Black Arrow Cyber Threat Intelligence Briefing 07 March 2025

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Our review this week includes the evolving shift in cyber security, where governance and proactive risk management is becoming more critical than tool proliferation as exemplified by the inclusion of the ‘Govern’ function in the NIST Cyber Security Framework. Businesses still face a cocktail of cyber risks as geopolitical tensions, misinformation, and AI-driven threats continue to evolve. Despite increased awareness, cyber risk integration remains insufficient at the executive level, leaving many organisations, particularly smaller businesses, exposed.

Vulnerability management remains a pressing concern. 40% of vulnerabilities leveraged in 2024 date back to 2020 or earlier, while ransomware and botnet expansion thrive on unpatched systems. Meanwhile, the financial sector continues to be a target for cyber attacks, with European regulators responding through stricter risk management frameworks like DORA. The rise of state-sponsored actors such as China-backed Silk Typhoon, which targets IT service providers, further underscores the importance of securing supply chains and third-party dependencies.

Our review this week also highlights the importance of rehearsing how to respond to a cyber incident, as well as the changing tactics of attackers such as the use of AI voice cloning from voicemail recordings to impersonate individuals, and false extortion demands. These, and other observations from our threat intelligence briefings, highlight the need for comprehensive security awareness. With cyber threats at an all-time high, organisations must adopt a strategic, governance-led approach to resilience, ensuring robust defences against both sophisticated adversaries and opportunistic cyber criminals.

Top Cyber Stories of the Last Week

Cyber Security's Future Is All About Governance, Not More Tools

The cyber security landscape is shifting from tool-centric procurement to strategic governance, with CISOs taking a more prominent role in business decision-making. Despite growth in the number of security tools that organisations deploy, fragmented workflows and diminishing returns persist. The focus is now on aligning security with business objectives, regulatory expectations, and operational efficiency. The NIST Cyber Security Framework 2024 update introduced a "Govern" function, underscoring proactive risk management. As cyber security becomes integral to corporate strategy, CISOs must prioritise transparency, accountability, and resilience over simply expanding their security stack.

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

The World Economic Forum's ‘Global Cybersecurity Outlook 2025’ highlights the evolving risk landscape, where cyber security threats are increasingly intertwined with geopolitical and economic risks. Misinformation and AI-related threats are now among the top concerns, while cyber espionage is reportedly declining. Despite growing awareness, only 60% of CEOs and CISOs integrate cyber risk into enterprise risk management. Smaller businesses are particularly vulnerable, with 35% admitting their cyber resilience is insufficient. The report stresses that CISOs must navigate shifting board priorities, regulatory changes, and supply chain risks while ensuring cyber security remains a core business consideration.

Why Cyber Drills are as Vital as Fire Drills

Cyber resilience is becoming a business imperative, with human error remaining the leading cause of cyber incidents and the average cost of a cyber attack reaching a record $4.88 million in 2024. A recent study found that 94% of organisations have implemented or plan to implement cyber drills within three years, recognising their role in strengthening defences and ensuring business continuity. Yet, decision-makers spend only 39% of their time on cyber readiness. As nearly half of businesses faced an attack in the past year, routine cyber drills, like fire drills, are essential to preparing teams for real-world threats.

Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%

Nonprofit organisations have experienced a sharp rise in cyber attacks, with email threats increasing by 35% over the past year. A report by Abnormal Security highlights that limited cyber security resources and high-trust environments make nonprofits prime targets. Credential phishing has surged by 50%, compromising donor databases and enabling financial fraud, while malware attacks have risen by 26%, often leading to ransomware incidents. As cyber criminals refine their tactics, nonprofits must prioritise email security, leveraging AI-driven solutions to detect threats and protect sensitive data, ensuring operational resilience and maintaining public trust.

Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview

The latest report from the European Network and Information Security Agency (ENISA) highlights a surge in cyber threats targeting Europe’s financial sector, with 488 reported incidents between January 2023 and June 2024. Banks bore the brunt of attacks (46%), followed by public financial institutions (13%) and individual customers (10%). DDoS attacks were the most common, accounting for 58% of incidents, often linked to geopolitical tensions. Data breaches, ransomware, and fraud also saw a rise, exposing sensitive financial records and disrupting operations. In response, regulators have strengthened cyber security policies, with initiatives like DORA aiming to enhance resilience through stricter risk management and incident response frameworks.

Old Unpatched Vulnerabilities Among the Most Widely Exploited

GreyNoise’s latest report highlights that 40% of vulnerabilities exploited in 2024 were from 2020 or earlier, with some dating back over two decades. Attackers are also accelerating their exploitation of newly disclosed flaws, with some targeted within hours. Home internet routers and enterprise solutions from vendors like Ivanti, D-Link, and VMware were among the most affected. Ransomware groups remain the primary exploiters, leveraging 28% of newly listed vulnerabilities in the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalogue. Key attacker objectives include botnet expansion, cryptocurrency mining, and ransomware deployment, underscoring the risks posed by unpatched legacy systems.

Chinese State Back Threat Actor ‘Silk Typhoon’ Shifted to Specifically Targeting Outsourced IT Providers

Microsoft has reported that Silk Typhoon, a Chinese state-backed espionage group, has shifted focus to targeting IT management firms, aiming to infiltrate downstream customers. The group exploits stolen API keys, credentials, and unpatched software to access cloud and on-premises systems. By compromising IT providers and privileged access tools, they steal sensitive data from sectors including government, healthcare, and energy. Microsoft highlights Silk Typhoon’s ability to swiftly adapt, making it one of the most pervasive Chinese threat actors. This report coincides with US indictments of 12 Chinese nationals linked to cyber espionage, including two alleged Silk Typhoon members.

Social Engineering and Stolen Credential Threats Continue to Dominate Cyber Attacks

CrowdStrike’s 2025 Global Threat Report highlights a sharp rise in social engineering attacks, with credential theft surging by 442% in the latter half of 2024. Stolen credentials remain a primary attack vector, while adversaries operate with increasing speed: the average time to move within a compromised network has fallen to just 48 minutes, with some breaches occurring in as little as 51 seconds. The report underscores the need for enhanced employee training, stronger credential protection, and improved detection capabilities to counter these evolving threats, particularly as cyber criminals leverage AI and target cloud environments with greater sophistication.

Security CEOs Warn Your Voicemail Greeting is the Latest Target for Cyber Criminals

Cyber security leaders are warning that AI voice cloning is a growing threat, with criminals using voicemail recordings to impersonate individuals. Experts highlight that just three seconds of audio is enough to create a convincing deepfake, which can be exploited in scams targeting employees, families, and businesses. C-suite executives are particularly at risk, with attacks mimicking their voices to manipulate staff. To mitigate this risk, security professionals recommend replacing personal voicemail greetings with automated defaults, limiting voice recordings online, and using a family-safe word to verify urgent requests.

Would-be Extortionists Send “BianLian” Ransom Notes in the Mail

Executives are being targeted in a new ransomware scam involving physical letters falsely claiming to be from the BianLian ransomware group. The letters demand ransoms of $250,000 to $350,000, threatening to leak sensitive data unless payment is made within 10 days. However, security experts have found no evidence of actual network intrusions, suggesting the campaign is a fraudulent extortion attempt. The FBI has issued a warning, confirming no links to the real BianLian group. Organisations are advised to inform executives, review incident response procedures, and report any such letters to law enforcement.

Cyber Threat Highest It’s Ever Been, Ex-Five Eyes Leader Warns

The cyber threat to critical infrastructure is at an all-time high, driven by geopolitical tensions, financial incentives, and technological advancements, warns the former head of the UK’s National Cyber Security Centre (NCSC). Organised criminals and state-backed hacking groups pose a growing risk to essential services. Artificial intelligence is making cyber attacks more efficient, cost-effective, and accessible, potentially enabling new threat actors to launch large-scale campaigns. While financial motives remain unchanged, the increasing role of AI in cyber warfare is a key concern, as it lowers barriers to entry for malicious actors, amplifying the risks faced by organisations globally.

Trump Administration Retreats in Fight Against Russian Cyber Threats

The Trump administration has shifted its stance on cyber threats, no longer publicly recognising Russia as a major cyber security risk to US national security and critical infrastructure. This policy change marks a significant departure from long-standing intelligence assessments and contrasts with the positions of US allies. Experts warn that deprioritising Russia as a cyber threat could leave the US vulnerable to attacks. Reports indicate internal directives have limited efforts to monitor Russian cyber activities, raising concerns that adversaries may exploit weakened defences. Meanwhile, job cuts across key agencies may have further reduced cyber security capabilities, compounding the risks.

Sources:

https://www.darkreading.com/cyber-risk/cybersecurity-future-governance-not-more-tools

https://www.darkreading.com/cyber-risk/thinking-outside-box-cyber-risk

https://www.forbes.com/sites/jameshadley/2025/03/04/why-cyber-drills-are-as-vital-as-fire-drills/

https://www.infosecurity-magazine.com/news/nonprofits-email-threats-rise-35/

https://www.jdsupra.com/legalnews/rising-cyber-threats-in-europe-s-7746792/

https://www.infosecurity-magazine.com/news/old-vulnerabilities-widely/

https://cyberscoop.com/silk-typhoon-targets-it-services/

https://natlawreview.com/article/social-engineering-stolen-credential-threats-continue-dominate-cyber-attacks

https://cybernews.com/security/cybercriminals-use-voicemail-greetings-ai-voice-cloning-attacks/

https://www.infosecurity-magazine.com/news/extortionists-bianlian-ransom/

https://www.nzherald.co.nz/business/markets-with-madison/cyber-threat-highest-its-ever-been-ex-five-eyes-leader-warns/F4G6TUDZ3JAT7PNZNFBVBXXPF4/

https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security


Governance, Risk and Compliance

Cybersecurity’s Future Is All About Governance, Not More Tools

Why Employee Training Is A Critical Component Of Effective Business Cybersecurity - Minutehack

Why Cyber Drills Are As Vital As Fire Drills

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

SolarWinds CISO says security execs are ‘nervous’ about individual liability for data breaches  | CyberScoop

Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews

Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine

Third-Party Risk Top Cybersecurity Claims

Cyber risks see SME focus but big risks remain

Board Oversight of Cyber Security Incidents

How to create an effective incident response plan | CSO Online

CFOs’ Risk Outlook—The Economy, Cyber and Talent Are Top Concerns

What CISOs need from the board: Mutual respect on expectations | CSO Online

The evolving landscape of regulatory compliance in cybersecurity - Digital Journal

WTF? Why the cyber security sector is overrun with acronyms | CSO Online

The 5 stages of incident response grief - Help Net Security

A Shield of Defensibility Protecting CISOs and Their Companies

CISO Liability Risks Spur Policy Changes at 93% of Organisations - Infosecurity Magazine

Are cybersecurity chiefs focusing too much on legal liability—and not enough on fixing vulnerabilities? | Fortune

CISO vs. CIO: Where security and IT leadership clash (and how to fix it) - Help Net Security

Cyber Threats Are Evolving Faster Than Defences

Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Evolution: From Encryption to Extortion

Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever

Cyber criminals picked up the pace on attacks last year | CyberScoop

Ransomware 2025: Lessons from the Past Year and What Lies Ahead

Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs | MSSP Alert

Ransomware activity surged last year, report finds | SC Media

Ransomware Attacks Appear to Keep Surging - InfoRiskToday

Inside the Minds of Cyber Criminals: A Deep Dive into Black Basta’s Leaked Chats   - Security Boulevard

Your New Car Could Be the Next Ransomware Target

Ransomware scum abusing Microsoft Windows-signed driver • The Register

VulnCheck Exposes CVEs From Black Bastas' Chats

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Would-be Extortionists Send “BianLian” Ransom Notes in the Mail - Infosecurity Magazine

Cactus Ransomware: What You Need To Know | Tripwire

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Emulating the Relentless RansomHub Ransomware - Security Boulevard

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks

Ransomware: from REvil to Black Basta, what do we know about Tramp? | Computer Weekly

Schools Vs Ransomware: Lessons Learned From A Cyber Attack - TeachingTimes

Ransomware Victims

Hunters International ransomware claims attack on Tata Technologies

Qilin claims attacks on cancer, women's clinics • The Register

Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Ransomware Group Takes Credit for Lee Enterprises Attack - SecurityWeek

Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine

Phishing & Email Based Attacks

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

Phishing Campaign Uses Havoc Framework to Control Infected Systems - Infosecurity Magazine

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them

Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert

How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ

Business Email Compromise (BEC)/Email Account Compromise (EAC)

From Event to Insight Unpacking a B2B Business Email Compromise BEC Scenario | Trend Micro (US)

Other Social Engineering

2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft

How QR code attacks work and how to protect yourself - Help Net Security

Vishing attacks surged 442% last year - how to protect yourself | ZDNET

The Hidden Risks Of Job Hunting: Recruitment Fraud And Cybersecurity

What is vishing? Voice phishing is surging - expert tips on how to spot it and stop it | ZDNET

North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds

Digital nomads and risk associated with the threat of infiltred employees

YouTube warns of AI-generated video of its CEO used in phishing attacks

Scammers take over social media - Help Net Security

Fake police call cryptocurrency investors to steal their funds

Artificial Intelligence

Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews

89% of enterprise AI usage is invisible to the organisation - Help Net Security

Deepfake cyber attacks proliferated in 2024, iProov claims • The Register

Nearly 12,000 API keys and passwords found in AI training dataset

The Urgent Need to Address Cyber Security in the GenAI Market

Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar

How New AI Agents Will Transform Credential Stuffing Attacks

YouTube warns of AI-generated video of its CEO used in phishing attacks

New Report Finds that 78% of Chief Information Security Officers Globally are Seeing a Significant Impact from AI-Powered Cyber Threats - up 5% from last year

Private 5G Networks Face Security Risks Amid AI Adoption - Infosecurity Magazine

Anorexia coaches, self-harm buddies and sexualized minors: How online communities are using AI chatbots for harmful behavior  | CyberScoop

Police arrests suspects tied to AI-generated CSAM distribution ring

Innovation vs. security: Managing shadow AI risks - Help Net Security

Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows | Kaspersky official blog

Malware

Microsoft says malvertising campaign impacted 1 million PCs

Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

Hackers Weaponizing PowerShell & Microsoft Legitimate Apps To Deploy Malware

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Devs beware: fake Golang packages target Mac users | Cybernews

Polyglot files used to spread new backdoor | CSO Online

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED

5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them

Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert

26 Million Devices Hit By Infostealers—Bank Cards Leaked To Dark Web

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows | Kaspersky official blog

Russian-Speaking Hackers Goad Users Into Installing Havoc

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Bots/Botnets

Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet | TechRadar

Widespread network edge device targeting conducted by PolarEdge botnet | SC Media

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Mobile

Over 500K Android, iOS, iPadOS, Devices Impacted By Spyzie Stalkerware | MSSP Alert

Governments can't seem to stop asking for secret backdoors • The Register

New Android RAT Dubbed “AndroRAT” Attacking to Steal Pattern, PIN & Passcodes

Do you really need to worry about spyware on your phone?

Google’s 'consent-less' Android tracking probed by academics • The Register

Google confirms mass app deletion on Play Store after ad fraud | Android Central

Denial of Service/DoS/DDoS

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar

New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek

Internet of Things – IoT

Top risks produced by old wireless routers and smart home devices

8 ways to secure your smart home from hackers

Your New Car Could Be the Next Ransomware Target

BadBox Botnet Powered by 1 Million Android Devices Disrupted - SecurityWeek

How Can Your Smart Washer Pose A Threat To Your Privacy?

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Goodbye Kia - this is the serious vulnerability that affects all vehicles registered after this date

Data Breaches/Leaks

Inside a cyber attack: How hackers steal data

Lost luggage data leak exposes nearly a million records | Cybernews

75% of US government websites experienced data breaches | Cybernews

Angel One Breach Compromises Client Data | MSSP Alert

Organised Crime & Criminal Actors

Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever

Cyber criminals picked up the pace on attacks last year | CyberScoop

Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald

Online crime-as-a-service skyrockets with 24,000 users selling attack tools - Help Net Security

US Soldier Intends to Admit Hacking 15 Telecom Carriers

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement | CyberScoop

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence

International cops seize Russian crypto exchange Garantex • The Register

Bybit hackers resume laundering activities, moving another 62,200 ETH

US recovers $31 million stolen in 2021 Uranium Finance hack

$51,300,000,000: Crypto Scams 2025 Report by Chainalysis is Out

Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan

North Korea’s $1.5 billion heist puts the crypto world on notice - The Japan Times

Shape-shifting Chrome extensions target wallets​ | Cybernews

Fake police call cryptocurrency investors to steal their funds

Insider Risk and Insider Threats

Digital nomads and risk associated with the threat of infiltred employees

Insurance

Third-Party Risk Top Cyber Security Claims

Supply Chain and Third Parties

Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine

Third-Party Risk Top Cyber Security Claims

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access

Why Vendor Risk Management Can't Be a One-Time Task | UpGuard

Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register

Cloud/SaaS

How to plan your cloud migration with security in mind | SC Media

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

New Microsoft 365 outage impacts Teams, causes call failures

Microsoft Teams and other Windows tools hijacked to hack corporate networks | TechRadar

Attackers Leverage Microsoft Teams and Quick Assist for Access - Infosecurity Magazine

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Outages

New Microsoft 365 outage impacts Teams, causes call failures

Barclays: bank to pay £12.5m compensation for online outage

Microsoft Blames Widespread Outage On “Problematic Code Change”

How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ

Identity and Access Management

Misconfigured access management systems expose global enterprises to security risks | CSO Online

Identity: The New Cyber Security Battleground

Prioritising data and identity security in 2025 - Help Net Security

Encryption

The UK will neither confirm nor deny that it’s killing encryption | The Verge

Encryption Wars: Governments Want a Backdoor, but Hackers Are Watching | HackerNoon

"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections | TechRadar

France pushes for law enforcement access to Signal, WhatsApp and encrypted email  | Computer Weekly

Governments can't seem to stop asking for secret backdoors • The Register

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Why a push for encryption backdoors is a global security risk - Help Net Security

UK cyber security damaged by “clumsy Home Office political censorship” | Computer Weekly

Linux and Open Source

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS

Open Source Security Risks Continue To Rise

Passwords, Credential Stuffing & Brute Force Attacks

2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft

How New AI Agents Will Transform Credential Stuffing Attacks

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Social Media

UK probes TikTok, Reddit over child data privacy concerns • The Register

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

YouTube warns of AI-generated video of its CEO used in phishing attacks

Scammers take over social media - Help Net Security

USCIS mulls policing social media of all would-be citizens • The Register

Malvertising

Microsoft says malvertising campaign impacted 1 million PCs

Training, Education and Awareness

Why Employee Training Is A Critical Component Of Effective Business Cyber Security - Minutehack

Regulations, Fines and Legislation

Former intelligence officials denounce job cuts to federal cyber roles - Nextgov/FCW

Cyber resilience under DORA – are you prepared for the challenge? | TechRadar

The Crime and Policing Bill Explained

Governments can't seem to stop asking for secret backdoors • The Register

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Why a push for encryption backdoors is a global security risk - Help Net Security

What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget

The evolving landscape of regulatory compliance in cyber security - Digital Journal

Is Trump risking US national security to woo Putin? US no longer sees Russia as major cyber threat, tweaks foreign policy- The Week

CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek

UK security in shock as America signals end to cyber operations against Russia

The Wiretap: How Trump, Hegseth And DOGE Are Undermining Ukrainian Security

DoD, CISA Deny Reports of Pausing Cyber Operations Against Russia | MSSP Alert

Gadgets Used By American Presidents (And Why They Were A Security Nightmare)

National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert

CISA Cuts: A Dangerous Gamble in a Dangerous World

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation - Help Net Security

Trump's Staffing Overhauls Hit Nation's Cyber Defense Agency

Strengthening Telecommunications Security: A Call to Action for Cyber Resilience

Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard

Google asks US government to drop breakup plan over national security fears | TechRadar

Models, Frameworks and Standards

Cyber resilience under DORA – are you prepared for the challenge? | TechRadar

What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget

Financial Organisations Urge CISA to Revise Proposed CIRCIA Implementation - SecurityWeek

Navigating NIS 2 compliance [Q&A]

Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard

Careers, Working in Cyber and Information Security

New 2025 SANS Threat Hunting Survey Reveals 61% of Organisations Struggle with Staffing Shortages

The days of easy hiring in cyber security coming to an end • The Register

Stress and Burnout Impacting Vast Majority of IT Pros - Infosecurity Magazine

Cyber Security Job Satisfaction Plummets, Women Hit Hardest - Infosecurity Magazine

Why Cyber Security Jobs Are Hard to Find in a Worker Shortage

Will AI Start Taking Cyber Security Professionals' Jobs?

Law Enforcement Action and Take Downs

International cops seize Russian crypto exchange Garantex • The Register

US seizes domain of Garantex crypto exchange used by ransomware gangs

US Soldier Intends to Admit Hacking 15 Telecom Carriers

Police arrests suspects tied to AI-generated CSAM distribution ring

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement | CyberScoop

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

Will Chinese cyberespionage be more aggressive in 2025? CrowdStrike thinks so | TechRadar

Silk Typhoon shifted to specifically targeting IT management companies | CyberScoop

In case we forgot, Typhoon attacks remind us of China’s cyber capability—and intent | The Strategist

Chinese cyber espionage growing across all industry sectors | CSO Online

Defence, not more assertive cyber activity, is the right response to Salt Typhoon | The Strategist

US Charges Members of Chinese Hacker-for-Hire Group i-Soon - Infosecurity Magazine

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Russia

The Trump Administration Is Deprioritizing Russia as a Cyber Threat | WIRED

As Trump warms to Putin, U.S. halts offensive cyber operations against Moscow - The Washington Post

Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters

France has ‘trouble understanding’ US halt on cyber operations against Russia – POLITICO

Is Trump risking US national security to woo Putin? US no longer sees Russia as major cyber threat, tweaks foreign policy- The Week

CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek

US Cyber Command Russia stand-down: Strategic diplomacy or security gamble? | SC Media

DHS says CISA won’t stop looking at Russian cyber threats | CyberScoop

UK security in shock as America signals end to cyber operations against Russia

National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert

CISA Cuts: A Dangerous Gamble in a Dangerous World

Russian telecom Beeline facing outages after cyber attack | The Record from Recorded Future News

Russian-Speaking Hackers Goad Users Into Installing Havoc

International cops seize Russian crypto exchange Garantex • The Register

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Ukraine's intel service honors civilian hackers for the first time with military award | The Record from Recorded Future News

Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine

Iran

Large cyber attack emanated from Iran days after Trump sanctions - watchdogs | Iran International

Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector

Crafty Camel APT Targets Aviation, OT With Polygot Files

North Korea

How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence

Bybit hackers resume laundering activities, moving another 62,200 ETH

North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds

Digital nomads and risk associated with the threat of infiltred employees

Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan

The rise of Lazarus Group from Sony hacks to billion dollar crypto heists



Other News

Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview | HaystackID - JDSupra

Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35% - Infosecurity Magazine

Cyber risks see SME focus but big risks remain

Attackers could hack smart solar systems and cause serious damages

Popular Chrome extensions hijacked by hackers in widespread cyber attack — 3.2 million at risk | Tom's Guide

This Browser-Based Attack Can Dodge Security Protections to Take Over Your Account

What is cyber stalking and how to prevent it? | Definition from TechTarget

The More You Care, The More You Share: Information Sharing And Cyber Awareness

What is a Watering Hole Attack? | Definition from TechTarget

WTF? Why the cyber security sector is overrun with acronyms | CSO Online

If you want security, start with secure products – Computerworld

ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report - SecurityWeek

Over Half of Organisations Report Serious OT Security Incidents - Infosecurity Magazine

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation - Help Net Security

Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters

Polish Space Agency offline as it recovers from cyber attack

Hackers breach military walls as funding falls short | Cybernews

Why Decommissioned Nuclear Sites Must Stay on the Security Agenda | SC Media UK

15 Percent of Healthcare PCs Fail Security Test, Increasing Risk of Ransomware, Breaches, and Compliance Violations | Business Wire

3 Cyber Security Steps Every Local Government Should Take

First EU “cyber” Council focusses on crisis management and critical infrastructure security – ministry - Delfi EN

Google asks US government to drop breakup plan over national security fears | TechRadar



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Previous
Previous

Black Arrow Cyber Advisory 12 March 2025 – Security Updates from Microsoft, Fortinet, Apple, Adobe, Zoom and SAP

Next
Next

Black Arrow Cyber Threat Intelligence Briefing 28 February 2025