Black Arrow Cyber Threat Intelligence Briefing 03 January 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Summary
Cyber security threats in 2024 became more sophisticated, with AI-driven phishing, ransomware, and state-sponsored attacks presenting significant challenges. This week’s threat intelligence review shows that hyper-personalised phishing campaigns now account for 90% of successful cyber attacks, costing organisations an average of $4.9m per breach. Ransomware-as-a-service (RaaS) has lowered barriers for attackers, targeting critical sectors and driving recovery costs to $3m per incident.
Geopolitical tensions have intensified risks, with NATO highlighting hybrid attacks from Russia and China’s state-backed groups targeting critical infrastructure. These incidents underscore the vulnerabilities in sectors like energy and emergency services, necessitating urgent action to enhance resilience.
Supply chain security also remains a concern, with Chrome extension compromises demonstrating the risks of inadequate oversight. New regulations such as the EU’s NIS2 directive and UK Financial Conduct Authority (FCA) rules will push businesses to improve third-party risk management and compliance in 2025.
To combat these threats, organisations must adopt a cyber security strategy that considers zero trust architectures, multi-factor authentication, and robust incident response plans. Effective training and the strategic leadership of Chief Information Security Officers (CISOs) are critical in bridging security and business objectives, ensuring resilience against an evolving cyber threat landscape.
Top Cyber Stories of the Last Week
Corporate Executives are Being Increasingly Targeted by AI Phishing Scams
Corporate executives are increasingly targeted by sophisticated AI-driven phishing attacks, leveraging vast amounts of data to create hyper-personalised scams. Experts highlight a sharp rise in such attacks, with 90% of successful cyber attacks originating from phishing emails. These scams cost organisations significantly, with the global average cost of a data breach reaching $4.9m in 2024. Reports reveal a 28% increase in phishing attacks in Q2 2024, with some firms receiving up to 36 phishing emails daily. Businesses are urged to adopt multi-layered security measures and employee training to mitigate these escalating threats.
Unconventional Russian Attack Could Cause 'Substantial' Casualties, Top NATO Official Warns
NATO officials warn that hybrid attacks, particularly from Russia, are escalating to levels considered intolerable just five years ago, describing the situation as akin to "boiling the frog." These unconventional threats, including sabotage and cyber attacks, pose a "real prospect" of substantial casualties or significant economic harm. The rise in incidents is linked to Western support for Ukraine and Moscow's perception of NATO as an adversary. In response, NATO is updating its strategy on hybrid warfare, enhancing tracking of incidents and clarifying red lines to deter escalation, addressing ambiguities around thresholds for invoking Article 5.
35 Chrome Extensions Began Stealing People's Data After the Developers Got Phished
Recent reports have highlighted the risks associated with compromised Chrome extensions after a phishing campaign targeted developers. Attackers used fake Google warnings to trick developers into sharing login credentials, allowing them to introduce malicious updates to 35 extensions. These updates harvested data from users. Notably, even two-factor authentication was bypassed during the attacks, exposing vulnerabilities in the security process. Organisations are advised to review their use of Chrome extensions against published threat lists and ensure robust security awareness for staff managing digital assets to mitigate risks of similar incidents.
China's Cyber Intrusions Took a Sinister Turn in 2024
In 2024, Chinese state-backed cyber attacks took a concerning turn, moving from traditional espionage to pre-positioning for potential disruptive operations targeting critical infrastructure. Groups like Volt Typhoon have infiltrated US networks, including emergency services and the electric grid, using stealth techniques to avoid detection. Despite efforts to dismantle botnets, attackers maintain access to compromised systems, leveraging legitimate tools for reconnaissance and persistence. Experts warn that these activities highlight gaps in critical infrastructure security, with many organisations unaware of vulnerabilities. US agencies urge urgent action, including patching systems, upgrading outdated equipment, and adopting multi-factor authentication, to mitigate future threats.
Third Party Risk Management is Critical as DORA and New FCA Rules Come into Effect
New rules coming into effect in 2025 will require IT firms deemed “critical” to the UK financial sector to enhance transparency around cyber attacks and resilience measures. Overseen by the Financial Conduct Authority, the Bank of England and the Prudential Regulation Authority, the measures aim to ensure the sector remains resilient against threats like cyber attacks and natural disasters. While industry experts broadly welcome the focus on third-party risk management, questions remain about supplier classification and data-sharing processes. Firms will also need to conduct resilience testing, potentially collaborating with financial institutions to ensure robust protection of financial market infrastructures.
Ransomware 2024: A Year of Tricks, Traps, Wins and Losses
Ransomware attacks in 2024 reached unprecedented levels, targeting critical sectors like healthcare, public infrastructure, and the cloud. The rise of ransomware-as-a-service (RaaS) enabled less experienced attackers to launch devastating campaigns, while nation-state actors leveraged ransomware for geopolitical gains. High-profile incidents exposed vulnerabilities in healthcare, disrupted infrastructure, and fuelled economic warfare. Recovery costs soared to an average of $3 million per attack, reflecting attackers’ increasing sophistication. Generative AI played a dual role, enhancing both defences and threats. These developments underscore ransomware’s evolution into a strategic and economic weapon, demanding heightened resilience, zero-trust adoption, and global collaboration in 2025 and beyond.
The Modern CISO is a Cornerstone of Organisational Success
The role of the Chief Information Security Officer (CISO), whether internal or outsourced, has evolved from a technical focus to being integral to business strategy, bridging cyber security with operational and strategic objectives. Modern CISOs align security initiatives with business goals, enhance customer trust, and ensure compliance with complex regulatory frameworks. Key responsibilities include embedding security into operations without disrupting productivity, managing risks such as legacy systems and resource constraints, and implementing measures like zero trust architecture. As businesses face emerging threats, the CISO’s strategic leadership is increasingly vital to fostering resilience and securing competitive advantage.
Ransomware Reality Check: Are You Ready to Face Organised Cyber Crime?
Ransomware attacks remain a pressing concern, with professional criminal enterprises leveraging advanced extortion tactics that target data confidentiality rather than just availability. The shift from data encryption to exfiltration has increased ransom demands and heightened reputational risks for organisations. Many companies lack clear ransomware-specific policies, leaving leadership to make critical decisions under pressure during incidents. Preparation is vital; pre-defined payment stances, established incident response retainers, and proactive resilience measures are essential. Ransomware is not just a technical issue but a moral and business challenge, requiring C-suite collaboration to mitigate risks and avoid financing organised crime.
How Cops Taking Down Ransomware Gangs Led to the Meteoric Rise of Another
RansomHub has emerged as a dominant ransomware group in 2024, accounting for approximately 20% of all ransomware and data exfiltration incidents in Q4. The group capitalised on the law enforcement takedowns of their competitors LockBit and ALPHV, recruiting affiliates with a highly lucrative 90-10 revenue split. Their aggressive tactics and rapid rise have attracted significant attention, with over 210 victims targeted within six months, including major organisations across various sectors. While their methods are not unique, their speed and affiliate-centric model position them as a critical threat in early 2025, with law enforcement and security firms closely monitoring their activity.
Experts Unsure of Risk Appetite as EU Beefs Up Cyber Rules for Critical Infrastructure
The EU’s NIS2 directive places a renewed focus on cyber security for critical infrastructure and essential services, including energy, transport, and banking. Executives are directly accountable for compliance, with the directive requiring robust risk management, incident reporting, and scrutiny of suppliers’ security measures. Concerns remain over inconsistent enforcement across member states, which could complicate implementation. Experts predict that NIS2 will set a global benchmark for managing cyber risks, similar to the influence of GDPR on data privacy. Business leaders should prepare for increased scrutiny, especially as the directive's scope may encompass more organisations than initially expected.
Sources:
https://www.xda-developers.com/35-chrome-extensions-stealing-peoples-data/
https://www.theregister.com/2024/12/31/china_cyber_intrusions_2024/
https://www.scworld.com/feature/ransomware-2024-a-year-of-tricks-traps-wins-and-losses
https://www.helpnetsecurity.com/2025/01/03/tomorrow-ciso-role-transformation/
https://insight.scmagazineuk.com/ransomware-reality-check-are-you-ready-to-face-organised-cybercrime
https://www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/
Governance, Risk and Compliance
The modern CISO is a cornerstone of organisational success - Help Net Security
Security leaders don't want to be held personally liable for attacks | TechRadar
How to Create an Enterprise-Wide Cyber Security Culture
What 2024’s Worst Cyber Attacks Show About Staying Safe in 2025
Cyber criminals tighten their grip on organisations - Help Net Security
Majority of UK SMEs Lack Cyber Security Policy - Infosecurity Magazine
CISO vs. CEO: Making a case for cyber security investments
The Most Dangerous People on the Internet in 2024 | WIRED
2025 is when the internet could finally die and the consequences will be huge | The Independent
Crafting and Refining a Strategic 2025 Cyber Security Budget - Infosecurity Magazine
2025: A Critical Year for Cyber Security Compliance in the EU and UK - Infosecurity Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Reality Check: Are You Ready To Face Organised Cyber Crime? | SC Media UK
Record-breaking ransoms and breaches: A timeline of ransomware in 2024 | TechCrunch
How LockBit and ALPHV’s takedowns fuelled RansomHub’s rise • The Register
Clop ransomware lists Cleo cyber attack victims | TechRadar
Top 10 Most Active Ransomware Groups of 2024 - Infosecurity Magazine
What 2024’s Worst Cyber Attacks Show About Staying Safe in 2025
Ransomware 2024: A year of tricks, traps, wins and losses | SC Media
Ransomware downtime costs US healthcare organisations $1.9M daily | Healthcare IT News
US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
Ransomware Victims
Clop ransomware lists Cleo cyber attack victims | TechRadar
Hackers Leak Rhode Island Citizens' Data on Dark Web - Infosecurity Magazine
Atos confirms not being compromised by the ransomware group
Thomas Cook Hit by Cyber Attack, IT Systems Impacted
Phishing & Email Based Attacks
Corporate executives are being increasingly targeted by AI phishing scams | TechRadar
Look out for hyper-personalized phishing attacks, powered by AI
New details reveal how hackers hijacked 35 Google Chrome extensions
These 35 Chrome extensions began stealing people's data after the developers got phished
Phishing Attack Allowed Malicious Chrome Extension to be Published | SC Media UK
Google Chrome extensions hack may have started much earlier than expected | TechRadar
Top 12 ways hackers broke into your systems in 2024 | CSO Online
Other Social Engineering
Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign - SecurityWeek
OAuth Identity Attack — Are your Extensions Affected? - Security Boulevard
Cyber security firm's Chrome extension hijacked to steal users' data
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft
Artificial Intelligence
Corporate executives are being increasingly targeted by AI phishing scams | TechRadar
Look out for hyper-personalized phishing attacks, powered by AI
AI agents may lead the next wave of cyber attacks - SiliconANGLE
LLMs could soon supercharge supply-chain attacks • The Register
'Bad Likert Judge' Jailbreaks OpenAI Defences
How will rules and regulations affect cyber security and AI in 2025? | SC Media
Deepfakes question our ability to discern reality - Help Net Security
Navigate the 2025 threat landscape with expert insights | TechTarget
2025: The Dawn of AI-Driven Cyber Crime
2FA/MFA
Google Chrome 2FA Bypass Attacks Confirmed—Millions Of Users At Risk
Malware
Experts warn of a surge in activity associated FICORA and Kaiten botnets
D-Link Botnet Attacks Surge in Global Spike - DataBreachToday
Malware botnets exploit outdated D-Link routers in recent attacks
Global Campaign Targets PlugX Malware with Innovative Portal - Infosecurity Magazine
Bots/Botnets
Experts warn of a surge in activity associated FICORA and Kaiten botnets
D-Link Botnet Attacks Surge in Global Spike - DataBreachToday
Malware botnets exploit outdated D-Link routers in recent attacks
Mobile
Wiping your Android phone? Here's the easiest way to erase all personal data | ZDNET
Critical Gmail Warning—Don’t Click Yes To These Google Security Alerts
Here's how to use the feature that protects your iPhone in case of a major cyber attack - PhoneArena
Denial of Service/DoS/DDoS
NTT Docomo hit by DDoS attack | Total Telecom
Internet of Things – IoT
Experts warn of a surge in activity associated FICORA and Kaiten botnets
D-Link Botnet Attacks Surge in Global Spike - DataBreachToday
Data Breaches/Leaks
Every minute, 4,080 records are compromised in data breaches - Help Net Security
Human error to blame in Ascension data breach that impacted 5.6 million patients | TechSpot
Massive VW Data Leak Exposed 800,000 EV Owners’ Movements, From Homes To Private Spaces | Carscoops
How Breach Readiness Will Shape Cyber Defence in 2025 - Security Boulevard
Machine gun, pistol and hundreds of devices lost by Ministry of Defence | UK News | Sky News
Cisco Confirms Authenticity of Data After Second Leak - SecurityWeek
Hackers Leak Rhode Island Citizens' Data on Dark Web - Infosecurity Magazine
ZAGG disclosed a data breach that exposed its customers' credit card data
Rhode Islanders’ Data Was Leaked From a Cyber Attack on State Health Benefits Website - SecurityWeek
Organised Crime & Criminal Actors
Cyber criminals tighten their grip on organisations - Help Net Security
Ransomware Reality Check: Are You Ready To Face Organised Cyber Crime? | SC Media UK
US Arrests Army Soldier Over AT&T, Verizon Hacking - SecurityWeek
2024: A jackpot year for North Korea's cyber criminals - Daily NK English
Insider Risk and Insider Threats
Human error to blame in Ascension data breach that impacted 5.6 million patients | TechSpot
Things not to store on your work laptop
Navigate the 2025 threat landscape with expert insights | TechTarget
US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
Insurance
How to Get the Most Out of Cyber Insurance
Supply Chain and Third Parties
Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign - SecurityWeek
OAuth Identity Attack — Are your Extensions Affected? - Security Boulevard
New details reveal how hackers hijacked 35 Google Chrome extensions
Google Chrome extensions hack may have started much earlier than expected | TechRadar
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents
LLMs could soon supercharge supply-chain attacks • The Register
Cloud/SaaS
Managing Cloud Risks Gave Security Teams a Big Headache in 2024
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
Azure compromise possible with Apache Airflow vulnerabilities | SC Media
Stay Ahead: Integrating IAM with Your Cloud Strategy - Security Boulevard
Identity and Access Management
Machine identities are the next big target for attackers - Help Net Security
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
Encryption
Quantum Computing Advances in 2024 Put Security In Spotlight
Will quantum computing break encryption as we know it?
Over 3 million mail servers without encryption exposed to sniffing attacks
The CISO’s guide to accelerating quantum-safe readiness
Passwords, Credential Stuffing & Brute Force Attacks
Passkeys were supposed to be secure and simple; here's how they fail
Regulations, Fines and Legislation
New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
Top 10 Data Protection Fines and Settlements of 2024 - Infosecurity Magazine
How will rules and regulations affect cyber security and AI in 2025? | SC Media
2025: A Critical Year for Cyber Security Compliance in the EU and UK - Infosecurity Magazine
UN cyber crime treaty adopted amid pushback | SC Media
US proposes cyber security rules to limit impact of health data leaks
Navigating the SEC’s Cyber Security Disclosure Rules: One Year On - Security Boulevard
US prohibits data sales to adversarial nations | SC Media
Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Snoopy Eavesdropping - SecurityWeek
Court strikes down US net neutrality rules - BBC News
Models, Frameworks and Standards
The 5 most impactful cyber security guidelines (and 3 that fell flat)
New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
Data Protection
Top 10 Data Protection Fines and Settlements of 2024 - Infosecurity Magazine
US prohibits data sales to adversarial nations | SC Media
Careers, Working in Cyber and Information Security
The state of cyber security and IT talent shortages - Help Net Security
Law Enforcement Action and Take Downs
Three Russian-German Nationals Charged with Espionage for Russian Secret Service
US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
US prohibits data sales to adversarial nations | SC Media
Nation State Actors
China
China's cyber intrusions turns sinister in 2024 • The Register
What to know about string of US hacks blamed on China - BBC News
Chinese Hackers Reportedly Targeted US Sanctions Office
Nato to boost Baltic Sea presence after suspected sabotage of underwater cable | Nato | The Guardian
Finland police seize ship after undersea power cable to Estonia is cut - The Washington Post
Finland finds drag marks on Baltic seabed after cable damage | Reuters
Palo Alto Firewalls Backdoored by Suspected Chinese Hackers
US Treasury hacked: Are China and the US stepping up their cyberwar? | Cyber Crime News | Al Jazeera
AT&T and Verizon say networks secure after Salt Typhoon breach
Lumen reports that it has locked out the Salt Typhoon group from its network
Germany Says Latest Undersea Cable Cut a ‘Wake-up Call' - The Moscow Times
Estonia navy to protect undersea power link after main cable damaged - BBC News
Finland moves tanker suspected of undersea cable damage closer to port | Reuters
Russia
Nato to boost Baltic Sea presence after suspected sabotage of underwater cable | Nato | The Guardian
Finland police seize ship after undersea power cable to Estonia is cut - The Washington Post
Finland finds drag marks on Baltic seabed after cable damage | Reuters
Ukraine recovers key notarial registers affected by Russian cyber attack | Ukrainska Pravda
Ukraine Cyber Support Funding Tops €200 million | SC Media UK
US sanctions Russian, Iranian groups for election interference | CyberScoop
Germany Says Latest Undersea Cable Cut a ‘Wake-up Call' - The Moscow Times
Three Russian-German Nationals Charged with Espionage for Russian Secret Service
Luxury Western Goods Line Russian Stores, Three Years Into Sanctions
Pro-Russian hackers target Italian airport websites – DW – 12/28/2024
Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group | Reuters
Russian media outlets Telegram channels blocked in European countries
Estonia navy to protect undersea power link after main cable damaged - BBC News
Finland moves tanker suspected of undersea cable damage closer to port | Reuters
Russian smugglers import luxury cars from Europe despite sanctions
Iran
US sanctions Russian, Iranian groups for election interference | CyberScoop
North Korea
2024: A jackpot year for North Korea's cyber criminals - Daily NK English
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
CISO vs. CEO: Making a case for cyber security investments
Managing Cloud Risks Gave Security Teams a Big Headache in 2024
Rotating Penetration Testing Providers: A Key to Robust Cyber Security | Luxembourg Times
Wiping your Android phone? Here's the easiest way to erase all personal data | ZDNET
Machine identities are the next big target for attackers - Help Net Security
How Breach Readiness Will Shape Cyber Defence in 2025 - Security Boulevard
2025 to be a Year of Reckoning for AI in Cyber Security - Infosecurity Magazine
Over 3 million mail servers without encryption exposed to sniffing attacks
Majority of UK SMEs Lack Cyber Security Policy - Infosecurity Magazine
Crafting and Refining a Strategic 2025 Cyber Security Budget - Infosecurity Magazine
CISOs don't invest enough in code security - Help Net Security
Stay Ahead: Integrating IAM with Your Cloud Strategy - Security Boulevard
Top security solutions being piloted today — and how to do it right | CSO Online
Shift left security — Good intentions, poor execution, and ways to fix it - SD Times
Regulations, security, and remote work: Why network outsourcing is booming - Help Net Security
Other News
The Most Dangerous People on the Internet in 2024 | WIRED
2025 is when the internet could finally die and the consequences will be huge | The Independent
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them
Machine gun, pistol and hundreds of devices lost by Ministry of Defence | UK News | Sky News
Satisfied with Your Cyber Security? Think Again - Security Boulevard
What Security Lessons Did We Learn in 2024?
Cyber Security Lags in Middle East Business Development
New Year’s cyber security resolutions that every startup should keep | TechCrunch
Tackling Cyber Security Challenges With Global Collaboration
Cyber attack on Japan Airlines: A wake-up call for aviation security - Travel Radar - Aviation News
Space Diplomacy: A New Frontier for Cyber Security Efforts - Modern Diplomacy
Addressing growing concerns about cyber security in manufacturing
Hackers Are Hot for Water Utilities
Cyber attacks are on the rise. Is the public sector prepared? - WHYY
Vulnerability Management
Top 12 ways hackers broke into your systems in 2024 | CSO Online
Vulnerabilities
Active Directory Flaw Can Crash Any Microsoft Server
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks - SecurityWeek
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip's creator says is a fake
Azure compromise possible with Apache Airflow vulnerabilities | SC Media
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
New Windows 11 24H2 bug could block future security updates - see who's affected | ZDNET
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.