Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief

Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC).  Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.

Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject.  When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.

https://www.telegraph.co.uk/news/2023/01/28/business-leaders-need-hands-on-approach-stop-cyber-crime-says/

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks

Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.

"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.

BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.

https://www.darkreading.com/remote-workforce/rising-firebrick-ostrich-bec-group-launches-industrial-scale-cyberattacks

• The Corporate World is Losing its Grip on Cyber Risk

Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.

But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.

But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”

The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.

https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906

• Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks

Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.

Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.

Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.

Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.

https://www.bleepingcomputer.com/news/security/microsoft-over-100-threat-actors-deploy-ransomware-in-attacks/

• Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk

With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.

Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk.  The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.

https://www.itsecurityguru.org/2023/02/02/ransomware-conversations-why-the-cfo-is-pivotal-to-discussing-and-preparing-for-risk

• Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023

Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year. 

In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.

https://www.darkreading.com/attacks-breaches/greater-incident-complexity-a-shift-in-the-way-threat-actors-use-stolen-data-and-a-rise-in-us-class-actions-will-drive-the-cyber-threat-landscape-in-2023-according-to-beazley-report

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside

A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training. 

https://www.darkreading.com/vulnerabilities-threats/the-threat-from-within-71-of-business-leaders-surveyed-think-next-cybersecurity-breach-will-come-from-the-inside

• 98% of Organisations Have a Supply Chain Relationship That Has Been Breached

A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.

https://www.securityweek.com/98-of-firms-have-a-supply-chain-relationship-that-has-been-breached-analysis/

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.

In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.

https://www.darkreading.com/attacks-breaches/new-survey-reveals-40-of-companies-experienced-a-data-leak-in-the-past-year

• Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation

The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.

The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable.  It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.

https://www.euronews.com/2023/01/26/russian-hackers-launch-cyberattack-on-germany-in-leopard-retaliation

• Financial Services Targeted in 28% of UK Cyber Attacks Last Year

Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.

https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/

• Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For

Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.

The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.

https://www.zdnet.com/article/phishing-attacks-are-getting-scarily-sophisticated-heres-what-to-watch-out-for/

• City of London on High Alert After Ransomware Attack

A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.

https://www.infosecurity-magazine.com/news/city-of-london-high-alert/

• JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack

Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.

JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.

https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79

Threats

Ransomware, Extortion and Destructive Attacks

• City Of London Traders Hit By Russia-Linked Cyber Attack (informationsecuritybuzz.com)

• New Nevada Ransomware targets Windows and VMware ESXi systems (bleepingcomputer.com)

• City of London on High Alert After Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk - IT Security Guru

• US puts a $10m bounty on Hive while Russia shuts down access • The Register

• Copycat Criminals mimicking Lockbit gang in northern Europe security affairs

• Ransom-what? Learning from Hacked Hackers (secureworld.io)

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• Council leader 'put her foot down' and refused to pay multi-million pound ransom demand from hackers - Teesside Live (gazettelive.co.uk)

• 6 Ransomware Trends & Evolutions For 2023 (trendmicro.com)

• Cyber Attack Hits Derivatives Unit of Trading Software Firm ION - Bloomberg

• Regulators weigh in on ION attack as LockBit takes credit • The Register

• New Mimic Ransomware Abuses Windows Search Engine (cyber securitynews.com)

• Stratford University discloses ransomware attack — but which ransomware attack? (databreaches.net)

• Schools don't pay, but ransomware attacks still increasing | TechTarget

• Poser Hackers Impersonate LockBit in SMB Cyber attacks (darkreading.com)

• Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget

• Nevada Ransomware Has Released Upgraded Locker security affairs

• LockBit Green ransomware variant borrows code from Conti one security affairs

• Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com)

• Ransomware attacks on public sector persist in January | TechTarget

• Ransomware attack on data firm ION could take days to fix -sources | Reuters

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

Phishing & Email Based Attacks

• Phishing attacks are getting scarily sophisticated. Here's what to watch out for | ZDNET

• BEC Group Uses Open Source Tactics in Hundreds of Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status (darkreading.com)

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• BEC Group Uses Open Source Tactics in Hundreds of Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors - Infosecurity Magazine (infosecurity-magazine.com)

• Long Con Impersonates Financial Advisers to Target Victims (darkreading.com)

2FA/MFA

• Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)

Malware

• How Can Disrupting DNS Communications Thwart a Malware Attack? (darkreading.com)

• Hackers use new IceBreaker malware to breach gaming companies (bleepingcomputer.com)

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)

• PoS malware can block contactless payments to steal credit cards (bleepingcomputer.com)

• Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service (thehackernews.com)

• New APT34 Malware Targets The Middle East (trendmicro.com)

• HeadCrab malware targets Redis to mine cryptocurrency | TechTarget

• Malvertising attacks are distributing .NET malware loaders • The Register

• Hackers weaponize Microsoft Visual Studio add-ins to push malware (bleepingcomputer.com)

Mobile

• Google Fi data breach let hackers carry out SIM swap attacks (bleepingcomputer.com)

• Over 1,800 Android phishing forms for sale on cyber crime market (bleepingcomputer.com)

• Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

Botnets

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)

Denial of Service/DoS/DDOS

• Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)

• New DDoS-as-a-Service platform used in recent attacks on hospitals (bleepingcomputer.com)

Internet of Things – IoT

• IoT, connected devices biggest contributors to expanding application attack surface | CSO Online

• European IoT Manufacturers Lag in Vulnerability Disclosure (databreachtoday.co.uk)

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (thehackernews.com)

• Anker finally comes clean about its Eufy security cameras - The Verge

Data Breaches/Leaks

• JD Sports warns data of 10mn customers put at risk in cyber attack | Financial Times (ft.com)

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)

• Planet Ice hacked! 240,000 skating fans' details stolen (bitdefender.com)

• If a locked filing cabinet is stolen along with its key, can you still say it’s locked? GoTo thinks you can • Graham Cluley

Organised Crime & Criminal Actors

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals (darkreading.com)

• Cyber crime Ecosystem Spawns Lucrative Underground Gig Economy (darkreading.com)

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert

• Report on hackers' salaries shows poor wages for developers • The Register

• 6 Examples of the Evolution of a Scam Site (darkreading.com)

• Cyber Insights 2023: Criminal Gangs - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• ‘Everything is fake’: how global crime gangs are using UK shell companies in multi-million pound crypto scams | Organised crime | The Guardian

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• HeadCrab malware targets Redis to mine cryptocurrency | TechTarget

Insider Risk and Insider Threats

• Insider attacks becoming more frequent, more difficult to detect - Help Net Security

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber security Breach Will Come from the Inside (darkreading.com)

• Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)

• The next cyber threat may come from within - Help Net Security

• Insider threats: The cyber risks lurking in the dark (betanews.com)

• Executives Worry Equally About Insider Cyber Errors, Outsider Threats: How MSSPs Can Help - MSSP Alert

• Former Ubiquiti dev pleads guilty to data theft, extortion • The Register

Fraud, Scams & Financial Crime

• ‘Everything is fake’: how global crime gangs are using UK shell companies in multi-million pound crypto scams | Organised crime | The Guardian

• New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors - Infosecurity Magazine (infosecurity-magazine.com)

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Russian Millionaire on Trial in Hack, Insider Trade Scheme - SecurityWeek

• 6 Examples of the Evolution of a Scam Site (darkreading.com)

• Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank | Tripwire

• Romance Fraudsters Have Stolen £65m From Brits Since 2020 (informationsecuritybuzz.com)

Impersonation Attacks

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 - Infosecurity Magazine (infosecurity-magazine.com)

• Why CISOs Should Care About Brand Impersonation Scam Sites (darkreading.com)

AML/CFT/Sanctions

• As the anti-money laundering perimeter expands, who needs to be compliant, and how? - Help Net Security

Insurance

• 4 Cyber Insurance Requirement Predictions for 2023 (trendmicro.com)

Dark Web

• There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals (darkreading.com)

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert

• Report on hackers' salaries shows poor wages for developers • The Register

Supply Chain and Third Parties

• 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis - SecurityWeek

• Almost all Organisations are Working with Recently Breached Vendors - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of organisations have indirect relationships with 200+ breached fourth-party vendors - Help Net Security

• Cyber attack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? - MSSP Alert

• New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs | CSO Online

• CISA to Open Supply Chain Risk Management Office (darkreading.com)

• Cyber Insights 2023 | Supply Chain Security - SecurityWeek

Cloud/SaaS

• Misconfiguration and vulnerabilities biggest risks in cloud security: Report | CSO Online

• Hybrid cloud storage security challenges - Help Net Security

• Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security

Containers

• Researchers Claim High-Risk Vulnerabilities Found in 87% of All Container Images - Infosecurity Magazine (infosecurity-magazine.com)

Encryption

• Serious Security: The Samba logon bug caused by outdated crypto – Naked Security (sophos.com)

• Encryption Explained: At Rest, In Transit & End-To-End Encryption | Splunk

• Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse - SecurityWeek

API

• The emergence of trinity attacks on APIs - Help Net Security

• API management (APIM): What It Is and Where It’s Going security affairs

Open Source

• Microsoft upgrades Defender to lock down Linux devices • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• Bitwarden Password Manager users are being targeted by phishing ads on Google- gHacks Tech News

• KeePass disputes vulnerability allowing stealthy password theft (bleepingcomputer.com)

Social Media

• Inside TikTok’s proposal to address US national security concerns | CyberScoop

• Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)

Malvertising

• Malvertising attacks are distributing .NET malware loaders • The Register

Training, Education and Awareness

• Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)

Regulations, Fines and Legislation

• Regulators weigh in on ION attack as LockBit takes credit • The Register

• New UN cyber crime convention has a long way to go in a tight timeframe | CSO Online

Governance, Risk and Compliance

• Business leaders need hands-on approach to stop cyber crime, says spy chief (telegraph.co.uk)

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)

• Financial Services Targeted in 28% of UK Cyber-Attacks Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• 70% of CIOs anticipate their involvement in cyber security to increase - Help Net Security

• Cyber security Budgets Are Going Up. So Why Aren't Breaches Going Down? (thehackernews.com)

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk - IT Security Guru

• You Don't Know Where Your Secrets Are (thehackernews.com)

• Inability to prevent bad things from happening seen as the worst part of a security job - Help Net Security

• The corporate world is losing its grip on cyber risk | Financial Times (ft.com)

• IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance (darkreading.com)

Careers, Working in Cyber and Information Security

• Inability to prevent bad things from happening seen as the worst part of a security job - Help Net Security

• Thriving Dark Web Trade in Fake Security Certifications - Infosecurity Magazine (infosecurity-magazine.com)

• The Effect of Cyber security Layoffs on Cyber security Recruitment - SecurityWeek

• Economic headwinds could deepen the cyber security skills shortage | CSO Online

Law Enforcement Action and Take Downs

• 7 Ways Hive Ransomware Gang Caused Chaos Before FBI Hacked It (gizmodo.com)

• US puts a $10m bounty on Hive while Russia shuts down access • The Register

• Hacker accused of having stolen personal data of all Austrians security affairs

• Alleged ShinyHunters gang member in US court • The Register

• Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget

Privacy, Surveillance and Mass Monitoring

• On Data Privacy Day, Organisations Fail Data Privacy Expectations (darkreading.com)

• Hacker accused of having stolen personal data of all Austrians security affairs

• Enterprises Need to Do More to Assure Consumers About Privacy (darkreading.com)

Artificial Intelligence

• Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online

• OpenAI releases tool to detect AI-written text (bleepingcomputer.com)

• Reality check: Is ChatGPT really the next big cyber security threat? | CyberScoop

• Cyber Insights 2023: Artificial Intelligence - SecurityWeek

Misinformation, Disinformation and Propaganda

• Google deletes 50,000 pro-China fake-news vids and blogs • The Register

• Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek

• Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)

• Latvia confirms phishing attack on Ministry of Defence, linking it to Russian hacking group - The Record from Recorded Future News

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

• Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek

• Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)

• Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert

• Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)

• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)

• New APT34 Malware Targets The Middle East (trendmicro.com)

• Lazarus Group Attack Identified After Operational Security Fail - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

• Cyber Insights 2023: The Geopolitical Effect - SecurityWeek

Nation State Actors

Nation State Actors – Russia

• Russian Nuisance Hacking Group KillNet Targets Germany (govinfosecurity.com)

• Russian hackers launch cyber attack on Germany in Leopard retaliation | Euronews

• Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)

• Latvia confirms phishing attack on Ministry of Defence, linking it to Russian hacking group - The Record from Recorded Future News

• A Link to News Site Meduza Can (Technically) Land You in Russian Prison | WIRED

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

• Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek

• Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)

• Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert

• Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)

• Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)

• IT Army of Ukraine gained access to 1.5GB archive from Gazprom security affairs

• There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)

• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)

Nation State Actors – China

• Google deletes 50,000 pro-China fake-news vids and blogs • The Register

• Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign (darkreading.com)

• TikTok CEO to testify before US. Congress over security concerns | Reuters

Nation State Actors – North Korea

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Lazarus Group Attack Identified After Operational Security Fail - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)

Nation State Actors – Iran

• Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

Nation State Actors – Misc

• Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online

• New APT34 Malware Targets The Middle East (trendmicro.com)

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

Vulnerability Management

• The future of vulnerability management and patch compliance - Help Net Security

• What is the CVSS (Common Vulnerability Scoring System)? (techtarget.com)

Vulnerabilities

• Researchers to release VMware vRealize Log RCE exploit, patch now (bleepingcomputer.com)

• Patch management is crucial to protect Exchange servers, Microsoft warns security affairs

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (thehackernews.com)

• QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (thehackernews.com)

• Over 29,000 QNAP devices unpatched against new critical flaw (bleepingcomputer.com)

• Firmware Flaws Could Spell 'Lights Out' for Servers (darkreading.com)

• Why you might not be done with your January Microsoft security patches | CSO Online

• Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’ | The Daily Swig (portswigger.net)

• HPE, NetApp warn of critical open-source bug | SC Media (scmagazine.com)

• High-severity bug in F5 BIG-IP can lead to code execution and DoS security affairs

• Cisco fixes bug allowing backdoor persistence between reboots (bleepingcomputer.com)

• Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability (thehackernews.com)

• CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (thehackernews.com)

• Threat activity increasing around Fortinet VPN vulnerability | TechTarget

• Remote code execution exploit chain available for VMware vRealize Log Insight | CSO Online

Tools and Controls

• Gartner report shows zero trust isn’t a silver bullet | VentureBeat

Other News

• We can't rely on goodwill to protect our critical infrastructure - Help Net Security

• Playing Military Sim War Thunder May Get You Classed as a National Security Risk

• Cyber attacks in space: How safe are our satellites? | Metro News

• Threat Actors Use ClickFunnels to Bypass Security Services - Infosecurity Magazine (infosecurity-magazine.com)

• Massive Microsoft 365 outage caused by WAN router IP change (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.