Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 16 June 2023
Black Arrow Cyber Threat Briefing 16 June 2023:
-Hacker Gang Clop Deploys Extortion Tactics Against Global Companies
-Social Engineering Drives BEC Losses to $50B Globally
-Creating A Cyber-Conscious Culture—It Must Be Driven from the Top
-Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?
-Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs
-Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands
-A Recent Study Shows Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour as the Cost of Living Crisis Worsens, Driving Insider Threat Concerns
-Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign
-Europol Warns of Metaverse and AI Terror Threat
-What is AI, and is it Dangerous?
-Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?
-Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Hacker Gang Clop Deploys Extortion Tactics Against Global Companies
The Russian-speaking gang of hackers that compromised UK groups such as British Airways and the BBC has claimed it has siphoned off sensitive data from more institutions including US-based investment firms, European manufacturers and US universities. Eight other companies this week made it onto Clop’s list on the dark web. That adds to the news last week that UK groups, including Walgreens-owned Boots, informed employees that their data had been compromised. The issue also targeted customers of Zellis, a UK-based payroll provider that about half of the companies on the FTSE 100 use.
The hacking group is pushing for contact with the companies on the list, according to a post on Clop’s dark web site, as the gang demands a ransom that cyber security experts and negotiators said could be as much as several million dollars.
https://www.ft.com/content/c1db9c5c-cdf1-48bc-8e6b-2c2444b66dc9
Social Engineering Drives BEC Losses to $50B Globally
Business email compromise (BEC) continues to evolve on the back of sophisticated targeting and social engineering, costing businesses worldwide more than $50 billion in the last 10 years - a figure that reflected a growth in business losses to BEC of 17% year-over-year in 2022, according to the FBI.
Security professionals attribute BEC's continued dominance in the cyber threat landscape to several reasons. A key one is that attackers have become increasingly savvy in how to socially-engineer messages so that they appear authentic to users, which is the key to being successful at this scam. And with the increase in availability of artificial intelligence, the continued success of BEC means these attacks are here to stay. Organisations will be forced to respond with even stronger security measures, security experts say.
https://www.darkreading.com/threat-intelligence/social-engineering-drives-bec-losses-to-50b-globally
Creating A Cyber Conscious Culture—It Must Be Driven from the Top
Businesses are facing more frequent and sophisticated cyber threats and they must continuously learn new ways to protect their revenues, reputation and maintain regulatory compliance. With hybrid and remote working blurring traditional security perimeters and expanding the attack surface, the high volumes of sensitive information held by organisations are at increased risk of cyber attacks.
The increase had led to cyber elevating to the board level; after all the board is responsible for cyber security. It doesn’t stop there however, as everyone in an organisation has responsibility for upholding cyber security. The board must aim to create a cyber-conscious culture, where users are aware of their role in cyber security. One important way such a culture can be achieved is through providing regular education and training to all users.
Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?
What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence, which is seemingly in nearly every application released these days?
From word processing documents to the upcoming enhancements to Windows 11, which will include AI prompting in the Explorer platform, organisations should review how they want their employees to treat customer data or other confidential information when using AI platforms. Many will want to build limits and guidelines into their security plans that specify what is allowed to be entered into platforms and websites that may store or share the information online. However, confidential information should not be included in any application that doesn’t have clearly defined protections around the handling of such data. The bottom line is that AI is coming to your network and your desktop sooner than you think. Build your policies now and review your processes to determine if you are ready for it today.
Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs
Cyber criminals are increasingly targeting an organisation’s employees, figuring to trick an untrained staffer to click on a malicious link that starts a malware attack, Fortinet said in a newly released study of security awareness and training.
More than 80% of organisations faced malware, phishing and password attacks last year, which were mainly targeted at users. This underscores that employees can be an organisation’s weakest point or one of its most powerful defences.
Fortinet’s research revealed that more than 90% of the survey’s respondents believe that increased employee cyber security awareness would help decrease the occurrence of cyber attacks. As organisations face increasing cyber risks, employees serving as an organisation’s first line of defence in protecting their organisation from cyber crime becomes of paramount importance.
Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands
A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. The brands impersonated by the phony sites include Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry, Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North Face and others.
A recent report found the campaign relies on at least 3,000 domains and roughly 6,000 sites, including inactive ones. The campaign had a significant activity spike between January and February 2023, adding 300 new fake sites monthly. The domain names follow a pattern of using the brand name together with a city or country, followed by a generic TLD such as ".com." Additionally, any details entered on the checkout pages, most notably the credit card details, may be stored by the website operators and resold to cyber criminals.
Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour
A recent study found that 11% of Brits were tempted to engage in ‘illegal or illicit online behaviour’ in order to help manage the fallout from the cost of living crisis. This statistic becomes even more concerning when focused on younger people, with almost a quarter of 25–35 year old respondents (23%) willing to consider illegal or illicit online activity. Of those willing to engage in this kind of behaviour, 56% suggested it was because they are desperate and struggling to get by, and need to find alternative means of supporting their families.
Nearly half (47%) of UK business leaders believe their organisation has been at a greater risk of attack since the start of the cost-of-living crisis. Against this backdrop, many SME business leaders are understandably worried about the impact on employees. Of those who think their organisation is more exposed to attack, 38% believe it’s due to malicious insiders and 35% to overworked and distracted staff making mistakes. Organisations not doing so already, should look to incorporate insider threat into their security plans. Insider threat should focus on areas such as regular education and monitoring and detection.
The report found that 44% of respondents have also noticed an uptick in online scams hitting their inboxes since the cost of living crisis began in late 2021/early 2022. Another worrying finding is that this uptick is proving devastatingly effective for scammers: over one in ten (13%) of UK respondents have already been scammed since the cost of living crisis began. This rises to a quarter (26%) of respondents in the 18-25 age range, reflecting a hyper-online lifestyle and culture that scammers can work to exploit effectively.
https://www.infosecurity-magazine.com/news/costofliving-crisis-drives-insider/
Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign
Recently, Microsoft discovered multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attacks against banking and financial services organisations. The attackers are successfully phishing employees’ accounts with fake Office 365 domains. This allows them to bypass authentication, exfiltrate data and send further phishing emails against other employees and several targeted external organisations. In some cases, threat actors have registered their own device to the employee’s account, to evade MFA defences and achieve persistent access.
https://securityaffairs.com/147327/hacking/aitm-bec-attacks.html
https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html
Europol Warns of Metaverse and AI Terror Threat
New and emerging technologies like conversational AI, deepfakes and the metaverse could be utilised by terrorists and extremists to radicalise and recruit converts to their cause, Europol has warned. The report stated that the online environment lowers the bar for entering the world of terrorism and extremism, broadens the range of people that can become exposed to radicalisation and increases the unpredictability of terrorism and extremism.
Europol also pointed to the potential use of deepfakes, augmented reality and conversational AI to enhance the efficiency of terrorist propaganda. Both these technologies and internet of things (IoT) tools can also be deployed in more practical tasks such as the remote operation of vehicles and weapons used in attacks or setting up virtual training camps. Digital currencies are also playing a role in helping to finance such groups while maintaining the anonymity of those contributing the funding, Europol said.
https://www.infosecurity-magazine.com/news/europol-warns-metaverse-and-ai/
What is AI, and is it Dangerous?
Recently, we saw the release of the first piece of EU regulation on AI. This comes after a significant rise in the usage of tools such as ChatGPT. Such tools allow for even those with limited technical ability to perform sophisticated actions. In fact, usage has risen 44% over the last three months alone, according to a report.
Rather worryingly, there is a lack of governance on the usage of AI, and this extends to how AI is used within your own organisation. Whilst the usage can greatly improve actions performed within an organisation, the report found that 6% of employees using AI had pasted sensitive company data into an AI tool. Would your organisation know if this happened, and how damaging could it be to your organisation if this data was to be leaked? Continuous monitoring, risk analysis and real-time governance can help aid an organisation in having an overview of the usage of AI.
https://www.bbc.co.uk/news/technology-65855333
https://thehackernews.com/2023/06/new-research-6-of-employees-paste.html
Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?
With an ever-increasing number of cyber security threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation.
Companies looking to protect themselves have most likely heard the terms “cyber liability insurance” and “data breach insurance.” Put simply, cyber liability insurance refers to coverage for third-party claims asserted against a company stemming from a network security event or data breach. Data breach insurance, on the other hand, refers to coverage for first-party losses incurred by the insured organisation that has suffered a loss of data.
Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities
The dark web makes up a significant portion of the internet. Access can be gained through special browser, TOR, also known as the onion Router. The service bounces around IP addresses, constantly changing to protect the anonymity of the user.
This dark web contains an array of activities and sites, which include hitmen for hire, drugs for sale, and stolen credit card databases amongst others. Sometimes these aren’t real however, and are actually a trap to steal money from users on the basis that these users are unlikely to report it to law enforcement when the victim was trying to break the law in the first place. What we do know however, is that the dark web contains a plethora of information, and this could include data from your organisation.
Governance, Risk and Compliance
Creating A Cyber-Conscious Culture—It Must Be Driven From The Top (forbes.com)
Most businesses vulnerable to attacks on the cyber battlefield - The Globe and Mail
10 Important Security Tasks You Shouldn't Skip (darkreading.com)
Enhancing security team capabilities in tough economic times - Help Net Security
Ignoring digital transformation is more dangerous than a recession - Help Net Security
Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)
Lax security measures, sophisticated hackers reason for rise in cyber breaches (ewn.co.za)
Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert
Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online
Red teaming can be the ground truth for CISOs and execs - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
CL0P Ransomware Gang Hits Multiple Governments, Businesses in Wide-Scale Attack - MSSP Alert
How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware (darkreading.com)
Researchers Report First Instance of Automated SaaS Ransomware Extortion (darkreading.com)
Why Critical Infrastructure Remains a Ransomware Target (darkreading.com)
Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)
CISA: LockBit ransomware extorted $91 million in 1,700 US attacks (bleepingcomputer.com)
Microsoft links data wiping attacks to new Russian GRU hacking group (bleepingcomputer.com)
To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)
Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency (thehackernews.com)
Russian ransomware hacker extorted tens of millions, says DOJ (cnbc.com)
Ransomware Victims
Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register
Confidential data downloaded from UK regulator Ofcom in cyber attack (therecord.media)
Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks (therecord.media)TfL warns 13,000 staff that it was raided by Russian hackers (telegraph.co.uk)
Russian hackers steal data on thousands of Ulez drivers (telegraph.co.uk)
An Illinois hospital links closure to ransomware attack (nbcnews.com)
US energy department, other agencies hit in global hacking spree | Reuters
iTWire - Financial services firm FIIG hit by cyber attack, ALPHV claims credit
Xplain data breach also impacted national Swiss railway FSS - Security Affairs
Rhysida ransomware leaks documents stolen from Chilean Army (bleepingcomputer.com)
Phishing & Email Based Attacks
Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign | CSO Online
Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organisations (thehackernews.com)
Log4J exploits may rise further as Microsoft continues war on phishing | ITPro
Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam (darkreading.com)
Massive phishing campaign uses 6,000 sites to impersonate 100 brands (bleepingcomputer.com)
BEC – Business Email Compromise
Microsoft warns of multi-stage AiTM phishing and BEC attacks - Security Affairs
Analysis: Social Engineering Drives BEC Losses to $50B Globally (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT (thehackernews.com)
Artificial intelligence is coming to Windows: Are your security policy settings ready? | CSO Online
Europol Warns of Metaverse and AI Terror Threat - Infosecurity Magazine (infosecurity-magazine.com)
How Europe is Leading the World in the Push to Regulate AI - SecurityWeek
AI is moving too fast to regulate, security minister warns (telegraph.co.uk)
AI to render humans 'second most intelligent creations' | ITWeb
LLM meets Malware: Starting the Era of Autonomous Threat - Security Affairs
What is AI, is it dangerous and what jobs are at risk? - BBC News
Calculations Suggest It'll Be Impossible to Control a Super-Intelligent AI : ScienceAlert
2FA/MFA
Multi-Factor Authentication Usage Nearly Doubles Since 2020, New Okta Report Finds - MSSP Alert
Small organisations outpace large enterprises in MFA adoption - Help Net Security
Malware
New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies (thehackernews.com)
New Loader Delivering Spyware via Image Steals Cryptocurrency Info (darkreading.com)
Pirated Windows 10 ISOs install clipper malware via EFI partitions (bleepingcomputer.com)
Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)
Fake zero-day PoC exploits on GitHub push Windows, Linux malware (bleepingcomputer.com)
LLM meets Malware: Starting the Era of Autonomous Threat - Security Affairs
New ‘Shampoo’ Chromeloader malware pushed via fake warez sites (bleepingcomputer.com)
Russian hackers use PowerShell USB malware to drop backdoors (bleepingcomputer.com)
Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits - SecurityWeek
Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities (thehackernews.com)
Mobile
Denial of Service/DoS/DDOS
Microsoft’s Azure portal down following new claims of DDoS attacks (bleepingcomputer.com)
DOS Attacks Dominate, but System Intrusions Cause Most Pain (darkreading.com)
Swiss government warns of ongoing DDoS attacks, data leak (bleepingcomputer.com)
IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia (hackread.com)
10 Different Types of DDoS Attacks and How to Prevent Them (geekflare.com)
Exclusive: Inside FXStreet's DDoS Attack (financemagnates.com)
Internet of Things – IoT
IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia (hackread.com)
How secure is your vehicle with digital key technology? - Help Net Security
Flipper Zero “Smoking” A Smart Meter Is A Bad Look For Hardware Hackers | Hackaday
Data Breaches/Leaks
Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch
New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT (thehackernews.com)
Top 10 cyber security findings from Verizon's 2023 data breach report | VentureBeat
Xplain data breach also impacted national Swiss railway FSS - Security Affairs
Examining the long-term effects of data privacy violations - Help Net Security
A Massive Vaccine Database Leak Exposes IDs of Millions of Indians | WIRED
Swiss Fear Government Data Stolen in Cyber attack - SecurityWeek
Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register
Have I Been Pwned warns of new Zacks data breach impacting 8 million (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers steal $3 million by impersonating crypto news journalists (bleepingcomputer.com)
Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme (thehackernews.com)
New Loader Delivering Spyware via Image Steals Cryptocurrency Info (darkreading.com)
Cryptocurrency Attacks Quadrupled as Cyber criminals Cash In (darkreading.com)
Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency (thehackernews.com)
Insider Risk and Insider Threats
Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert
Insider Threat Vs Outsider Threat: Which Is Worse? (informationsecuritybuzz.com)
Fraud, Scams & Financial Crime
Impersonation Attacks
Insurance
Ransomware Insurance: Security Strategies to Obtain Coverage (trendmicro.com)
Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online
Dark Web
Supply Chain and Third Parties
Cloud/SaaS
SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint - SecurityWeek
New MOVEit Transfer critical flaws found after security audit, patch now (bleepingcomputer.com)
Seven steps for using zero trust to protect your multicloud • The Register
New cloud security guidance: it's all about the config - NCSC.GOV.UK
Microsoft keeps quiet on talk of possible Azure DDoS attack • The Register
Encryption
Open Source
Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)
Fake zero-day PoC exploits on GitHub push Windows, Linux malware (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Thoughts on scheduled password changes (don’t call them rotations!) – Naked Security (sophos.com)
Microsoft misused our dark web data, says security vendor • The Register
RDP honeypot targeted 3.5 million times in brute-force attacks (bleepingcomputer.com)
Want to be hacked? Just make these password mistakes | Tom's Guide (tomsguide.com)
Training, Education and Awareness
Digital Transformation
Regulations, Fines and Legislation
AI is moving too fast to regulate, security minister warns (telegraph.co.uk)
Ofcom, Minnesota Dept of Ed among latest MOVEit victims • The Register
Confidential data downloaded from UK regulator Ofcom in cyber attack (therecord.media)
Yet more direct calling fiends fined by UK's data watchdog • The Register
How Europe is Leading the World in the Push to Regulate AI - SecurityWeek
Feds extend deadline for software security attestations • The Register
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Examining the long-term effects of data privacy violations - Help Net Security
Strava heatmap feature can be abused to find home addresses (bleepingcomputer.com)
US Intelligence Has Admitted Amassed Data on 'Nearly Everyone' (gizmodo.com)
Feds Say Facial Recognition IDed Bosnian War Criminal Miljkovic (gizmodo.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Putin’s little cyber helpers turn their sights on the UK (telegraph.co.uk)
Russia-Ukraine war sending shockwaves into cyber-ecosystem • The Register
Ukrainian hackers take down service provider for Russian banks (bleepingcomputer.com)
RomCom Threat Actor Targets Ukrainian Politicians, US Healthcare (darkreading.com)
Pro-Russian hackers step up attacks against Swiss targets, authorities say | Reuters
Russian hackers steal data on thousands of Ulez drivers (telegraph.co.uk)
Microsoft links data wiping attacks to new Russian GRU hacking group (bleepingcomputer.com)
Russian hackers use PowerShell USB malware to drop backdoors (bleepingcomputer.com)
Pro-Russian Hackers Target Website of Europe’s Largest Port in Rotterdam - Bloomberg
Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine - Security Affairs
Russia-backed hackers unleash new USB-based malware on Ukraine’s military | Ars Technica
Nation State Actors
Chinese hackers use DNS-over-HTTPS for Linux malware communication (bleepingcomputer.com)
Iran's 'quantum processor' turned out to be a $600 dev board | PC Gamer
China-based threat actors target UIDAI, AIIMS, ICMR: Govt advisory (moneycontrol.com)
Subsea cables: how the US is pushing China out of the internet’s plumbing
Ukraine information sharing a model for countering China, top cyber official says | CyberScoop
Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs (darkreading.com)
North Korea created evil twin of South Korea's Naver.com • The Register
Behind the Scenes Unveiling the Hidden Workings of Earth Preta (trendmicro.com)
Gloucester: Russian hackers behind cyber-attack on council - BBC News
Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT (darkreading.com)
Russian ransomware hacker extorted tens of millions, says DOJ (cnbc.com)
Vulnerability Management
Vulnerabilities
Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack (thehackernews.com)
Bitwarden update corrects password manager access vulnerability on Windows - gHacks Tech News
Fortinet: Patched Critical Flaw May Have Been Exploited (darkreading.com)
Bitwarden update corrects password manager access vulnerability on Windows - gHacks Tech News
CISA orders federal agencies to secure Internet-exposed network devices (bleepingcomputer.com)
Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs (bleepingcomputer.com)
Log4J exploits may rise further as Microsoft continues war on phishing | ITPro
New Critical Google Chrome Payments Security Issue Confirmed (forbes.com)
Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin (thehackernews.com)
VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) - Help Net Security
US energy department, other agencies hit in global hacking spree | Reuters
Tools and Controls
Ignoring digital transformation is more dangerous than a recession - Help Net Security
Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs - MSSP Alert
Cyber liability insurance vs. data breach insurance: What's the difference? | CSO Online
Red teaming can be the ground truth for CISOs and execs - Help Net Security
How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware (darkreading.com)
What is Dark Web Monitoring and How Does It Work? | Trend Micro News
New cloud security guidance: it's all about the config - NCSC.GOV.UK
Why Now? The Rise of Attack Surface Management (thehackernews.com)
Exploring the All-Time Best Book for Ethical Hacking – Codelivly
Enhancing security team capabilities in tough economic times - Help Net Security
Small organisations outpace large enterprises in MFA adoption - Help Net Security
MSSQL makes up 93% of all activity on honeypots tracking 10 databases | SC Media (scmagazine.com)
5 best practices to ensure the security of third-party APIs | CSO Online
Multi-Factor Authentication Usage Nearly Doubles Since 2020, New Okta Report Finds - MSSP Alert
Reports Published in the Last Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 9th June 2023
Black Arrow Cyber Threat Briefing 09 June 2023:
-74% of Breaches Involve Human Element- Make Employees Your Best Asset
-Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC
-CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom
-Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise
-BEC Volumes and Ransomware Costs Double in a Year
-Hackers are Targeting C-Suite Executives Through Their Personal Email
-Proactive Detection is Crucial as Organisations Lack Effective Threat Research
-Number of Vulnerabilities Exploited Rose by 55%
-Ransomware Behind Most Cyber Attacks, with Record-breaking May
-4 Areas of Cyber Risk That Boards Need to Address
-North Korea Makes 50% of Income from Cyber Attacks
-Going Beyond “Next Generation” Network Security
-Worldwide 2022 Email Phishing Statistics and Examples
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
74% of Breaches Involve Human Element- Make Employees Your Best Asset
Verizon’s recent data breach report analysed 16,312 security incidents and 5,199 breaches. A total of 74% of breaches involved a human element, highlighting the role of employees in achieving good cyber resilience. Organisations looking to improve their resilience should therefore consider how well and how frequently they train their users. In a recent report, Fortinet found that 90% of leaders believed that increasing their employee cyber security awareness would help decrease the occurrence of cyber attacks. Worryingly, despite 85% of leaders having an awareness and training programme in place, 50% believed their employees still lacked cyber security knowledge.
With an effective training programme, organisations can increase their employees’ cyber risk awareness and empower them in defending the organisation, laying the foundation for a strong cyber security culture.
https://www.helpnetsecurity.com/2023/06/06/verizon-data-breach-investigations-report-2023-dbir/
https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/
Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC
The recent cyber attacks on file transfer software MOVEit have impacted a number of major companies through their supply chain. The attack, which hit UK-based HR and payroll provider Zellis has had a huge knock-on effect, with major companies such as British Airways, Boots and the BBC suffering as a result of using Zellis in their supply chain. The UK’s National Cyber Security Centre (NCSC) has emphasised the need for organisations to exercise heightened vigilance.
Organisations must be aware of supply chain risks, and how an attack on a supplier or service provider can impact their own organisation. It is important for organisations to manage supply chain security, assess third party risks, communicate with suppliers and keep on top of emerging threats; it’s no simple task.
https://www.securityweek.com/several-major-organizations-confirm-being-impacted-by-moveit-attack/
CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom
Nearly three-quarters of data breaches include an element of human failure, and senior business leaders were particularly at risk, according to a recent report. Not only do business leaders possess the most sensitive information, but they are often the least protected, with many organisations making security protocol exemptions for them. Such factors have pushed the boardroom into the spotlight more.
In another report, it was found that only 28% of IT professionals were confident in their executives’ ability to recognise a phishing email. The report found that as many as 71% of executives were reusing compromised passwords from personal accounts inside the company. Technology alone won’t solve the problem: user awareness training is required and this includes the boardroom.
Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise
A recent study has found that only 1 in 10 chief information security officers (CISOs) have all the key traits thought to be crucial for success on a corporate board, with many lacking governance skills and experience and other attributes needed for board readiness. Worryingly, nearly half of the 1,000 companies in the study lacked at least one director with cyber security expertise. This is concerning as good cyber security starts from the board: the board is responsible for understanding the business risks of a cyber incident and for endorsing whether the cyber controls in place have reduced those risks to a level that the board is happy with. Similarly, the board would not sign off financial risks without ensuring they had someone with financial experience and qualifications present. The Black Arrow vCISO service is ideal for organisations that need expertise in assessing and managing cyber risks, underpinned by governance reporting and metrics presented to enable the board to make educated and informed decisions.
https://www.csoonline.com/article/3698291/only-one-in-10-cisos-today-are-board-ready-study-says
BEC Volumes and Ransomware Costs Double in a Year
The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report. The report this year was based on analysis of 16,312 security incidents and 5,199 breaches over the past year.
Pretexting, which is commonly using in BEC attacks, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000. The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage.
https://www.infosecurity-magazine.com/news/bec-volumes-ransomware-costs/
Hackers are Targeting C-Suite Executives Through Their Personal Email
As companies rely on chief financial officers (CFOs) to mitigate risk, cyber attacks and the costs associated with them are a major concern. Now there is also a growing trend of cyber criminals targeting C-suite executives in their personal lives, where it is easier to pull off a breach as there are fewer, if any, protections, instead of targeting them through their business accounts. Once attackers have access, they then try to use this to gain entry to the corporate systems. The report found that 42% of companies have experienced cyber criminal attacks on their senior-level corporate executives, which can compromise sensitive business data. The report found that 58% of respondents stated that cyber threat prevention for executives and their digital assets are not covered in their cyber, IT and physical securities strategies and budgets.
https://fortune.com/2023/06/08/hackers-targeting-c-suite-executives-personal-email-cybersecurity
Proactive Detection is Crucial as Organisations Lack Effective Threat Research
In a recent study, it was found that CISOs are spending significantly less time on threat research and awareness, despite 58% having an increase in their budget for cyber security; the same number reported that their team is so busy, they may not detect an attack. In a different report, keeping up with threat intelligence was identified as one of the biggest challenges faced.
https://www.helpnetsecurity.com/2023/06/06/cisos-cybersecurity-spending/
Number of Vulnerabilities Exploited Rose by 55%
A recent report from Palo Alto Networks’ Unit 42 found that the number of vulnerabilities that attackers are exploiting has grown by 55% compared to 2021, with most of the increase resulting from supply chain vulnerabilities; along with this was a 25% rise in the number of CVE’s, the term used for identified vulnerabilities. Worryingly ChatGPT scams saw a 910% increase in monthly domain registrations, pointing to an exponential growth in fraudulent activities taking advantage of the widespread usage and popularity of AI-powered chatbots.
Such growth puts further strain on cyber security staff, making it even harder for organisations to keep up. A strong threat management programme is needed, to help organisations prioritise threats and use organisational resources effectively to address said threats.
https://www.infosecurity-magazine.com/news/exploitation-vulnerabilities-grew/
https://www.infosecurity-magazine.com/news/cves-surge-25-2022-another-record/
Ransomware Behind Most Cyber Attacks, with Record-breaking May
2022 saw ransomware account for nearly one in four (24%) cyber attacks, with 95% of events resulting in a loss costing upwards of $2.25 million during 2021-2022. Ransomware remains a significant threat as evidenced by a different report, which stated that May 2023 saw a 154% spike in ransomware compared to May 2022. Other key findings include unreported attacks being five times more likely than reported attacks.
4 Areas of Cyber Risk That Boards Need to Address
As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organisations, it makes them increasingly susceptible to cyber threats. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance. This need for transparency has been recognised by the regulators and facilitated by the new cyber security rules to ensure companies maintain adequate cyber security controls and appropriately disclose cyber-related risks and incidents.
To ensure they fulfil the requirements, organisations should focus on the following areas: position security as a strategic business enabler; continuously monitor the cyber risk capability performance; align cyber risk management with business needs through policies and standards; and proactively anticipate the changing threat landscape by utilising threat intelligence sources for emerging threats.
https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address
North Korea Makes 50% of Income from Cyber Attacks
The North Korean regime makes around half of its income from cyber attacks on cryptocurrency and other targets. A 2019 UN estimate claimed North Korea had amassed as much as $2bn through historic attacks on crypto firms and traditional banks.
North Korean hackers have been blamed for some of the biggest ever heists of cryptocurrency, including the $620m stolen from Sky Mavis’ Ronin Network last year and the $281m taken from KuCoin in 2020 and $35m from Atomic Wallet just this last weekend.
They are using increasingly sophisticated techniques to get what they want. The 3CX supply chain attacks, in which backdoor malware was implanted into a legitimate-looking software update from the eponymous comms provider, is thought to have been a targeted attempt at hitting crypto exchanges.
https://www.infosecurity-magazine.com/news/north-korea-makes-50-income/
Going Beyond “Next Generation” Network Security
Over a decade ago, the phrase “next generation” was used in the network security space to describe the introduction of application-layer controls with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the perimeter. A lot has happened in the last decade though, most notably, the rapid adoption of cloud and multicloud architectures and the loss of the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organisations use between two and three public Infrastructure as a Service (IaaS) clouds. On top of that, 95% of web traffic is encrypted which limits visibility. Applications are everywhere, access privileges are unstructured, increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency. What was once considered “next-generation” network security no longer cuts it.
Worldwide 2022 Email Phishing Statistics and Examples
Remote and hybrid work environments have become the new norm. The fact that email has become increasingly integral to business operations, has led malicious actors to favour email as an attack vector. According to a report by security company Egress, 92% of organisations have fallen victim to phishing attacks in 2022, a 29% increase in phishing incidents from 2021. Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Rather worryingly, there was a 35% increase in the number of detections that related to business email compromise (BEC); these attacks mostly impersonated executives or high-ranking management personnel. With the increase in AI tools, it is expected that cyber criminals will be better able to create and deploy more sophisticated phishing attacks.
https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html
Governance, Risk and Compliance
CISOs, IT lack confidence in executives’ cyber-defence knowledge | CSO Online
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar | Computer Weekly
CISOs focus more on business strategy than threat research - Help Net Security
Only one in 10 CISOs today are board-ready, study says | CSO Online
Employee cyber security awareness takes centre stage in defence strategies - Help Net Security
The Importance of Managing Your Data Security Posture (thehackernews.com)
How CISOs Can Manage the Intersection of Security, Privacy, And Trust (darkreading.com)
Why Companies Should Consider Developing A Chief Security Officer Position (forbes.com)
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
VeeamON 2023: When Your Nightmare Comes True - The New Stack
Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)
UK Organisations lack clear path to achieve threat intelligence - IT Security Guru
CIOs prioritize new technologies over tech stack optimization - Help Net Security
Top factors driving enterprise demand for new cyber security technology - Help Net Security
Factors influencing IT security spending - Help Net Security
How to Boost Cyber Security Through Better Communication (securityintelligence.com)
Generative AI's influence on data governance and compliance - Help Net Security
Essential Cyber security Compliance Standards (trendmicro.com)
Threats
Ransomware, Extortion and Destructive Attacks
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)
Ransomware Behind Most Cyber Attacks, Verizon Business Reports - MSSP Alert
Ransomware Hit New Attack Highs in May 2023, BlackFog Report Says - MSSP Alert
Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg
Clop ransomware likely testing MOVEit zero-day since 2021 (bleepingcomputer.com)
Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online
New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal (thehackernews.com)
Cyclops Ransomware group offers a multiplatform Info StealerSecurity Affairs
Royal ransomware gang adds BlackSuit encryptor to their arsenal (bleepingcomputer.com)
Ransomware Victims
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
Ransomware takes down multiple municipalities in May | TechTarget
Several Major Organisations Confirm Being Impacted by MOVEit Attack - SecurityWeek
Spanish Bank Globalcaja Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)
Burton Snowboards discloses data breach after February attack (bleepingcomputer.com)
City of Dallas Still Clawing Back Weeks After Cyber Incident (darkreading.com)
Caribbean Island Suffers Cyber Attack, MSSP Expert Recommends Low-Code Automation - MSSP Alert
Phishing & Email Based Attacks
Fixing email security: It's still a rocky road ahead - SiliconANGLE
Worldwide 2022 Email Phishing Statistics and Examples (trendmicro.com)
New Security Warning Issued For Google's 1.8 Billion Gmail Users (forbes.com)
New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)
Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)
Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT creates mutating malware that evades detection by EDR | CSO Online
The Growing Cyber Threats of Generative AI: Who's Accountable? (darkreading.com)
Consumers overestimate their deepfake detection skills - Help Net Security
Department of Defence AI principles have a place in the CISO’s playbook | CSO Online
Generative AI's influence on data governance and compliance - Help Net Security
Traditional malware increasingly takes advantage of ChatGPT for attacks | CSO Online
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters
Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)
Cyber crooks Scrape OpenAI API Keys to Pirate GPT-4 (darkreading.com)
2FA/MFA
Malware
High-profile malware and targeted attacks in Q1 2023 | Securelist
ChatGPT creates mutating malware that evades detection by EDR | CSO Online
Malicious Chrome extensions with 75M installs removed from Web Store (bleepingcomputer.com)
Qakbot: The trojan that just won't go away - Help Net Security
Qbot malware adapts to live another day … and another … • The Register
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)
New PowerDrop Malware Targeting US Aerospace Industry (thehackernews.com)
Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)
Minecraft Malware Spreading Through Mods, Plug-ins (darkreading.com)
Online sellers targeted by new information-stealing malware campaign (bleepingcomputer.com)
Google puts $1M behind its mining-malware detection promise • The Register
Mobile
Over 60,000 Android apps secretly installed adware for past six months (bleepingcomputer.com)
Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)
New tool scans iPhones for 'Triangulation' malware infection (bleepingcomputer.com)
New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews
Apple announces next-level privacy and security innovations - Help Net Security
How Does Android Stack Up Vs IOS? (informationsecuritybuzz.com)
Botnets
New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)
Denial of Service/DoS/DDOS
Outlook.com hit by outages as hacktivists claim DDoS attacks (bleepingcomputer.com)
Microsoft OneDrive down worldwide following claims of DDoS attacks (bleepingcomputer.com)
Internet of Things – IoT
Britain to remove Chinese surveillance gear from government sites | Surveillance | The Guardian
Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)
Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)
High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security
New York City sues Hyundai, Kia claiming cars easy to steal • The Register
Data Breaches/Leaks
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Hackers launch another wave of mass-hacks targeting company file transfer tools | TechCrunch
Massive free VPN data breach exposes 360M records | Fox News
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)
Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online
Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)
Every Netherlands resident affected by data leak: watchdog | NL Times
German recruiter Pflegia leaks sensitive job seeker info- Security Affairs
What’s really changed 10 years after the Snowden revelations? | Edward Snowden | The Guardian
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft – Security Week
Google puts $1M behind its mining-malware detection promise • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Scammers publish ads for hacking services on government websites | TechCrunch
Hackers hijack legitimate sites to host credit card stealer scripts (bleepingcomputer.com)
A new wave of sophisticated digital fraud hits Europe - Help Net Security
ID fraud a possibility forever, claims data breach lawsuit • The Register
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack (thehackernews.com)
Brazilian Cyber criminals Using LOLBaS and CMD Scripts to Drain Bank Accounts (thehackernews.com)
Virtual claims raise alarms among insurance carriers and customers - Help Net Security
UK banks to reimburse fraud victims under new rules, regulator confirms | Scams | The Guardian
Impersonation Attacks
'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting (darkreading.com)
Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)
Deepfakes
Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)
Deepfakes being used in ‘sextortion’ scams, FBI warns • The Register
Consumers overestimate their deepfake detection skills - Help Net Security
Defenders Buckle Up for a Future of Detecting Deepfakes (darkreading.com)
Insurance
Dark Web
New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews
Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)
What is the dark web and how do you access it? (androidpolice.com)
Supply Chain and Third Parties
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 (thehackernews.com)
Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg
data privacy: Swiss administration hit by cyber attack - The Economic Times (indiatimes.com)
Software Supply Chain
SBOMs - Software Supply Chain Security’s Future or Fantasy? - SecurityWeek
10 security tool categories needed to shore up software supply chain security | CSO Online
Cloud/SaaS
The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)
Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Current SaaS security strategies don't go far enough - Help Net Security
Hybrid/Remote Working
Filling the Gaps: How to Secure the Future of Hybrid Work (darkreading.com)
Thought of Going Into Office Gives Quarter of Employees Sunday Scaries - IT Security Guru
Surveilling your employees? You could be putting your company at risk of attack - Help Net Security
Shadow IT
Encryption
API
Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)
OWASP's 2023 API Security Top 10 Refines View of API Risks - SecurityWeek
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)
Hate speech is driving advertisers away from Twitter • Graham Cluley
US government's TikTok ban extended to include contractors • The Register
Training, Education and Awareness
Employee cyber security awareness takes center stage in defense strategies - Help Net Security
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)
How to Boost Cyber security Through Better Communication (securityintelligence.com)
Embracing realistic simulations in cyber security training programs - Help Net Security
Data Protection
SEC drops 42 cases after staff bungle data protection • The Register
Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters
Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)
Microsoft Fined $20M For Xbox Child Data Collection (darkreading.com)
Careers, Working in Cyber and Information Security
Privacy, Surveillance and Mass Monitoring
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
A Peek Behind the Curtain: Examining the Dimensions of a National-level Cyber Program | Mandiant
North Korean APT group targets email credentials in social engineering campaign | CSO Online
UK to strip Chinese surveillance cameras from sensitive government sites | Financial Times (ft.com)
Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)
US government's TikTok ban extended to include contractors • The Register
Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering (thehackernews.com)
Kimsuky APT poses as journalists and broadcast writers in attacks- Security Affairs
Meet TeamT5, the Taiwanese infosec outfit taking on Beijing • The Register
China has closed unofficial ‘police stations’ in Britain, UK minister says | China | The Guardian
Lazarus hackers linked to the $35 million Atomic Wallet heist (bleepingcomputer.com)
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks (thehackernews.com)
Hostile states face contract ban amid security concerns (thetimes.co.uk)
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft - SecurityWeek
Vulnerability Management
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
Public sector apps show higher rates of security flaws - Help Net Security
Vulnerabilities
Zyxel vulnerability under 'widespread exploitation' | TechTarget
Barracuda Urges Immediate Replacement of Hacked ESG Appliances (thehackernews.com)
Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities (thehackernews.com)
High-Severity Vulnerabilities Patched in Splunk Enterprise - SecurityWeek
Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution
Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update (darkreading.com)
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! (thehackernews.com)
Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)
High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security
Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover (darkreading.com)
Tools and Controls
CISOs focus more on business strategy than threat research - Help Net Security
CIOs prioritize new technologies over tech stack optimization - Help Net Security
Going Beyond “Next Generation” Network Security - Cisco Blogs
Make Your Employees Your Best Asset in Combating Cybercrime | CISO Collective (fortinet.com)
UK Organisations lack clear path to achieve threat intelligence - IT Security Guru
Employee cybersecurity awareness takes center stage in defence strategies - Help Net Security
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
Factors influencing IT security spending - Help Net Security
Top factors driving enterprise demand for new cyber security technology - Help Net Security
How to Boost Cyber security Through Better Communication (securityintelligence.com)
MoD adopts ‘secure by design’ for cyber security | UKAuthority
Everyone is selling VPNs, and that's a problem for security | Engadget
ISMG Editors: Why Communications Skills Matter for CISOs (inforisktoday.com)
Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)
Ransomware Attack Prevention Checklist - 2023 (cybersecuritynews.com)
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Embracing realistic simulations in cyber security training programs - Help Net Security
The Key to Zero Trust Identity Is Automation (darkreading.com)
What generative AI's rise means for the cyber security industry | TechTarget
Cisco spotlights generative AI in security, collaboration | Network World
10 security tool categories needed to shore up software supply chain security | CSO Online
How to Improve Your API Security Posture (thehackernews.com)
Consolidate Vendors and Products for Better Security - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory - 05 June 2023 – MOVEit Vulnerability Exploited Impacting Millions, with several Major UK Businesses Already Affected, including BA, Boots and the BBC
Black Arrow Cyber Advisory - 05 June 2023 – MOVEit Vulnerablity Exploited Impacting Millions, with several Major UK Businesses Already Affected, including BA, Boots and the BBC
Executive summary
A few days ago, a critical flaw in file transfer software Moveit was exploited, and millions could be impacted. The flaw (CVE-2023-34362) is under active exploitation, with the recent announcement of breaches against UK Payroll provider Zellis, who support services to hundreds of services in the UK. The breach against Zellis has further impacted companies that use Zellis, including the BBC, major UK airline British Airways and major UK retailer, Boots. In addition, the US Government’s Cybersecurity and Infrastructure Agency (CISA) has ordered agencies to patch the flaw.
What’s the risk to me or my business?
The flaw, which has been linked by Microsoft to Lace Tempest, known for ransomware operations & running the Clop extortion site, is being used to exfiltrate data, impacting the confidentiality, integrity and availability of the data an organisation holds. Exploitation of the flaw allows a successful threat actor to gain unauthenticated, remote access to the MOVEit database, allow them to execute code.
Technical Summary:
CVE-2023-34362 – A SQL injection vulnerability in the MOVEit Transfer web application which if exploited, could allow unauthorised access to MOVEit Transfer’s database.
The table below has been taken from MOVEit’s security bulletin:
What can I do?
It is important that organisations not only consider themselves and whether they are using MOVEit Transfer software, but also whether any of their suppliers are using it. In both cases, the relevant fixed version should be installed.
The breaches further reinforce the importance of the supply chain and the impact it can have on organisations. It’s not just about your own security, but also any provider who your organisation uses.
Further details the patch can be found here:
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity