of the usage of AI.

https://www.bbc.co.uk/news/technology-65855333

https://thehackernews.com/2023/06/new-research-6-of-employees-paste.html

• Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?

With an ever-increasing number of cyber security threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation.

Companies looking to protect themselves have most likely heard the terms “cyber liability insurance” and “data breach insurance.” Put simply, cyber liability insurance refers to coverage for third-party claims asserted against a company stemming from a network security event or data breach. Data breach insurance, on the other hand, refers to coverage for first-party losses incurred by the insured organisation that has suffered a loss of data.

https://www.csoonline.com/article/3698297/cyber-liability-insurance-vs-data-breach-insurance-whats-the-difference.html

• Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities

The dark web makes up a significant portion of the internet. Access can be gained through special browser, TOR, also known as the onion Router. The service bounces around IP addresses, constantly changing to protect the anonymity of the user.

This dark web contains an array of activities and sites, which include hitmen for hire, drugs for sale, and stolen credit card databases amongst others. Sometimes these aren’t real however, and are actually a trap to steal money from users on the basis that these users are unlikely to report it to law enforcement when the victim was trying to break the law in the first place. What we do know however, is that the dark web contains a plethora of information, and this could include data from your organisation.

https://news.clearancejobs.com/2023/06/07/exploring-the-dark-web-hitman-for-hire-and-the-realities-of-online-activities/

Governance, Risk and Compliance

• Creating A Cyber-Conscious Culture—It Must Be Driven From The Top (forbes.com)

• Most businesses vulnerable to attacks on the cyber battlefield - The Globe and Mail

• 10 Important Security Tasks You Shouldn't Skip (darkreading.com)

• Just 14% of CISOs possess desired traits for cyber security-expert board positions: Report  | VentureBeat

• Enhancing security team capabilities in tough economic times - Help Net Security

• Ignoring digital transformation is more dangerous than a recession - Help Net Security

• Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)

• How the modern CIO grapples with legacy IT | CIO

• Cyber debt levels reach tipping point - Help Net Security

• Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals (thehackernews.com)

• Lax security measures, sophisticated hackers reason for rise in cyber breaches (ewn.co.za)

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

• Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online

• Red teaming can be the ground truth for CISOs and execs - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• CL0P Ransomware Gang Hits Multiple Governments, Businesses in Wide-Scale Attack - MSSP Alert

• Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities | TechCrunch

• Cyber extortion hits all-time high - Help Net Security

• How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware (darkreading.com)

• Researchers Report First Instance of Automated SaaS Ransomware Extortion (darkreading.com)

• Why Critical Infrastructure Remains a Ransomware Target (darkreading.com)

• Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)

• CISA: LockBit ransomware extorted $91 million in 1,700 US attacks (bleepingcomputer.com)

• Microsoft links data wiping attacks to new Russian GRU hacking group (bleepingcomputer.com)

• Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent (thehackernews.com)

• To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)

• Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency (thehackernews.com)

• Russian ransomware hacker extorted tens of millions, says DOJ (cnbc.com)

• Ransomware review: June 2023 (malwarebytes.com)

Ransomware Victims

• Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register

• Confidential data downloaded from UK regulator Ofcom in cyber attack (therecord.media)

• Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks (therecord.media)TfL warns 13,000 staff that it was raided by Russian hackers (telegraph.co.uk)

• Russian hackers steal data on thousands of Ulez drivers (telegraph.co.uk)

• JBS’s cyber security was poor prior to 2021 ransomware attack, homeland security records show | Successful Farming (agriculture.com)

• An Illinois hospital links closure to ransomware attack (nbcnews.com)

• US energy department, other agencies hit in global hacking spree | Reuters

• iTWire - Financial services firm FIIG hit by cyber attack, ALPHV claims credit

• The University of Manchester hit by cyber security breach after detecting 'unauthorised activity' - Manchester Evening News

• Xplain data breach also impacted national Swiss railway FSS - Security Affairs

• Rhysida ransomware leaks documents stolen from Chilean Army (bleepingcomputer.com)

Phishing & Email Based Attacks

• Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign | CSO Online

• Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organisations (thehackernews.com)

• Younger, more extroverted, and more agreeable individuals are more vulnerable to email phishing scams (psypost.org)

• Log4J exploits may rise further as Microsoft continues war on phishing | ITPro

• Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam (darkreading.com)

• Massive phishing campaign uses 6,000 sites to impersonate 100 brands (bleepingcomputer.com)

BEC – Business Email Compromise

• Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants (thehackernews.com)

• Microsoft warns of multi-stage AiTM phishing and BEC attacks - Security Affairs

• Analysis: Social Engineering Drives BEC Losses to $50B Globally (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Analysis: Social Engineering Drives BEC Losses to $50B Globally (darkreading.com)

Artificial Intelligence

• New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT (thehackernews.com)

• Artificial intelligence is coming to Windows: Are your security policy settings ready? | CSO Online

• Europol Warns of Metaverse and AI Terror Threat - Infosecurity Magazine (infosecurity-magazine.com)

• How Europe is Leading the World in the Push to Regulate AI - SecurityWeek

• AI is moving too fast to regulate, security minister warns (telegraph.co.uk)

• AI to render humans 'second most intelligent creations' | ITWeb

• LLM meets Malware: Starting the Era of Autonomous Threat - Security Affairs

• What is AI, is it dangerous and what jobs are at risk? - BBC News

• The perils of open-source AI | Financial Times (ft.com)

• Calculations Suggest It'll Be Impossible to Control a Super-Intelligent AI : ScienceAlert

2FA/MFA

• Multi-Factor Authentication Usage Nearly Doubles Since 2020, New Okta Report Finds - MSSP Alert

• Small organisations outpace large enterprises in MFA adoption - Help Net Security

Malware

• New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies (thehackernews.com)

• Cyber criminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable (thehackernews.com)

• New Loader Delivering Spyware via Image Steals Cryptocurrency Info (darkreading.com)

• Pirated Windows 10 ISOs install clipper malware via EFI partitions (bleepingcomputer.com)

• Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)

• Fake zero-day PoC exploits on GitHub push Windows, Linux malware (bleepingcomputer.com)

• Gozi banking malware “IT chief” finally jailed after more than 10 years – Naked Security (sophos.com)

• LLM meets Malware: Starting the Era of Autonomous Threat - Security Affairs

• New ‘Shampoo’ Chromeloader malware pushed via fake warez sites (bleepingcomputer.com)

• Russian hackers use PowerShell USB malware to drop backdoors (bleepingcomputer.com)

• Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits - SecurityWeek

• Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities (thehackernews.com)

Mobile

• How Popular Messaging Tools Instill a False Sense of Security (darkreading.com)

Denial of Service/DoS/DDOS

• Microsoft’s Azure portal down following new claims of DDoS attacks (bleepingcomputer.com)

• DOS Attacks Dominate, but System Intrusions Cause Most Pain (darkreading.com)

• Swiss government warns of ongoing DDoS attacks, data leak (bleepingcomputer.com)

• IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia (hackread.com)

• 10 Different Types of DDoS Attacks and How to Prevent Them (geekflare.com)

• Exclusive: Inside FXStreet's DDoS Attack (financemagnates.com)

Internet of Things – IoT

• Why attackers love to target IoT devices | VentureBeat

• IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia (hackread.com)

• How secure is your vehicle with digital key technology? - Help Net Security

• Flipper Zero “Smoking” A Smart Meter Is A Bad Look For Hardware Hackers | Hackaday

Data Breaches/Leaks

• Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch

• HSE hit by second 'international scale criminal' cyber attack as they monitor dark web for stolen data - Irish Mirror Online

• New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT (thehackernews.com)

• Top 10 cyber security findings from Verizon's 2023 data breach report | VentureBeat

• Xplain data breach also impacted national Swiss railway FSS - Security Affairs

• Examining the long-term effects of data privacy violations - Help Net Security

• A Massive Vaccine Database Leak Exposes IDs of Millions of Indians | WIRED

• Swiss Fear Government Data Stolen in Cyber attack - SecurityWeek

• Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register

• Have I Been Pwned warns of new Zacks data breach impacting 8 million (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The Complexities of Hacking: Exploring the thin line between cyber crime and ethical hacking | Euronews

• When It Comes to Cyber crime, the Medium Makes Us Vulnerable - Centre for International Governance Innovation (cigionline.org)

• Cyber criminals return to business as usual in a post-pandemic world - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers steal $3 million by impersonating crypto news journalists (bleepingcomputer.com)

• Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme (thehackernews.com)

• New Loader Delivering Spyware via Image Steals Cryptocurrency Info (darkreading.com)

• Cryptocurrency Attacks Quadrupled as Cyber criminals Cash In (darkreading.com)

• Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency (thehackernews.com)

Insider Risk and Insider Threats

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

• Top 10 Risky Behaviours of Employees - IT Security Guru

• Insider Threat Vs Outsider Threat: Which Is Worse? (informationsecuritybuzz.com)

• Study shows over one in ten Brits are willing to engage in ‘illegal or illicit’ online behaviour as the Cost of Living crisis worsens - IT Security Guru

Fraud, Scams & Financial Crime

• Yet more direct calling fiends fined by UK's data watchdog • The Register

• Cost-of-Living Crisis Drives Insider Threat Concerns - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• New Study Takes a Deep Dive Into Lookalike Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• After Important Cyber Insurance Victory for Policyholders, Focus Turns to Insurers' Proposed Changes to War Exclusions | HUB | K&L Gates (klgates.com)

• Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)

• The insurance industry cyber crime report: recent attacks on insurance businesses | Insurance Business America (insurancebusinessmag.com)

• Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online

Dark Web

• Exploring the Dark Web: Hitman for Hire and the Realities of Online Activities - ClearanceJobs

Supply Chain and Third Parties

• New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries (thehackernews.com)

Cloud/SaaS

• SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint - SecurityWeek

• New MOVEit Transfer critical flaws found after security audit, patch now (bleepingcomputer.com)

• Seven steps for using zero trust to protect your multicloud • The Register

• New cloud security guidance: it's all about the config - NCSC.GOV.UK

• Microsoft keeps quiet on talk of possible Azure DDoS attack • The Register

• New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries (thehackernews.com)

Encryption

• Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away | Ars Technica

Open Source

• Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)

• Fake zero-day PoC exploits on GitHub push Windows, Linux malware (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Thoughts on scheduled password changes (don’t call them rotations!) – Naked Security (sophos.com)

• Microsoft misused our dark web data, says security vendor • The Register

• RDP honeypot targeted 3.5 million times in brute-force attacks (bleepingcomputer.com)

• Want to be hacked? Just make these password mistakes | Tom's Guide (tomsguide.com)

Training, Education and Awareness

• Top 10 Risky Behaviours of Employees - IT Security Guru

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

Digital Transformation

• Ignoring digital transformation is more dangerous than a recession - Help Net Security

Regulations, Fines and Legislation

• AI is moving too fast to regulate, security minister warns (telegraph.co.uk)

• Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register

• Confidential data downloaded from UK regulator Ofcom in cyber attack (therecord.media)

• Yet more direct calling fiends fined by UK's data watchdog • The Register

• How Europe is Leading the World in the Push to Regulate AI - SecurityWeek

• Feds extend deadline for software security attestations • The Register

Models, Frameworks and Standards

• 3 ways we've made the CIS Controls more automation-friendly - Help Net Security

• Use PCI DSS Checklist with Automation (trendmicro.com)

Data Protection

• UK and US Agree Deal to Facilitate Personal Data Flows - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• #InfosecurityEurope: Cyber Leaders’ Plea to Tackle the Industry’s Mental Health Crisis - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Gozi banking malware “IT chief” finally jailed after more than 10 years – Naked Security (sophos.com)

• LockBit Affiliate Arrested, as Extortion Totals Reach $91M Since 2020 (darkreading.com)

Privacy, Surveillance and Mass Monitoring

• Examining the long-term effects of data privacy violations - Help Net Security

• FBI: FISA Section 702 'absolutely critical' • The Register

• Strava heatmap feature can be abused to find home addresses (bleepingcomputer.com)

• US Intelligence Has Admitted Amassed Data on 'Nearly Everyone' (gizmodo.com)

• Feds Say Facial Recognition IDed Bosnian War Criminal Miljkovic (gizmodo.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Putin’s little cyber helpers turn their sights on the UK (telegraph.co.uk)

• Russia-Ukraine war sending shockwaves into cyber-ecosystem • The Register

• Ukrainian hackers take down service provider for Russian banks (bleepingcomputer.com)

• Pro-Ukraine Cyber Anarchy Squad claims the hack of the Russian telecom provider Infotel JSC - Security Affairs

• 'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware (darkreading.com)

• RomCom Threat Actor Targets Ukrainian Politicians, US Healthcare (darkreading.com)

• Pro-Russian hackers step up attacks against Swiss targets, authorities say | Reuters

• Russian hackers steal data on thousands of Ulez drivers (telegraph.co.uk)

• Microsoft links data wiping attacks to new Russian GRU hacking group (bleepingcomputer.com)

• Russian hackers use PowerShell USB malware to drop backdoors (bleepingcomputer.com)

• Pro-Russian Hackers Target Website of Europe’s Largest Port in Rotterdam - Bloomberg

• Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine - Security Affairs

• Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent (thehackernews.com)

• New Report Reveals Shuckworm's Long-Running Intrusions on Ukrainian Organisations (thehackernews.com)

• Russia-backed hackers unleash new USB-based malware on Ukraine’s military | Ars Technica

• Microsoft Names Russian Threat Actor "Cadet Blizzard" - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

• Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)

• Iran's 'quantum processor' turned out to be a $600 dev board | PC Gamer

• China-based threat actors target UIDAI, AIIMS, ICMR: Govt advisory (moneycontrol.com)

• Subsea cables: how the US is pushing China out of the internet’s plumbing

• China's cyber now aimed at infrastructure, warns CISA boss

• Cyber security: Americans should prepare for cyber sabotage from Chinese hackers, US official warns - The Economic Times (indiatimes.com)

• Ukraine information sharing a model for countering China, top cyber official says | CyberScoop

• Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs (darkreading.com)

• North Korea created evil twin of South Korea's Naver.com • The Register

• Behind the Scenes Unveiling the Hidden Workings of Earth Preta (trendmicro.com)

• Gloucester: Russian hackers behind cyber-attack on council - BBC News

• Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT (darkreading.com)

• Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant

• Russian ransomware hacker extorted tens of millions, says DOJ (cnbc.com)

Vulnerability Management

• Why Detecting Behaviors Beats Zero-Days | Blumira

Vulnerabilities

• Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack (thehackernews.com)

• Bitwarden update corrects password manager access vulnerability on Windows - gHacks Tech News

• Fortinet: Patched Critical Flaw May Have Been Exploited (darkreading.com)

• Bitwarden update corrects password manager access vulnerability on Windows - gHacks Tech News

• CISA orders federal agencies to secure Internet-exposed network devices (bleepingcomputer.com)

• Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs (bleepingcomputer.com)

• Log4J exploits may rise further as Microsoft continues war on phishing | ITPro

• Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry (thehackernews.com)

• New Critical Google Chrome Payments Security Issue Confirmed (forbes.com)

• Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin (thehackernews.com)

• VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) - Help Net Security

• Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant

• US energy department, other agencies hit in global hacking spree | Reuters

Tools and Controls

• The Complexities of Hacking: Exploring the thin line between cyber crime and ethical hacking | Euronews

• Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Reports Finds (darkreading.com)

• Ignoring digital transformation is more dangerous than a recession - Help Net Security

• Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert

• Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online

• Red teaming can be the ground truth for CISOs and execs - Help Net Security

• How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware (darkreading.com)

• Secure Sign-in Trends Report | Okta

• What is Dark Web Monitoring and How Does It Work? | Trend Micro News

• New cloud security guidance: it's all about the config - NCSC.GOV.UK

• Why Now? The Rise of Attack Surface Management (thehackernews.com)

• Why Detecting Behaviours Beats Zero-Days | Blumira

• What Is Red Teaming and How Does It Work? (howtogeek.com)

• Exploring the All-Time Best Book for Ethical Hacking – Codelivly

• Beyond MFA: 3 steps to improve security and reduce customer authentication friction - Help Net Security

• Enhancing security team capabilities in tough economic times - Help Net Security

• Small organisations outpace large enterprises in MFA adoption - Help Net Security

• Cyber debt levels reach tipping point - Help Net Security

• MSSQL makes up 93% of all activity on honeypots tracking 10 databases | SC Media (scmagazine.com)

• Attack Surface Management Strategies (trendmicro.com)

• 5 best practices to ensure the security of third-party APIs | CSO Online

• Multi-Factor Authentication Usage Nearly Doubles Since 2020, New Okta Report Finds - MSSP Alert

Reports Published in the Last Week

• Secure Sign-in Trends Report | Okta

• Top 10 cyber security findings from Verizon's 2023 data breach report | VentureBeat

Other News

• #InfosecurityEurope: What TechUK's New Plan Means for Cyber security - Infosecurity Magazine (infosecurity-magazine.com)

• A Tech Plan to "Build a Better Britain" - IT Security Guru

• German National Security Strategy leaves out cyber counter-attacks – EURACTIV.com

• Moving the Cyber Industry Forward Requires a Novel Approach (darkreading.com)

• (ISC)² and CIISec Release Guide to Inclusive Language in Cyber security - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 74% of Breaches Involve Human Element- Make Employees Your Best Asset

Verizon’s recent data breach report analysed 16,312 security incidents and 5,199 breaches. A total of 74% of breaches involved a human element, highlighting the role of employees in achieving good cyber resilience. Organisations looking to improve their resilience should therefore consider how well and how frequently they train their users. In a recent report, Fortinet found that 90% of leaders believed that increasing their employee cyber security awareness would help decrease the occurrence of cyber attacks. Worryingly, despite 85% of leaders having an awareness and training programme in place, 50% believed their employees still lacked cyber security knowledge.

With an effective training programme, organisations can increase their employees’ cyber risk awareness and empower them in defending the organisation, laying the foundation for a strong cyber security culture.

https://www.helpnetsecurity.com/2023/06/06/verizon-data-breach-investigations-report-2023-dbir/

https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/

• Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC

The recent cyber attacks on file transfer software MOVEit have impacted a number of major companies through their supply chain. The attack, which hit UK-based HR and payroll provider Zellis has had a huge knock-on effect, with major companies such as British Airways, Boots and the BBC suffering as a result of using Zellis in their supply chain. The UK’s National Cyber Security Centre (NCSC) has emphasised the need for organisations to exercise heightened vigilance.

Organisations must be aware of supply chain risks, and how an attack on a supplier or service provider can impact their own organisation. It is important for organisations to manage supply chain security, assess third party risks, communicate with suppliers and keep on top of emerging threats; it’s no simple task.

https://www.securityweek.com/several-major-organizations-confirm-being-impacted-by-moveit-attack/

https://www.ibtimes.co.uk/british-cybersecurity-agency-urges-vigilance-major-companies-fall-victim-software-hack-1716493

• CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom

Nearly three-quarters of data breaches include an element of human failure, and senior business leaders were particularly at risk, according to a recent report. Not only do business leaders possess the most sensitive information, but they are often the least protected, with many organisations making security protocol exemptions for them. Such factors have pushed the boardroom into the spotlight more.

In another report, it was found that only 28% of IT professionals were confident in their executives’ ability to recognise a phishing email. The report found that as many as 71% of executives were reusing compromised passwords from personal accounts inside the company. Technology alone won’t solve the problem: user awareness training is required and this includes the boardroom.

https://www.csoonline.com/article/3698708/cisos-it-lack-confidence-in-executives-cyber-defense-knowledge.html

https://www.computerweekly.com/news/366539293/Cyber-spotlight-falls-on-boardroom-privilege-as-incidents-soar

• Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise

A recent study has found that only 1 in 10 chief information security officers (CISOs) have all the key traits thought to be crucial for success on a corporate board, with many lacking governance skills and experience and other attributes needed for board readiness. Worryingly, nearly half of the 1,000 companies in the study lacked at least one director with cyber security expertise. This is concerning as good cyber security starts from the board: the board is responsible for understanding the business risks of a cyber incident and for endorsing whether the cyber controls in place have reduced those risks to a level that the board is happy with. Similarly, the board would not sign off financial risks without ensuring they had someone with financial experience and qualifications present. The Black Arrow vCISO service is ideal for organisations that need expertise in assessing and managing cyber risks, underpinned by governance reporting and metrics presented to enable the board to make educated and informed decisions.

https://www.csoonline.com/article/3698291/only-one-in-10-cisos-today-are-board-ready-study-says

• BEC Volumes and Ransomware Costs Double in a Year

The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report. The report this year was based on analysis of 16,312 security incidents and 5,199 breaches over the past year.

Pretexting, which is commonly using in BEC attacks, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000. The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage.

https://www.infosecurity-magazine.com/news/bec-volumes-ransomware-costs/

• Hackers are Targeting C-Suite Executives Through Their Personal Email

As companies rely on chief financial officers (CFOs) to mitigate risk, cyber attacks and the costs associated with them are a major concern. Now there is also a growing trend of cyber criminals targeting C-suite executives in their personal lives, where it is easier to pull off a breach as there are fewer, if any, protections, instead of targeting them through their business accounts. Once attackers have access, they then try to use this to gain entry to the corporate systems. The report found that 42% of companies have experienced cyber criminal attacks on their senior-level corporate executives, which can compromise sensitive business data. The report found that 58% of respondents stated that cyber threat prevention for executives and their digital assets are not covered in their cyber, IT and physical securities strategies and budgets.

https://fortune.com/2023/06/08/hackers-targeting-c-suite-executives-personal-email-cybersecurity

• Proactive Detection is Crucial as Organisations Lack Effective Threat Research

In a recent study, it was found that CISOs are spending significantly less time on threat research and awareness, despite 58% having an increase in their budget for cyber security; the same number reported that their team is so busy, they may not detect an attack. In a different report, keeping up with threat intelligence was identified as one of the biggest challenges faced.

https://www.helpnetsecurity.com/2023/06/06/cisos-cybersecurity-spending/

• Number of Vulnerabilities Exploited Rose by 55%

A recent report from Palo Alto Networks’ Unit 42 found that the number of vulnerabilities that attackers are exploiting has grown by 55% compared to 2021, with most of the increase resulting from supply chain vulnerabilities; along with this was a 25% rise in the number of CVE’s, the term used for identified vulnerabilities. Worryingly ChatGPT scams saw a 910% increase in monthly domain registrations, pointing to an exponential growth in fraudulent activities taking advantage of the widespread usage and popularity of AI-powered chatbots.

Such growth puts further strain on cyber security staff, making it even harder for organisations to keep up. A strong threat management programme is needed, to help organisations prioritise threats and use organisational resources effectively to address said threats.

https://www.infosecurity-magazine.com/news/exploitation-vulnerabilities-grew/

https://www.infosecurity-magazine.com/news/cves-surge-25-2022-another-record/

• Ransomware Behind Most Cyber Attacks, with Record-breaking May

2022 saw ransomware account for nearly one in four (24%) cyber attacks, with 95% of events resulting in a loss costing upwards of $2.25 million during 2021-2022. Ransomware remains a significant threat as evidenced by a different report, which stated that May 2023 saw a 154% spike in ransomware compared to May 2022. Other key findings include unreported attacks being five times more likely than reported attacks.

https://www.msspalert.com/cybersecurity-research/ransomware-hit-new-attack-highs-in-may-2023-blackfog-report-says/

https://www.scmagazine.com/analysis/ransomware/ransomware-attacks-have-room-to-grow-verizon-data-breach-report-shows

• 4 Areas of Cyber Risk That Boards Need to Address

As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organisations, it makes them increasingly susceptible to cyber threats. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance. This need for transparency has been recognised by the regulators and facilitated by the new cyber security rules to ensure companies maintain adequate cyber security controls and appropriately disclose cyber-related risks and incidents.

To ensure they fulfil the requirements, organisations should focus on the following areas: position security as a strategic business enabler; continuously monitor the cyber risk capability performance; align cyber risk management with business needs through policies and standards; and proactively anticipate the changing threat landscape by utilising threat intelligence sources for emerging threats.

https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address

• North Korea Makes 50% of Income from Cyber Attacks

The North Korean regime makes around half of its income from cyber attacks on cryptocurrency and other targets. A 2019 UN estimate claimed North Korea had amassed as much as $2bn through historic attacks on crypto firms and traditional banks.

North Korean hackers have been blamed for some of the biggest ever heists of cryptocurrency, including the $620m stolen from Sky Mavis’ Ronin Network last year and the $281m taken from KuCoin in 2020 and $35m from Atomic Wallet just this last weekend.

They are using increasingly sophisticated techniques to get what they want. The 3CX supply chain attacks, in which backdoor malware was implanted into a legitimate-looking software update from the eponymous comms provider, is thought to have been a targeted attempt at hitting crypto exchanges.

https://www.infosecurity-magazine.com/news/north-korea-makes-50-income/

• Going Beyond “Next Generation” Network Security

Over a decade ago, the phrase “next generation” was used in the network security space to describe the introduction of application-layer controls with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the perimeter. A lot has happened in the last decade though, most notably, the rapid adoption of cloud and multicloud architectures and the loss of the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organisations use between two and three public Infrastructure as a Service (IaaS) clouds. On top of that, 95% of web traffic is encrypted which limits visibility. Applications are everywhere, access privileges are unstructured, increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency. What was once considered “next-generation” network security no longer cuts it.

https://blogs.cisco.com/security/going-beyond-next-generation-network-security-cisco-platform-approach

• Worldwide 2022 Email Phishing Statistics and Examples

Remote and hybrid work environments have become the new norm. The fact that email has become increasingly integral to business operations, has led malicious actors to favour email as an attack vector. According to a report by security company Egress, 92% of organisations have fallen victim to phishing attacks in 2022, a 29% increase in phishing incidents from 2021. Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Rather worryingly, there was a 35% increase in the number of detections that related to business email compromise (BEC); these attacks mostly impersonated executives or high-ranking management personnel. With the increase in AI tools, it is expected that cyber criminals will be better able to create and deploy more sophisticated phishing attacks.

https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html

Governance, Risk and Compliance

• Insurers Predict $33bn Bill for Catastrophic "Cyber Event" - Infosecurity Magazine (infosecurity-magazine.com)

• Verizon 2023 Data Breach Investigations Report: 74% of breaches involve human element - Help Net Security

• 4 Areas of Cyber Risk That Boards Need to Address (hbr.org)

• CISOs, IT lack confidence in executives’ cyber-defence knowledge | CSO Online

• Cyber spotlight falls on boardroom ‘privilege’ as incidents soar | Computer Weekly

• CISOs focus more on business strategy than threat research - Help Net Security

• With SEC Rule Changes on the Horizon, Research Reveals Only 14% of CISOs Have Traits Desired for Cyber Expert Board Positions (darkreading.com)

• Only one in 10 CISOs today are board-ready, study says | CSO Online

• Employee cyber security awareness takes centre stage in defence strategies - Help Net Security

• The Importance of Managing Your Data Security Posture (thehackernews.com)

• How CISOs Can Manage the Intersection of Security, Privacy, And Trust (darkreading.com)

• Why Companies Should Consider Developing A Chief Security Officer Position (forbes.com)

• Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)

• VeeamON 2023: When Your Nightmare Comes True - The New Stack

• Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)

• UK Organisations lack clear path to achieve threat intelligence - IT Security Guru

• CIOs prioritize new technologies over tech stack optimization - Help Net Security

• Top factors driving enterprise demand for new cyber security technology - Help Net Security

• Why a proactive detection and incident response plan is crucial for your organisation | Microsoft Security Blog

• Factors influencing IT security spending - Help Net Security

• How to Boost Cyber Security Through Better Communication (securityintelligence.com)

• Generative AI's influence on data governance and compliance - Help Net Security

• Essential Cyber security Compliance Standards (trendmicro.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)

• Ransomware Behind Most Cyber Attacks, Verizon Business Reports - MSSP Alert

• Ransomware Hit New Attack Highs in May 2023, BlackFog Report Says - MSSP Alert

• Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg

• Clop ransomware likely testing MOVEit zero-day since 2021 (bleepingcomputer.com)

• Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online

• New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal (thehackernews.com)

• Cyclops Ransomware group offers a multiplatform Info StealerSecurity Affairs

• 0mega ransomware gang changes tactics - Help Net Security

• Firms warned not to give in to blackmail threats after Russia-linked payroll data hack | Evening Standard

• Royal ransomware gang adds BlackSuit encryptor to their arsenal (bleepingcomputer.com)

• Cyber Extortionists Seek Out Fresh Victims in LatAm and Asia - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Victims

• BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)

• Ransomware takes down multiple municipalities in May | TechTarget

• Several Major Organisations Confirm Being Impacted by MOVEit Attack - SecurityWeek

• Spanish Bank Globalcaja Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• 2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)

• Burton Snowboards discloses data breach after February attack (bleepingcomputer.com)

• Pharmaceutical Giant Eisai Hit By Ransomware Incident - Infosecurity Magazine (infosecurity-magazine.com)

• City of Dallas Still Clawing Back Weeks After Cyber Incident (darkreading.com)

• Caribbean Island Suffers Cyber Attack, MSSP Expert Recommends Low-Code Automation - MSSP Alert

Phishing & Email Based Attacks

• Fixing email security: It's still a rocky road ahead - SiliconANGLE

• Worldwide 2022 Email Phishing Statistics and Examples (trendmicro.com)

• New Security Warning Issued For Google's 1.8 Billion Gmail Users (forbes.com)

• New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)

• Chinese Phishing Gang "PostalFurious" Expands Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)

• Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)

BEC – Business Email Compromise

• BEC Volumes and Ransomware Costs Double in a Year - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)

Artificial Intelligence

• AI poses national security threat, warns terror watchdog | Artificial intelligence (AI) | The Guardian

• ChatGPT creates mutating malware that evades detection by EDR | CSO Online

• The Growing Cyber Threats of Generative AI: Who's Accountable? (darkreading.com)

• Consumers overestimate their deepfake detection skills - Help Net Security

• Department of Defence AI principles have a place in the CISO’s playbook | CSO Online

• Generative AI's influence on data governance and compliance - Help Net Security

• Traditional malware increasingly takes advantage of ChatGPT for attacks | CSO Online

• AI drone 'kills' human operator during 'simulation' - which US Air Force says didn't take place | Science & Tech News | Sky News

• OWASP lists 10 most critical large language model vulnerabilities | CSO Online

• Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters

• New ChatGPT Attack Technique Spreads Malicious Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)

• Cyber crooks Scrape OpenAI API Keys to Pirate GPT-4 (darkreading.com)

2FA/MFA

• PyPI's 2FA Requirements Don't Go Far Enough, Researchers Say (darkreading.com)

• How fraudsters undermine text passcodes - Help Net Security

Malware

• High-profile malware and targeted attacks in Q1 2023 | Securelist

• ChatGPT creates mutating malware that evades detection by EDR | CSO Online

• Malicious Chrome extensions with 75M installs removed from Web Store (bleepingcomputer.com)

• Qakbot: The trojan that just won't go away - Help Net Security

• Qbot malware adapts to live another day … and another … • The Register

• Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)

• New ChatGPT Attack Technique Spreads Malicious Packages - Infosecurity Magazine (infosecurity-magazine.com)

• New PowerDrop Malware Targeting US Aerospace Industry (thehackernews.com)

• Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)

• Minecraft Malware Spreading Through Mods, Plug-ins (darkreading.com)

• Online sellers targeted by new information-stealing malware campaign (bleepingcomputer.com)

• Google puts $1M behind its mining-malware detection promise • The Register

Mobile

• Over 60,000 Android apps secretly installed adware for past six months (bleepingcomputer.com)

• Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)

• New tool scans iPhones for 'Triangulation' malware infection (bleepingcomputer.com)

• New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews

• Apple announces next-level privacy and security innovations - Help Net Security

• How Does Android Stack Up Vs IOS? (informationsecuritybuzz.com)

Botnets

• New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)

• Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)

Denial of Service/DoS/DDOS

• Outlook.com hit by outages as hacktivists claim DDoS attacks (bleepingcomputer.com)

• The evolution of DDoS attacks in 2023 - Help Net Security

• Microsoft OneDrive down worldwide following claims of DDoS attacks (bleepingcomputer.com)

Internet of Things – IoT             

• Britain to remove Chinese surveillance gear from government sites | Surveillance | The Guardian

• Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)

• Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)

• High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security

• New York City sues Hyundai, Kia claiming cars easy to steal • The Register

Data Breaches/Leaks

• Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)

• BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)

• This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar

• Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App (thehackernews.com)

• Hackers launch another wave of mass-hacks targeting company file transfer tools | TechCrunch

• Massive free VPN data breach exposes 360M records | Fox News

• 2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)

• Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online

• Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)

• Every Netherlands resident affected by data leak: watchdog | NL Times

• German recruiter Pflegia leaks sensitive job seeker info- Security Affairs

• What’s really changed 10 years after the Snowden revelations? | Edward Snowden | The Guardian

Organised Crime & Criminal Actors

• RaidForums: The child hacker facing extradition to the US | Euronews

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft – Security Week

• Google puts $1M behind its mining-malware detection promise • The Register

Insider Risk and Insider Threats

• Verizon 2023 Data Breach Investigations Report: 74% of breaches involve human element - Help Net Security

• How to Boost Cyber Security Through Better Communication (securityintelligence.com)

Fraud, Scams & Financial Crime

• Scammers publish ads for hacking services on government websites | TechCrunch

• Hackers hijack legitimate sites to host credit card stealer scripts (bleepingcomputer.com)

• A new wave of sophisticated digital fraud hits Europe - Help Net Security

• ID fraud a possibility forever, claims data breach lawsuit • The Register

• How fraudsters undermine text passcodes - Help Net Security

• Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack (thehackernews.com)

• Brazilian Cyber criminals Using LOLBaS and CMD Scripts to Drain Bank Accounts (thehackernews.com)

• Virtual claims raise alarms among insurance carriers and customers - Help Net Security

• UK banks to reimburse fraud victims under new rules, regulator confirms | Scams | The Guardian

• Interpol: Human Trafficking is Fueling Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• 'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting (darkreading.com)

• Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)

Deepfakes

• Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)

• Deepfakes being used in ‘sextortion’ scams, FBI warns • The Register

• Consumers overestimate their deepfake detection skills - Help Net Security

• Defenders Buckle Up for a Future of Detecting Deepfakes (darkreading.com)

Insurance

• Insurers Predict $33bn Bill for Catastrophic "Cyber Event" - Infosecurity Magazine (infosecurity-magazine.com)

• Virtual claims raise alarms among insurance carriers and customers - Help Net Security

Dark Web

• New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews

• Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)

• What is the dark web and how do you access it? (androidpolice.com)

Supply Chain and Third Parties

• Firms warned not to give in to blackmail threats after Russia-linked payroll data hack | Evening Standard

• Capita data breach ‘may affect millions’ (thetimes.co.uk)

• BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)

• Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App (thehackernews.com)

• Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online

• Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 (thehackernews.com)

• Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg

• data privacy: Swiss administration hit by cyber attack - The Economic Times (indiatimes.com)

Software Supply Chain

• SBOMs - Software Supply Chain Security’s Future or Fantasy? - SecurityWeek

• 10 security tool categories needed to shore up software supply chain security | CSO Online

Cloud/SaaS

• Cloud Security Tops Concerns for Cyber Security Leaders: EC-Council's Certified CISO Hall of Fame Report 2023 (thehackernews.com)

• The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)

• Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online

• This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar

• Current SaaS security strategies don't go far enough - Help Net Security

Hybrid/Remote Working

• Filling the Gaps: How to Secure the Future of Hybrid Work (darkreading.com)

• Thought of Going Into Office Gives Quarter of Employees Sunday Scaries - IT Security Guru

• Surveilling your employees? You could be putting your company at risk of attack - Help Net Security

Shadow IT

• Shadow IT is increasing and so are the associated security risks | CSO Online

Encryption

• UK Government Official Offers Up Nonsensical Defence Of Criminalizing End-To-End Encryption | Techdirt

API

• Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)

• OWASP's 2023 API Security Top 10 Refines View of API Risks - SecurityWeek

Passwords, Credential Stuffing & Brute Force Attacks

• Watch brute force hacking attempts fail in realtime | Boing Boing

Social Media

• UK mental health charities handed sensitive data to Facebook for targeted ads | Mental health | The Guardian

• Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)

• Hate speech is driving advertisers away from Twitter • Graham Cluley

• US government's TikTok ban extended to include contractors • The Register

Training, Education and Awareness

• Employee cyber security awareness takes center stage in defense strategies - Help Net Security

• Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)

• Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)

• How to Boost Cyber security Through Better Communication (securityintelligence.com)

• Embracing realistic simulations in cyber security training programs - Help Net Security

Data Protection

• SEC drops 42 cases after staff bungle data protection • The Register

• Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters

• Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)

• Microsoft Fined $20M For Xbox Child Data Collection (darkreading.com)

Careers, Working in Cyber and Information Security

• Governments Need a Cyber Blueprint to Hire, Retain Cyber security Talent, Report Says - MSSP Alert

Privacy, Surveillance and Mass Monitoring

• UK mental health charities handed sensitive data to Facebook for targeted ads | Mental health | The Guardian

• Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• British Army organises major Western European cyber warfare exercise (ibtimes.co.uk)

• Still standing after 260m attacks: inside Ukraine’s cyber warfare squad (thetimes.co.uk)

• Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED

Nation State Actors

• North Korea Makes 50% of Income from Cyber-Attacks: Report - Infosecurity Magazine (infosecurity-magazine.com)

• A Peek Behind the Curtain: Examining the Dimensions of a National-level Cyber Program | Mandiant

• Chinese Phishing Gang "PostalFurious" Expands Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean APT group targets email credentials in social engineering campaign | CSO Online

• UK to strip Chinese surveillance cameras from sensitive government sites | Financial Times (ft.com)

• Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)

• US government's TikTok ban extended to include contractors • The Register

• Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering (thehackernews.com)

• Kimsuky APT poses as journalists and broadcast writers in attacks- Security Affairs

• Meet TeamT5, the Taiwanese infosec outfit taking on Beijing • The Register

• China has closed unofficial ‘police stations’ in Britain, UK minister says | China | The Guardian

• Lazarus hackers linked to the $35 million Atomic Wallet heist (bleepingcomputer.com)

• Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks (thehackernews.com)

• Hostile states face contract ban amid security concerns (thetimes.co.uk)

• North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft - SecurityWeek

• Espionage Attacks in North Africa Linked to "Stealth Soldier" Backdoor - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Exploitation of Vulnerabilities Soared By 55% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• New vulnerabilities increase by 25 percent (betanews.com)

• OWASP lists 10 most critical large language model vulnerabilities | CSO Online

• Public sector apps show higher rates of security flaws - Help Net Security

Vulnerabilities

• CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog- Security Affairs

• Zyxel vulnerability under 'widespread exploitation' | TechTarget

• Barracuda Urges Immediate Replacement of Hacked ESG Appliances (thehackernews.com)

• Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation (thehackernews.com)

• Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities (thehackernews.com)

• High-Severity Vulnerabilities Patched in Splunk Enterprise - SecurityWeek

• Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution

• Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update (darkreading.com)

• Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! (thehackernews.com)

• Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)

• Three Vulnerabilities Discovered in Game Dev Tool RenderDoc - Infosecurity Magazine (infosecurity-magazine.com)

• Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug – Naked Security (sophos.com)

• High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security

• Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover (darkreading.com)

Tools and Controls

• CISOs focus more on business strategy than threat research - Help Net Security

• CIOs prioritize new technologies over tech stack optimization - Help Net Security

• Going Beyond “Next Generation” Network Security - Cisco Blogs

• Make Your Employees Your Best Asset in Combating Cybercrime | CISO Collective (fortinet.com)

• UK Organisations lack clear path to achieve threat intelligence - IT Security Guru

• Why a proactive detection and incident response plan is crucial for your organisation | Microsoft Security Blog

• Employee cybersecurity awareness takes center stage in defence strategies - Help Net Security

• Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)

• Factors influencing IT security spending - Help Net Security

• Top factors driving enterprise demand for new cyber security technology - Help Net Security

• How to Boost Cyber security Through Better Communication (securityintelligence.com)

• MoD adopts ‘secure by design’ for cyber security | UKAuthority

• Everyone is selling VPNs, and that's a problem for security | Engadget

• ISMG Editors: Why Communications Skills Matter for CISOs (inforisktoday.com)

• Network Security Checklist - 2023 (cybersecuritynews.com)

• Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)

• Ransomware Attack Prevention Checklist - 2023 (cybersecuritynews.com)

• OWASP lists 10 most critical large language model vulnerabilities | CSO Online

• This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar

• How to make developers love security - Help Net Security

• Embracing realistic simulations in cyber security training programs - Help Net Security

• The Key to Zero Trust Identity Is Automation (darkreading.com)

• What generative AI's rise means for the cyber security industry | TechTarget

• Cisco spotlights generative AI in security, collaboration | Network World

• 10 security tool categories needed to shore up software supply chain security | CSO Online

• How to Improve Your API Security Posture (thehackernews.com)

• Consolidate Vendors and Products for Better Security - SecurityWeek

Reports Published in the Last Week

• Verizon 2023 DBIR: Ransomware remains steady but complicated | TechTarget

• The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)

• Threat Intelligence report 2023 | Nokia

Other News

• The country with the best cyber security skills may surprise you | TechRadar

• CEO guilty of selling counterfeit Cisco devices to military, govt orgs (bleepingcomputer.com)

• NASA website flaw jeopardizes astrobiology fans- Security Affairs

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

A few days ago, a critical flaw in file transfer software Moveit was exploited, and millions could be impacted. The flaw (CVE-2023-34362) is under active exploitation, with the recent announcement of breaches against UK Payroll provider Zellis, who support services to hundreds of services in the UK. The breach against Zellis has further impacted companies that use Zellis, including the BBC, major UK airline British Airways and major UK retailer, Boots. In addition, the US Government’s Cybersecurity and Infrastructure Agency (CISA)  has ordered agencies to patch the flaw.

What’s the risk to me or my business?

The flaw, which has been linked by Microsoft to Lace Tempest, known for ransomware operations & running the Clop extortion site, is being used to exfiltrate data, impacting the confidentiality, integrity and availability of the data an organisation holds. Exploitation of the flaw allows a successful threat actor to gain unauthenticated, remote access to the MOVEit database, allow them to execute code.

Technical Summary:

CVE-2023-34362 – A SQL injection vulnerability in the MOVEit Transfer web application which if exploited, could allow unauthorised access to MOVEit Transfer’s database.

The table below has been taken from MOVEit’s security bulletin:

What can I do?

It is important that organisations not only consider themselves and whether they are using MOVEit Transfer software, but also whether any of their suppliers are using it. In both cases, the relevant fixed version should be installed.

The breaches further reinforce the importance of the supply chain and the impact it can have on organisations. It’s not just about your own security, but also any provider who your organisation uses.

Further details the patch can be found here:

https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity