Black Arrow Cyber Threat Briefing 18 November 2022
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War
As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organisations should read their cyber insurance policies carefully to see what is still covered.
The consequences from NotPetya, which the US government said was caused by a Russian cyber attack on Ukraine in 2017, continue to be felt as cyber insurers modify coverage exclusions, expanding the definition of an "act of war." Indeed, the 5-year-old cyber attack appears to be turning the cyber insurance market on its head.
Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with factories and production disrupted. It took days for the company's staff to regain control of its computer systems. The company filed a claim with its property and casualty insurer, Zurich American, for $100 million in losses. After initially approving a fraction of the claim — $10 million — Zurich declined to pay, stating the attack was an act of war and thus excluded from the coverage. Mondelez filed a lawsuit.
Late last month Mondelez and Zurich American reportedly agreed to the original $100 million claim, but that wasn't until after Merck won its $1.4 billion lawsuit against Ace American Insurance Company in January 2022 for its NotPetya-related losses. Merck's claims also were against its property and casualty policy, not a cyber insurance policy.
Back in 2017, cyber insurance policies were still nascent, and so many large corporations filed claims for damages related to NotPetya — the scourge that caused an estimated $10 billion in damage worldwide — against corporate property and casualty policies.
What's Changed? The significance of these settlements illustrates an ongoing maturation of the cyber insurance market, says Forrester Research.
Until 2020 and the COVID-19 pandemic, cyber insurance policies were sold in a fashion akin to traditional home or auto policies, with little concern for a company's cyber security profile, the tools it had in place to defend its networks and data, or its general cyber hygiene.
Once a large number of ransomware attacks occurred that built off of the lax cyber security many organisations demonstrated, insurance carriers began tightening the requirements for obtaining such policies.
Is Your Board Prepared For New Cyber Security Regulations?
Boards are now paying attention to the need to participate in cyber security oversight. Not only are the consequences sparking concern, but the new regulations are upping the ante and changing the game.
Boards have a particularly important role to ensure appropriate management of cyber risk as part of their fiduciary and oversight role. As cyber threats increase and companies worldwide bolster their cyber security budgets, the regulatory community, including the U.S. Securities and Exchange Commission (SEC), is advancing new requirements that companies will need to know about as they reinforce their cyber strategy.
Most organisations focus on cyber protection rather than cyber resilience, and that could be a mistake. Resiliency is more than just protection; it’s a plan for recovery and business continuation. Being resilient means that you’ve done as much as you can to protect and detect a cyber incident, and you have also done as much as you can to make sure you can continue to operate when an incident occurs. A company who invests only in protection is not managing the risk associated with getting up and running again in the event of a cyber incident.
Research indicates that most board members believe it is not a matter of if, but when, their company will experience a cyber event. The ultimate goal of a cyber-resilient organisation would be zero disruption from a cyber breach. That makes the focus on resilience more important.
In March 2022, the SEC issued a proposed rule titled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. In it, the SEC describes its intention to require public companies to disclose whether their boards have members with cyber security expertise: “Cyber security is already among the top priorities of many boards of directors and cyber security incidents and other risks are considered one of the largest threats to companies. Accordingly, investors may find disclosure of whether any board members have cyber security expertise to be important as they consider their investment in the registrant as well as their votes on the election of directors of the registrant.”
The SEC will soon require companies to disclose their cyber security governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the registrant’s cyber security policies, procedures, and strategies. Specifically, where pertinent to board oversight, registrants will be required to disclose:
whether the entire board, a specific board member, or a board committee is responsible for the oversight of cyber risks,
the processes by which the board is informed about cyber risks, and the frequency of its discussions on this topic,
whether and how the board or specified board committee considers cyber risks as part of its business strategy, risk management, and financial oversight.
https://hbr.org/2022/11/is-your-board-prepared-for-new-cybersecurity-regulations
Unwanted Emails Steadily Creeping into Inboxes
A research from cloud security provider Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyber attacks in 2022 – indicating the constant, growing threats to email security, and need for caution in digital workplace communications.
Phishing remains the most common style of email attack, representing 39.6% of detected threats. Threat actors used the following file types sent via email to deliver payloads: Archive files (Zip, 7z, etc.) sent via email make up 28% of threats, down slightly from last year’s 33.6%, with HTML files increasing from 15.3% to 21%, and DOC(X) from 4.8% to 12.7%.
This year’s cyber security report shows the steady creep of threats into inboxes around the world. The rise in unwanted emails, now found to be nearly 41%, is putting email users and businesses at significant risk.
HornetSecurity’s analysis identified both the enduring risk and changing landscape of ransomware attacks – highlighting the need for businesses and their employees to be more vigilant than ever.
New cyber security trends and techniques for organisations to watch out for were also tracked. Since Microsoft disabled macros settings in Office 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Microsoft 365 makes it easy to share documents, and end users often overlook the ramifications of how files are shared, as well as the security implications. Hornetsecurity found 25% of respondents were either unsure or assumed that Microsoft 365 was immune to ransomware threats.
For these attackers, every industry is a target. Companies must therefore ensure comprehensive security awareness training while implementing next-generation preventative measures to ward off threats.
https://www.helpnetsecurity.com/2022/11/14/email-security-threats/
People Are Still Using the Dumbest Passwords Available
If you were thinking that most people would have learned by now not to use “password” as the password for their sensitive systems, then you would be giving too much credit to the general scrolling public.
Cyber security researchers from Cybernews and password manager company NordPass both independently reported this week on data surrounding the most commonly-used passwords. Trying to discern the frequently used words, phrases, and numbers among the general public wouldn’t be simple if it weren’t for the troves of leaked passwords being sold on the dark web.
Cybernews said it based its data on a list of 56 million breached or leaked passwords in 2022 found via databases in darknet and clearnet hacker forums. Some of the most-used passwords were exactly what you expect, easy-to-remember junk passwords for company accounts, including “123456,” “root,” and “guest” all looking pretty in the top three.
NordPass, on the other hand, listed its top passwords by country and the supposed gender of the user. In their case, “password” sat in the number one spot for most-used password throughout the globe. Some countries had very specific passwords that were commonly used, such as “liverpool” being the number 4 most-used password in the UK despite it being 197 in the world. The number 2 most-used password for Brazil accounts is “Brasil” while in Germany, number 5 is “hallo.”
NordPass said the list of passwords was built by a team of independent researchers who compiled 3TB of data from listings on the dark web, including some data that was leaked in data breaches that occurred in 2022. The company noted that some data might be from late 2021, though the passwords were listed on the dark web in the new year.
https://gizmodo.com/passwords-hacker-best-passwords-cybersecurity-1849792818
Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident
Researchers find current data protection strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defence initiatives.
Organisations are struggling with mounting data losses, increased downtime, and rising recovery costs due to cyber attacks — to the tune of $1.06 million in costs per incident. Meanwhile, IT security teams are stalled on getting defences up to speed.
That's according to the 2022 Dell Global Data Protection Index (GDPI) survey of 1,000 IT decision-makers across 15 countries and 14 industries, which found that organisations that experienced disruption have also suffered an average of 2TB data loss and 19 hours of downtime.
Most respondents (67%) said they lack confidence that their existing data protection measures are sufficient to cope with malware and ransomware threats. A full 63% said they are not very confident that all business-critical data can be reliably recovered in the event of a destructive cyber attack.
Their fears seem founded: Nearly half of respondents (48%) experienced a cyber attack in the past 12 months that prevented access to their data (a 23% increase from 2021) — and that's a trend that will likely continue.
The growth and increased distribution of data across edge, core data centre and multiple public cloud environments are making it exceedingly difficult for IT admins to protect their data.
On the protection front, most organisations are falling behind; for instance, 91% are aware of or planning to deploy a zero-trust architecture, but only 12% are fully deployed.
And it's not just advanced defence that's lacking: Keegan points out that 69% of respondents stated they simply cannot meet their backup windows to be prepared for a ransomware attack.
https://www.darkreading.com/endpoint/zero-trust-initiatives-stall-cyberattack-costs-1m-per-incident
44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security
Netwrix, a cyber security vendor, today announced additional findings for the financial and banking sector from its global 2022 Cloud Security Report.
Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. Indeed, 44% of respondents in this sector say their own IT staff poses the biggest risk to data security in the cloud and 47% worry about contractors and partners, compared to 30% and 36% respectively in other verticals surveyed.
Financial organisations experience accidental data leakage more often than companies in other verticals: 32% of them reported this type of security incident within the last 12 months, compared to the average of 25%. This is a good reason for them to be concerned about users who might unintentionally expose sensitive information. To address this threat, organisations need to implement a zero-standing privilege approach in which elevated access rights are granted only when they are needed and only for as long as needed. Cloud misconfigurations are another common reason for accidental data leakage. Therefore, security teams must continually monitor the integrity of their cloud configurations, ideally with a dedicated solution that automates the process.
All sectors say phishing is the most common type of attack they experience. However, 91% of financial institutions say they can spot phishing within minutes or hours, compared to 82% of respondents in other verticals.
Even though mature financial organisations detect phishing quickly, it is still crucial for them to keep educating their personnel on this threat because attacks are becoming more sophisticated. To increase the likelihood of a user clicking a malicious link, attackers are crafting custom spear phishing messages that are directed at the person responsible for a certain task in the organisation and that appear to come from an authority figure. Regular staff training, along with continuous activity monitoring, will help reduce the risk of infiltration.
MFA Fatigue Attacks Are Putting Your Organisation at Risk
The rapid advancement of technology in all industries has led to the threat of ever-increasing cyber attacks that target businesses, governments, and individuals alike. A common threat targeting businesses is MFA Fatigue attacks—a technique where a cyber criminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one.
MFA refers to multi-factor authentication, a layered end-user verification strategy to secure data and applications. For a user to log in, an MFA system needs them to submit various combinations of two or more credentials.
Using MFA Fatigue attacks, cyber criminals bombard their victims with repeated 2FA (two-factor authentication) push notifications to trick them into authenticating their login attempts, to increase their chances of gaining access to sensitive information. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them as legitimate authentication requests.
One major MFA Fatigue attack, also known as MFA bombing, targeted the ride-sharing giant Uber in September 2022. Uber attributed the attack to Lapsus$, a hacking group that started by compromising an external contractor’s credentials.
Cyber criminals increasingly use social engineering attacks to access their targets’ sensitive credentials. Social engineering is a manipulative technique used by hackers to exploit human error to gain private information.
MFA Fatigue is a technique that has gained popularity among hackers in recent years as part of their social engineering attacks. This is a simple yet effective technique with destructive consequences as the hackers are banking on their targets’ lack of training and understanding of attack vectors. Since many MFA users are unfamiliar with this style of attack, they would not understand that they are approving a fraudulent notification.
Cyber Security Training Boosts Risk Posture, Research Finds
Business executives worldwide see the economic advantages of continuing professional cyber security education and the steep downside from a workforce of under-trained individuals, Cybrary, a training platform provider, said in a new report.
The survey of 275 executives, directors and security professionals in North America and the UK who either procure or influence professional cyber security training, was conducted by consultancy Omdia. The results showed that the benefits of professional training boost an employee’s impact on the organisation, the overall risk posture of the organisation, and in the costs associated with finding and retaining highly skilled employees, the analyst said.
The study’s key findings include:
73% of respondents said their team’s cyber security performance was more efficient because of ongoing professional cyber security training.
62% of respondents said that training improved their organisation’s cyber security effectiveness (which encompasses decreases in the number of breach attempts and overall security events).
79% of respondents ranked professional cyber security training at the top or near the top of importance for the organisation’s ability to prevent and rapidly remediate breaches and ensuing consequences such as reputational damage.
70% of companies reported a relationship between an incident and training, and two-thirds of respondents reported increased investments in ongoing cyber security training after a security incident.
Large enterprises are the least likely to delay upskilling until after an incident, indicating that companies with larger cyber security teams firmly understand the importance of ongoing professional training.
67% of surveyed SMBs invested in cyber security training after a security incident, which served as a call to action.
53% invested in professional cyber security training due to a cyber security insurance audit.
48% of organisations said that cyber security training drives retention and decreases the likelihood that a cyber security professional will leave the organisation that trains them.
41% said that ongoing cyber security training has no significant impact on if a cyber security professional leaves.
Cybrary said the research shows the rewards that organisations enjoy by investing in training and upskilling their security professionals. The data “codifies the fiscal and reputational paybacks in proactively improving cyber security defences versus responding to attacks. It also codifies an often-underrecognised benefit of cyber security upskilling: helping the organisation retain invaluable security talent despite market and organisational uncertainty”.
MI5 Chief: UK Will Have to Tackle Russian Aggression ‘for Years to Come’
Britain will have to tackle Russian aggression for years to come, said the MI5’s chief on Wednesday, adding that his agency had blocked more than 100 attempts by the Kremlin to insert suspected spies into the UK since the Salisbury poisonings.
Ken McCallum, giving an annual threat update, said state-based threats were increasing and said the UK also faced a heightened direct threat from Iran, which had threatened “to kidnap or even kill” 10 people based in Britain in the past year.
The spy chief said Russia had suffered a “strategic blow” after 400 spies were expelled from around Europe following the start of the war in Ukraine, but he said the Kremlin was actively trying to rebuild its espionage network.
Britain had expelled 23 Russian spies posing as diplomats after the poisoning of Sergei and Yulia Skripal in Salisbury in 2018, yet since then “over 100 Russian diplomatic visa applications” had been rejected on national security grounds.
McCallum accused Russia of making “silly claims” about British activities without evidence, such as that UK was involved in attacking the Nord Stream gas pipelines. But the head of MI5 said “the serious point” was that “the UK must be ready for Russian aggression for years to come”.
Iran’s “aggressive intelligence services” were actively targeting Britain and had made “at least 10” attempts to “kidnap or even kill” British or UK-based individuals since January as the regime felt greater pressure than ever before.
Offboarding Processes Pose Security Risks as Job Turnover Increases: Report
Research from YouGov finds that poor offboarding practices across industries including healthcare and tech are putting companies at risk, including for loss of end-user devices and unauthorised SaaS application use.
Organisations across multiple industries are struggling to mitigate potential risks, including loss of end-user and storage devices as well as unauthorised use of SaaS applications, during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza.
Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people, more than 20% of Americans, had either lost or changed their job. Although these figures could initially be attributed to the so-called Great Resignation, this figure is likely to increase due to the numerous job cuts that are now being reported, including layoffs at major technology companies, as organisations look to reduce operational costs.
Although the circumstances of an employee’s departure can sometimes make the offboarding process more complex, ultimately offboarding should aim to prevent disruption and mitigate any potential risks.
However, in YouGov’s 2022 State of Corporate Offboarding Process Automation report, the research found that although implementing a secure offboarding processes is now seen as a business imperative for enterprises, 48% of the survey’s respondents expressed deficiencies in or lack of automated workflows across departments and IT tools to facilitate the secure offboarding of employees.
Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say
Nearly every organisation (98%) in a new survey of some 2,100 C-suite executives has been hit by a supply chain cyber attack in the last year, security provider BlueVoyant said in a newly released study.
The study gleaned data from interviews with chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief information security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organisations of more than 1,000 employees across business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defence industries.
While the number of companies experiencing digital supply chain attacks has stayed relatively static year-over-year, the attention paid by organisations to that attack vector has increased, BlueVoyant said. Still, the New York-based cyber defender said, there’s a lot of room for organisations to better monitor suppliers and “work with them to remediate issues to reduce their supply chain risks.”
Here are some macro highlights from the survey:
40% of respondents rely on the third-party vendor or supplier to ensure adequate security.
In 2021, 53% of companies said they audited or reported on supplier security more than twice per year. That number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.
Budgets for supply chain defence are increasing, with 84% of respondents saying their budget has increased in the past 12 months.
The top pain points reported are internal understanding across the enterprise that suppliers are part of their cyber security posture, meeting regulatory requirements, and working with suppliers to improve their security.
Do Companies Need Cyber Insurance?
Companies are increasingly seeking to transfer risk with cyber insurance. This trend has been influenced by a greater severity in cyber attacks and the resulting skyrocketing costs of incident response, business disruption and recovery.
Companies struggle to afford the high prices of cyber insurance, however. One market index reported the price of cyber insurance increased 79% in the second quarter of 2022. Without it, however, companies risk shouldering the full cost of any resulting harm. Furthermore, insurance companies that lack traditional decades of actuarial data must consider whether to provide cyber insurance to clients unable or unwilling to show their cyber security maturity through independent risk analysis.
This combination of circumstances leaves businesses vulnerable, financially drained and facing potential reputational damage. But does it have to be this way? And is cyber insurance truly necessary? For the majority of organisations, the answer is that cyber insurance is a worthwhile investment as part of their overall risk treatment plans. There are a number of activities, however, that should be undertaken to optimise the benefits and reduce the costs of cyber-risk insurance.
A rise in high-profile attacks, in tandem with increased regulation and compliance surrounding cyber security and privacy, has shifted the conversation around digital safety. No longer is cyber security an optional aspect of the business model with a fixed, stagnant cost. Businesses today have become too digitally dependent to ignore cyber security, with classified, internal information stored online; communication largely conducted via email or another platform; and the workforce transitioned to hybrid and remote work environments. Effective cyber security and privacy, as well as mitigating financial and operational risks, can be strategic enablers to modern digital business.
Cyber insurance is not a solution -- it's a piece of the puzzle. Regardless of industry or company size, all businesses should conduct an independent cyber audit prior to committing to cyber insurance. In doing so, organisations can determine the need for cyber insurance and better understand their organisations' risk posture and weak points.
Even if insurance is needed, the audit further adds value as it lets insurance companies support the company specific to its digital landscape and help it become more digitally strong. Additionally, the existence of an independent audit and risk review may indeed enable the insurance company to offer higher levels of coverage without the need for excessive premiums.
https://www.techtarget.com/searchsecurity/post/Do-companies-need-cyber-insurance
Threats
Ransomware and Extortion
Ransomware is a global problem that needs a global solution | TechCrunch
FBI: Hive ransomware extorted $100M from over 1,300 victims (bleepingcomputer.com)
The psychological fallout of a ransomware crisis - Help Net Security
New extortion scam threatens to damage sites’ reputation, leak data (bleepingcomputer.com)
Thales Denies Getting Hacked as Ransomware Gang Releases Gigabytes of Data | SecurityWeek.Com
Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com
Hive Ransomware Has Made $100m to Date - Infosecurity Magazine (infosecurity-magazine.com)
LockBit Remains Most Prolific Ransomware in Q3 - Infosecurity Magazine (infosecurity-magazine.com)
DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog
Transportation sector targeted by both ransomware and APTs - Help Net Security
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Ransomware on Healthcare Organisations cost Global Economy $92 bn - IT Security Guru
Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security
Australia to ‘stand up and punch back’ against cyber crims • The Register
LockBit ransomware activity nose-dived in October (techtarget.com)
How to deal with the trauma of the Medibank cyber breach | Andrea Szasz | The Guardian
Researchers secretly helped decrypt Zeppelin ransomware for 2 years (bleepingcomputer.com)
Vanuatu: Hackers strand Pacific island government for over a week - BBC News
Canadian Supermarket Chain Sobeys Hit by Ransomware Attack | SecurityWeek.Com
Two public schools in Michigan hit by a ransomware attack - Security Affairs
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Phishing & Email Based Attacks
Top enterprise email threats and how to counter them - Help Net Security
China-Based Sophisticated Phishing Campaign Uses 42,000 Domains - Information Security Buzz
Mass Email Extortion Campaign Claims Server Hack - Infosecurity Magazine (infosecurity-magazine.com)
Netflix Phishing Emails Surge 78% - Infosecurity Magazine (infosecurity-magazine.com)
Earth Preta Spear-Phishing Governments Worldwide (trendmicro.com)
Email Security Best Practices for Phishing Prevention (trendmicro.com)
Malware
Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon' (darkreading.com)
QBot phishing abuses Windows Control Panel EXE to infect devices (bleepingcomputer.com)
Researchers Sound Alarm on Dangerous BatLoader Malware Dropper (darkreading.com)
Study: Almost 50% of macOS malware only comes from one app - Neowin
Notorious Emotet botnet returns after a few months off • The Register
Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)
Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com
LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities (thehackernews.com)
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)
Google Wins Lawsuit Against Glupteba Botnet Operators | SecurityWeek.Com
Mobile
Internet of Things – IoT
Shocker: EV charging infrastructure is seriously insecure • The Register
Aiphone Intercom System Vulnerability Allows Hackers to Open Doors | SecurityWeek.Com
Data Breaches/Leaks
Police published sexual assault victims' names and addresses on its website (bitdefender.com)
Whoosh confirms data breach after hackers sell 7.2M user records (bleepingcomputer.com)
Organised Crime & Criminal Actors
Long-Standing Chinese Cyber crime Campaign Spoofs Over 400 Brands | SecurityWeek.Com
Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)
Australia's Hack-Back Plan Against Cyber attackers Raises Familiar Concerns (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)
'Three quarters' of retail Bitcoin investors are in the red • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Massive adware campaign spoofs top brands to trick users | TechRadar
Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Cyber Monday Will Be the Most Fraudulent Day of the Season, Says SEON (darkreading.com)
UK Shoppers Lost £15m+ to Scammers Last Winter - Infosecurity Magazine (infosecurity-magazine.com)
How scammers are now exploiting cashless parking (telegraph.co.uk)
Experts Advice On International Fraud Awareness Week - Information Security Buzz
Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)
Impersonation Attacks
42,000 sites used to trap users in brand impersonation scheme (bleepingcomputer.com)
Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Denial of Service DoS/DDoS
2022 holiday DDoS protection guide - Microsoft Security Blog
Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)
Cloud/SaaS
Cloud data protection trends you need to be aware of - Help Net Security
Cyber security implications of using public cloud platforms - Help Net Security
Evolving Security for Government Multiclouds (darkreading.com)
Encryption
Why companies can no longer hide keys under the doormat - Help Net Security
Quantum Cryptography Apocalypse: A Timeline and Action Plan (darkreading.com)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Advertising giant warns clients to stay off Twitter (telegraph.co.uk)
Meta keeps booting small-business owners for being hacked on Facebook | Ars Technica
Guinness, Cadbury’s and Nissan told to avoid ‘toxic’ and ‘dangerous’ Twitter (telegraph.co.uk)
FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop
Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)
Privacy, Surveillance and Mass Monitoring
Electronics repair technicians snoop on your data - Help Net Security
Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location (thehackernews.com)
Security firms hijack New York trees to monitor workers • The Register
Governance, Risk and Compliance
Careers, Working in Cyber and Information Security
Cyber security jobs: Five ways to help you build your career | ZDNET
Google cloud wants CISOs to do more about diversity • The Register
Amazon poaches top National Cyber Security Centre exec Levy | Business News | Sky News
Law Enforcement Action and Take Downs
Zeus Botnet Suspected Leader Arrested in Geneva - Infosecurity Magazine (infosecurity-magazine.com)
Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)
Police dismantle pirated TV streaming network with 500,000 users (bleepingcomputer.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Chinese hackers target government agencies and defence orgs (bleepingcomputer.com)
Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security
COP27 Delegates Given Burner Phones To Combat Spying - Information Security Buzz
Avast details Worok espionage group's compromise chain - Security Affairs
Biden set to approve expansive authorities for Pentagon to carry out cyber operations - CyberScoop
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Europe’s spyware scandal is a global wakeup call. (slate.com)
Koch-funded group sues US state over mobile 'spyware' • The Register
Nation State Actors
Nation State Actors – Russia
UK Banks Bolstering Defences As Russian Cyber Threat Rises - Information Security Buzz
EXCLUSIVE Russian software disguised as American finds its way into U.S. Army, CDC apps | Reuters
Pro-Russian hackers claim cyber attack on FBI website: Report | Fox News
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Nation State Actors – China
China playing ‘long game’ as it co-opts UK assets, warns MI5 chief | Financial Times (ft.com)
FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop
Chinese Cyber espionage Group 'Billbug' Targets Certificate Authority | SecurityWeek.Com
Previously undetected Earth Longzhi APT is a subgroup of APT41 - Security Affairs
Rishi Sunak to hold surprise meeting with Chinese president at G20 | Financial Times (ft.com)
Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)
State-sponsored hackers in China compromise certificate authority | Ars Technica
Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide (thehackernews.com)
Reports of Chinese police stations in US worry FBI - BBC News
Nation State Actors – North Korea
Nation State Actors – Iran
US govt: Iranian hackers breached federal agency using Log4Shell exploit (bleepingcomputer.com)
CISA: Iranian APT actors compromised federal network (techtarget.com)
US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j | SecurityWeek.Com
Nation State Actors – Misc
Vulnerability Management
Vulnerabilities
Microsoft Office lets hackers execute arbitrary code, update now | TechRadar
Unpatched Zimbra Platforms Are Probably Compromised, CISA Says (darkreading.com)
Exploit released for actively abused ProxyNotShell Exchange bug (bleepingcomputer.com)
F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ (bleepingcomputer.com)
Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution | SecurityWeek.Com
Firefox 107 Patches High-Impact Vulnerabilities | SecurityWeek.Com
Windows Kerberos authentication breaks after November updates (bleepingcomputer.com)
Nasty SQL Injection Bug in Zendesk Endangers Sensitive Customer Data (darkreading.com)
Mastodon users vulnerable to password-stealing attacks | The Daily Swig (portswigger.net)
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices (thehackernews.com)
Tools and Controls
Reports Published in the Last Week
Other News
Cyber Resilience: The New Strategy to Cope With Increased Threats | SecurityWeek.Com
The 4 horsemen of the cyber security apocalypse | Security Magazine
The Top Five Cyber security Trends of 2023: KnowBe4 Makes Its Predictions - MSSP Alert
Build a mature approach for better cyber security vendor evaluation | CSO Online
Almost half of customers have left a vendor due to poor digital trust: Report | CSO Online
Global 2000 companies failing to adopt key domain security measures | CSO Online
Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert
Repair technicians caught snooping on customer data • The Register
Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.