Black Arrow Cyber Threat Briefing 08 March 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

FBI Reports Cyber Crime Losses Reached $12.5 billion in 2023, Ransomware Losses Surged by 74%, Average Ransom Demand Reaching $600k

An FBI report into the cost of cyber crime has found that estimated losses in the US alone reached $12.5 billion in 2023. Ransomware accounted for $59.6 million, a 74% increase from the previous year’s report. Of note, the FBI report only deals with complaints made to the FBI; it therefore excludes other countries, and relies on the US organisations to identify that they have been impacted. It is therefore likely that the figure in the US, let alone globally, is significantly higher.

Sources: [Security Boulevard] [Security Week] [Infosecurity Magazine] [Tripwire] [Security Affairs]

Capita Plans £100 Million in Cost Cuts as it Continues to Grapple With 2023 Cyber Attack, Resulting in Significant Job Losses

In the aftermath of a significant cyber attack in 2023, Capita faces a steep financial hurdle with reported losses amounting to £106.6 million. Originally forecasted at £25 million, the revised figure underscores the substantial impact of the breach. Capita’s response strategy, including significant investments in recovery and cyber security bolstering, emphasises the escalating costs associated with data breaches. CEO Adolfo Hernandez announced plans for a substantial cost reduction of over £100 million, indicating the critical need for efficiency improvements to mitigate the financial strain. Capita’s experience serves as a potent reminder of the critical importance of robust cyber resilience strategies. These strategies are not just about preventing attacks, but also about mitigating the potentially devastating financial consequences should a breach occur.

Source: [ITPro]

Employment Law Firm Sues IT Company Over Ransomware Attack

A law firm in California has sued an IT solutions company, saying that after hiring the company to install a network system and server, the law firm suffered a ransomware attack. The law firm found that not long after the network was installed, they were unable to access their data, and when they had gone to retrieve a cloud backup, they had found this was already deleted, forcing them to pay the ransom to get their data back. The law firm is accusing the IT company of negligence and breach of contract and is seeking damages of at least $1 million.

Source: [Law360]

Stolen Passwords are a Hacker Goldmine

Passwords are not only crucial for organisational security, but they also come with significant costs and vulnerabilities. From the time spent by service desks on resets, to the expense of security incidents and breaches, the financial toll is substantial. Weak or reused passwords heighten the vulnerability, with breaches involving stolen credentials costing an average of $4.45 million. Cyber threats are evolving, with hackers increasingly favouring stolen user accounts over traditional malware. This shift, underscored by a notable 71% increase in attacks leveraging valid login credentials in 2023 as reported by CrowdStrike and IBM, highlights the repercussions of compromised credentials. Embracing technologies like multi-factor authentication (MFA) and single sign-on (SSO), along with employee education, can bolster security while alleviating financial strains. Robust identity management and zero-trust security frameworks are essential to mitigate risks further, especially in the face of rising cloud intrusions. Proactive investments in password security software such as password managers can help streamline operations and enhance overall organisational resilience against these evolving threats.

Sources: [Bleeping Computer] [Axios] 

Phishing Attacks Up 40 Percent in 2023; Attackers Leverage Social Engineering for Greater Success

Kaspersky recently released their annual spam and phishing report in which they identified over 709 million attempts to access phishing and scam websites, a 40% increase from the previous year. It should be noted that this number is just related to Kaspersky’s identification; the figure is likely far greater. With reports identifying that 90% of phishing involves social engineering, it is important to understand how it is leveraged.

Phishing attacks generally include an element of trust; for example, a bad actor impersonating a reputable brand or providing details about an individual that makes the attack more credible. Often, social engineering will rely on human characteristics, such as urgency, emotion and habit to try to manipulate the target to perform particular actions. Whilst the tools may change, the basis is the same; a successful phish requires user interaction. To mitigate the impact of phishing in corporate environments, organisations must stay informed about the latest adversarial activity and prioritise security measures such as multi-factor authentication (MFA) and providing employee awareness and education training that goes beyond ticking boxes.

Sources: [Beta News] [CSO Online] [Security Boulevard] [DarkReading]

Business Leaders Don’t Even Know They’ve Been Hacked

A survey of over 10,000 business leaders across various industries has found that a number of business leaders know little when it comes to their organisation’s cyber security landscape, with 1 in 10, “unsure” and unable to provide a definitive answer as to whether their organisation has had a data breach in 2023. The report highlights that there are a number of leadership positions that are not receiving sufficient information about their organisation’s data security situation.

Receiving regular reports with metrics about the organisation’s cyber security posture is key to organisations achieving and maintaining a solid level of governance, something that is required in various standards and regulations.

Source: [Tech.Co]

Rising Cyber Security Risks: Insider Threat Main Concern Among Mid-Market Firms

According to the 2023 CyberArk Identity Security Threat Landscape Report, insider threats are on the rise, with 68% of organisations reporting an increased frequency in the past year. These threats, considered one of the top concerns over the next 12 months, stem from within an organisation where authorised employees exploit their access to steal or leak sensitive data. Factors such as flexible working, an increase in job transitions, workforce reductions, third-party relationships, economic uncertainties, and employee stress levels further compound these challenges. Negligence, accounting for 62% of insider incidents, plays a significant role; these threats aren’t always malicious but can also be negligent or accidental. As these threats evolve, the potential consequences, including revenue loss and reputational damage, are becoming more apparent to business leaders. To mitigate risks, companies must prioritise improving identity security, particularly in controlling privileged access, and embrace a Zero Trust approach. This ensures full visibility and control over access to sensitive data, safeguarding critical assets and enhancing cyber resilience in an increasingly volatile landscape. Other key identified threats include AI-related risks, ransomware, deep fakes, and malware.

Sources: [TechRadar] [Comms Business]

C-Suite Executives: An Attacker’s Dream?

Cyber criminals are increasingly focusing on high-value targets, particularly C-suite executives who hold extensive organisational access. These executives, often overlooked in security practices and training, have become vulnerable links. The cyber security landscape of 2023 saw significant advancements but also revealed vulnerabilities, exacerbated by global conflicts and strategic cyber attacks. Cyber actors are now targeting entities with high return potential, with ransomware attackers tailoring their strikes to maximise revenues, often from smaller organisations. Interestingly, while automation is on the rise, cyber criminals are opting for a human touch, with human operatives often behind attacks. A report last year showed a nearly 30% spike in fraud specifically targeting senior executives, highlighting the vulnerability of the C-suite. This emphasises the need for robust cyber resilience strategies to safeguard these high-value targets.

Source: [SecurityBrief New Zealand]

Security Risks Plague SMEs in Shift to Remote Working

In the wake of the COVID-19 pandemic, remote working surged, offering businesses newfound flexibility and cost efficiencies. However, this paradigm shift comes with its own set of security challenges, particularly impacting startups and small businesses. The inherent flexibility of remote work exposes companies to risks like unauthorised access, IP theft, and malware. These threats are especially potent for SMEs, jeopardising their financial stability and reputation. Robust security measures include VPNs, enforcing regular software updates, and employee training to mitigate these risks. By embracing these strategies, SMEs can navigate the remote work landscape securely, unlocking its benefits while safeguarding against potential threats.

Source: [SecurityBrief New Zealand]

After Collecting $22 Million, Ransomware Group Stages FBI Takedown

The ransomware group responsible for facilitating a huge attack against a US prescription drug company for $22 million has gone dark, days after receiving the payment and standing accused of scamming their own affiliate out of their share of the gains. Days after the payment was made, AlphV’s public website started displaying a message saying it had been seized by the FBI as part of an international law enforcement action. Ransomware researchers have since said that it has not actually been seized, but appears to be a ploy to exit scam affiliates of the ransomware group. This proves the old adage that there really is no honour among thieves.

Source: [Ars Technica]

Cyber Attacks Remain Chief Concern for Businesses

A recent report has underscored the growing concern among UK corporate businesses regarding cyber attacks as the primary fraud threat in the upcoming year, with 73% of respondents expressing worry. As businesses grapple with the shift to hybrid and remote work models, ensuring robust counter-fraud measures and internal controls is imperative to safeguarding workforces regardless of location. This situation emphasises the critical importance of investing in employee training to combat evolving fraud threats. It highlights the far-reaching consequences that fraud can have on organisations and underscores the necessity of fostering an anti-fraud culture across all levels of the enterprise.

Source: [TheHRDirector]

Two New Ransomware Groups Join Forces to Launch Joint Attacks

Two ransomware groups, Ghostsec and Stormous, have joined forces to conduct double extortion ransomware attacks on various businesses across multiple countries. As part of this, their new ransomware-as-a-service (RaaS) program, STMX_GhostLocker, provides various options for their affiliates. GhostSec is already part of a coalition called the five families, involving 4 other entities. The group ventured into RaaS last year, offering services for as little as $269.99 per month.

Source: [The Hacker News]

Governance, Risk and Compliance

• FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week

• 1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)

• Cyber attacks remain chief concern for businesses | theHRD (thehrdirector.com)

• Companies Are Already Not Complying With The New SEC Cyber Security Incident Disclosure Rules (forbes.com)

• What Cyber Security Chiefs Need From Their CEOs (darkreading.com)

• Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)

• The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly

• NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com

• CISOs Tackle Compliance With Cyber Guidelines (informationweek.com)

• Are C-suite executives cyber security's weakest link? (securitybrief.co.nz

• 30 years of the CISO role – how things have changed since Steve Katz | CSO Online

• How to create an efficient governance control program - Help Net Security

• Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)

• Resilience is built on a solid framework | Professional Security

• Cyber Insights 2024: A Dire Year for CISOs? - Security Week

• Cyber Pros’ Knowledge Gaps Lead to Errors | MSSP Alert

• Research finds that cyber security leaders are taking on multiple roles | Security Magazine

• How Security Leaders Can Break Down Barriers to Enable Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)

• FBI: US Ransomware Losses Surge 74% to $59.6 Million in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• Report: Average Initial Ransomware Demand in 2023 Reached $600K - Security Boulevard

• What’s Fueling the Ransomware Epidemic? | Symantec Enterprise Blogs (security.com)

• Banning ransomware payments back on the agenda | Computer Weekly

• BlackCat Goes Dark After Ripping Off Change Healthcare Ransom (darkreading.com)

• Inside an Alphv/BlackCat ransomware attack | TechTarget

• Healthcare facing record ransom as cyber criminals continue to target sector - Emerging Risks Media Ltd

• Uncle Sam intervenes in Change Healthcare ransomware fiasco • The Register

• Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (thehackernews.com)

• Capita drops 18% on £107m loss as financial impact of cyber attack is revealed | LSE:CPI (proactiveinvestors.co.uk)

• US cyber and law enforcement agencies warn of Phobos ransomware attacks (securityaffairs.com)

• Experts echo calls for ransomware ban as LockBit rallies • The Register

• Government urged to ban ransom payments to cyber criminals (computing.co.uk)

• LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage (securityaffairs.com)

• Ransomware spikes against critical infrastructure, says FBI • The Register

• Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security

• Government was third-largest ransomware target last year: FBI - Defense One

• JetBrains TeamCity under attack by ransomware thugs • The Register

Ransomware Victims

• A Deep Dive into the 2024 Prudential and LoanDepot Breaches - Security Boulevard

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• After collecting $22 million, AlphV ransomware group stages FBI takedown | Ars Technica

• Change Healthcare hack cripples payment systems across health providers - The Washington Post

• Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED

• Capita raises threat of further job cuts under plans to save another £100m | BelfastTelegraph.co.uk

• Capita drops 18% on £107m loss as financial impact of cyber attack is revealed | LSE:CPI (proactiveinvestors.co.uk)

• Fidelity Investments Notifying 28,000 People of Data Breach - Fidelity Investments Notifying 28,000 People of Data Breach - Security Week

• First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)

• UnitedHealth's cyber attack should be a 'wake-up call' for healthcare (yahoo.com)

• Ransomware Attackers Leak Sensitive Swiss Government Documents, Login - Infosecurity Magazine (infosecurity-magazine.com)

• Security leaders weigh in on the recent UnitedHealth cyber attack | Security Magazine

• LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage (securityaffairs.com)

• Canada's anti-money laundering agency offline after cyber attack (bleepingcomputer.com)

• Uncle Sam intervenes in Change Healthcare ransomware fiasco • The RegisterFidelity Investments Notifying 28,000 People of Data Breach - Security Week

• Duvel says it has "more than enough" beer after ransomware attack (bleepingcomputer.com)

• Thousands of Dutch passports stolen in ransomware attacks available on dark web | NL Times

• Corporate Greed Made the Change Healthcare Cyber attack Worse (nymag.com)

• Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)

• Possible China link to Change Healthcare ransomware attack • The Register

• Action needed to avoid repeat of Southern Water cyber attack - Utility Week

Phishing & Email Based Attacks

• Phishing attacks up 40 percent in 2023 (betanews.com)

• Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)

• How attackers leverage social engineering for greater scamming success | CSO Online

• Cyber Criminals Spoof US Government Organisations in BEC, Phishing Attacks - Security Week

• Annual State of Email Security by the Numbers - Security Boulevard

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• AI worm that infects computers and reads emails created by researchers | The Independent

• 95% believe LLMs making phishing detection more challenging - Help Net Security

• Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes - Help Net Security

• Kaspersky spam and phishing report for 2023 | Securelist

Other Social Engineering

• How attackers leverage social engineering for greater scamming success | CSO Online

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• The Rise of Social Engineering Fraud in Business Email Compromise (darkreading.com)

Artificial Intelligence

• Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)

• AI tools put companies at risk of data exfiltration - Help Net Security

• Don't Give Your Business Data to AI Companies (darkreading.com)

• Act now to stop WordPress and Tumblr selling your content to AI firms • Graham Cluley

• GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)

• Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch

• Self-Propagating Worm Created to Target Generative AI Systems - Infosecurity Magazine (infosecurity-magazine.com)

• The Future Of AI And ML In Cyber Security (forbes.com)

• AI worm that infects computers and reads emails created by researchers | The Independent

• 95% believe LLMs making phishing detection more challenging - Help Net Security

• Immediate AI risks and tomorrow's dangers - Help Net Security

• Defence: Leonardo CEO says stupidity poses a bigger threat than AI (cnbc.com)

2FA/MFA

• Google and Meta users see their 2FA security codes leaked online - Root-Nation.com

Malware

• No “Apple magic” as 11% of macOS detections last year came from malware | Malwarebytes

• Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update

• GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)

• Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware (thehackernews.com)

• Linux variant of BIFROSE RAT uses deceptive domain strategies (securityaffairs.com)

• Self-Propagating Worm Created to Target Generative AI Systems - Infosecurity Magazine (infosecurity-magazine.com)

• New Linux malware found targeting mobile networks across the world | TechRadar

• ScreenConnect flaws exploited to drop new ToddleShark malware (bleepingcomputer.com)

• Malware is coming for your ChatGPT credentials • The Register

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week

• Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence - Infosecurity Magazine (infosecurity-magazine.com)

• AI worm that infects computers and reads emails created by researchers | The Independent

• New WogRAT malware abuses online notepad service to store malware (bleepingcomputer.com)

• Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)

• Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)

Mobile

• Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)

• Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update

• Apple warns of increased iPhone security risks | Computerworld

• The Privacy Danger Lurking in Push Notifications | WIRED

• Android's March 2024 Update Patches Critical Vulnerabilities - Security Week

• CISA Adds Android Pixel and Sunhillo Sureline Bugs to Its Known Exploited Vulnerabilities Catalog

• The Importance of Cyber security for Your Smart Devices | HackerNoon

• Phone hacking is a real danger. How to keep your data, location secure (usatoday.com)

Denial of Service/DoS/DDOS

• DDoS Attacks on Financial Services Industry Up 154%, According to New FS-ISAC/Akamai Report (prnewswire.com)

Internet of Things – IoT

• Someone is hacking 3D printers to warn owners of a security flaw (bitdefender.com)

• Popular doorbell camera brands contain security flaws, making them easy to hack: Report  | The Hill

• NCSC flags up cyber security for connected places | UKAuthority

• The Importance of Cyber Security for Your Smart Devices | HackerNoon

• This $4 Billion Car Surveillance Startup Says It Cuts Crime. But It Likely Broke The Law. (forbes.com)

• Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (bleepingcomputer.com)

Data Breaches/Leaks

• The State Of Cyber Security (Part One): Why Are There Still So Many Data Breaches? (forbes.com)

• A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch#

• American Express credit cards exposed in third-party data breach (bleepingcomputer.com)

• Fidelity Investments Notifying 28,000 People of Data Breach - Security Week

• AI tools put companies at risk of data exfiltration - Help Net Security

• 4 Instructive Postmortems on Data Downtime and Loss (thehackernews.com)

Organised Crime & Criminal Actors

• FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week

• 2023 FBI Internet Crime Report reported cyber crime losses reached $12.5 billion in 2023 (securityaffairs.com)

• $12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire

• Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)

• Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• $12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire

• Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• Crypto fraud in 2023: How can security teams fight (securityintelligence.com)

Insider Risk and Insider Threats

• Comms Business - Insider threat main concern among mid-market firms

• Current workforce trends feed into rising cyber security risks | TechRadar

• Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison - Security Week

• Army Vet Spills National Secrets to Fake Ukrainian Girlfriend (darkreading.com)

• Chinese engineer accused of stealing Google's GPU and TPU secrets, transferring them to China-based startups | Tom's Hardware (tomshardware.com)

Supply Chain and Third Parties

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• Capita plans £100 million in cost cuts as it continues to grapple with 2023 cyber attack | ITPro

• First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)

• American Express credit cards exposed in third-party data breach (bleepingcomputer.com)

• Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)

• Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)

• Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)

Cloud/SaaS

• 10 Essential Processes for Reducing the Top 11 Cloud Risks (darkreading.com)

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• Securing Perimeter Products Must Be a Priority, Says NCSC - Infosecurity Magazine (infosecurity-magazine.com)

Identity and Access Management

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security

Encryption

• Preparing for the post-quantum cryptography environment today | CSO Online

Linux and Open Source

• Open source vulnerabilities dominated 2023, and this year looks no different | ITPro

• Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week

• Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)

• Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Hacked WordPress sites use visitors' browsers to hack other sites (bleepingcomputer.com)

• Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)

• Malware is coming for your ChatGPT credentials • The Register

• Stolen passwords are a hacker goldmine now, CrowdStrike and IBM find (axios.com)

• Passwords are Costing Your Organisation Money - How to Minimize Those Costs (bleepingcomputer.com)

• Poor Credential Hygiene - Security Boulevard

• US State AGs tell Meta to fix rampant account takeovers • The Register

Social Media

• Google and Meta users see their 2FA security codes leaked online - Root-Nation.com

• IP address X-posure now a feature on Twitter • The Register

• “Technical Issue” Takes Facebook Offline, Offers No Cyber Security Reassurance | MSSP Alert

• Facebook and Instagram Overrun by Account Hackers, States Warn (bloomberglaw.com)

• Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)

• Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say | WIRED

• US State AGs tell Meta to fix rampant account takeovers • The Register

Training, Education and Awareness

• In the News | Equip and Educate Students to Combat Cyberthreats - Security Boulevard

Regulations, Fines and Legislation

• Companies Are Already Not Complying With The New SEC Cyber Security Incident Disclosure Rules (forbes.com)

• EU council welcomes cyber solidarity act agreement (verdict.co.uk)

• The modern CISO's guide to navigating new SEC cyber regulations (betanews.com)

• Five Unintended Consequences of the New SEC Cyber Security Disclosure Rule - Security Boulevard

• Navigating regulation challenges for protecting sensitive healthcare data - Help Net Security

Models, Frameworks and Standards

• NIST Cyber Security Framework 2.0: 4 Steps to Get Started (darkreading.com)

• NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com

• CIS RAM (Risk Assessment Method) (cisecurity.org)

Data Protection

• Charity has 30 days to stop spamming thousands for donations • The Register

• This $4 Billion Car Surveillance Startup Says It Cuts Crime. But It Likely Broke The Law. (forbes.com)

Careers, Working in Cyber and Information Security

• 11 Top Cyber Security Certifications to Consider In 2024 (datamation.com)

• Cyber and gender | Professional Security

• Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)

Law Enforcement Action and Take Downs

• Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)

• A cyber criminal is sentenced, will it make a difference? - Help Net Security

• Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison - Security Week

• Nigerian National Pleads Guilty of Conspiracy in BEC Operation (darkreading.com)

Misinformation, Disinformation and Propaganda

• Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC (bleepingcomputer.com)

• The man who tricked Nazi Germany: lessons from the past on how to beat disinformation | Books | The Guardian

• Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch

• Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Focus on cyber operations that cause physical damage is not enough | International Committee of the Red Cross (icrc.org)

• Cyber threats impacting the safety and dignity of civilians in conflict | International Committee of the Red Cross (icrc.org)

Nation State Actors

• Complete Guide to Advanced Persistent Threat (APT) Security - Security Boulevard

China

• Chinese nation state actors to ramp up cyber espionage attempts in 2024 - IT Security Guru

• We’re Slowly Learning About China’s Extensive Hacking Network | Mind Matters

• Taiwan's Biggest Telco Breached by Suspected Chinese Hackers (darkreading.com)

• Possible China link to Change Healthcare ransomware attack • The Register

• A New Wave of Cyber Attacks: Five Actions to Take Now | IndustryWeek

• Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)

• Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol and sex | AP News

Russia

• The Five Bears: Russia's Offensive Cyber Capabilities (greydynamics.com)

• A Silent World War – Russia’s Cyberwar Against the West (kyivpost.com)

• Germany Urged to Tighten Security After Russia Leaked Classified Information - Bloomberg

• Germany to investigate Russia’s interception of military talks on Ukraine | Germany | The Guardian

• Ukraine intel says its hackers obtained Russian Defence Ministry's classified documents - Euromaidan Press

• Valuable Russian Military Documents Exposed: Report (newsweek.com)

• Focus on cyber operations that cause physical damage is not enough | International Committee of the Red Cross (icrc.org)

• Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard

North Korea

• Lazarus Group observed exploiting an admin-to-kernel Windows zero-day | SC Media (scmagazine.com)

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)

• North Korea hacks two South Korean chip firms to steal engineering data (bleepingcomputer.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Banks face ‘hacktivist’ cyber attacks (fnlondon.com)

• Hacktivist Collective NoName057(16) Strikes European Targets - Infosecurity Magazine (infosecurity-magazine.com)

• 'The Weirdest Trend in Cyber Security': Nation-States Returning to USBs (darkreading.com)

• Four internet cables cut in Red Sea in 'exceptionally rare' incident | Fortune

• Predator spyware endures even after widespread exposure, analysis shows | CyberScoop

Vulnerability Management

• Firms Still Threatened by Old Vulnerabilities (govinfosecurity.com)

• Open source vulnerabilities dominated 2023, and this year looks no different | ITPro

• Organisations are knowingly releasing vulnerable applications - Help Net Security

• Securing Perimeter Products Must Be a Priority, Says NCSC - Infosecurity Magazine (infosecurity-magazine.com)

• Enhancing security through proactive patch management - Help Net Security

Vulnerabilities

• Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws (securityaffairs.com)

• ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)

• North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• Hackers exploited Windows 0-day for 6 months after Microsoft knew of it | Ars Technica

• CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog (securityaffairs.com)

• Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (thehackernews.com)

• VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica

• VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (thehackernews.com)

• VMWare Urges Users to Uninstall EAP Immediately - Security Boulevard

• Cisco Patches High-Severity Vulnerabilities in VPN Product - Security Week

• Critical TeamCity flaw now widely exploited to create admin accounts (bleepingcomputer.com)

• Critical TeamCity Bugs Endanger Software Supply Chain (darkreading.com)

• Android's March 2024 Update Patches Critical Vulnerabilities - Security Week

• CISA Warns of Pixel Phone Vulnerability Exploitation - Security Week

Tools and Controls

• Why cyber maturity assessment should become standard practice - Help Net Security

• 1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)

• The Ultimate Guide to Threat Detection, Investigation, and Response (TDIR) (govinfosecurity.com)

• The Future Of AI And ML In Cyber Security (forbes.com)

• The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly

• What Is A Cyber Incident Response Policy? - Security Boulevard

• Cyber Criminals Using Novel DNS Hijacking Technique for Investment Scams (thehackernews.com)

• Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)

• Resilience is built on a solid framework | Professional Security

• Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)

• The critical role of DNS in cyber security and digital thriving | TechRadar

• 5 ways to keep API integrations secure - Help Net Security

• Reduce the Attack Surface | Dell USA

• What is Advanced Threat Protection and How to Use It in Your Business - Security Boulevard

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• How To Close The DevSecOps Cyber Security Skills Gap And Boost Security (forbes.com)

Reports Published in the Last Week

• Kaspersky spam and phishing report for 2023 | Securelist

Other News

• Banks face ‘hacktivist’ cyber attacks (fnlondon.com)

• White Hats on Offensive Against Black Hat Hackers: Report (technewsworld.com)

• UK altnets call for action after attacks on fibre infrastructure | Computer Weekly

• Securing the future: Addressing cyber security challenges in the education sector - Help Net Security

• The 3 most common post-compromise tactics on network infrastructure (talosintelligence.com)

• What is Micro Breaching? - Security Boulevard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.