Black Arrow Cyber Threat Briefing 04 October 2024

6 Oct

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

How Snoozing on Cyber Security Fails Modern Businesses

A recent study has found that many organisations are delaying crucial data security updates, likened to hitting the snooze button on an alarm. This reluctance to modernise security measures leaves businesses vulnerable to evolving threats as technologies like cloud and AI are integrated into operations. The report highlights that clinging to legacy security systems can lead to significant financial and reputational damage. Despite the ever-present threat of cyber attacks, many organisations hesitate to upgrade due to comfort with existing systems and perceived cost implications. The adoption of modern security practices like Zero Trust models and AI-driven tools is essential to mitigate these risks.

Cyber Criminals Capitalise on Poorly Configured Cloud Environments

According to the 2024 Elastic Global Threat Report, cyber criminals are exploiting poorly configured cloud environments and leveraging off-the-shelf offensive security tools, which account for approximately 54% of observed malware alerts, with one tool responsible for over 27% of infections. Misconfigurations are widespread: 47% of Microsoft Azure failures are tied to storage issues, and 30% of AWS failures result from the lack of multi-factor authentication. There has been a 12% increase in brute-force techniques, particularly in Azure environments. While defence technologies are making progress, the report emphasises the need for enterprises to enhance cloud configurations and enforce security measures like multi-factor authentication.

90% of Cyber Security Incidents Could Be Avoided, Survey Reveals

Veeam Software has found that only 43% of EMEA IT decision-makers believe the forthcoming NIS2 directive will significantly enhance EU cyber security. This scepticism persists despite 90% of respondents reporting at least one security incident in the past year that NIS2 could have prevented. While nearly 80% are confident they will eventually comply with NIS2, up to two-thirds expect to miss the October 2024 deadline. The report highlights barriers to compliance, including technical debt (24%), lack of leadership understanding (23%), and insufficient budget (21%). Additionally, 40% have experienced decreased IT budgets since NIS2 was announced, with many organisations ranking it lower in urgency than other business priorities.

The Cyber Industry Needs to Accept It Can't Eliminate Risk

A recent analysis highlights that striving for zero risk in cyber security is unattainable for organisations. The reliance on large technology providers like CrowdStrike exposes systemic risks, where an incident can have widespread impact across dependent businesses. The article emphasises that instead of pursuing perfection, organisations should focus on reducing risks to a manageable level. Transparency with stakeholders about residual risks is crucial to set realistic expectations and maintain trust. It also suggests diversifying technology stacks to avoid overloading risk onto a few providers, and implementing practical security measures that can be consistently followed to manage risks effectively.

Cyber Teams Say They Can’t Keep Up with Attack Volumes

ISACA has found that understaffing and underfunding are major concerns for cyber security professionals in Europe, with 61% reporting understaffed teams and 52% citing underfunding despite predicted spending increases. The report highlighted that 68% feel their work is more stressful now than in 2019 due to a complex threat landscape. Nearly 58% expect to face a cyber attack in the next 12 months, up six percentage points from 2023. Additionally, 52% pointed to a lack of soft skills among cyber pros, especially communication, exacerbating the skills gap in the industry.

C-Level Executives are a Weak Point for Cyber Security

Research indicates that 72% of US senior executives have been targeted by cyber attacks in the past 18 months, highlighting the C-suite as a key security vulnerability. Attacks have grown in frequency and sophistication, with impersonation scams up by 26%, and 27% involving AI-assisted deepfakes. Despite this, many organisations have not prioritised executive security training, though 87% of IT professionals believe senior executives require more training than other staff. As cyber security remains a top concern, companies must enhance security measures to protect their data.

Email Phishing Attacks Surge as Attackers Bypass Security Controls

Egress has reported a 28% rise in email phishing attacks in Q2 2024 compared to Q1, highlighting attackers' effective methods to bypass security controls. These threats intensify as 44% of attacks originated from internally compromised accounts and 8% from supply chain accounts. The report found that 89% of phishing emails involved impersonation, often targeting HR, IT and finance departments. Additionally, commodity attacks have surged, causing a 2700% increase in phishing volumes during such campaigns. Emerging trends also show attackers using multi-channel approaches, leveraging platforms like MS Teams and WhatsApp to exploit vulnerabilities.

Security Threats Are More Pressing Than Ever for Business Leaders, With Cloud Worries Taking Top Spot

PwC has found that cloud-related threats are now the top concern for executives, with 42% ranking them as their primary worry. Despite this focus, 34% admit they are least prepared to address these issues. Hack-and-leak operations and third-party breaches are also significant concerns, cited by 38% and 35% of respondents respectively. Interestingly, Chief Information Security Officers place ransomware among their top three worries, with 42% feeling underprepared to tackle it. The expanding attack surface from increased reliance on cloud, AI, and connected devices underscores the need for an agile, enterprise-wide approach to resilience.

Ten Million Brits Hit by Fraud in Just Three Years

A recent study sponsored by Santander UK and conducted by the Social Market Foundation (SMF) revealed that 21% of respondents across 15 European countries experienced fraud between 2021 and 2023, at a direct cost of £168bn. However, the SMF estimated the total cost of such incidents at £420bn; this includes productivity losses from having to spend time reporting and recovering from the fraud incident. In the UK alone, victims lost an average of £907 each, amounting to a total direct cost of around £9bn. The report highlights that while most believe banks should lead in compensating victims, many also see digital platforms and telecom providers as responsible. Both SMF and Santander are calling on the British government to spearhead a global initiative to combat fraud, including international agreements and enhanced law enforcement.

Is the Weakest Link in Cyber Security Becoming Even Weaker?

Human error is the leading cause of cyber security breaches, with Cybint reporting that 95% result from human mistakes. Verizon's 2023 Data Breach Investigations Report highlights that 74% of incidents involve a human element, such as clicking on phishing links. The rise of deepfakes and increased exposure of personal information have intensified these risks, making attacks more sophisticated. Despite awareness training, prominent organisations continue to face breaches. Notably, Gen Z is over three times more likely to fall for online fraud compared to baby boomers. Remote working has further blurred boundaries, increasing vulnerability to cyber attacks.

Cyber Incidents are the Achilles Heel for Major UK CEOs, Report Finds

FGS Global has found that cyber attacks are the top concern for UK businesses, with 36% of senior leaders reporting cyber incidents in the past year. Despite 85% of firms experiencing a crisis, only 36% feel highly prepared to handle ransomware attacks, which over half fear facing. The report highlights a lack of understanding around cyber security and cyber crime, intensified by AI risks.

Sources:

https://votiro.com/blog/how-snoozing-on-cybersecurity-fails-modern-businesses/

https://www.helpnetsecurity.com/2024/10/04/cloud-environments-attack-surface/

https://dcnnmagazine.com/security/90-of-cybersecurity-incidents-could-be-avoided-survey-reveals/

https://www.computerweekly.com/opinion/The-cyber-industry-needs-to-accept-it-cant-eliminate-risk

https://www.computerweekly.com/news/366612212/Cyber-teams-say-they-cant-keep-up-with-attack-volumes

https://www.techradar.com/pro/c-level-executives-are-a-weak-point-for-cybersecurity-research-says

https://www.infosecurity-magazine.com/news/email-phishing-surge-bypass/

https://www.techradar.com/pro/security/security-threats-are-more-pressing-than-ever-for-business-leaders-with-cloud-worries-taking-top-spot

https://www.infosecurity-magazine.com/news/ten-million-brits-hit-fraud-three/

https://hackernoon.com/is-the-weakest-link-in-cybersecurity-becoming-even-weaker

https://www.cityam.com/cyber-incidents-are-the-achilles-heel-for-major-uk-ceos-report-finds/

Governance, Risk and Compliance

CFOs Suit Up for Cyber War as Risk Management Evolves (pymnts.com)

Allies to Leverage During a Cyber Crisis (darkreading.com)

The cyber industry needs to accept it can't eliminate risk | Computer Weekly

PwC Urges Boards to Give CISOs a Seat at the Table - Infosecurity Magazine (infosecurity-magazine.com)

Cyber incidents are the Achilles Heel for major UK CEOs, report finds (cityam.com)

Almost half of professional services firms are not equipped to survive a major cyber security attack | Today's Conveyancer (todaysconveyancer.co.uk)

As CISO roles expand, so should cyber budgets, says NASCIO 2024 cyber security report | StateScoop

Human Capital and Risk Governance: Insider Threats To Cyber Security (forbes.com)

Cyber security teams are understaffed, overworked, and underfunded – and it’s taking a heavy toll on mental health | ITPro

Global cyber threat to double predicts new report (emergingrisks.co.uk)

QBE casts light on what’s ahead in cyber space | Insurance Business America (insurancebusinessmag.com)

Over Half of Cyber Professionals Feel Their Budget is Underfunded - IT Security Guru

C-level executives are a weak point for cyber security | TechRadar

Average North American CISO salary now $565,000 • The Register

BlackBerry report: Cyber threats up 53%, critical sectors hit (securitybrief.co.nz)

Cyber teams say they can’t keep up with attack volumes | Computer Weekly

Watch out, CFOs: cyber crime is booming, says former White House advisor | Fortune

Normalizing Security Culture: Stay Ready (darkreading.com)

Cyber attacks causing reputational damages: CIRA – BNN Bloomberg

Security spending signals major role change for CISOs and their teams | CSO Online

Cyber Security Spending on the Rise, But Security Leaders Still Feel Vulnerable - Infosecurity Magazine (infosecurity-magazine.com)

Strengthening Security Posture Through People-First Engagement (informationsecuritybuzz.com)

Forrester's CISO Budget Planning Guide for 2025: Prioritize API Security - Security Boulevard

Gartner: CISOs should ditch ‘zero tolerance’ prevention (techinformed.com)

How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

CFOs Suit Up for Cyber War as Risk Management Evolves (pymnts.com)

Protecting Democratic Institutions from Cyber Threats - Microsoft On the Issues

Israel army hacked the communication network of the Beirut Airport control tower (securityaffairs.com)

Cyber Warfare Industry Research Report 2024-2034: Collaborations Between Governments and Private Sectors Unlocks Opportunities - ResearchAndMarkets.com | Business Wire

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Trojan cars: Why the US fears Chinese cyber attacks on electric vehicles (france24.com)

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration (thehackernews.com)

The sensitive data of Australia's security personnel is at risk of being on-sold to foreign actors - ABC News

Russia

Russia exploited Evil Corp relationship for NATO attacks • The Register

Multinational police effort hits sections of Lockbit ransomware operation | CyberScoop

UK unmasks LockBit ransomware affiliate as high-ranking hacker in Russia state-backed cyber crime gang | TechCrunch

Police arrest four suspects linked to LockBit ransomware gang (bleepingcomputer.com)

Evil Corp's LockBit Ties Exposed in Latest Phase of Operation Cronos - Infosecurity Magazine (infosecurity-magazine.com)

More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers - SecurityWeek

Russia’s FSB protected Evil Corp gang that carried out Nato cyber-attacks (yahoo.com)

Trojan cars: Why the US fears Chinese cyber attacks on electric vehicles (france24.com)

Ukraine-Russia Cyber Battles Have Real-World Impact (darkreading.com)

Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (bleepingcomputer.com)

Microsoft cracks down further on Russian hackers looking to disrupt elections | TechRadar

Russian Hackers Target Ukrainian Servicemen via Messaging Apps - Infosecurity Magazine (infosecurity-magazine.com)

Deepfake Ukrainian diplomat targeted US senator on Zoom call (bitdefender.com)

bne IntelliNews - Russian tech startups, cyber security firms flourish amid sanctions

Russian authorities arrest nearly 100 in raids tied to cyber criminal money laundering | CyberScoop

Dutch police breached by a state actor (securityaffairs.com)

Law enforcement arrests vacationing LockBit developer in ongoing operation | TechSpot

Iran

UK on high alert over Iranian spear-phishing attacks, says NCSC | Computer Weekly

Intel agencies warn of Iran's ongoing phishy behaviour • The Register

Iranian hackers charged over Trump campaign disruption | TechRadar

Iranian hackers charged for ‘hack-and-leak’ plot to influence election (bleepingcomputer.com)

North Korea

North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (thehackernews.com)

North Korea Profits as 'Stonefly' APT Swarms US Co's. (darkreading.com)

North Korean hackers attack Diehl Defence company - Militarnyi

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Israel army hacked the communication network of the Beirut Airport control tower (securityaffairs.com)

DDoS Attacks Skyrocket and Hacktivist Activity Surges Threatening Critical Global Infrastructure According to NETSCOUT’s 1H2024 Threat Intelligence Report | Business Wire

Hacktivist activity drives a rise in DDoS attacks (betanews.com)

ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions | WIRED

Tools and Controls

Is the Weakest Link in Cyber Security Becoming Even Weaker? | HackerNoon

CFOs Suit Up for Cyber War as Risk Management Evolves (pymnts.com)

Cyber companies need a best practice approach to major incidents. | Computer Weekly

Allies to Leverage During a Cyber Crisis (darkreading.com)

The cyber industry needs to accept it can't eliminate risk | Computer Weekly

As CISO roles expand, so should cyber budgets, says NASCIO 2024 cyber security report | StateScoop

Over Half of Cyber Professionals Feel Their Budget is Underfunded - IT Security Guru

Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions - SecurityWeek

How to Plan and Prepare for Penetration Testing (thehackernews.com)

Half of Enterprises Surveyed Have Experienced a Security Breach Due to Unmanaged Non-Human Identities, According to AppViewX Report | Business Wire

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA (thehackernews.com)

Moving DevOps Security Out of 'the Stone Age' (darkreading.com)

Security spending signals major role change for CISOs and their teams | CSO Online

Three hard truths hindering cloud-native detection and response - Help Net Security

Forrester's CISO Budget Planning Guide for 2025: Prioritize API Security - Security Boulevard

Gartner: CISOs should ditch ‘zero tolerance’ prevention (techinformed.com)

API security maturity model to assess API security posture | TechTarget

Large language models hallucinating non-existent developer packages could fuel supply chain attacks | InfoWorld

Top 6 Cloud Security Threats to Watch Out For - Security Boulevard

JPCERT shares Windows Event Log tips to detect ransomware attacks (bleepingcomputer.com)

The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It (cybereason.com)

Top 5 Myths of AI & Cyber Security (darkreading.com)

How organisations can derive value from security investments and enable business growth | ITPro

How to balance your understanding of threats and how you respond to them | ITPro

Does your security strategy show continuous improvement? | ITPro

The convergence of network and security – how it helps achieve business outcomes | ITPro

Reports Published in the Last Week

Global cyber threat to double predicts new report (emergingrisks.co.uk)

Cyber-attacks doubled since 2020 – QBE research | Global Reinsurance

BlackBerry report: Cyber threats up 53%, critical sectors hit (securitybrief.co.nz)

Other News

The cyber industry needs to accept it can't eliminate risk | Computer Weekly

Cyber incidents are the Achilles Heel for major UK CEOs, report finds (cityam.com)

Global cyber threat to double predicts new report (emergingrisks.co.uk)

Cyber teams say they can’t keep up with attack volumes | Computer Weekly

How Snoozing on Cyber Security Fails Modern Businesses - Security Boulevard

Governments Urge Improved Security and Resilience for Undersea Cables - Infosecurity Magazine (infosecurity-magazine.com)

UK man allegedly used genealogy sites to hack execs’ email accounts | Fortune

Cyber-Attacks Hit Over a Third of English Schools - Infosecurity Magazine (infosecurity-magazine.com)

UK Post Office axes MoneyGram services in wake of cyber attack (finextra.com)

Feds say Microsoft security ‘requires an overhaul’ — but will it listen? – Computerworld

Global cyber attacks will more than double this year to 211, says QBE - Reinsurance News

Critical Infrastructure: The latest target for cyber criminals? | TechRadar

When Innovation Outpaces Financial Services Cyber Security - Security Boulevard

CISA Urges Action As Attackers Exploit Critical Systems Using Basic Tactics (informationsecuritybuzz.com)

Securing Space in the Age of Advanced Cyber Threats (eetimes.eu)

Schools reminded to maintain cyber hygiene by Ofqual | Education Business (educationbusinessuk.net)

America's policy in cyber space is about persistence, not deterrence (cyberscoop.com)

One-Third of UK Teachers Do Not Have Cyber Security Training (techrepublic.com)

Global Cyber Security Agencies Release OT Security Guidelines (inforisktoday.com)

Vulnerability Management

Could Security Misconfigurations Top OWASP List? (darkreading.com)

What are zero-day vulnerabilities? | TechRadar

NVD still backlogged with 17K+ unprocessed bugs • The Register

Systems used by courts and governments across the US riddled with vulnerabilities | Ars Technica

Vulnerabilities

Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected - SecurityWeek

Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug (securityaffairs.com)

Worried about that critical RCE Linux bug? Here's why you can relax | ZDNET

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (thehackernews.com)

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now (thehackernews.com)

New Chrome Security Warning For 3 Billion Windows, Mac, Linux, Android Users (forbes.com)

Rackspace systems hit by zero-day exploit of third-party app • The Register

Organisations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities - SecurityWeek

Zimbra RCE Vuln Under Attack Needs Immediate Patching (darkreading.com)

700K+ DrayTek routers are sitting ducks on the internet • The Register

Critical flaw in NVIDIA Container Toolkit allows full host takeover (bleepingcomputer.com)

Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (bleepingcomputer.com)

VLC Player Vulnerability Let Attackers Execute Malicious Code (cybersecuritynews.com)

Arc browser adds security bulletins and bug bounties - The Verge

The fix for BGP’s weaknesses – RPKI – has issues of its own • The Register

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin

Black Arrow Cyber Threat Briefing 04 October 2024

Top Cyber Stories of the Last Week

How Snoozing on Cyber Security Fails Modern Businesses

Cyber Criminals Capitalise on Poorly Configured Cloud Environments

90% of Cyber Security Incidents Could Be Avoided, Survey Reveals

The Cyber Industry Needs to Accept It Can't Eliminate Risk

Cyber Teams Say They Can’t Keep Up with Attack Volumes

C-Level Executives are a Weak Point for Cyber Security

Email Phishing Attacks Surge as Attackers Bypass Security Controls

Security Threats Are More Pressing Than Ever for Business Leaders, With Cloud Worries Taking Top Spot

Ten Million Brits Hit by Fraud in Just Three Years

Is the Weakest Link in Cyber Security Becoming Even Weaker?

Cyber Incidents are the Achilles Heel for Major UK CEOs, Report Finds

Sources:

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Bots/Botnets

Mobile

Denial of Service/DoS/DDoS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Outages

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Tools and Controls

Reports Published in the Last Week

Other News

Vulnerability Management

Vulnerabilities

Sector Specific

Black Arrow Cyber Advisory 09 October 2024 – Microsoft and Adobe Security Updates

Black Arrow Cyber Threat Briefing 27 September 2024