Black Arrow Cyber Threat Briefing 06 September 2024

8 Sep

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Active Ransomware Groups Surge by 56% in 2024

There was a 56% increase in active ransomware gangs in the first half of 2024, with 73 groups in operation compared to 46 in H1 2023. This rise highlights the growing fragmentation of the ransomware landscape, partly driven by law enforcement actions that disrupted major Ransomware-as-a-Service (RaaS) groups. Notably, ransomware gang BlackCat disappeared after an “exit scam” following a ransom from US healthcare provider Change Healthcare in March 2024. Smaller groups are now emerging rapidly, executing targeted attacks, and frequently reappearing under new identities, complicating cyber security efforts.

Authorised Push Payment (APP) Fraud Dominates as Scams Hit All-Time High

The UK’s Financial Ombudsman Service reported a record high in fraud and scam cases in Q2 2024, with authorised push payment (APP) fraud making up over half of the complaints. APP fraud, where victims are tricked into transferring money to fraudsters, is contentious as many banks argue that victims made a conscious decision, thus forfeiting reimbursement. Between April and June 2024, 8,734 complaints were lodged, marking a 43% year-on-year increase. The rise is attributed not only to increased fraud but also to more complex multi-stage fraud, card payments lacking protection, and more cases being filed by professional representatives.

Phishing Remains Top Cyber Threat, Credential Exposure Incidents Surging

ReliaQuest’s Q3 2024 Attacker Trends Analysis reveals that phishing remains the top cyber threat, accounting for 37% of incidents. However, credential exposure incidents have surged dramatically to 88% of security alerts, up from 60% in 2023, indicating a critical weakness in credential management. Malware, particularly the Remote Access Trojan (RAT) "SocGholish", affected 23% of customers, often linked to phishing campaigns. Additionally, MITRE ATT&CK techniques such as T1078 (Valid Accounts) and T1204 (User Execution) were frequently exploited, highlighting the need for stronger credential protection and phishing defences.

When Cyber Security Breaches Are Inevitable, It's Time to Call for A New Approach

At a recent TED Conference discussions highlighted how emerging technologies like AI and quantum computing are poised to both elevate and challenge cyber security. Research from Proofpoint shows that 94% of cloud customers were targeted monthly in 2023, with 62% successfully compromised, underscoring the increased risk. To counter this, businesses must adopt a cyber resilience mindset, focusing on sustaining operations during and after a cyber attack. This involves planning, regular practice, early detection, and partnerships to ensure organisations remain resilient amid growing cyber threats.

Critical infrastructure Sustained 13 Cyber Attacks per Second in 2023

Critical infrastructure faced over 420 million cyber attacks between January 2023 and January 2024, marking a 30% rise from the previous year. Power grids, transportation, and communication networks are particularly vulnerable due to the severe disruption any failures would cause. The US, UK, Germany, India, and Japan were the most frequently targeted, with threat actors predominantly originating from China, Russia, and Iran. The increasing digitisation of global infrastructure has heightened the risk of cyber attacks, particularly following the onset of the war in Ukraine.

How Phishing Messages Break Through Email Filters

The APWG’s Phishing Activity Trends Report for Q1 2024 revealed over 963,000 phishing attacks, with Business Email Compromise (BEC) fraud seeing a 50% rise in the average wire transfer request to $84,000. Cyber security researchers at LevelBlue Labs detailed sophisticated evasion techniques used by attackers, including voice phishing (vishing), exploiting compromised accounts, and leveraging social engineering. Attackers bypass email security gateways (SEGs) by using advanced tactics such as manipulating ZIP archives and reversing text in email source code, enabling them to distribute malware undetected. These developments highlight the urgent need for enhanced anti-phishing measures and user vigilance.

Can Every Business Afford to Be a Target?

Small and medium-sized businesses (SMBs) face an evolving cyber threat landscape, as cyber criminals increasingly adopt business models like Ransomware-as-a-Service (RaaS). According to recent findings, SMBs are particularly vulnerable due to limited financial and staffing resources, leaving them exposed to phishing attacks, leaked data, and common technology vulnerabilities. Ransomware groups provide tools to less skilled attackers, expanding the scope of attacks. Phishing remains a significant threat, especially as SMBs rely on SaaS applications. To protect themselves, SMBs must find cost-effective solutions, such as automated threat monitoring and leveraging AI for threat intelligence analysis.

To Beat Cyber-Crime Your Business Needs a Cyber Hygiene Review

A recent survey revealed that 58% of large businesses experienced cyber crime in the past 12 months, costing around £5,000 per incident. With human error responsible for 95% of cyber security breaches, a focus on cyber hygiene is critical. Organisations should conduct a ‘cyber-hygiene deep clean,’ which includes documenting all hardware, software, and applications, and updating or uninstalling outdated or unused systems. Regular password updates, software patches, and thorough vulnerability assessments of public-facing assets are essential to prevent breaches. Protecting customer data, especially PII, must be prioritised to avoid compliance issues and fines.

UK Public Growing Anxious Over Dependence on IT Systems

A recent survey by OnePoll for the International Cyber Expo found that 78% of UK respondents are concerned about the heavy reliance of global organisations on IT systems and software providers. This comes after the July 2024 CrowdStrike outage, where a faulty update affected around 8.5 million computers worldwide, disabling many Windows systems. The survey revealed that 44% of respondents were impacted, with 18% directly affected and 26% knowing someone who was. The incident highlights growing apprehension over cyber security vulnerabilities and the potential for widespread disruption to everyday life and business operations.

Russia’s Most Notorious Special Forces Unit Tied to Assassinations and Sabotage, Now Has Its Own Cyber Warfare Team

A new cyber threat group, identified as Cadet Blizzard and linked to Russia’s GRU Unit 29155, has been revealed by Western government agencies. Known for its physical sabotage and assassinations, Unit 29155 has now developed a cyber warfare team responsible for multiple hacking operations targeting Ukraine, the US, and other countries. Since 2022, the group has launched attacks using Whispergate malware, which destroyed data in at least two dozen Ukrainian organisations, and engaged in defacement and data theft under the guise of a fake hacktivist group, Free Civilian. This intertwining of physical and digital tactics highlights the growing threat posed by state-sponsored cyber warfare.

Sources

https://www.infosecurity-magazine.com/news/active-ransomware-groups-surge/

https://www.infosecurity-magazine.com/news/app-fraud-scams-alltime-high/

https://informationsecuritybuzz.com/phishing-top-cyber-threat-despite-drop/

https://www.forbes.com/sites/keithferrazzi/2024/09/03/when-cyber-security-breaches-are-inevitable-its-time-to-call-for-a-new-approach/

https://www.techradar.com/pro/critical-infrastructure-sustained-13-cyber-attacks-per-second-in-2023

https://cybersecuritynews.com/phishing-email-filter-breakthroughs/

https://informationsecuritybuzz.com/can-every-business-afford-to-be-target/

https://www.digitaljournal.com/business/to-beat-cyber-crime-your-business-needs-a-cyber-hygiene-review/article

https://itbrief.co.uk/story/uk-public-growing-anxious-over-dependence-on-it-systems

https://www.wired.com/story/russia-gru-unit-29155-hacker-team/

Governance, Risk and Compliance

To beat cyber-crime your business needs a cyber-hygiene review - Digital Journal

More than a CISO: the rise of the dual-titled IT leader | CSO Online

Quantifying Risks to Make the Right Cyber Security Investments (inforisktoday.com)

When Cyber Security Breaches Are Inevitable, It's Time To Call For A New Approach (forbes.com)

Making Enterprises Resilient In The Face Of Growing Cyber Threats (forbes.com)

Why the CFO-CISO relationship is key to mitigating cyber risk - Raconteur

Can Every Business Afford To Be A Target? (informationsecuritybuzz.com)

The true cost of cyber crime for your business - Help Net Security

Boards Need to Take a Hard Look tt Their Cyber Vulnerabilities (forbes.com)

Incident response planning vital for cyber security (devx.com)

Surge in cyber risks will create new exposures (emergingrisks.co.uk)

Security boom is over, with third of budgets flat or falling • The Register

How Should You Manage Cyber Risk in 2024? (informationweek.com)

Cost of a data breach: Cost savings with law enforcement involvement (securityintelligence.com)

Don’t Get Your Security from Your RMM Provider: The Risks You Should Know | MSSP Alert

Security Budgets Come Under Pressure as “Hypergrowth” Ends - Infosecurity Magazine (infosecurity-magazine.com)

Insurance groups urge state support for ‘uninsurable’ cyber risks (ft.com)

Marsh McLennan and Zurich Urge Public-Private Action to Bridge Cyber Protection Gap and Boost Resilience | Business Wire

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Cyber attackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign (thehackernews.com)

Nation State Actors

China

China's 'Earth Lusca' Propagates Multiplatform Backdoor (darkreading.com)

Tropic Trooper Expands Targeting: Middle East Government Entity Hit In Strategic Cyber Attack (informationsecuritybuzz.com)

Chinese organisations are being hit by Cobalt Strike malware from within China | TechRadar

Novel attack on Windows spotted in Chinese phishing campaign • The Register

Russia

NCSC and allies call out Russia's Unit 29155 over cyber warfare | Computer Weekly

Russian GRU Unit Tied to Assassinations Linked to Global Cyber Sabotage and Espionage - SecurityWeek

Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team | WIRED

German air traffic control suffered cyber attack, likely by pro-Russian group of hackers | Ukrainska Pravda

Android And iOS Users Attacked By Russian APT29 Hackers, Google Warns (forbes.com)

Justice Department accuses Russia of interfering with 2024 elections | CyberScoop

US Targets Russian Election Influence Operation With Charges, Sanctions, Domain Seizures - SecurityWeek

Russian Blamed For Mass Disinformation Campaign Ahead of US Election - Infosecurity Magazine (infosecurity-magazine.com)

Sweden warns of heightened risk of Russian sabotage | Sweden | The Guardian

Russian military intelligence organised cyber attacks against Estonian institutions | News | ERR

US charges Russian GRU hacking team behind WhisperGate • The Register

The FCC has finally banned Kaspersky from telecoms kits | TechRadar

Iran

Israeli spies targeted by Iranian hackers | SC Media (scmagazine.com)

Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes

New Backdoor Used By Iranian State-Sponsored Group | Decipher (duo.com)

Data of 20 Iranian banks hacked in ‘worst-ever’ cyber attack, report confirms | Iran International (iranintl.com)

North Korea

North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit - Security Affairs

North Korean scammers prep stealth attacks on crypto outfits • The Register

North Korean Hackers Targets Job Seekers with Fake FreeConference App (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Numerous malware deployed in prolonged APT32 intrusion | SC Media (scmagazine.com)

Civil Rights Groups Call For Spyware Controls - Infosecurity Magazine (infosecurity-magazine.com)

Germany’s Far Right Is in a Panic Over Telegram | WIRED

Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network (hackread.com)

United Against Spyware Abuse in the EU – Civil Society Takes a Stand - Center for Democracy and Technology (cdt.org)

Spyware vendors thwart restrictions by changing names, reorganise, move - The Washington Post

Predator spyware resurfaces with signs of activity, Recorded Future says | CyberScoop

Civil Rights Groups Call For Spyware Controls - Infosecurity Magazine (infosecurity-magazine.com)

Tools and Controls

To beat cyber-crime your business needs a cyber-hygiene review - Digital Journal

Evolution of Attack Surface Management - Security Boulevard

United States Cybersecurity and Infrastructure Security Agency Issues Joint International Guidance for Event Logging and Threat Detection | Alston & Bird - JDSupra

This malware pretends to be a real VPN service to lure in victims | TechRadar

Misconfigurations in Microsoft Exchange open new doors to email spoofing attacks — here’s how it works | TechRadar

No tech firm can say “software is never going to fail”, says ethical hacker, amid CrowdStrike fallout - Tech.eu

API Attack Surface: How to secure it and why it matters - Security Boulevard

Why enterprises need real-time visibility of their invisible threats (betanews.com)

Quantifying Risks to Make the Right Cyber Security Investments (inforisktoday.com)

When Cyber Security Breaches Are Inevitable, It's Time To Call For A New Approach (forbes.com)

Making Enterprises Resilient In The Face Of Growing Cyber Threats (forbes.com)

Why the CFO-CISO relationship is key to mitigating cyber risk - Raconteur

Choosing the Best Cyber Security Prioritization Method for Your Organisation - Security Boulevard

What is Vendor Risk Monitoring in Cyber Security? | UpGuard

Is the "Network" Defendable? - Security Boulevard

How Confident Are You That Your Critical SaaS Applications Are Secure? (thehackernews.com)

The Evolution of Identity and Access Management (IAM) - Security Boulevard

NIST Cybersecurity Framework (CSF) and CTEM – Better Together (thehackernews.com)

Explaining The OWASP API Security Top 10 (informationsecuritybuzz.com)

Incident response planning vital for cyber security (devx.com)

Rising cloud costs leave CIOs seeking ways to cope | CIO

Think hard before deploying Copilot for Microsoft 365 • The Register

Detecting DDoS attacks: how to tell a real attack from fake news using AI and common sense | TechFinitive

Use AI threat modeling to mitigate emerging attacks | TechTarget

Don’t Get Your Security from Your RMM Provider: The Risks You Should Know | MSSP Alert

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore (thehackernews.com)

Businesses still ready to invest in Gen AI, with risk management a top priority | ZDNET

Inside NSA's partnerships with AI makers to prevent future attacks - Washington Times

Other News

Critical infrastructure sustained 13 cyber attacks per second in 2023 | TechRadar

Cyber Security is National Security > National Security Agency/Central Security Service > Podcast View (nsa.gov)

SQL injection bug allows anyone to skip airport security • The Register

German air traffic control agency confirms cyber attack, says operations unaffected (therecord.media)

TfL cyber attack could be due to poor cyber-hygiene, expert says - Verdict

TfL staff working from home as cyber attack continues - security experts explain what's happening - MyLondon

TfL cyber attack could've brought London 'to a standstill' (telecomstechnews.com)

Can Every Business Afford To Be A Target? (informationsecuritybuzz.com)

We must break tech monopolies before they break us (thenextweb.com)

Cyber criminals use legitimate software for attacks increasing (securitybrief.co.nz)

The MadRadar Hack Can Cause Autonomous Cars To Malfunction And Hallucinate (informationsecuritybuzz.com)

Is the "Network" Defendable? - Security Boulevard

Surge in cyber risks will create new exposures (emergingrisks.co.uk)

Educational Institutions become a prime target for cyber criminals as the new academic year commences | TechRadar

Five notorious cyber attacks that targeted governments (theconversation.com)

Vulnerability Management

Tenable finds only 3% of vulnerabilities pose significant risks (securitybrief.co.nz)

Businesses must act now to address the zero day surge | TechRadar

Vulnerabilities

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (thehackernews.com)

Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise - SecurityWeek

Fortra fixed 2 severe issues in FileCatalyst Workflow, including a critical flaw (securityaffairs.com)

Cisco warns of backdoor admin account in Smart Licensing Utility (bleepingcomputer.com)

Godzilla Fileless Backdoor Exploits Atlassian Confluence Vulnerability (cybersecuritynews.com)

Hacktivist Group Exploit WinRAR Vulnerability to Encrypt Windows & Linux (cybersecuritynews.com)

Chrome 128 Updates Patch High-Severity Vulnerabilities - SecurityWeek

Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw (thehackernews.com)

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access (thehackernews.com)

Your Google Pixel Phone's September Update Arrived (droid-life.com)

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica

Worried about the YubiKey 5 vulnerability? Here's why I'm not | ZDNET

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution (thehackernews.com)

ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217 | UpGuard

Log4j Continues to act as Organisational Vulnerability - Security Boulevard

Arbitrary Code Execution Vulnerabilities Affecting WPS Office - Technical Analysis (cybersecuritynews.com)

Firefox 130: Translate improvements, automatic Picture-in-Picture mode, and security fixes - gHacks Tech News

DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign - SecurityWeek

Zyxel issues patches for nine critical vulnerabilities affecting over 50 access points and routers | TechSpot

Vulnerabilities In Two WordPress Contact Form Plugins Affect +1.1 Million (searchenginejournal.com)

VMware fixed a code execution flaw in Fusion hypervisor (securityaffairs.com)

D-Link says it is not fixing four RCE flaws in DIR-846W routers (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin

Black Arrow Cyber Threat Briefing 06 September 2024

Top Cyber Stories of the Last Week

Active Ransomware Groups Surge by 56% in 2024

Authorised Push Payment (APP) Fraud Dominates as Scams Hit All-Time High

Phishing Remains Top Cyber Threat, Credential Exposure Incidents Surging

When Cyber Security Breaches Are Inevitable, It's Time to Call for A New Approach

Critical infrastructure Sustained 13 Cyber Attacks per Second in 2023

How Phishing Messages Break Through Email Filters

Can Every Business Afford to Be a Target?

To Beat Cyber-Crime Your Business Needs a Cyber Hygiene Review

UK Public Growing Anxious Over Dependence on IT Systems

Russia’s Most Notorious Special Forces Unit Tied to Assassinations and Sabotage, Now Has Its Own Cyber Warfare Team

Sources

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Business Email Compromise (BEC)

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Outages

Identity and Access Management

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda