Black Arrow Cyber Threat Briefing 14 June 2024

16 Jun

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Phishing Attacks Targeting US and European Organisations Double

A recent report by Abnormal Security reveals a significant rise in phishing attacks targeting organisations, with Europe experiencing a 112.4% increase between April 2023 and April 2024, and the US seeing a 91.5% rise. The report, "Email Security Threats in Europe: Insights into Attack Trends," highlights that phishing, although not the most costly attack type, often serves as a gateway for further crimes. Additionally, business email compromise (BEC) attacks surged by 123.8% in Europe and 72.2% in the US, including vendor email compromise (VEC) schemes involving fraudulent payments and wire transfers.

78% of People Use the Same Password Across Multiple Accounts

A recent report from Forbes reveals troubling trends in password security. Based on a survey of 2,000 individuals, the survey found that 78% of individuals reuse passwords across multiple accounts, with 52% using the same password for at least three accounts. Notably, 22% of users do not use any safety measures to secure their passwords. Social media accounts are the most likely targets for password hacking at 29%, followed by email accounts at 15%. According to the survey respondents, the most common reason their passwords were hacked was due to weak passwords (35%) and repeated use of the same password (30%).

IT Downtime Cuts Enterprise Profit by 9%

A recent study by Splunk, titled “The Hidden Costs of Downtime,” reveals that eliminating downtime could save large enterprises $200 million annually, equivalent to a 9% increase in yearly profits. The study, conducted by Oxford Economics, found that nearly $49 million of downtime costs stem from lost revenue, with additional expenses from regulatory fines ($22 million), SLA penalties ($16 million), and legal costs ($15 million). While enterprises spend an average of $19 million on ransomware and data extortion payouts, they typically budget only $13.4 million for these incidents. Human error was identified as the leading cause of downtime, followed by malware and phishing attacks. Visibility is crucial in this context, as are risk-mitigation strategies that align with business risk objectives. Visibility serves as the basis for swift detection and response efforts, involving IT, security, and line-of-business leaders.

Financial Services, The Golden Target for Cyber Criminals

A recent IMF report highlights that the financial sector has faced over 20,000 cyber attacks, resulting in $12 billion in losses over the past 20 years. Despite being heavily regulated, the sector remains a prime target, with ransomware attacks increasing by 64% in 2023 compared to 2021. Digitalisation has introduced new vulnerabilities, particularly with unstructured data, which constitutes 80% of banks' data. Nearly 72% of businesses have over-provisioned access, leading to 78% experiencing security issues. With the average data breach costing $4.45 million and taking 204 days to detect, and only 54% of banking CEOs feeling well-prepared for cyber attacks, financial institutions must adopt stringent proven controls, foster a holistic security culture, and thoroughly test their systems, mitigate risks and protect critical data. It is essential too that financial services firms have rehearsed plans in place for what to do when incidents happen, as the even best technical controls in the world cannot stop every attack.

Forced-Labour Camps Fuel Billions of Dollars in Cyber Scams

A recent investigation revealed that Chinese crime syndicates, having shifted from illicit gambling to cyber fraud during the COVID-19 pandemic, have stolen over $64 billion through sophisticated scams, including a type of social engineering known as "pig butchering." Operating from cyber scam centres in Cambodia, Laos, and Myanmar, these syndicates exploit job seekers with the promise of well-paying jobs at reputable firms, but instead, force them into scamming roles. Despite regional government efforts, including China's law enforcement rescue of 45,000 workers, the scale of the operations remains vast. Financial institutions are urged to collaborate with law enforcement to combat these threats, as highlighted by Singapore's success in preventing $74 million in fraud through bank cooperation.

Why You Must Consider the Security Risks of BYOD

Research by the British Chambers of Commerce indicates that fewer than 30% of firms expect their workforce to be fully in-person over the next five years, prompting a shift towards hybrid and remote work models. This shift has led businesses to reduce in-office PCs, with employees often using their own laptops or devices, necessitating lightweight, powerful, and secure devices. The evolving security landscape is seeing increased phishing, quishing (tricking users with QR codes), and vishing (voice phishing) attacks targeting enterprise users, highlighting the critical need for robust security measures. While Bring Your Own Device (BYOD) policies may seem cost-effective, they pose significant security risks, including inadequate protection and potential data breaches, thus requiring careful consideration of long-term security and compliance costs. Employers are advised to invest in high-quality, secure devices to enhance employee satisfaction and maintain a secure work environment.

Cyber Criminals Work Faster Than Ever

Given the fast pace at which the threat landscape changes, it’s important to constantly monitor these changes if businesses are to have any chance of staying ahead of innovative cyber criminals. A recent report by Fortinet's FortiGuard Labs highlights the rapid evolution of the threat landscape, with cyber attacks commencing on average 4.76 days after new exploits are disclosed, a 43% increase in speed from early 2023. Notably, 98% of organisations detected vulnerabilities over five years old, emphasising the need for robust patching protocols. Additionally, 38 out of 143 Advanced Persistent Threat (APT) groups, including Lazarus and APT28, were noted as highly active. The report underscores the importance of collaboration and vigilance in cyber security efforts.

IoT Vulnerabilities Skyrocket, Becoming Key Entry Point for Attackers

A recent report by Forescout reveals a 136% surge in vulnerabilities within Internet of Things (IoT) devices, such as smart TVs, networking devices and printers, with 33% of nearly 19 million analysed devices found to be at risk, up from 14% in 2023. The riskiest devices include wireless access points, routers, printers, and IP cameras, which are frequently targeted by cyber criminals. The most vulnerable industries are technology, education, manufacturing, finance and healthcare.

Cyber Security Is a Boardroom Issue

A recent report highlights the increasing global momentum of cyber security regulations, driven by technologies such as cloud, containerisation, and artificial intelligence. These evolving regulatory initiatives in the US and EU are capturing the attention of boards of directors prompting them to prioritise cyber security, making it a central issue rather than just a CISO concern. Organisations must maintain a state of cyber readiness to prevent breaches, develop strategies to adapt to AI advancements, and balance compliance with security. This proactive approach is essential for mitigating threats and ensuring an integrated cyber security strategy. Being able to evidence that robust and appropriate controls are in place also puts Boards in a much more defensible position in the event of an incident when explaining actions to a regulator, customers or other stakeholders.

An Evolving Threat Landscape: A Battle Between Good and Evil, with Small Business Cyber Security Threats on the Rise

The recent Hiscox Cyber Readiness Report 2023 highlights that 41% of US small businesses experienced a cyber attack in the past year, often due to sophisticated digital tools like AI. Common threats include ransomware, phishing (53% of attacks), credential theft, and unpatched vulnerabilities. 43% of small businesses lack a network-based firewall, and 41% do not have data backup systems, indicating significant gaps in basic cyber security measures.

Further analysis by Sophos reveals that 75% of their 2023 cyber incident response cases involved small businesses, underscoring the urgent need for prudent cyber security investments. The commoditisation of advanced tools and the rise of 'cybercrime-as-a-service' have increased threats, with over 50% of organisations feeling outpaced by these dangers. Dark web marketplaces offer extensive tools, from ransomware to phishing kits, making cyber attacks accessible to low-skilled individuals. Organisations are urged to adopt actionable threat intelligence and robust solutions, including Managed Detection and Response (MDR), to stay ahead in the evolving cyber landscape.

Ransomware Gangs are Adopting “More Brutal” Tactics Amid Crackdowns

A recent report highlights the relentless rise of ransomware attacks, with 2023 witnessing record-breaking payments exceeding $1 billion globally. Healthcare and education sectors are frequently targeted, with 53% of ransomware attacks on small businesses originating from phishing. Despite increased police crackdowns, ransomware gangs are escalating their intimidation tactics, including direct threats and public data leaks. Notably, a 75% rise in data leak site posts was observed in 2023. Law enforcement operations like Operation Cronos and Operation Endgame are making strides in disrupting these operations, but any wins are unfortunately often short-lived. A large obstacle to reining in ransomware is the Hydra-esque nature of affiliates. After the LockBit disruption, analysts saw 10 new ransomware sites pop up almost immediately. The adaptable and proliferating nature of these gangs continues to challenge global cyber security efforts.

Sources

https://www.infosecurity-magazine.com/news/phishing-attacks-us-europe-double/

https://www.securitymagazine.com/articles/100765-78-of-people-use-the-same-password-across-multiple-accounts

https://www.cio.com/article/2142338/it-downtime-cuts-enterprise-profit-by-9-says-study-3.html

https://www.finextra.com/blogposting/26295/the-need-for-enhancing-cyber-preparedness-in-financial-institutions

https://www.finextra.com/blogposting/26288/financial-services-the-golden-target-for-cybercriminals

https://www.darkreading.com/cyber-risk/forced-labor-camps-fuel-billions-of-dollars-in-cyber-scams

https://www.infosecurity-magazine.com/opinions/security-risks-byod/

https://professionalsecurity.co.uk/products/cyber/cybercriminals-work-faster-than-ever/

https://www.infosecurity-magazine.com/news/iot-vulnerabilities-entry-point/

https://www.govinfosecurity.com/cybersecurity-now-boardroom-issue-a-25453

https://www.techradar.com/pro/an-evolving-threat-landscape-a-battle-between-good-and-evil

https://www.inc.com/hiscox/small-business-cybersecuritythreats-on-the-rise.html

https://www.wired.com/story/state-of-ransomware-2024/

Governance, Risk and Compliance

The CEO Is Next (darkreading.com)

Cyber Security Is Now a Boardroom Issue - GovInfoSecurity

The Need for Enhancing Cyber Preparedness in Financial Institutions (finextra.com)

Financial Services, the golden target for cyber criminals (finextra.com)

IT downtime cuts enterprise profit by 9%, says study | CIO

Cyber board-level reps | Professional Security

5 cyber security risks and challenges in supply chain | TechTarget

Marsh Insurance: Volume of Cyber Insurance Claims Reaches New Heights (darkreading.com)

Small Business Cyber Security Threats on the Rise | Inc.com

CISO Strategies for Navigating Expanding Cyber Security Regulations (forbes.com)

What Tech Execs Can Learn From 2023’s Most Notable Cyber Security Breaches (forbes.com)

Assigning a Monetary Value to Cyber Risk | MSSP Alert

Cyber security governance: The reality of board member liability in cyber attacks, data breaches | ITWeb

4 Ways to Help a Security Culture Thrive (darkreading.com)

Cyber Security Crunch: Building Strong Data Security Programs with Limited Resources - Insights from Tech and Financial Services Sectors | Womble Bond Dickinson - JDSupra

Cloud migration expands the CISO role yet again - Help Net Security

Here’s how to create a security culture that adheres to the new SEC regs | SC Media (scmagazine.com)

How to Create a Cyber Risk Assessment Report (cybersaint.io)

Learning From Others' Gaps in the Wake of Major Attacks (inforisktoday.com)

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

Increasing Cyber Threats from China: What Business Leaders Need to Know | American Enterprise Institute - AEI

"Epoch-Defining" Challenge! China Weaponizing Civilian Hackers Via MCF Program Creates 'Typhoon' In The West (eurasiantimes.com)

Chinese hackers breached 20,000 FortiGate systems worldwide (bleepingcomputer.com)

Chinese cyber espionage campaign targets ‘dozens’ of Western governments, Dutch officials say | CyberScoop

Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups | Trend Micro (US)

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics (thehackernews.com)

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale (thehackernews.com)

The new front in China’s cyber campaign against America (economist.com)

Kaspersky Finds 24 Flaws in Chinese Biometric Hardware Provider - Infosecurity Magazine (infosecurity-magazine.com)

22 Chinese nationals sentenced to long prison terms in Zambia for multinational cyber crimes | AP News

Russia

Microsoft Says Russia 'More Aggressive' In Cyber Space (rferl.org)

bne IntelliNews - Russian cyberwar against Ukraine and the West

Switzerland encounters rise in cyber attacks and disinformation prior to upcoming Ukraine summit (kyivindependent.com)

NATO to take tougher action on Russian spies, says Stoltenberg – POLITICO

'Sticky Werewolf' APT Stalks Aviation Sector (darkreading.com)

Pro-Russia cyber attack targets Netherlands parties on first day of European elections - JURIST - News

Pro-Russian hacker group claims responsibility for attempted cyber attacks on Irish websites (irishexaminer.com)

Russia Is Targeting Germany With Fake Information as Europe Votes | WIRED

The Paris Olympic games will likely present a high cyber risk | Security Magazine

Hundreds of Russian organisations hit with infostealer campaign | SC Media (scmagazine.com)

Putin's subs have exposed Ireland's shameless hypocrisy (telegraph.co.uk)

Tools and Controls

CISOs may be too reliant on EDR/XDR defenses | CSO Online

How to conduct an API risk assessment and improve security | TechTarget

A Third-Party Risk Management Lifecycle for Cyber Security | UpGuard

What is ELINT (electronic intelligence)? | Definition from TechTarget

9 out of 10 businesses seek AI-led threat detection and vulnerability management - IT Security Guru

What is IT incident management? | Definition from TechTarget

Strategies to Manage and Reduce Alert Fatigue in SOCs - IT Security Guru

A CISO game plan for cloud security | InfoWorld

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale (thehackernews.com)

Why SaaS Security is Suddenly Hot: Racing to Defend and Comply (thehackernews.com)

Marsh Insurance: Volume of Cyber Insurance Claims Reaches New Heights (darkreading.com)

Windows Security vs. Microsoft Defender: Important differences you should know | PCWorld

Assigning a Monetary Value to Cyber Risk | MSSP Alert

20 Questions To Assess Cyber Security Risks Within An Organisation (forbes.com)

Top 10 Critical Pentest Findings 2024: What You Need to Know (thehackernews.com)

Modern fraud detection need not rely on PII - Help Net Security

How to meet evolving MFA demands in the current threat landscape (bleepingcomputer.com)

The Big Question: Is the cyber market becoming too soft for the risks it writes? - Emerging Risks Media Ltd

How Enterprise Browsers Enhance Security and Efficiency (inforisktoday.com)

What is communications intelligence (COMINT)? | Definition from TechTarget

Cyber Security Consolidation Ahead: Tool Sprawl Rolls Up to Platforms | MSSP Alert

AI cyber security solutions detect ransomware in under 60 seconds (securityintelligence.com)

Why CISOs need to build cyber fault tolerance into their business - Help Net Security

What Is Attack Path Mapping? - TechRound

How PE Firm CFOs Cost-Effectively Manage Cyber Risk | Kovrr - Security Boulevard

How to Create a Cyber Risk Assessment Report (cybersaint.io)

Other News

Collaboration is Key to an Effective Security Culture - Infosecurity Magazine (infosecurity-magazine.com)

Microsoft president to testify about security lapses - Security - iTnews

Cyber attacks are hitting research institutions — with devastating effects (nature.com)

After Recall's mess, Microsoft isn't beating the security loopholes allegation any time soon - MSPoweruser

Introducing SMEs to cyber security (admin.ch)

Beware of these 7 new hacker tricks — and how to protect yourself | PCWorld

Microsoft Ignored Whistleblower Warnings Before SolarWinds Attack (pcmag.com)

Why CISOs need to build cyber fault tolerance into their business - Help Net Security

How to combat cyber threats and secure democracy in the digital age (federaltimes.com)

New Tallinn Paper focuses on Cyber Diplomacy Concepts and Practices

'I just don’t trust what you’re saying': Lawmakers grill Microsoft executive on cyber lapses - POLITICO

Microsoft in damage-control mode, says it will prioritize security over AI | Ars Technica

Microsoft now says employees will be graded on their cyber security contributions - Neowin

How PE Firm CFOs Cost-Effectively Manage Cyber Risk | Kovrr - Security Boulevard

Navigating cyber risk in the manufacturing sector | Retail Technology Review

5 Cost-Effective Cyber Security Tips To Boost Startup EBITDA (forbes.com)

Cyber Attacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine

Vulnerability Management

9 out of 10 businesses seek AI-led threat detection and vulnerability management - IT Security Guru

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools - Security Week

Solving the systemic problem of recurring vulnerabilities - Help Net Security

AI’s role in accelerating vulnerability management - Help Net Security

Vulnerabilities

Exploit for critical Veeam auth bypass available, patch now (bleepingcomputer.com)

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (bleepingcomputer.com)

Chinese hackers breached 20,000 FortiGate systems worldwide (bleepingcomputer.com)

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs (bleepingcomputer.com)

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities - Security Week

PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager (darkreading.com)

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) - Help Net Security

Cisco fixes WebEx flaw after government comms exposed • The Register

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution (thehackernews.com)

Nvidia Patches High-Severity GPU Driver Vulnerabilities - Security Week

JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens (bleepingcomputer.com)

Ransomware Group Exploits PHP Vulnerability Days After Disclosure - Security Week

Black Basta Actors Exploited Windows 0day Privilege Vulnerability (cybersecuritynews.com)

Google patches 50 Pixel security flaws, including one hackers are using in their attacks — update your phone now | Tom's Guide (tomsguide.com)

Multiple flaws in Fortinet FortiOS fixed (securityaffairs.com)

Netgear WNR614 flaws allow device takeover, no fix available (bleepingcomputer.com)

Adobe Plugs Code Execution Holes in After Effects, Illustrator - Security Week

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin

Black Arrow Cyber Threat Briefing 14 June 2024

Top Cyber Stories of the Last Week

Phishing Attacks Targeting US and European Organisations Double

78% of People Use the Same Password Across Multiple Accounts

IT Downtime Cuts Enterprise Profit by 9%

Financial Services, The Golden Target for Cyber Criminals

Forced-Labour Camps Fuel Billions of Dollars in Cyber Scams

Why You Must Consider the Security Risks of BYOD

Cyber Criminals Work Faster Than Ever

IoT Vulnerabilities Skyrocket, Becoming Key Entry Point for Attackers

Cyber Security Is a Boardroom Issue

An Evolving Threat Landscape: A Battle Between Good and Evil, with Small Business Cyber Security Threats on the Rise

Ransomware Gangs are Adopting “More Brutal” Tactics Amid Crackdowns

Sources

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Passwords, Credential Stuffing & Brute Force Attacks

Regulations, Fines and Legislation

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda