Black Arrow Cyber Threat Briefing 12 July 2024

14 Jul

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Study Reveals UK Businesses at Risk from Imminent Cyber Attacks

A recent report by Cloudflare reveals that 70% of UK business leaders anticipate a cyber security incident within the next year, yet only 35% feel adequately prepared. The survey, involving over 4,000 business and technology leaders across Europe, highlights that 48% of UK organisations have faced a cyber security incident in the past 12 months, the highest in Europe. 80% of UK leaders report an increase in cyber incidents, with 60% expecting this trend to continue.

The Escalating War Against Email-Based Espionage and Fraud

A recent report highlights the rapid rise in email-based cyber crime, with cyber criminals sending an estimated 3.4 billion malicious emails daily, contributing to over $43 billion in business email compromise losses since 2016. Traditional email security measures are proving inadequate, prompting the need for proactive solutions like DMARC (Domain-based Message Authentication, Reporting & Conformance). Acting as an identity check for emails, DMARC can reduce email impersonation threats by over 90% when enforced correctly. However, global adoption remains slow at 30%, hindered by perceived complexity. New zero-trust email authentication tools are simplifying deployment, promising faster and more effective domain protection.

Trade the Comfort of Security Theatre for True Security

A recent article highlights the prevalence of "security theatre," where companies focus on creating an illusion of robust cyber security rather than implementing substantial defensive measures. Despite these superficial efforts, organisations continue to face lawsuits, fines, and regulatory scrutiny over their inadequate data protection practices. The article underscores the need for genuine cyber security programmes, driven by actual risk mitigation to protect against the rising tide of cyber threats rather than marketing tactics and checklist compliance. Regulatory bodies in the EU and the US are intensifying their focus, with fines reaching up to 7% of global revenue for breaches.

Traditional Cyber Security Measures are No Longer Enough

A recent report by LogRhythm highlights that traditional cyber security measures are insufficient against sophisticated AI-powered attacks, necessitating agile and adaptive strategies. According to the 'State of the Security Team’ report, 95% of companies adjusted their security strategies in the past year due to evolving threats, regulatory changes, and AI adoption. Additionally, 78% of professionals now hold cyber security leaders and CEOs accountable for breaches. The widespread adoption of cloud computing and remote work has expanded the attack surface, underscoring the need for robust cloud security practices, comprehensive security training, and advanced threat detection technologies.

Threats to NATO Countries Escalate, as NATO Outlines Internet Doomsday Plan

A Mandiant report reveals increasing cyber attack risks for NATO countries from state-sponsored actors, hacktivists, and criminals. Russia’s invasion of Ukraine drives many attacks, while China's espionage targets NATO intel and trade secrets. Cyber threats extend beyond military targets, impacting hospitals and civil infrastructure, with ransomware attacks on healthcare and government services escalating due to lax cyber crime enforcement.

NATO has recently outlined plans to safeguard subsea internet cables, a favoured target of nation state actors, and the data carried by these cables by rerouting to satellites in case of disruptions. This system, part of the HEIST project, involves researchers from the US, Iceland, Sweden, and Switzerland, supported by NATO's Science for Peace and Security Programme. By detecting disturbances in undersea cables and ensuring uninterrupted communication, the project addresses heightened concerns over global instability and threats to critical infrastructure.

In Ransomware Attacks, Expect to Lose 43 Percent of Affected Data Even if You Pay

A recent report by Veeam highlights the pervasive threat of ransomware, with the endemic impacting 3 out of 4 organisations in 2023. In many cases only 57% of compromised data was recoverable, leaving 43% lost. The report indicates that 81% of affected organisations paid ransoms, yet one-third failed to recover their data even after paying. Additionally, 63% of organisations risk reintroducing infections during recovery due to pressure to restore quickly. Despite increased focus on cyber preparedness, 63% of organisations find their backup and cyber teams misaligned.

New Ransomware Scam Will Hassle You with Phone Calls Until You Pay Up

A recent report reveals that a new ransomware group, Volcano Demon, has emerged, harassing its victims via phone until payment is made. The group has targeted several organisations in the past weeks, deploying an encryptor named LukaLocker. This ransomware maps and exfiltrates sensitive files before encrypting them, adding a .nba extension, which works on both Windows and Linux systems. Notably, Volcano Demon does not operate a data leak site but instead directly contacts company leadership to negotiate payments, often using threatening tones. Additionally, LukaLocker can disable most antivirus processes and clear logs, complicating forensic investigations. Limited logging and monitoring solutions among victims exacerbate the issue.

China's APT40 Gang is Attacking Vulnerabilities Within Hours of Public Release

A recent advisory led by Australia, with contributions from seven other nations, details the sophisticated methods of the China-aligned threat actor APT40, also known as Kryptonite Panda and Gingham Typhoon. This state-sponsored group is adept at exploiting new vulnerabilities within hours, as well as targeting unpatched systems dating back to 2017 such as Log4J and Microsoft Exchange. APT40 employs compromised devices, including small-office/home-office equipment, to launch attacks, masking their activities as legitimate traffic. The advisory recommends basic cyber security practices like logging, patch management, and network segmentation to defend against APT40's persistent threats.

New Survey: Generative AI and Phishing Concerns, Employees Put Corporate Data at Risk

A study by Censuswide reveals that 74% of security professionals express confidence in their IT departments, yet over half have experienced a data breach recently. The misuse of generative AI, particularly deepfake phishing attacks, is cited as a significant threat. All types of phishing, along with poor software design, ransomware, and zero-day threats are top concerns, with 55% of experts admitting to not conducting regular security audits. Cloud security issues, especially incorrectly set identity and access management policies, are also highlighted. Additionally, trust in employees is dwindling, with 63% of IT security decision-makers in the UK and US expecting remote workers to put corporate data at risk. Notably, 55% reported these workers have knowingly jeopardised data security, and 73% lack the necessary skills and technology to keep data safe. This underscores the urgent need for improved training and robust security measures.

The Urgent Need for Digital Executive Protection: A CEO’s Perspective

A recent article highlights the urgent need for Digital Executive Protection amidst increasing cyber threats. Cyber criminals are now targeting executives personally, endangering both their personal integrity and their companies' credibility and market perception. A cyber attack on a CEO can lead to severe consequences, including data breaches and financial losses. The sophistication of phishing attempts, ransomware, and social engineering tactics demands advanced security measures tailored for high-value targets. By prioritising their own digital security, executives can ensure business continuity, safeguard confidential information, and set a precedent for a robust corporate security posture, thereby protecting both their personal and professional integrity.

Businesses Must do Better to Understand Complexity of Business Email Compromise

A recent report highlights Business Email Compromise (BEC) as one of the most financially damaging cyber threats. BEC attacks, involving impersonation schemes where cyber criminals masquerade as trusted entities, are increasing in frequency and sophistication. The FBI’s Internet Crime Complaint Center reports annual economic losses from BEC attacks in the billions of dollars. Organisations must enhance their understanding and defences against BEC to protect their assets, reputation, and operations from severe financial losses and regulatory penalties.

Ransomware Surges Annually Despite Law Enforcement Takedowns

A recent report by Symantec reveals a 9% year-on-year increase in ransomware attacks advertised on leak sites in Q1 2024, with 962 claimed attacks. Despite law enforcement actions against major groups like ALPHV/BlackCat and LockBit, the latter remains the top threat, responsible for over 20% of all claimed attacks. Known vulnerabilities continue to be the primary vector for these attacks.

Sources:

https://itsecuritywire.com/news/new-cloudflare-study-reveals-the-extent-that-uk-businesses-are-at-risk-from-imminent-cyberattacks-over-the-next-12-months/

https://www.afcea.org/signal-media/cyber-edge/escalating-war-against-email-based-espionage-and-fraud

https://www.darkreading.com/cyber-risk/trade-the-comfort-of-security-theater-for-true-security

https://www.techradar.com/pro/traditional-cybersecurity-measures-are-no-longer-enough

https://www.msspalert.com/brief/escalating-cyber-threats-faced-by-nato-countries

https://www.tomshardware.com/tech-industry/nato-outlines-internet-doomsday-plan

https://www.ecampusnews.com/cybersecurity/2024/07/05/ransomware-data-loss-cyberattacks-higher-education/

https://www.techradar.com/pro/security/this-new-ransomware-scam-will-hassle-you-with-phone-calls-until-you-pay-up

https://www.theregister.com/2024/07/09/apt_40_tradecraft_advisory/

https://www.notebookcheck.net/Generative-AI-and-phishing-lead-concerns-in-new-cybersecurity-experts-survey.857045.0.html

https://www.thehrdirector.com/business-news/security/fears-escalate-employees-will-put-corporate-data-risk/

https://securityboulevard.com/2024/07/the-urgent-need-for-digital-executive-protection-a-ceos-perspective/

https://www.reinsurancene.ws/businesses-must-do-better-to-understand-complexity-of-business-email-compromise-gc/

https://www.infosecurity-magazine.com/news/ransomware-surges-2024-law/

Governance, Risk and Compliance

Traditional cyber security measures are no longer enough | TechRadar

Cloudflare Study: UK Businesses are at Risk of Cyber Attacks (itsecuritywire.com)

The Escalating War Against Email-Based Espionage and Fraud | AFCEA International

5 Key Questions CISOs Must Ask Themselves About Their Cyber Security Strategy (thehackernews.com)

Cyber security pros don't like being ignored (betanews.com)

Trade the Comfort of Security Theater for True Security (darkreading.com)

The Urgent Need for Digital Executive Protection: A CEO's Perspective - Security Boulevard

More than a CISO: the rise of the dual-titled IT leader | CSO Online

Cyber Threats And The Growing Complexity Of Cyber Security And IT Infrastructure Management (forbes.com)

Survey Sees Modern CISOs Becoming More Comfortable With Risk - Security Boulevard

A CISO's Guide to Avoiding Jail After a Breach (darkreading.com)

5 Steps CISOs Can Take to Ensure Resilience (informationweek.com)

It’s Time to Reassess Your Cyber Security Priorities - Security Week

Three pillars of cyber | Professional Security

The Future Of Cyber Security: Emerging Threats And How To Combat Them (forbes.com)

Top priorities for compliance leaders this year - Help Net Security

Deconstructing Security Assumptions to Ensure Future Resilience (darkreading.com)

Managing cyber attack fallout: Financial and operational damage - Help Net Security

Cyber attacks to increase as technology aids criminals - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

Applying Bloch’s Philosophy to Cyber Security - Security Boulevard

Cyber Security Success Hinges on Leadership, Not Just Tech (inforisktoday.com)

Cyber – unsung hero of business | Professional Security

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The Escalating War Against Email-Based Espionage and Fraud | AFCEA International

Escalating Cyber Threats Faced by NATO Countries | MSSP Alert

NATO members increasingly targeted by state-sponsored cyber attacks | SC Media (scmagazine.com)

NATO countries can ask for protection under Article 5 in case of Russian hybrid or cyber attacks / The New Voice of Ukraine (nv.ua)

NATO outlines Internet doomsday plan — researching tech to reroute subsea Internet traffic via satellite in case of attack | Tom's Hardware (tomshardware.com)

Allies Agree New NATO Integrated Cyber Defence Center – Eurasia Review

How nation-state cyber attacks disrupt public services and undermine citizen trust - Help Net Security

Allies Agree New NATO Integrated Cyber Defence Center – Eurasia Review

Leveraging Social Engineering for Successful Cyber Operations: Enhancing the Minds of Decision-Makers | AFCEA International

Nation State Actors

China

China’s APT40 gang can attack new vulns within hours • The Register

A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too - The New York Times (nytimes.com)

OpenAI was hacked, revealing internal secrets and raising national security concerns — year-old breach wasn't reported to the public | Tom's Hardware (tomshardware.com)

Eight Nations Issue Warning About Speed Of Chinese Hackers’ Operations (forbes.com)

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk (thehackernews.com)

Australia accuses China-backed hackers of breaching government networks (ft.com)

Mandiant Highlights Russian and Chinese Cyber Threats to NATO on Eve of 75th Anniversary Summit - Security Week

Global Coalition Blames China’s APT40 for Hacking Government Networks - Security Week

China-Made Tech Discovered at Taiwanese Army Base (thedefensepost.com)

Germany finally gets round to banning Huawei, sort of (telecoms.com)

Chinese cyber agency accused of 'false and baseless' claims about US interfering in Volt Typhoon research (therecord.media)

Russia

Russian-Linked Cyber Campaigns Put a Bull’s-Eye on France. Their Focus? The Olympics and Elections | Pulitzer Center

A recent Microsoft data breach also let Russian hackers compromise US federal agencies | TechRadar

Teamviewer Discloses Investigation Update Following Cyber Attack (cybersecuritynews.com)

Mandiant Highlights Russian and Chinese Cyber Threats to NATO on Eve of 75th Anniversary Summit - Security Week

How Disinformation From a Russian AI Spam Farm Ended up on Top of Google Search Results | WIRED

Russian Media Uses AI-Powered Software to Spread Disinformation - Infosecurity Magazine (infosecurity-magazine.com)

The Stark Truth Behind the Resurgence of Russia’s Fin7 – Krebs on Security

Feds Uncover Sprawling, GenAI-Enabled Russian Troll Farm (darkreading.com)

CloudSorcerer hackers abuse cloud services to steal Russian govt data (bleepingcomputer.com)

New APT Group "CloudSorcerer" Targets Russian Government Entities (thehackernews.com)

French political turmoil, cyber attacks and protests threaten to disrupt Olympics (inews.co.uk)

US intel officials: Kremlin once again prefers Trump | CyberScoop

Microsoft emails that warned customers of Russian hacks criticized for looking like spam and phishing | TechCrunch

Intelligence on Russian sabotage threat prompted increase in security at US military bases in Europe | CNN Politics

Alert Level Raised at US Bases in Europe Over Russian Threats - The New York Times

North Korea

Japan warns of attacks linked to North Korean Kimsuky hackers (bleepingcomputer.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Heritage Foundation Exec Threatens 'Gay Furry Hackers' in Unhinged Texts (rollingstone.com)

'Gay furry hackers' take credit for Project 2025 cyber attack (thepinknews.com)

Furry Hackers SiegedSec Suspended from X Amid Leak Spree (dailydot.com)

Tools and Controls

Why Firewalls Are Not Enough in Today’s Cyber Security Landscape | MSSP Alert

5 Key Questions CISOs Must Ask Themselves About Their Cyber Security Strategy (thehackernews.com)

Cloudflare blames recent outage on BGP hijacking incident (bleepingcomputer.com)

Cyber Security 101: MDR vs. XDR | MSSP Alert

Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers - MacRumors

Blueprint for Success: Implementing a CTEM Operation (thehackernews.com)

Human Vigilance is Required Amid AI-Generated Cyber Security Threats - Security Boulevard

How API attacks work, plus 5 common types | TechTarget

Selfie-based authentication is on the rise, alarming security experts | TechSpot

The Crucial Role Of Browser Context In Modern Cyber Security (forbes.com)

Training, awareness key to preventing cyber attacks | Country 94

Survey Sees Modern CISOs Becoming More Comfortable With Risk - Security Boulevard

5 Steps CISOs Can Take to Ensure Resilience (informationweek.com)

How Observability Leads to Better Cyber Security | eWEEK

NATO outlines Internet doomsday plan — researching tech to reroute subsea Internet traffic via satellite in case of attack | Tom's Hardware (tomshardware.com)

Deconstructing Security Assumptions to Ensure Future Resilience (darkreading.com)

Cyber Insurance Prices Plummet as Market Competition Grows (darkreading.com)

2024 SANS SOC Survey Reveals Critical Trends and Technologies in Cyber Defence (darkreading.com)

ChatGPT 4 exploits 87% of vulnerabilities (devx.com)

When implementing AI, first train your managers | ZDNET

Real criminals, fake victims: how chatbots are being deployed in the global fight against phone scammers | Artificial intelligence (AI) | The Guardian

Fake network traffic is on the rise — here's how to counter it | CSO Online

Self-service password reset: How the cure could introduce more security ills (betanews.com)

Strengthening cyber security preparedness with defence in depth - Help Net Security

Navigating Europe’s digital identity crossroads • The Register

Do you need antivirus on Linux? | ZDNET

How to Create a Vendor Risk Management Process | UpGuard

Other News

39% of MSPs report major setbacks when adapting to advanced security technologies (securityintelligence.com)

Euro 2024 Becomes Latest Sporting Event to Attract Cyber Attacks (darkreading.com)

Cyber Security Checklist: Preparing Your Devices for Summer Travel - Security Boulevard

Halton Council 'at mercy of criminal hacker gangs' - report - BBC News

The Future Of Cyber Security: Emerging Threats And How To Combat Them (forbes.com)

Russian-Linked Cyber Campaigns Put a Bull’s-Eye on France. Their Focus? The Olympics and Elections | Pulitzer Center

Labour’s next steps: Cyber security, AI, & Open-Source industry leaders weigh in (techinformed.com)

Microsoft’s cyber security dilemma: An open letter to Satya Nadella - Help Net Security

Checking in on the state of cyber security and the Olympics (talosintelligence.com)

MSPs confident they can fend off cyber threat | Microscope (computerweekly.com)

From Iron Dome To Cyber Dome: Defending Israel’s Cyber Space – Analysis – Eurasia Review

'Gay furry hackers' take credit for Project 2025 cyber attack (thepinknews.com)

Why 'change' for the UK must include cyber security (computing.co.uk)

Is Your Gaming Setup Safe? Gaming Security Musts (cgmagonline.com)

Protecting against cyber attacks in space (mybroadband.co.za)

Vulnerability Management

China’s APT40 gang can attack new vulns within hours • The Register

Ransomware gangs increasingly exploiting vulnerabilities | TechTarget

Blueprint for Success: Implementing a CTEM Operation (thehackernews.com)

ChatGPT 4 exploits 87% of vulnerabilities (devx.com)

Introducing a New Vulnerability Class: False File Immutability — Elastic Security Labs

What's Bugging the NSA? A Vuln in Its 'SkillTree' Training Platform (darkreading.com)

Vulnerabilities

Attackers Already Exploiting Flaws in Microsoft's July Security Update (darkreading.com)

‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans - Security Boulevard

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack - Help Net Security

US CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog (securityaffairs.com)

The Windows Security Updates of July 2024 are now available - gHacks Tech News

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited (thehackernews.com)

Microsoft Warns of Windows Hyper-V Zero-Day Being Exploited - Security Week

Blast RADIUS attack can bypass authentication for clients • The Register

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk (thehackernews.com)

Citrix Patches Critical NetScaler Console Vulnerability - Security Week

Veeam flaw becomes malware target a year after patching • The Register

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it | Ars Technica

Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool - Security Week

Bust this Ghostscript bug or risk a big breach, say experts • The Register

Apache fixed a source code disclosure flaw in Apache HTTP Server (securityaffairs.com)

PoC Exploit Released for HTTP File Server Remote Code Execution Vulnerability (cybersecuritynews.com)

MongoDB Compass Code Injection Flaw Exposes Systems to Hacking (cybersecuritynews.com)

New Ransomware Group Exploiting Veeam Backup Software Vulnerability (thehackernews.com)

Adobe Issues Critical Patches for Multiple Products, Warns of Code Execution Risks - Security Week

Cisco Warns of regreSSHion RCE Impacting Multiple Products (cybersecuritynews.com)

Hackers Resurrect Internet Explorer to Attack Windows PCs (pcmag.com)

Citrix NetScaler Vulnerability Allows Attackers to Access Sensitive Information (cybersecuritynews.com)

SAP Patches High-Severity Vulnerabilities in PDCE, Commerce - Security Week

CISA Takedown of Ivanti Systems Is a Wake-up Call (darkreading.com)

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware (securityaffairs.com)

Hackers target WordPress calendar plugin used by 150,000 sites (bleepingcomputer.com)

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs (thehackernews.com)

VMware Patches Critical SQL-Injection Flaw in Aria Automation - Security Week

Introducing a New Vulnerability Class: False File Immutability — Elastic Security Labs

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin

Black Arrow Cyber Threat Briefing 12 July 2024

Top Cyber Stories of the Last Week

New Study Reveals UK Businesses at Risk from Imminent Cyber Attacks

The Escalating War Against Email-Based Espionage and Fraud

Trade the Comfort of Security Theatre for True Security

Traditional Cyber Security Measures are No Longer Enough

Threats to NATO Countries Escalate, as NATO Outlines Internet Doomsday Plan

In Ransomware Attacks, Expect to Lose 43 Percent of Affected Data Even if You Pay

New Ransomware Scam Will Hassle You with Phone Calls Until You Pay Up

China's APT40 Gang is Attacking Vulnerabilities Within Hours of Public Release

New Survey: Generative AI and Phishing Concerns, Employees Put Corporate Data at Risk

The Urgent Need for Digital Executive Protection: A CEO’s Perspective

Businesses Must do Better to Understand Complexity of Business Email Compromise

Ransomware Surges Annually Despite Law Enforcement Takedowns

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda