Black Arrow Cyber Threat Briefing 15 December 2023
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment
According to the UK Parliament’s Joint Committee on the National Security Strategy (JCNSS), the UK is one of the most targeted countries in the world for cyber attacks, predominantly coming from Russian-linked threat actors. The report describes the UK as being at high risk from catastrophic ransomware attacks, and warns that the country could face significant challenges in managing future attacks.
Further, the report noted that the UK’s regulatory frameworks are insufficient and large amounts of national infrastructure are still vulnerable to ransomware because of their reliance on legacy IT systems.
Sources: [ITPro] [Emerging Risks Media Ltd]
Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions
Despite increased investments in third-party cyber security risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions, according to a new Gartner survey. This is reinforced by a separate survey, in which 97% of respondents reported having suffered negative impacts from a breach in a third party or supplier partner in the last year; a figure that has remained unchanged for the past three years.
The results show that despite the increase in attention and investments in third party risk management, organisations are not carrying these out in a way that is decreasing the risk.
Sources: [CIR Magazine] [Gartner]
Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies
Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. Its mobile app and website were down but they managed to restore some of its landline services on the same day of the attack. 24 million Kyivstar users have been urged to change all passwords following the attack.
So far, two Russia-aligned hacker groups have claimed responsibility for the hack: Killnet and Solntsepek. While Killnet have not provided any evidence of the attack, Solntsepek posted several screenshots of Kyivstar systems that it allegedly hacked, on its Telegram channel. The group said it “destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage, and backup systems”.
Further, Russia is expected to ramp up their cyber campaign efforts targeting Ukraine’s allies as part of the ongoing conflict in the region. Last winter saw an increase in attacks that is likely to be repeated this year. The use of wiper malware to target critical national infrastructure (CNI) outside of Ukraine), similar to the attack on Kyivstar above, is just one tactic that could be deployed to disrupt Western allies’ ability, and motivation, to continue military support to Ukraine.
Sources: [Record Media] [New Voice of Ukraine] [Hacker news] [Infosecurity Magazine] [Gov Info Security]
81% of Companies had Malware, Phishing and Password Attacks in 2023
According to Verizon, 81% of organisations faced malware, phishing and password attacks last year, and these attacks were mainly targeted at users. Further, it was found that 62% percent of companies suffered a security breach connected to remote working. Certainly, attacks are not limited to particular sectors or organisations. Everyone can be a target and it is important to keep that in mind when focusing on securing the organisation; yet despite cyber security affecting everyone, 91% of CEOs/CFOs put the responsibility for cyber security squarely with IT.
Source: [Security Magazine]
Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors
According to SentinelOne, mid-sized businesses are being targeted by cyber criminals who are displaying skills previously limited to expert government hackers. Cyber criminals are more organised than ever and have a better understanding of how businesses run; this, paired with technical acumen and AI, has created a difficult environment for medium-sized businesses who don’t possess the budget of a large organisation.
Sources: [Washington Times] [SiliconANGLE]
Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact
The US National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that the Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and allied countries. To raise awareness and help organisations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released a Cyber Security Advisory (CSA) on SVR’s exploiting of JetBrain’s TeamCity software, widely used by developers and software providers.
The advisory warns that APT29, the notorious Russian group behind the 2020 SolarWinds hack, are actively exploiting this vulnerability, joining state-sponsored actors from North Korea. The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes.
Sources: [NSA] [Dark Reading] [The Register]
Why Cyber Security Is a Competitive Advantage: Reaching Digital Success
In the tech-driven world, cyber security’s importance is paramount for protecting sensitive data and critical systems. Significant increases in vulnerabilities and breaches have led to stricter guidelines and regulations for most sectors; a trend we expect to see increasing with regulations becoming more and more stringent. Increased regulation can only be good for affected industries and sectors to drive increased security.
However, beyond regulatory compliance, cyber security is a critical competitive differentiator and should be seen as such, rather than simply as a tick box exercise to satisfy a regulator or viewed as an increase in regulatory burden. Data breaches can lead to severe financial setbacks and damage to a company's reputation and customer trust. The legal and financial consequences of non-compliance with cyber security regulations are significant.
Building a comprehensive cyber security strategy that includes risk assessments, incident response plans, and proactive measures is essential in this era of rapid vulnerability exploitation. Embracing cyber security is not just a choice but a necessity for success in the digital age.
Source: [Forbes]
Ransomware-as-a-Service: The Growing Threat You Can't Ignore
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cyber security. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This latest ransomware business model allows inexperienced hackers to use on-demand tools for attacks, reducing time and cost. They pay a fee, choose a target, and launch an attack with the provider’s tools. The effects of RaaS are starting to be noticed, as a recent survey showed the time from network breach to file encryption has dropped below 24 hours for the first time.
Source: [Hacker News]
66% of Employees Prioritise Daily Tasks Over Cyber Security
According to a recent survey, 66% of respondents stated that completing daily tasks is more crucial than cyber security, such as cyber security training. The tasks that were being prioritised over cyber security training include monthly targets, manager-assigned tasks and emails.
The survey highlights the need for improved cyber security training in organisations, with 64% of employees wanting time for this training during work hours, and 43% referring more engaging methods like videos and interactive sessions. The data suggests a shift from the annual training model, with 29% receiving quarterly training, 13% semi-quarterly, and 11% monthly. Addressing these needs is crucial for cyber security readiness.
Source: [Security Magazine]
Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days
Last week, a cyber attack on a small Irish water utility disrupted the water supply for two days, affecting 180 people. The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed devices or controllers that are either not protected at all or protected by a default password. This follows a warning from the US Government about the CyberAv3ngers group, an Iranian affiliated threat actor, which has been actively attacking water facilities in multiple US states.
Source: [Security Week]
Who Is Responsible for Cyber Security? You.
Cyber security is a concern that should resonate with every member of the C-suite and senior staff because when it fails, the entire business is impacted. Recent examples like the “bleach breach” at Clorox and the cyber attack on MGM Resorts illustrate the financial and reputational consequences of cyber security incidents, with losses estimated in the hundreds of millions of dollars. To effectively address this, C-suite executives and their teams must actively support cyber security initiatives led by CIOs and CISOs. The introduction of new government regulations, such as those from the US Securities and Exchange Commission (SEC), require organisations to swiftly report and manage cyber security incidents, impacting various departments beyond just the security team. To succeed in this environment, organisations must make cyber security information accessible across teams, allocate budgets for cyber security, and view cyber security as a catalyst for innovation and growth rather than a burden. For this to happen every single person within an organisation, from the very top to the very bottom, has a role to play in keeping the organisation secure and no one can think that security is someone else’s job.
Source: [Forbes]
Many Popular Websites Still Cling to Password Creation Policies From 1985
Website security, particularly password creation policies and login practices, requires immediate attention. A study of over 20,000 websites uncovers significant vulnerabilities with 75% of websites permitting passwords even shorter than 8 characters (which was the recommendation all the way back in 2012), and 12% even allow single-character passwords. Furthermore, 40% limit password length to being far shorter than current recommendations, and worse 72% permit dictionary words or known breached passwords.
The study also reveals that a third of websites do not support special characters in passwords. Remarkably, many websites continue to adhere to outdated password policies from 2004 or even 1985, and only 5.5% comply with stricter modern guidelines. This underscores the immediate need for standardising and strengthening password policies across the web, as well as enhancing education and outreach efforts to address these critical security weaknesses. Such passwords can influence people’s password choice, which can then enter the corporate environment. This can lead to their account having a higher risk of compromise, and in turn, risks to the data belonging to the organisation.
Source: [Help Net Security]
Governance, Risk and Compliance
How C-Level Executives Can Increase Cyber Resilience (forbes.com)
Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)
Ex-Uber CSO: Lessons Learned from the Breach and Legal Case (darkreading.com)
The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online
How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast
7 Must-Ask Questions for Leaders on Security Culture | MSSP Alert
Why Cyber Security Is A Competitive Advantage: Reaching Digital Success (forbes.com)
Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur
Tech prediction #2: Businesses will turn to Cyber Security as a Service - Digital Journal
Is Cyber Security as a Service (CSaaS) the Answer? (automation.com)
Threats
Ransomware, Extortion and Destructive Attacks
UK Downplays Ransomware Threat at Its Peril, Says Committee (inforisktoday.com)
Ransomware Groups' Latest Tactic: Weaponized Marketing (inforisktoday.com)
Ransomware-as-a-Service: The Growing Threat You Can't Ignore (thehackernews.com)
Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)
The end of ransomware payments: how businesses fit into the fight | ITPro
OpenText Cyber Security 2023 Global Ransomware Survey | MSSP Alert
Russian banker of Hive ransomware network arrested in Paris (databreaches.net)
US reveals email addresses used to send ransomware demands • The Register
Virtual Kidnapping: The Dark World of Cyber Extortion (govinfosecurity.com)
Ransomware Victims
Kraft Heinz launches investigation after ransomware gang claims to have stolen data - SiliconANGLE
Norton Healthcare disclosed a data breach after ransomware attack (securityaffairs.com)
Insomniac Reportedly Hacked, Blackmailed With Game Leaks And Doxing (thegamer.com)
BAUER Group is operational again after cyber attack | Corporate - EQS News (eqs-news.com)
Phishing & Email Based Attacks
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
39% of security leaders cite phishing as most feared cyber attack | Security Magazine
Quishing is the new phishing: Why you need to think before you scan that QR code | ZDNET
Cyber Criminals Exploit OAuth Apps for BEC, Phishing Attacks (petri.com)
US reveals email addresses used to send ransomware demands • The Register
Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)
Artificial Intelligence
SMEs "losing" battle against AI-powered cyber attacks, say experts - Tech Monitor
ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)
AI in 2024: More business use, more fraud risks | Premium | Compliance Week
Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week
The White House's private fears over the rise of AI in the Middle East (telegraph.co.uk)
Holiday Scams Propelled By Artificial Intelligence | Foodman CPAs & Advisors - JDSupra
Responsibly Implementing AI, the Unstoppable Force (darkreading.com)
How to stop Dropbox from sharing your personal files with OpenAI (cnbc.com)
Malware
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques (thehackernews.com)
Hacker Uses Infostealer Data to Gain Access to Brazil’s Police Portal | Info Stealers
Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans (thehackernews.com)
Recruiters, beware of cyber crooks posing as job applicants! - Help Net Security
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)
29 malware families targeted 1800 banking apps in 61 countries | Security Magazine
Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar
Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)
Surge in deceptive simplicity exploitation by cyber attackers (securitybrief.co.nz)
Mobile
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)
Apple Testing New Stolen Device Protection Feature for iPhones - Security Week
Hackers outsmart Apple to install keyloggers on iPhones - PhoneArena
Android barcode scanner app exposes user passwords (securityaffairs.com)
New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands (thehackernews.com)
Six of the most popular Android password managers are leaking data | ZDNET
SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users (thehackernews.com)
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week
29 malware families targeted 1800 banking apps in 61 countries | Security Magazine
Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches (darkreading.com)
DNA companies should receive severe penalties for losing our data | TechCrunch
Why the 23andMe Data Breach Is Such a Disaster (gizmodo.com)
US nuclear research lab data breach impacts 45,000 people (bleepingcomputer.com)
Ubiquiti users claim to have access to other people’s devices (securityaffairs.com)
2.5m people's data lost in Norton hospital ransomware hit • The Register
Dubai’s largest taxi app exposes 220K+ users (securityaffairs.com)
Toyota Financial Services discloses data breach (securityaffairs.com)
DonorView exposes 1M records for unknown time frame • The Register
Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)
Organised Crime & Criminal Actors
Cyber Crime Orgs Increasingly Use Human Trafficking to Staff Scam Mills (darkreading.com)
Interpol strikes slavers who force people to scam you online • The Register
Cyber criminals and nation states up their game in persistent global attacks - SiliconANGLE
Dark web forums reveal next year’s cyber security threats - Digital Journal
Trafficking for cyberfraud an increasingly globalized crime, Interpol says (nbcnews.com)
Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)
Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)
New cyber crime market 'OLVX' gains popularity among hackers (bleepingcomputer.com)
How cyber criminals are using Wyoming shell companies for global hacks | Reuters
Exploitation of the internet and the mind: How cyber criminals operate | TechRadar
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Startup Ledger Users’ Wallets Drained in Hack - Bloomberg
Ledger says attacker conducted phishing attack on former employee - Blockworks
Insider Risk and Insider Threats
66% of employees prioritize daily tasks over cyber security | Security Magazine
Privilege elevation exploits used in over 50% of insider attacks (bleepingcomputer.com)
Employees are weaponizing private emails with colleagues | Fortune
Insurance
Supply Chain and Third Parties
UK firms increasing their focus on supply chain cyber risk – report - CIR Magazine
Manchester Public Schools Lose $180K to Hacked Vendor (govtech.com)
Software & Security: How to Move Supply Chain Security Up the Agenda (darkreading.com)
Cloud/SaaS
Multi-Cloud vs. Hybrid Cloud: The Main Difference (techtarget.com)
SAP's attempt to migrate security tools to cloud failed • The Register
Cloud engineer wreaks havoc on bank's network after firing • The Register
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
Android barcode scanner app exposes user passwords (securityaffairs.com)
Six of the most popular Android password managers are leaking data | ZDNET
Many popular websites still cling to password creation policies from 1985 - Help Net Security
Social Media
Regulations, Fines and Legislation
Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)
ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)
How European countries are implementing new cyber security framework – EURACTIV.com
Cyber Solidarity Act moves ahead in EU Parliament with key committee vote – EURACTIV.com
Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week
FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure - Security Week
The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online
SEC Cyber Security Breach Rule: What it Means for MSSPs | MSSP Alert
Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction | TechCrunch
Government plans to regulate to tackle datacentre threats | Computer Weekly
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)
Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register
Nation State Actors
China
Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs (darkreading.com)
China’s cyber intrusions have hit ports and utilities, officials say - The Washington Post
CISA unveils Google Workspace guidelines informed by Chinese breach of Microsoft | CyberScoop
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Security Week
Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar
China warns its geographic data breach puts industry at risk (techinformed.com)
Russia
Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator (thehackernews.com)
Hackers damaged some infrastructure of Ukraine’s Kyivstar telecom company (therecord.media)
Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)
UK government takes steps to thwart Russia's FSB hackers (techmonitor.ai)
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign (thehackernews.com)
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare (darkreading.com)
Ukrainian intelligence takes down Russia's tax system in major cyber warfare operation
Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)
Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)
Russian banker of Hive ransomware network arrested in Paris (databreaches.net)
Iran
Two-day water outage in remote Irish region caused by pro-Iran hackers (therecord.media)
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)
North Korea
Lazarus sub-group targets South Korean defence firms | SC Media (scmagazine.com)
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)
Lazarus Operation Blacksmith Attacking Organisations Worldwide (cybersecuritynews.com)
Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical (thehackernews.com)
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) - Help Net Security
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)
Adobe Releases Security Updates for Multiple Products | CISA
Chrome 120 Update Patches High-Severity Vulnerabilities - Security Week
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin (bleepingcomputer.com)
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)
Sophos backports RCE fix after attacks on unsupported firewalls (bleepingcomputer.com)
Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)
This is how to protect your computers from LogoFAIL attacks | ZDNET
Over 1,450 pfSense servers exposed to RCE attacks via bug chain (bleepingcomputer.com)
Tools and Controls
Attacks abuse Microsoft DHCP to spoof DNS records • The Register
Balancing AI advantages and risks in cyber security strategies - Help Net Security
What is Cyber security threat intelligence sharing (att.com)
The Cyber Security Conundrum: Best-Of-Breed Vs. Single Pane Of Glass (forbes.com)
Discord adds Security Key support for all users to enhance security (bleepingcomputer.com)
Modern Attack Surface Management (ASM) for SecOps (trendmicro.com)
Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur
Are business cyber security measures really fit for purpose? - Digital Journal
Which cyber security controls are organisations struggling with? - Help Net Security
Other News
UK must improve cyber risk management in face of catastrophic threats - Emerging Risks Media Ltd
Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)
Is macOS as secure as its users think? | Kaspersky official blog
The 3 Most Prevalent Cyber Threats of the Holidays (darkreading.com)
Over 3,800 Ministry of Defence passes lost or stolen (ukdefencejournal.org.uk)
NCSC CEO Lindy Cameron to step down in 2024 | Computer Weekly
Reflecting On The Evolution Of Cyber Security In 2023 (forbes.com)
Unveiling the Cyber Threats to Healthcare: Beyond the Myths (thehackernews.com)
This is how to protect your computers from LogoFAIL attacks | ZDNET
Polish train maker denies claims it geofenced trains • The Register
Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)
Cyber criminals continue targeting open remote access products - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.