Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalogue. The findings are particularly worrying because the examined vulnerabilities are known and highlighted in CISA's KEV catalogue as actively exploited by hackers, so any delays in their patching maintain a large attack surface, giving threat actors numerous potential targets.

Over half of those 7 million instances were vulnerable to one of the 137 CVEs concerning Microsoft Windows, making this component a top priority for defenders and an excellent target for attackers. Almost half of those are over five years old, so roughly 800,000 machines have not applied security updates for a significant period of time.

https://www.bleepingcomputer.com/news/security/15-million-public-facing-services-vulnerable-to-cisa-kev-flaws/

• New Research Highlights Increased Security Risks Posed by Remote Working and BYOD

New research has highlighted the increased threats associated with remote work and bring your own device (BYOD) policies faced by organisations. The results of the survey show that with remote and hybrid working, personal and work tasks blur together and the boundaries between the two have become more porous. The data shows that 32% of remote and hybrid workers use apps or software not approved by IT and 92% of remote employees perform work tasks on their personal tablet or smartphone devices. These devices, apps and software, along with the corporate data being accessed, are not visible to IT, thereby dramatically increasing an organisation’s risk posture.

https://www.itsecurityguru.org/2023/04/03/new-research-highlights-increased-security-risks-posed-by-remote-working-and-bring-your-own-device-policies/

• Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks

Cyber security is a growing concern among all businesses but lack of security expertise in SMBs is leaving smaller firms open to attack. Cyber threats are more real and prevalent than ever before and the risk to businesses includes not only exposure of customer data and a decrease in trust, but also losses in revenue.

54% of small businesses say they are more concerned about cyber security now than one year ago yet 38% of SMBs said they had zero employees dedicated to security as part of their role, and 42% had just one employee working on security. Even without a traditional security role, there should be someone responsible for making security decisions in every organisation.

A lack of time to focus on security and keeping up with changing threats are amongst the biggest challenges for businesses.

https://www.helpnetsecurity.com/2023/04/04/smbs-security-posture/

• IT and Security Pros Pressured to Keep Quiet About Data Breaches

It is not possible to stop every bad thing from happening. Alarmingly, when something does go wrong IT/security professionals are being told to keep a breach confidential, even when they knew it should be reported. More than 42% of IT/security professionals reporting this happening to them, and a worrying 30% said they have kept a breach confidential.

At 71%, IT/security professionals in the US were the most likely to say they have been told to keep quiet followed by the UK at 44%.

52% of global organisations have experienced a data breach or data leak in the last 12 months. The US led at 75% (or 23% higher than average) followed by the UK at 51.4%.

Infosec professionals are increasingly worried about their company facing legal action due to a breach being handled incorrectly.

https://www.helpnetsecurity.com/2023/04/06/pressure-keeping-breaches-confidential/

• Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard

Phishing attacks are up 5x year-on-year, researchers say. A report from Cofense analysed data received from 35 million people across the world, finding there has been a 569% increase in phishing attacks to 2022 and 478% increase to credential phishing. With the increased frequency, intensity and sophistication of these threats small and medium-sized businesses should be particularly wary of phishing and other forms of email-borne cyber attacks as their numbers have grown explosively over the last year, experts have warned. Organisations should keep eyes open for Business Email Compromise (BEC) attacks as this type continues to be one of the top crimes for the eighth year in a row.

https://www.techradar.com/news/phishing-emails-are-seeing-a-huge-rise-so-stay-on-your-guard

• Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks

New studies have found that ransomware exploits are increasing, and a large percentage of victims are being hit multiple times. The NCC Group noted that there were 240 ransomware attacks in February 2023, a 45% increase from the record-high number of attacks in January. North America accounted for 47% of the global ransomware attacks, with Europe following (23%). Another report found that of all organisations hit by ransomware in the last 12 months, 28% were reported to be hit twice or more. Of the organisations breached, 69% reported phishing as the initial access vector.

https://www.techrepublic.com/article/nccgroup-ransomware-attacks-up-february/

• MSPs a Favoured Target of Supply Chain and Infrastructure Attacks

With the backdrop of increasing cyber attacks on supply chains, Managed Service Providers (MSPs) are increasingly being favoured by attackers due to their pivotal role in the supply chain and access to the organisations they are serving.

When measured by sector, MSPs are the hardest hit by hackers in supply chain attacks.

ConnectWise’s cyber research unit analysed some 440,000 incidents that impacted MSPs and their clients and found that Lockbit led among the most prolific ransomware hijackers targeting MSPs, (42% of all ransomware attacks) followed by Cl0p at 11%. Whilst numerous other ransomware gangs also directly targeted MSPs in 2022.

Third party risk assessments should be carried out for all organisations in your supply chain and this is especially true of MSPs and external IT providers given the level of access they have into your systems and data.

https://www.msspalert.com/cybersecurity-research/msps-a-favored-target-of-supply-chain-and-infrastructure-attacks-connectwise-reports/

• Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening companies with publishing or selling allegedly stolen data unless they get paid. Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the messages. It is possible that victims are selected from publicly available sources, such as the initial attacker’s data leak site, social media, news reports, or company disclosures; in some cases a fake extortionist could learn about ransomware victims that have yet to disclose the cyber attack, making it more likely for victims to believe them.

https://www.bleepingcomputer.com/news/security/fake-ransomware-gang-targets-us-orgs-with-empty-data-leak-threats/

• GCHQ Updates Security Guidance for Boards

The UK’s leading cyber security agency GCHQ, has urged the country’s business leaders to “get to grips” with cyber risk after releasing an updated toolkit to help them do so. GCHQ’s National Cyber Security Centre (NCSC) said its updated Cyber Security Board Toolkit is designed to boost the confidence of senior execs when discussing security with key stakeholders from the organisation.

Given the potentially serious impact breaches can have on business operations and growth, the agency wants boards to treat cyber risk with the same urgency as other business risks in areas such as financial and legal.

https://www.infosecurity-magazine.com/news/gchq-updates-security-guidance/

• More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis

A recent report found that 52% of organisations had suffered a data breach in the past two years, an increase from 49% in 2022. In addition, 62% of organisations reported that business critical applications suffered from unplanned downtime due to a cyber security incident on at least a monthly basis, an increase from 54% in 2022. Other key findings include downtime costing roughly 2.7% of annual revenue, 39% of organisations believing cyber security incidents directly harmed their competitive position and 31% noting that it had reduced shareholder revenue. As a result of the impact, 95% of organisations reported that they had planned to increase their security budget over the next 2 years.

https://www.msspalert.com/cybersecurity-research/splunk-details-increase-in-data-breaches-downtime-due-to-cybersecurity-issues/

• For Cyber Crime Gangs, Professionalisation Comes With “Corporate” Headaches

Today’s largest cyber crime gangs are operating like large enterprises, with $50 million dollars in annual revenue and around 80% of operating expenses going towards wages. Researchers have found that small, medium and especially large cyber crime gangs are operating just like their legitimate counterparts, from their managerial structure to employee benefits. The research highlights a worrying level of sophistication within cyber crime gangs; we are no longer dealing with the lone attacker in a dark room, but in some cases an enterprise with clear objectives.

https://www.darkreading.com/vulnerabilities-threats/cybercrime-professionalization-gangs-corporate-headaches

• UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups

Britain’s newly created offensive hacking unit, the National Cyber Force (NCF), has said it is engaged daily in operations to disrupt terrorist groups and military opponents of the UK. Operational details remain unclear, however the NCF says it is engaged in techniques to “undermine the tradecraft” of Russian, Chinese and other state-sponsored hackers and in “technical disruption” against terrorist groups, for example to prevent the dissemination of online propaganda. This news comes after the recent leak of files for Moscow, which had tasked an IT company to develop cyber warfare tools aimed at taking down infrastructure networks and scouring the internet for vulnerabilities.

https://www.theguardian.com/technology/2023/apr/03/uks-offensive-hacking-unit-takes-on-military-opponents-and-terrorist-groups

• Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change

A man reportedly took his own life following a six-week-long conversation about the climate crisis with an artificial intelligence (AI) chatbot. Reports found that the chatbot had fed the mans worries about climate change, which had worsened his anxiety and later led to suicidal thoughts. The AI chatbot failed to dissuade the man from committing suicide and had in fact encouraged him to act on the thoughts and join the AI chatbot so “they could live together, as one person, in paradise”. This is despite the efforts made to limit these kind of events.

https://www.euronews.com/next/2023/03/31/man-ends-his-life-after-an-ai-chatbot-encouraged-him-to-sacrifice-himself-to-stop-climate-

• Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The vulnerability is in Elementor Pro, a premium plugin running on more than 12 million sites powered by WordPress.  Despite the vulnerability being fixed, many have not installed the patch. Worryingly, this is a common theme in cyber; many organisations remain vulnerable due to them not having an efficient patching process and as a result, a number of the most exploited vulnerabilities have available patches.

https://arstechnica.com/information-technology/2023/03/hackers-exploit-wordpress-plugin-flaw-that-gives-full-control-of-millions-of-sites/

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks up sharply in February (techrepublic.com)

• Fake ransomware gang targets U.S. orgs with empty data leak threats (bleepingcomputer.com)

• New Money Message ransomware demands million dollar ransoms (bleepingcomputer.com)

• Rorschach – A New Sophisticated and Fast Ransomware - Check Point Research

• ALPHV ransomware exploits Veritas Backup Exec bugs for initial access (bleepingcomputer.com)

• LockBit leaks data stolen from South Korean National Tax Service-Security Affairs

• UK outsourcing services provider Capita suffered a cyber incident-Security Affairs

• March ransomware disclosures spike behind Clop attacks | TechTarget

• Protect Your Company: Ransomware Prevention Made Easy (thehackernews.com)

• Dish Faces Investor Lawsuit Over Ransomware Attack, Downgrades From Equity Analysts | Next TV

Phishing & Email Based Attacks

• Scammers Are Using ChatGPT to Write Emails That Aren't Riddled With Typos (futurism.com)

• Phishing emails are seeing a huge rise, so stay on your guard | TechRadar

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M-Security Affairs

• YouTube warns of email scam from seemingly authentic account | Science & Tech News | Sky News

BEC – Business Email Compromise

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M-Security Affairs

2FA/MFA

• Hackers steal crypto assets by defeating 2FA with rogue browser extension | CSO Online

Malware

• WinRAR SFX archives can run PowerShell without being detected (bleepingcomputer.com)

• Malware and machine learning: A match made in hell - Help Net Security

• Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks (thehackernews.com)

• Flood of malicious packages results in NPM registry DoS - Help Net Security

• Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks (thehackernews.com)

• Researcher Tricks ChatGPT into Building Undetectable Steganography Malware (darkreading.com)

• Typhon info-stealing malware devs upgrade evasion capabilities (bleepingcomputer.com)

• Tax preparation and e-file service eFile.com compromised to serve malware-Security Affairs

• The hidden picture of malware attack trends - Help Net Security

Mobile

• Google publishes April Android Security Bulletin, but Pixel updates are once again missing (androidpolice.com)

• Android's April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities - SecurityWeek

BYOD

• New Research Highlights Increased Security Risks Posed by Remote Working and BYOD - IT Security Guru

Internet of Things – IoT

• Hackers can open Nexx garage doors remotely, and there's no fix (bleepingcomputer.com)

• HP to patch critical bug in LaserJet printers within 90 days (bleepingcomputer.com)

Data Breaches/Leaks

• Splunk Details Increase in Data Breaches, Downtime Due to Cyber security Issues - MSSP Alert

• Nearly 5 million hit in massive loan data breach — see if you’re affected | Tom's Guide (tomsguide.com)

• Data Breach Strikes Western Digital (darkreading.com)

• Uber driver info stolen in yet another third-party breach • The Register

• High-cost lender TMX Finance data breach affects nearly 5 million customers | SC Media (scmagazine.com)

• ChatGPT linked to alleged leak of confidential information at Samsung (interestingengineering.com)

• Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach (darkreading.com)

• Marketplace 600K Records Leaked By Database Snafu (informationsecuritybuzz.com)

• Hacker claims breach of US immigration services | Cybernews

Organised Crime & Criminal Actors

• For Cyber Crime Gangs, Professionalization & ‘Corporate’ Headaches (darkreading.com)

• Fight Mercenaries with these Cyber security Principles (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• DoJ Recovers $112M in Crypto Stolen With Romance Scams (darkreading.com)

• Hackers steal crypto assets by defeating 2FA with rogue browser extension | CSO Online

Insider Risk and Insider Threats

• Re-evaluating immature and ineffective insider risk management programs - Help Net Security

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

Fraud, Scams & Financial Crime

• The staggering cost of identity fraud for financial services - Help Net Security

• New dark web market STYX focuses on financial fraud services (bleepingcomputer.com)

• What CISOs Can Do to Build Trust & Fight Fraud in the Metaverse (darkreading.com)

• Feds seize $112m in currency tied to 'pig-butchering scams • The Register

• Stop online counterfeiters dead in their tracks - Help Net Security

Deepfakes

• Misinformation, mistakes and the Pope in a puffer: what rapidly evolving AI can – and can’t – do | Artificial intelligence (AI) | The Guardian

• Welcome to the era of viral AI generated 'news' images | CNN Business

Insurance

• Experts Urge Empathy, Thoughtfulness for Insurers in Challenging Cyber Landscape (insurancejournal.com)

Dark Web

• New dark web market STYX focuses on financial fraud services (bleepingcomputer.com)

Supply Chain and Third Parties

• MSPs a Favoured Target of Supply Chain and Infrastructure Attacks, ConnectWise Reports - MSSP Alert

• APT group Winter Vivern exploits Zimbra webmail flaw to target government entities | CSO Online

• Risk & Repeat: Inside the 3CX supply chain attack | TechTarget

• 10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (bleepingcomputer.com)

• Automation, Cyber security, Integration Top the List of Priorities for MSPs in 2023 - MSSP Alert

• Capita: Cyber attack caused pre-weekend outage • The Register

• Western Digital Hit By Network Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

Cloud/SaaS

• Log4j bug abused in new 'proxyjacking' attacks to resell bandwidth, abuse enterprise cloud | SC Media (scmagazine.com)

• Google Drive does a surprise rollout of file limits, locking out some users | Ars Technica

• Modular "AlienFox" Toolkit Used to Steal Cloud Service Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• Capita: Cyber attack caused pre-weekend outage • The Register

• Shadow data slipping past security teams - Help Net Security

• Think Before You Share the Link: SaaS in the Real World (thehackernews.com)

• Western Digital Hit By Network Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

Hybrid/Remote Working

• New Research Highlights Increased Security Risks Posed by Remote Working and BYOD - IT Security Guru

• Unapproved Apps Used By 32% of Remote Workers - Infosecurity Magazine (infosecurity-magazine.com)

Shadow IT

• Shadow data slipping past security teams - Help Net Security

Identity and Access Management

• "It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete? (thehackernews.com)

• The high cost of insecure authentication methods - Help Net Security

• 3 Fronts in the Battle for Digital Identity (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Takedown of notorious hacker marketplace selling your identity to criminals | Europol (europa.eu)

• Stolen credential warehouse Genesis Market seized by FBI • The Register

Social Media

• TikTok to Comply With US Law, Protect User Data From China - Infosecurity Magazine (infosecurity-magazine.com)

• TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian

• Twitter's recommendation algorithm opens platform to manipulation, bot attacks, researcher finds | CyberScoop

• TikTok bans explained: Everything you need to know (techtarget.com)

• YouTube warns of email scam from seemingly authentic account | Science & Tech News | Sky News

Parental Controls and Child Safety

• TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian

Regulations, Fines and Legislation

• TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian

• UK data regulator issues warning over generative AI data protection concerns | CSO Online

Governance, Risk and Compliance

• 42% of IT leaders told to maintain breach confidentiality | TechTarget

• GCHQ Updates Security Guidance for Boards - Infosecurity Magazine (infosecurity-magazine.com)

• Splunk Details Increase in Data Breaches, Downtime Due to  Issues - MSSP Alert

• 5 strategies to manage  risks in mergers and acquisitions | CSO Online

Models, Frameworks and Standards

• What is PCI DSS 12 requirements? | Definition from TechTarget

Careers, Working in Cyber and Information Security

• Ex-GCHQ chief criticises Treasury for advertising head of cyber security job with £50k salary (telegraph.co.uk)

Law Enforcement Action and Take Downs

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M-Security Affairs

• Stolen credential warehouse Genesis Market seized by FBI • The Register

• Spain's most dangerous and elusive hacker now in police custody (bleepingcomputer.com)

• Genesis Market: Popular cyber crime website shut down by police - BBC News

• FBI obtained detailed database exposing 60,000 users of the cyber crime bazaar Genesis Market | CyberScoop

Privacy, Surveillance and Mass Monitoring

• NYPD ignored 93 percent of surveillance law rules • The Register

Artificial Intelligence

• Welcome to the era of viral AI generated 'news' images | CNN Business

• Misinformation, mistakes and the Pope in a puffer: what rapidly evolving AI can – and can’t – do | Artificial intelligence (AI) | The Guardian

• Scammers Are Using ChatGPT to Write Emails That Aren't Riddled With Typos (futurism.com)

• ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications - SecurityWeek

• ChatGPT banned in Italy | The Independent

• Man ends his life after an AI chatbot 'encouraged' him to sacrifice himself to stop climate change | Euronews

• Malware and machine learning: A match made in hell - Help Net Security

• ChatGPT linked to alleged leak of confidential information at Samsung (interestingengineering.com)

• UK data regulator issues warning over generative AI data protection concerns | CSO Online

• Researcher Tricks ChatGPT into Building Undetectable Steganography Malware (darkreading.com)

Misinformation, Disinformation and Propaganda

• Misinformation, mistakes and the Pope in a puffer: what rapidly evolving AI can – and can’t – do | Artificial intelligence (AI) | The Guardian

• ChatGPT could increase 'threat vector' for cyber attacks and misinformation, experts warn: 'Deepfake generator' | Fox Business

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• UK’s offensive hacking unit takes on military opponents and terrorist groups | Cyberwar | The Guardian

• Russian pro-war military blogger killed in blast at St Petersburg cafe | Russia | The Guardian

• China opens national security probe into Micron products • The Register

• CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog-Security Affairs

• Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar (darkreading.com)

• Chinese 'spy balloon' that flew over US gathered intelligence from sensitive military sites, officials say | US News | Sky News

• UK Discloses Offensive Cyber Capabilities Principles - Infosecurity Magazine (infosecurity-magazine.com)

• Britain’s cyberwarfare chief reveals his identity | The Economist

Nation State Actors

• APT group Winter Vivern exploits Zimbra webmail flaw to target government entities | CSO Online

• UK’s offensive hacking unit takes on military opponents and terrorist groups | Cyberwar | The Guardian

• Vodafone warned of ‘profound national security questions’ over merger with Chinese-owned Three (telegraph.co.uk)

• Russian pro-war military blogger killed in blast at St Petersburg cafe | Russia | The Guardian

• China opens national security probe into Micron products • The Register

• Report: Chinese State-Sponsored Hacking Group Highly Active - SecurityWeek

• Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar (darkreading.com)

• Chinese 'spy balloon' that flew over US gathered intelligence from sensitive military sites, officials say | US News | Sky News

• The other Chinese apps taking the US and UK by storm - BBC News

• TikTok to Comply With US Law, Protect User Data From China - Infosecurity Magazine (infosecurity-magazine.com)

• China probes Micron for cyber security risks, urges Japan to stay out of US chip export curbs  | TechCrunch

• Google TAG Alerts Of ARCHIPELAGO Cyber attacks Linked To North Korea (informationsecuritybuzz.com)

Vulnerability Management

• 15 million public-facing services vulnerable to CISA KEV flaws (bleepingcomputer.com)

• 10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (bleepingcomputer.com)

• Millions still exposed despite available fixes - Help Net Security

• Microsoft to admins: Auto-review your Autopatch alerts • The Register

Vulnerabilities

• Log4j bug abused in new 'proxyjacking' attacks to resell bandwidth, abuse enterprise cloud | SC Media (scmagazine.com)

• Hackers exploit WordPress plugin flaw that gives full control of millions of sites | Ars Technica

• CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog-Security Affairs

• HP to patch critical bug in LaserJet printers within 90 days (bleepingcomputer.com)

• Prevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359) - Help Net Security

• Chrome 112 Patches 16 Security Flaws - SecurityWeek

• QNAP Zero-Days Leave 80K Devices Vulnerable to Cyber attack (darkreading.com)

Tools and Controls

• How can organisations bridge the gap between DR and cyber security? - Help Net Security

• Let’s pump the brakes on the rush to incorporate AI into cyber security | CSO Online

• The high cost of insecure authentication methods - Help Net Security

• How AI is transforming cyber security for better and worse - Help Net Security

• 3 Fronts in the Battle for Digital Identity (darkreading.com)

• What RASP Should Have Been (darkreading.com)

Reports Published in the Last Week

• Bitdefender 2023 Cybersecurity Assessment | Bitdefender

• Annual Report: Leading Anti-Phishing Solutions | Cofense

Other News Misc/Other Misc attacks

• Maintaining Data Integrity With Growing Cyber security Concerns (informationsecuritybuzz.com)

• Keeper Security April Fools - IT Security Guru

• Travel visa delays after UK’s crime records office hit by cyber ‘incident’ | Evening Standard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links