Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber War in Ukraine, Ransomware Fears Drive 2022 Surge in Demand for Threat Intelligence Tools

Amid the heightened fear of ransomware in 2022, threat intelligence emerged as a core requirement of doing business in a world gone mad.

A sizable amount of interest in the historically tech-centric discipline was fuelled in part by fear of cyber attacks tied to the war between Russia and Ukraine. In one example, the Ukrainian government warned the world that the Russian military was planning for multi-pronged attacks targeting the energy sector. Other nation-state cyber attack operations also contributed to the demand, including one June 2022 incident were Iran’s Cobalt Mirage exploited PowerShell vulnerabilities to launch ransomware attacks.

And of course, headlines of data breaches tied to vulnerabilities that organisations did not even know existed within their networks caught the attention not just of security teams, but the C-Suite and corporate board. A misconfigured Microsoft server, for example, wound up exposing years of sensitive data for tens of thousands of its customers, including personally identifiable information, user data, product and project details and intellectual property.

Indeed, according to 183 security pros surveyed by CyberRisk Alliance Business Intelligence in June 2022, threat intelligence has become critical in arming their security operations centres (SOCs) and incident response teams with operational data to help them make timely, informed decisions to prevent system downtime, thwart the theft of confidential data, and protect intellectual property.

Threat intelligence has emerged as a useful tool for educating executives. Many also credited threat intelligence for helping them protect their company and customer data — and potentially saving their organisation's reputation.

https://www.scmagazine.com/resource/threat-intelligence/2022-year-in-review-threat-intelligence-tools

• Cyber Premiums Holding Firms to Ransom

Soaring premiums for cyber security insurance are leaving businesses struggling to pay other bills, a key industry player has warned.

Mactavish, which buys insurance policies on behalf of companies, said that more than half of big businesses that had bought cyber security insurance had been forced to make cuts elsewhere to pay for it.

In a survey of 200 companies with a turnover above £10 million, Mactavish found that businesses were reducing office costs and staff bonuses and were cutting other types of insurance to meet the higher payments.

Last month Marsh, an insurance broker, revealed that costs for cyber insurance had increased by an average of 66 per cent in the third quarter compared with last year.

Meanwhile, the risk to businesses from hackers continues to rise. A government report on digital threats, published this month, showed the proportion of businesses experiencing cyber security incidents at least monthly had increased from 53 per cent to 60 per cent in the past year. Uber, Cisco and InterContinental Hotels Group were among high-profile targets this year.

https://www.thetimes.co.uk/article/cyber-safety-premiums-hold-firms-to-ransom-tnrsz3vs2

• Ransomware Ecosystem Becoming More Diverse for 2023

The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratisation of ransomware is bad news for organisations because it also brought in a diversification of tactics, techniques, and procedures (TTPs), more indicators of compromise (IOCs) to track, and potentially more hurdles to jump through when trying to negotiate or pay ransoms.

Since 2019 the ransomware landscape has been dominated by big and professionalised ransomware operations that constantly made the news headlines and even looked for media attention to gain legitimacy with potential victims. We've seen ransomware groups with spokespeople who offered interviews to journalists or issued "press releases" on Twitter and their data leak websites in response to big breaches.

The DarkSide attack against Colonial Pipeline that led to a major fuel supply disruption along the US East Coast in 2021 highlighted the risk that ransomware attacks can have against critical infrastructure and led to increased efforts to combat this threat at the highest levels of government. This heightened attention from law enforcement made the owners of underground cyber crime forums reconsider their relationship with ransomware groups, with some forums banning the advertising of such threats. DarkSide ceased operations soon thereafter and was followed later in the year by REvil, also known as Sodinokibi, whose creators were indicted and one was even arrested. REvil was one of the most successful ransomware groups since 2019.

Russia's invasion of Ukraine in February 2022 quickly put a strain on the relationship between many ransomware groups who had members and affiliates in both Russia and Ukraine, or other former USSR countries. Some groups, such as Conti, rushed to take sides in the war, threatening to attack Western infrastructure in support of Russia. This was a departure from the usual business-like apolitical approach in which ransomware gangs had run their operations and drew criticism from other competing groups.

This was also followed by a leak of internal communications that exposed many of Conti's operational secrets and caused uneasiness with its affiliates. Following a major attack against the Costa Rican government the US State Department put up a reward of $10 million for information related to the identity or location of Conti's leaders, which likely contributed to the group's decision to shut down operations in May.

Conti's disappearance led to a drop in ransomware activity for a couple of months, but it didn't last long as the void was quickly filled by other groups, some of them newly set up and suspected to be the creation of former members of Conti, REvil and other groups that ceased operations over the past two years.

https://www.csoonline.com/article/3684248/ransomware-ecosystem-becoming-more-diverse-for-2023.html#tk.rss_news

• Attackers Evolve Strategies to Outmanoeuvre Security Teams

Attackers are expected to broaden their targeting strategy beyond regulated verticals such as financial services and healthcare. Large corporations (41%) will be the top targeted sector for cyber attacks in 2023, favoured over financial institutions (36%), government (14%), healthcare (9%), and education (8%), according to cyber security solution provider Titaniam.

The fast pace of change has introduced new vulnerabilities into corporate networks, making them an increasingly attractive target for cyber attackers. To compete in the digital marketplace, large companies are adopting more cloud services, aggregating data, pushing code into production faster, and connecting applications and systems via APIs.

As a result, misconfigured services, unprotected databases, little-tested applications, and unknown and unsecured APIs abound, all of which can be exploited by attackers.

The top four threats in 2022 were malware (30%), ransomware and extortion (27%), insider threats (26%), and phishing (17%).

The study found that enterprises expected malware (40%) to be their biggest challenge in 2023, followed by insider threats (26%), ransomware and related extortion (21%), and phishing (16%).

Malware, however, has more enterprises worried for 2023 than it did for 2022. It is important to note that these threats can overlap, where insiders can have a hand in ransomware attacks, phishing can be a source of malware, etc.

Attackers are evolving their strategies to surprise and outmanoeuvre security teams, which have hardened ransomware defences and improved phishing detection. They’re using new malware, such as loaders, infostealers, and wipers to accelerate attacks, steal sensitive data and create mayhem.

They’re also buying and stealing employee credentials to walk in through the front door of corporate networks.

https://www.helpnetsecurity.com/2023/01/04/attackers-evolve-strategies-outmaneuver-security-teams/

• Building a Security-First Culture: The Key to Cyber Success

Everyone has heard a car alarm go off in the middle of the night, but how often does that notification actually lead to action? Most people will hear the alarm, glance in its direction and then hope the owner will quickly remedy the situation.

Cars alarms often fail because they go off too often, leading to apathy and annoyance instead of being a cause for emergency. For many, cyber security has also become this way. While we see an increase in the noise surrounding the need for organisations to improve the security skillset and knowledge base of employees, there continues to be little proactive action on this front. Most organisations only provide employees with elementary-grade security training, often during their initial onboarding process or as part of a standard training requirement.

At the same time, many organisations also make the grave mistake of leaving all of their security responsibilities and obligations in the hands of IT and security teams. Time and time again, this approach has proven to be highly ineffective, especially as cyber criminals refine their social engineering tactics and target user accounts to execute their attacks.

Alarmingly, recent research found that 30% of employees do not think that they play a role in maintaining their company’s cyber security posture. The same report also revealed that only 39% of employees say they are likely to report a security incident.

As traditional boundaries of access disintegrate and more employees obtain permissions to sensitive company data and systems to carry out their tasks, business leaders must change the mindset of their employees when it comes to the role they play in keeping the organisation safe from cyber crime. The key is developing an integrated cyber security strategy that incorporates all aspects—including all stakeholders—of the organisation. This should be a strategy that breaks down departmental barriers and creates a culture of security responsibility where every team member plays a part.

https://www.forbes.com/sites/forbestechcouncil/2023/01/03/building-a-security-first-culture-the-key-to-cyber-success/

• Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of Known Exploited Vulnerabilities Catalogue

Back in November 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) published the Known Exploited Vulnerabilities (KEV) Catalogue to help federal agencies and critical infrastructure organisations identify and remediate vulnerabilities that are actively being exploited. CISA added 548 new vulnerabilities to the catalogue across 58 updates from January to end of November 2022, according to cyber security solution provider Grey Noise in its first-ever "GreyNoise Mass Exploits Report."

Including the approximately 300 vulnerabilities added in November and December 2021, CISA listed approximately 850 vulnerabilities in the first year of the catalogue's existence.

Actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products accounted for over half of the updates to the KEV catalogue in 2022, Grey Noise found. Seventy-seven percent of the updates to the KEV catalogue were older vulnerabilities dating back to before 2022. Many of these vulnerabilities have been around for two decades.

Several of the vulnerabilities in the KEV catalogue are from products that have already entered end-of-life (EOL) and end-of-service-life (EOSL), according to an analysis by a team from cyber security solution provider Cyber Security Works. Even though Windows Server 2008 and Windows 7 are EOSL products, the KEV catalogue lists 127 Server 2008 vulnerabilities and 117 Windows 7 vulnerabilities.

Even though the catalogue was originally intended for critical infrastructure and public-sector organisations, it has become the authoritative source on which vulnerabilities are – or have been – exploited by attackers. This is key because the National Vulnerability Database (NVD) assigned Common Vulnerabilities and Exposures (CVE) identifiers for over 12,000 vulnerabilities in 2022, and it would be unwieldy for enterprise defenders to assess every single one to identify the ones relevant to their environments. Enterprise teams can use the catalogue's curated list of CVEs under active attack to create their priority lists.

https://www.darkreading.com/edge-threat-monitor/adobe-apple-cisco-microsoft-flaws-make-up-half-of-kev-catalog

• First LastPass, Now Slack and CircleCI. The Hacks Go On (and will likely worsen)

In the past week, the world has learned of serious breaches hitting chat service Slack and software testing and delivery company CircleCI, though giving the companies' opaque wording—“security issue” and “security incident,” respectively—you'd be forgiven for thinking these events were minor.

The compromises—in Slack’s case, the theft of employee token credentials and for CircleCI, the possible exposure of all customer secrets it stores—come two weeks after password manager LastPass disclosed its own security failure: the theft of customers’ password vaults containing sensitive data in both encrypted and clear text form. It’s not clear if all three breaches are related, but that’s certainly a possibility.

The most concerning of the two new breaches is the one hitting CircleCI. The company reported a “security incident” that prompted it to advise customers to rotate “all secrets” they store on the service. The alert also informed customers that it had invalidated their Project API tokens, an event requiring them to go through the hassle of replacing them.

CircleCI says it’s used by more than 1 million developers in support of 30,000 organisations and runs nearly 1 million daily jobs. The potential exposure of all those secrets—which could be login credentials, access tokens, and who knows what else—could prove disastrous for the security of the entire Internet.

It’s possible that some or all of these breaches are related. The Internet relies on a massive ecosystem of content delivery networks, authentication services, software development tool makers, and other companies. Threat actors frequently hack one company and use the data or access they obtain to breach that company's customers or partners. That was the case with the August breach of security provider Twilio. The same threat actor targeted 136 other companies. Something similar played out in the last days of 2020 when hackers compromised Solar Winds, gained control of its software build system, and used it to infect roughly 40 Solar Winds customers.

For now, people should brace themselves for additional disclosures from companies they rely on. Checking internal system logs for suspicious entries, turning on multifactor authentication, and patching network systems are always good ideas, but given the current events, those precautions should be expedited. It’s also worth checking logs for any contact with the IP address 54.145.167.181, which one security practitioner said was connected to the CircleCI breach.

https://arstechnica.com/information-technology/2023/01/first-lastpass-now-slack-and-circleci-the-hacks-go-on-and-will-likely-worsen/

• Data of 235 Million Twitter Users Leaked Online

A data leak containing email addresses for 235 million Twitter users has been published on a popular hacker forum. Many experts have immediately analysed it and confirmed the authenticity of many of the entries in the huge leaked archive.

In January 2022, a report claimed the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options. The vulnerability was exploited by multiple threat actors to scrape Twitter user profiles containing both private (phone numbers and email addresses) and public data, and was present within the social media platforms application programming interface (API) from June 2021 until January 2022.

At the end of July 2022, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting the forementioned, now-fixed vulnerability in the popular social media platform. The scraped data was then put up for sale on various online cyber crime marketplaces. In August, Twitter confirmed that the data breach was caused by a now-patched zero-day flaw.

In December another Twitter data leak made the headlines, a threat actor obtained data of 400,000,000 Twitter users and attempted to sell it. The seller claimed the database is private, and he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more. The seller, who is a member of a popular data breach forum, claimed the data was scraped via a vulnerability. The database includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of special usernames.

https://securityaffairs.com/140352/data-breach/twitter-data-leak-235m-users.html

• 16 Car Makers, including BMW, Ferrari, Ford, Honda, Kia, Land Rover, Mercedes and Toyota, and Their Vehicles Hacked via Telematics, APIs, and Infrastructure

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car functions and start or stop the engine.

Multiple other security defects, the researchers say, allowed them to access a car maker’s internal applications and systems, leading to the exposure of personally identifiable information (PII) belonging to customers and employees, and account takeover, among others. The hacks targeted telematic systems, automotive APIs, and infrastructure.

Impacted car models include Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, and Toyota. The vulnerabilities were identified over the course of 2022. Car manufacturers were informed about the security holes and they released patches.

According to the researchers, they were able to send commands to Acura, Genesis, Honda, Hyundai, Kia, Infiniti, Nissan, and Porsche vehicles.

Using only the VIN (vehicle identification number), which is typically visible on the windshield, the researchers were able to start/stop the engine, remotely lock/unlock the vehicle, flash headlights, honk vehicles, and retrieve the precise location of Acura, Honda, Kia, Infiniti, and Nissan cars.

They could also lock users out of remote vehicle management and could change car ownership.

https://www.securityweek.com/16-car-makers-and-their-vehicles-hacked-telematics-apis-infrastructure

• Ransomware Gang Apologises, and Gives SickKids Hospital Free Decrypter

The LockBit ransomware gang has released a free decrypter for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organisation. SickKids is a teaching and research hospital in Toronto that focuses on providing healthcare to sick children.

On December 18th, the hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website. While the attack only encrypted a few systems, SickKids stated that the incident caused delays in receiving lab and imaging results and resulted in longer patient wait times.

On December 29th, SickKids announced that it had restored 50% of its priority systems, including those causing diagnostic or treatment delays. Two days after SickKids' latest announcement, the LockBit ransomware gang apologised for the attack on the hospital and released a decrypter for free.

“We formally apologise for the attack on sikkids.ca and give back the decrypter for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate programme," stated the ransomware gang.

https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/

Threats

Ransomware, Extortion and Destructive Attacks

• Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (darkreading.com)

• Hackers Leverage Compromised Fortinet Devices to Distribute Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Rackspace: Customer email data accessed in ransomware attack (bleepingcomputer.com)

• Ransomware gang cloned victim’s website to leak stolen data (bleepingcomputer.com)

• Rackspace identifies hacking group responsible for early December ransomware attack | TPR

• Ransomware ecosystem becoming more diverse for 2023 | CSO Online

• Lockbit apologized for the attack on SickKids pediatric hospital and releases a free decryptor - Security Affairs

• The FBI's Perspective on Ransomware (thehackernews.com)

• Rackspace Sunsets Email Service Downed in Ransomware Attack (darkreading.com)

• Ransomware: The security debt collector - Help Net Security

• December ransomware disclosures reveal high-profile victims | TechTarget

• The Guardian ransomware attack hits week two as staff WFH • The Register

• Unraveling the techniques of Mac ransomware - Microsoft Security Blog

• Bitdefender releases free MegaCortex ransomware decryptor (bleepingcomputer.com)

• Ransomware Research: More than 200 US Infrastructure Organisations Attacked in 2022 - MSSP Alert

• Ransomware impacts over 200 govt, edu, healthcare orgs in 2022 (bleepingcomputer.com)

• Guardian ransomware attack: Staff told work from home to 23 Jan (pressgazette.co.uk)

• Rail giant Wabtec discloses data breach after Lockbit ransomware attack (bleepingcomputer.com)

• Hackers target Arnold Clark in Christmas Eve cyber attack as bosses insist customer information is safe – Car Dealer Magazine

• Christmas Eve 'cyber attack' forced Arnold Clark's network down | STV News

• Royal ransomware claims attack on Queensland University of Technology (bleepingcomputer.com)

• LockBit: Sorry for SickKids, but not housing authority • The Register

• New Survey: 1 In 4 Schools Were Victims Of Cyber Attacks In the Last Year; Administrators To Increase Spending On Privacy and Security (darkreading.com)

• Canadian mining firm shuts down mill after ransomware attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• Data of 235 million Twitter users leaked online - Security Affairs

• Is NHS The Most Impersonated UK Government "Brand"? (informationsecuritybuzz.com)

• The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)

• New Phishing Campaign Targets Cyber security Professionals Using Hacking Tool Flipper Zero - Infosecurity Magazine (infosecurity-magazine.com)

• Ongoing Flipper Zero phishing attacks target infosec community (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

Malware

• Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe (thehackernews.com)

• Hackers abuse Windows error reporting tool to deploy malware (bleepingcomputer.com)

• New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)

• Bluebottle hackers used signed Windows driver in attacks on banks (bleepingcomputer.com)

• Dridex Returns, Targets MacOS Using New Entry Method (trendmicro.com)

• New Linux malware uses 30 plugin exploits to backdoor WordPress sites (bleepingcomputer.com)

• PyTorch discloses malicious dependency chain compromise over holidays (bleepingcomputer.com)

• Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware (thehackernews.com)

• WordPress Sites Under Attack from Newly Found Linux Trojan (darkreading.com)

• Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (thehackernews.com)

• Raspberry Robin Worm Hatches a Highly Complex Upgrade (darkreading.com)

• The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)

Denial of Service/DoS/DDOS

• War and Geopolitical Conflict: The New Battleground for DDoS Attacks (darkreading.com)

Internet of Things – IoT

• Ongoing Flipper Zero phishing attacks target infosec community (bleepingcomputer.com)

Data Breaches/Leaks

• Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley

• Five Guys Data Breach Puts HR Data Under a Heat Lamp (darkreading.com)

• Analysis Of Top 10 Countries Mostly Targeted By Data Breaches (informationsecuritybuzz.com)

• Twitter said to have suffered data breach as hackers expose 235 million users' information (thenationalnews.com)

• I bought a $15 router at Goodwill — and found a millionaire's dirty secrets (nypost.com)

• Critical flaws found in Ferrari, BMW, Porsche, and other carmakers - Security Affairs

• Toyota, Mercedes, BMW API flaws exposed owners’ personal info (bleepingcomputer.com)

• Threat actors stole Slack private source code repositories - Security Affairs

• Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley

Organised Crime & Criminal Actors

• Threat Actors Evade Detection Through Geofencing & Fingerprinting (darkreading.com)

• A sneak peek into the dark web dealings | Nation

• Attackers create 130K fake accounts to abuse limited-time cloud computing resources | CSO Online

• Cyber criminals we lost to law in 2022

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

• Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)

Insider Risk and Insider Threats

• Software engineer busted after being inspired by Office Space scam | PC Gamer

• Are Meta and Twitter Ushering in a New Age of Insider Threats? (darkreading.com)

• Ex-GE engineer sentenced for stealing turbine tech for China • The Register

Fraud, Scams & Financial Crime

• Avast: Expect Cyber crime "Scamdemic" to Continue in 2023 - MSSP Alert

• Software engineer busted after being inspired by Office Space scam | PC Gamer

• US regulators warn banks over cryptocurrency risks - BBC News

• What Is a Pig Butchering Scam? | WIRED

• RedZei Chinese Scammers Targeting Chinese Students in the UK (thehackernews.com)

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

• Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• Is NHS The Most Impersonated UK Government "Brand"? (informationsecuritybuzz.com)

AML/CFT/Sanctions

• Iran's Revolutionary Guards set to be labelled as terrorist group by UK - BBC News

Insurance

• Cyber safety premiums holding firms to ransom | Business | The Times

• How can businesses decrease cyber insurance premiums while maintaining coverage? - Help Net Security

Dark Web

• A sneak peek into the dark web dealings | Nation

Supply Chain and Third Parties

• First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen) | Ars Technica

Software Supply Chain

• There is no secure software supply-chain. - by John McBride (substack.com)

Cloud/SaaS

• Attackers create 130K fake accounts to abuse limited-time cloud computing resources | CSO Online

Encryption

• Encryption Faces an Existential Threat in Europe | WIRED

• 2023 Will See Renewed Focus on Quantum Computing (darkreading.com)

• Chinese researchers claim to find way to break encryption using quantum computers | Financial Times (ft.com)

API

• API Security Is the New Black (darkreading.com)

• Car companies massively exposed to web vulnerabilities | The Daily Swig (portswigger.net)

• 16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure | SecurityWeek.Com

• What Are Some Ways to Make APIs More Secure? (darkreading.com)

• Critical flaws found in Ferrari, BMW, Porsche, and other carmakers - Security Affairs

Open Source

• New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)

• New Linux malware uses 30 plugin exploits to backdoor WordPress sites (bleepingcomputer.com)

Social Media

• Data of 235 million Twitter users leaked online - Security Affairs

• Twitter said to have suffered data breach as hackers expose 235 million users' information (thenationalnews.com)

• The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)

• Are Meta and Twitter Ushering in a New Age of Insider Threats? (darkreading.com)

• Meta fined €390m over use of data for targeted ads - BBC News

• More Political Storms for TikTok After US Government Ban | SecurityWeek.Com

Parental Controls and Child Safety

• Cops Catch Serial Child Abuser After Tech Breakthrough - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Meta fined €390m over use of data for targeted ads - BBC News

• Google will pay $29.5M to settle two lawsuits over its location tracking practices - Security Affairs

Governance, Risk and Compliance

• Cyber safety premiums holding firms to ransom | Business | The Times

• Cyber war in Ukraine, ransomware fears drive 2022 surge in demand for threat intelligence tools | SC Media (scmagazine.com)

• Attackers never let a critical vulnerability go to waste - Help Net Security

• Attackers evolve strategies to outmanoeuvre security teams - Help Net Security

• How to start planning for disaster recovery - Help Net Security

• Building A Security-First Culture: The Key To Cyber Success (forbes.com)

• Data backup is no longer just about operational fallback - Help Net Security

• Threat Actors Evade Detection Through Geofencing & Fingerprinting (darkreading.com)

• How can businesses decrease cyber insurance premiums while maintaining coverage? - Help Net Security

Secure Disposal

• I bought a $15 router at Goodwill — and found a millionaire's dirty secrets (nypost.com)

Backup and Recovery

• Data backup is no longer just about operational fallback - Help Net Security

Data Protection

• Getting data loss prevention right - Help Net Security

Law Enforcement Action and Take Downs

• Cyber criminals we lost to law in 2022

• Cops Catch Serial Child Abuser After Tech Breakthrough - Infosecurity Magazine (infosecurity-magazine.com)

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

• Ukrainian Cops Bust Prolific Fraud Call centre - Infosecurity Magazine (infosecurity-magazine.com)

Privacy, Surveillance and Mass Monitoring

• National security fears over police using Chinese tech | News | The Times

• Meta fined €390m over use of data for targeted ads - BBC News

• Google will pay $29.5M to settle two lawsuits over its location tracking practices - Security Affairs

Artificial Intelligence

• ChatGPT: An Easy Cyber crime Target For Cyber attacks (informationsecuritybuzz.com)

• OpenAI's ChatGPT previews how AI can help hackers breach more networks (axios.com)

• How hackers might be exploiting ChatGPT - Security Affairs

• NATO tests AI’s ability to protect critical infrastructure against cyber attacks | CSO Online

Misinformation, Disinformation and Propaganda

• It's time to focus on information warfare's hard questions (cyberscoop.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• War and Geopolitical Conflict: The New Battleground for DDoS Attacks (darkreading.com)

• Cyber attacks against governments jumped 95% in last half of 2022, CloudSek says | CSO Online

• It's time to focus on information warfare's hard questions (cyberscoop.com)

• National security fears over police using Chinese tech | News | The Times

• Ex-GE engineer sentenced for stealing turbine tech for China • The Register

• Pro-Russia cyber attacks aim at destabilizing Poland - Security Affairs

• Poland warns of attacks by Russia-linked Ghostwriter hacking group (bleepingcomputer.com)

Nation State Actors

Nation State Actors – Russia

• Russia Cyber attacks, China Covid Are Overlooked 2023 Threats - Bloomberg

Nation State Actors – China

• National security fears over police using Chinese tech | News | The Times

• Ex-GE engineer sentenced for stealing turbine tech for China • The Register

Nation State Actors – Iran

• Iran's Revolutionary Guards set to be labelled as terrorist group by UK - BBC News

Nation State Actors – Misc

• Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (thehackernews.com)

Vulnerability Management

• Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog (darkreading.com)

• Attackers never let a critical vulnerability go to waste - Help Net Security

Vulnerabilities

• Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks (bleepingcomputer.com)

• Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog (darkreading.com)

• Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (darkreading.com)

• Zoho urges admins to patch severe ManageEngine bug immediately (bleepingcomputer.com)

• Android's First Security Updates for 2023 Patch 60 Vulnerabilities | SecurityWeek.Com

• Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities (thehackernews.com)

• Qualcomm, Lenovo flag multiple high impact firmware vulnerabilities | SC Media (scmagazine.com)

• Netgear Wi-Fi routers need to be patched immediately | TechRadar

• Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers (thehackernews.com)

• Fortinet Releases Security Updates for FortiADC | CISA

Tools and Controls

• How Confidential Computing Can Change Cyber security (darkreading.com)

• Data backup is no longer just about operational fallback - Help Net Security

• Getting data loss prevention right - Help Net Security

• Things to know and do before you switch from VPN to ZTNA - Help Net Security

Other News

• The cyber security industry will undergo significant changes in 2023 - Help Net Security

• SecurityAffairs Top 10 cybersecurity posts of 2022 - Security Affairs

• BleepingComputer's most popular cybersecurity stories of 2022

• WordPress Security: 22 Ways To Protect Your Website (informationsecuritybuzz.com)

• Cyber attacks against governments jumped 95% in last half of 2022, CloudSek says | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.