Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of IT Leaders Consider Security as an Afterthought

A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.

https://www.itsecurityguru.org/2023/03/14/almost-half-of-it-leaders-consider-security-as-an-afterthought-research-reveals

• Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.

https://www.darkreading.com/application-security/pig-butchering-investment-scams-3b-cybercrime-threat-overtaking-bec

• Over 721 Million Passwords were Leaked in 2022

A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.

https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/

• How Much of a Cyber Security Risk are Suppliers?

When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.

https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2

• 90% of £5m+ Businesses Hit by Cyber Attacks

A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.

https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/

• Rushed Cloud Migrations Result in Escalating Technical Debt

A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.

https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.

https://www.securityweek.com/microsoft-17-european-nations-targeted-by-russia-in-2023-as-espionage-ramping-up/

• Microsoft Warns of Large-Scale Use of Phishing Kits

Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.

https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html

• BEC Volumes Double on Phishing Surge

The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.

https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/

• The Risk of Pasting Confidential Company Data in ChatGPT

Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.

https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html

• Ransomware Attacks have Entered a Heinous New Phase

With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.

https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

• MI5 Launches New Agency to Tackle State-Backed Attacks

British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.

https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/

• Why Cyber Awareness Training is an Ongoing Process

A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.

https://www.hornetsecurity.com/en/security-information/why-cyber-awareness-training-is-an-ongoing-process/

Threats

Ransomware, Extortion and Destructive Attacks

• BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)

• The changing face of ransomware attacks (pandasecurity.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)

• Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)

• CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)

• LockBit Ransomware gang claims to have stolen SpaceX confidential data from Maximum Industries- - Security Affairs

• Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs

• The Prolificacy of LockBit Ransomware (thehackernews.com)

• Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register

• CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking - SentinelOne

• Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• Dish customers kept in the dark as ransomware fallout continues | TechCrunch

• Cancer patient sues hospital over stolen naked photos • The Register

• ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)

• Lawyers suspect Arnold Clark hackers have now leaked 45GB of personal data on dark web – Car Dealer Magazine

• Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert

• Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)

• Universities and colleges cope silently with ransomware attacks | CSO Online

Phishing & Email Based Attacks

• Top 50 most impersonated brands in phishing attacks and new tools you can use to protect your employees from them (cloudflare.com)

• Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily (thehackernews.com)

• Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica

• Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)

• 6 reasons why your anti-phishing strategy isn’t working | CSO Online

• Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• How two-step phishing attacks evade detection and what you can do about it - Help Net Security

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)

• Organizations need to re-examine their approach to BEC protection - Help Net Security

• BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica

Malware

• SpyCloud Report: Malware Infections the Most Prolific & Persistent Threat to Businesses | Business Wire

• Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)

• Law enforcement seized the website selling the NetWire RAT- - Security Affairs

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

• KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (thehackernews.com)

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)

• What is Zeus Trojan Malware? - CrowdStrike

• Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)

• Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)

• Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)

• Tracking the global spread of malware - Help Net Security

Mobile

• Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)

• GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)

Botnets

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

Denial of Service/DoS/DDOS

• Record Breaking DDoS Attack - 158.2 Million Packets Per Second (gbhackers.com)

Internet of Things – IoT

• Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)

• Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)

Data Breaches/Leaks

• Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert

• Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)

• BMW exposes data of clients in Italy, experts warn- - Security Affairs

• Acronis states that only one customer's account was compromised- - Security Affairs

• Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch

• Key aerospace player leaks sensitive data | Cybernews

• Hundreds of thousands of customer records stolen from lender Latitude in cyber-attack | Business | The Guardian

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

Organised Crime & Criminal Actors

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing Campaigns Use SVB Collapse to Harvest Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

• CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Insider Risk and Insider Threats

• Future-Proofing Your Business Against Insider Threats (informationsecuritybuzz.com)

Fraud, Scams & Financial Crime

• ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Investment Fraud is Now Biggest Cyber crime Earner - Infosecurity Magazine (infosecurity-magazine.com)

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• The SVB demise is a fraudster's paradise, so take precautions - Help Net Security

• Fighting financial fraud through fusion centers - Help Net Security

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Impersonation Attacks

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

Deepfakes

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

AML/CFT/Sanctions

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

Dark Web

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Supply Chain and Third Parties

• Top 10 operational risks: focus on third-party risk - Risk.net

• How much of a cyber security risk are my suppliers? (thetimes.co.uk)

Software Supply Chain

• We can't wait for SBOMs to be demanded by regulation - Help Net Security

• Best practices for securing the software application supply chain - Help Net Security

• Addressing Software Supply Chain Security - DevOps.com

Cloud/SaaS

• Rushed cloud migrations result in escalating technical debt - Help Net Security

• CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

Hybrid/Remote Working

• Orgs Have a Long Way to Go in Securing Remote Workforce (darkreading.com)

Attack Surface Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

Identity and Access Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

• Navigating the future of digital identity - Help Net Security

Encryption

• Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

Passwords, Credential Stuffing & Brute Force Attacks

• Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert

• Study: Over 721 million passwords were leaked in 2022 - Neowin

• Understanding password behavior key to developing stronger cyber security protocols - Help Net Security

Social Media

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Spies, lies and influenced children: What TikTok must overcome to show us it can be trusted (telegraph.co.uk)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

Malvertising

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

Training, Education and Awareness

• Forgetting Curve according to Dr Ebbinghaus: Why cyber awareness training is an ongoing process - Hornetsecurity

Regulations, Fines and Legislation

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors (databreaches.net)

• When and how to report a breach to the SEC | CSO Online

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop

Governance, Risk and Compliance

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• 6 principles for building engaged security governance | TechTarget

Models, Frameworks and Standards

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Data Protection

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

Law Enforcement Action and Take Downs

• International authorities bring NetWire's malware infrastructure to a standstill | TechSpot

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Privacy, Surveillance and Mass Monitoring

• German states rethink reliance on Palantir technology | Financial Times (ft.com)

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Artificial Intelligence

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• How to stop AI waging war on humans (thetimes.co.uk)

• ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek

• How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News

• Why red team exercises for AI should be on a CISO's radar | CSO Online

• GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)

Misinformation, Disinformation and Propaganda

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek

• UK’s Royal Navy, Ukraine Jointly Repel Simulated, Russian Cyber attack on National Infrastructure - MSSP Alert

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Polish intelligence dismantled a network of Russian spies- Security Affairs

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Nation State Actors

• MI5 Launches New Agency to Tackle State-Backed Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop

• A new Chinese era: security and control | Financial Times (ft.com)

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

• APT29 abuses EU information exchange systems in recent attacks- Security Affairs

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Vulnerabilities

• Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)

• Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• Microsoft and Fortinet fix bugs under active exploit • The Register

• CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)

• Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)

• Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)

• Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)

• Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek

• Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

• Bitwarden's password manager browser extension has a known exploit it hasn't addressed in five years | TechSpot

Tools and Controls

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Set up PowerShell script block logging for added security | TechTarget

• Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• 5 Steps to Effective Cloud Detection and Response  - The New Stack

• Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)

• ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)

• Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

Other News

• CASPER attack steals data using air-gapped computer's internal speaker (bleepingcomputer.com)

• US govt web server attacked by 'multiple' criminal gangs • The Register

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.