Black Arrow Cyber Threat Briefing 18 October 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
70% of Senior Executives Targeted by Cyber Attack in Past 18 Months, New Study Reveals
A recent report from GetApp highlights that 70% of senior executives have been targeted by cyber attacks in the last 18 months, with AI-driven deepfakes contributing to 22% of attacks. 42% of companies overlook the risks of unsecured communication channels, and 41% fail to regularly update systems. Additionally, 28% of organisations globally do not provide specialised cyber security training for executives, leaving businesses vulnerable to evolving threats.
Defenders Must Adapt to Shrinking Exploitation Timelines
A Mandiant report reveals that the time for attackers to exploit vulnerabilities has dropped sharply to just five days in 2023, down from 32 days in 2022. Zero-day vulnerabilities, which are unknown to vendors, have been favoured over publicly known (n-day) flaws, accounting for 70% of first exploits. Despite media attention, only a portion of vulnerabilities are actively exploited. The findings emphasise the importance of rapid patching and segmented network architectures to reduce risk, as threat actors increasingly exploit vulnerabilities across diverse technologies. Effective prioritisation of patching is now more critical than ever.
Supply Chain Vulnerabilities are Facilitating a Surge in Ransomware
A new report highlights the rising threat of ransomware attacks stemming from software supply chain vulnerabilities, with 62% of small and medium-sized businesses impacted. The findings reveal that 91% of businesses are concerned about ransomware affecting their downstream partners, with nearly half considering changing vendors. The role of AI in cyber attacks is also increasing, with 55% of businesses feeling more at risk due to AI-enhanced threats. Despite the challenges, 97% of those affected managed to restore their data, though 46% had to pay a ransom, with 31% paying over $1 million.
Limited Visibility and Tool Proliferation Prevent CISOs from Detecting Breaches
Despite global security spending set to reach $215 billion in 2024, 44% of CISOs reported failing to detect data breaches over the past year. A key issue is limited visibility, with 70% acknowledging their tools fall short in identifying breaches across hybrid cloud infrastructure. Gaining full visibility into encrypted and lateral traffic is critical, as 93% of malware hides there. CISOs are also overwhelmed by tool proliferation, with 60% prioritising tool consolidation. Concerns around AI-driven cyber attacks are rising, and 46% plan to implement AI to address visibility gaps and improve detection capabilities.
Organisations Need to Better Prepare to Recover Swiftly from Cyber Attacks, New NCSC Head Warns
The new head of the UK’s National Cyber Security Centre, Dr Richard Horne, has warned of escalating cyber threats, and the importance of preparing organisations to recover swiftly from cyber attacks. In 2024 alone, the NCSC responded to 50% more major incidents compared to the previous year, with severe attacks tripling. This rise in threats is driven by the expanding cyber crime marketplace, lowering the barriers for attackers. Horne stressed the need for global collaboration and for security to be embedded in technology from the start.
Microsoft Logs 600 million Identity Attacks Per Day as Nation-States Team Up with Cyber Criminals for Attacks
Microsoft’s 2024 Digital Defence Report reveals a significant rise in identity-based cyber attacks, tracking 600 million attacks over the fiscal year. Despite 41% of enterprises adopting multi-factor authentication (MFA), attackers bypass MFA through infrastructure vulnerabilities. Password attacks, such as phishing and brute force methods, still account for over 99% of these incidents. Although attempted ransomware attacks surged by 2.75 times, successful data encryption fell by threefold. Notably, state-backed cyber criminal collaborations are growing, complicating attack attribution, while AI and passwordless authentication are highlighted as essential for future protection.
Over 90% of Phishing Campaigns Lead Victims to Malware
A recent Comcast Business report highlights phishing as the top cyber security threat in 2023, with over 2.6 billion interactions detected. More than 90% of these phishing attempts aimed to direct victims to sites hosting malware, emphasising the need for stronger anti-phishing measures and staff education. Remote services were the primary method for lateral movement, with over 409 million events detected. The report recommends adopting tools like endpoint detection and response (EDR) and managed detection and response (MDR) to help IT teams detect and respond to early-stage threats through real-time network monitoring.
Here’s How Attackers Are Getting Around Phishing Defences
Email security provider Egress' latest report reveals that cyber attackers are bypassing phishing defences by manipulating natural language processing (NLP) technologies used in email filters. They achieve this by inserting benign text, links, and other obfuscation techniques, allowing malicious emails to pass through undetected. Notably, 78% of malicious emails incorporate multiple evasion tactics. Attackers exploit weaknesses in email security systems, including slow processing times that may cause incomplete scans. This trend is concerning, as phishing remains a significant threat, contributing to 31% of all security incidents according to Verizon’s 2024 breach report.
Firm Hacked After Accidentally Hiring North Korean Cyber Criminal
A company was hacked after unknowingly hiring a North Korean cyber criminal as a remote IT worker. The individual, who falsified employment history and personal details, gained access to the company’s network, stole sensitive data, and later demanded a ransom in cryptocurrency. This incident highlights an increasing threat of North Korean workers infiltrating Western firms to fund their regime, with many cases emerging since 2022. While most of these workers are after steady income, this case marks a significant shift towards data theft and extortion from within company defences.
Rampant Ransom Payments Highlight Need for Urgent Action on Cyber Resiliency
According to the Global Cyber Resilience Report 2024, 69% of organisations have paid ransoms this year, despite 77% having a 'do not pay' policy. Only 2% of firms can recover data within 24 hours, despite 98% setting that as their target. This highlights a major gap between perceived and actual cyber resilience. Organisations are unprepared for modern threats, with fewer than half implementing essential security measures like multi-factor authentication. To reduce risks, businesses must adopt modern data security practices, engage in realistic threat simulations, and invest in automated recovery systems to mitigate the growing threat of AI-driven cyber attacks.
October is Cyber Security Awareness Month – It’s a Good Time to Update Your Training Programme
October marks the 21st annual Cyber Security Awareness Month, highlighting the importance of user awareness in defending against cyber attacks. The US Cyber Security and Infrastructure Security Agency (CISA) reports that 90% of successful cyber attacks start with phishing, and Verizon notes that human factors are involved in 68% of breaches. This underscores the need for continuous training across all levels of an organisation. Key actions include using strong passwords, enabling multi-factor authentication, and maintaining up-to-date systems. It’s a good time to review or implement training programmes, ensuring they meet current standards and promote security awareness both at work and home.
Phishing Tactics: The Top Attacks Trends in 2024
Phishing attacks have evolved beyond email, with AI enabling more personalised and sophisticated tactics, such as voice cloning and deepfakes. Attackers increasingly combine phishing with other cyber attacks, like ransomware, to compromise entire networks. This can lead to data breaches, financial losses, and legal consequences under regulations like GDPR. Organisations must adopt a multi-layered defence strategy, combining employee training, multi-factor authentication, and advanced filtering tools. Regular incident response planning is also crucial to minimise the impact of phishing attacks, as techniques continue to grow more complex and harder to detect.
Sources:
https://www.helpnetsecurity.com/2024/10/16/time-to-exploit-vulnerabilities-2023/
https://www.techradar.com/pro/supply-chain-vulnerabilities-are-facilitating-a-surge-in-ransomware
https://www.helpnetsecurity.com/2024/10/18/cisos-security-tools/
https://www.infosecurity-magazine.com/news/cyber-threats-defend-ncsc-head/
https://cyberscoop.com/email-natural-language-obfuscation-phishing-egress/
https://www.bbc.co.uk/news/articles/ce8vedz4yk7o
https://www.jdsupra.com/legalnews/october-is-cybersecurity-awareness-5531410/
https://www.itpro.com/security/cyber-attacks/phishing-tactics-the-top-attacks-trends-in-year
Governance, Risk and Compliance
Gap Between Cyber Threats And Defences ‘Widening’, Cyber Security Chief Warns - PM Today
UK Reports 50% Spike in 'Nationally Significant' Incidents (inforisktoday.com)
'Nationally significant' cyber attacks are surging, warns the UK's new cyber chief (therecord.media)
Despite massive security spending, 44% of CISOs fail to detect breaches - Help Net Security
Cyber crime's constant rise is becoming everyone's problem - Help Net Security
The Cyber Security Burnout Crisis Is Reaching The Breaking Point (forbes.com)
A quarter of cyber security leaders are ready to quit (betanews.com)
Most businesses “overconfident and underprepared” for 2025 cyber threats – PCR (pcr-online.biz)
Why Cyber Security’s Core Focus Should Be Defending Data (govinfosecurity.com)
Cyber security compliance: the heavy burden of regulations on IT leaders - Raconteur
Return on cyber investment | Professional Security Magazine
What Cyber Security Leaders Can Learn From Golf (darkreading.com)
Cyber Security Awareness Month: How CISOs can engage, educate, and empower - Security Boulevard
CISOs' Privacy Responsibilities Keep Growing (darkreading.com)
What Is the ‘Most Pressing Concern’ for Cyber Professionals? (techrepublic.com)
While Cyber Attacks Are Inevitable, Resilience Is Vital (automation.com)
Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)
Threats
Ransomware, Extortion and Destructive Attacks
More Ransoms Being Paid and More Data Being Lost: Hornetsecurity - Security Boulevard
RansomHub becomes dominant ransomware group in Q3 2024 (securitybrief.co.nz)
Basic cyber hygiene still offers the best defence against ransomware | SC Media (scworld.com)
53% of survey respondents admit to paying over $500,000 ransom | Security Magazine
Are You Prepared for Ransomware IRL? - Security Boulevard
Ransomware Attacks Tripled for Microsoft Customers Last Year (tech.co)
Supply chain vulnerabilities are facilitating a surge in ransomware | TechRadar
Would banning ransomware insurance stop the scourge? • The Register
Schools under siege: from nation-states to ransomware gangs • The Register
99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)
Ransomware Threats Surge with 31 New Groups in 2024 (techinformed.com)
Ransomware still a major threat despite disruption to RaaS groups (betanews.com)
Rampant ransom payments highlight need for urgent action on cyber resiliency | TechRadar
Akira, Fog Ransomware Leverages Critical Veeam RCE | MSSP Alert
INC ransomware rebranded to Lynx, say security researchers • The Register
Ransomware Victims
53% of survey respondents admit to paying over $500,000 ransom | Security Magazine
How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)
Casio Confirms Ransomware Outage and Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Schools under siege: from nation-states to ransomware gangs • The Register
Casio says 'no prospect of recovery yet' after ransomware attack | TechCrunch
India’s biggest health insurer gets ransomware following data breach | TechRadar
Hackers blackmail Globe Life after stealing customer data (bleepingcomputer.com)
BianLian ransomware claims attack on Boston Children's Health Physicians (bleepingcomputer.com)
Phishing & Email Based Attacks
How AI created an email security gap | SC Media (scworld.com)
Attackers are using QR codes sneakily crafted in ASCII and blob URLs in phishing emails | CSO Online
Here’s how attackers are getting around phishing defences | CyberScoop
Phishing tactics: The top attacks trends in 2024 | ITPro
Over 90% of phishing campaigns lead victims to malware | Security Magazine
Phishing tactics: The top attacks trends in 2024 | ITPro
99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)
Be Aware of These Eight Underrated Phishing Techniques - SecurityWeek
Someone Just Lost $35 Million Worth of Crypto After Falling for This Phishing Scam
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
Firm hacked after accidentally hiring North Korean cyber criminal - BBC News
99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)
Scammers use AI to create convincing Gmail phishing calls (appleinsider.com)
What is tailgating (piggybacking) and how to prevent it? | Definition from TechTarget
Alabama man arrested for role in SEC Twitter account hijacking | CyberScoop
Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI
Artificial Intelligence
How AI created an email security gap | SC Media (scworld.com)
From Misuse to Abuse: AI Risks and Attacks (thehackernews.com)
World Economic Forum: AI, Quantum Require ‘Paradigm Shift’ in Security - Security Boulevard
What Is Deepfake Technology? Ultimate Guide To AI Manipulation (eweek.com)
AI is bringing XSS vulnerabilities back to the spotlight | CSO Online
Navigating the Cyber Security Risks of Shadow & Open-Source GenAI - Security Boulevard
LLMs Are a New Type of Insider Adversary (darkreading.com)
Anthropic flags AI's potential to 'automate sophisticated destructive cyber attacks' | ZDNET
Deepfake lovers swindle victims out of $46M in Hong Kong AI scam - Ars Technica
AI Report Finds 74% of Cyber Security Leaders Aware of Sensitive Data Risks | Business Wire
AI data collection under fire - Help Net Security
4 Frightening Things Coming For Security This Season (informationsecuritybuzz.com)
How to Mitigate the Impact of Rogue AI Risks | Trend Micro (US)
NY's Financial Regulator Releases AI Cyber Security Guidance - Law360
AI Companies Are Not Meeting EU AI Act Standards (informationsecuritybuzz.com)
2FA/MFA
Cyber Crime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users (forbes.com)
Malware
Over 90% of phishing campaigns lead victims to malware | Security Magazine
OpenAI confirms threat actors use ChatGPT to write malware (bleepingcomputer.com)
New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT (thehackernews.com)
New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)
Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (thehackernews.com)
New FASTCash malware Linux variant helps steal money from ATMs (bleepingcomputer.com)
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (thehackernews.com)
Fake Google Meet pages deliver infostealers - Help Net Security
Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (thehackernews.com)
Bots/Botnets
How DDoS Botent is used to Infect your Network? - Security Boulevard
Mobile
Over 200 malicious apps on Google Play downloaded millions of times (bleepingcomputer.com)
Which? warns UK users to keep mobile numbers to avoid security risks - Neowin
TrickMo’s Latest Trick - Stealing PINs And Unlock Patterns (informationsecuritybuzz.com)
The hidden risks of IoT: Why businesses need to modernize mobile security | TechRadar
Android banking trojan stealing money: no antivirus software can detect it | Cybernews
What to do if your iPhone or Android smartphone gets stolen? - Help Net Security
Not iPhones, but secure Android phones: that's what Trump's campaign uses - PhoneArena
Trump campaign gets 'unhackable' phones • The Register
Denial of Service/DoS/DDoS
A Deep Dive into DDoS Carpet-Bombing Attacks - Security Boulevard
How DDoS Botent is used to Infect your Network? - Security Boulevard
Independent Russian news site rides out a week of DDoS incidents (therecord.media)
Largest DDoS Cloudflare Attack On Global Sectors Mitigated - Security Boulevard
Internet of Things – IoT
Hackers took over robovacs to chase pets and yell slurs - The Verge
Hackers Made Robot Vacuums Shout Racist Slurs in Their Owners’ Homes (pcmag.com)
The hidden risks of IoT: Why businesses need to modernize mobile security | TechRadar
Organisations Slow to Protect Doors Against Hackers: Researcher - SecurityWeek
Data Breaches/Leaks
Data breaches trigger increase in cyber insurance claims - Help Net Security
Cisco investigates breach after stolen data for sale on hacking forum (bleepingcomputer.com)
Data Breaches: The Not-So-Hidden Cost of Doing Business | Baker Donelson - JDSupra
Fidelity Investments Data Breach Impacts 77,000 Customers - SecurityWeek
US healthcare org admits up to 400k people's data stolen • The Register
Cisco confirms ongoing probe into alleged data breach • The Register
Contractor pays $300K to settle Medicare data breach • The Register
Casio confirms customer data stolen in a ransomware attack (bleepingcomputer.com)
Hackers blackmail Globe Life after stealing customer data (bleepingcomputer.com)
Game Freak Confirms 1TB Data Leaked in Breach | MSSP Alert
Hundreds of thousands of CVs leaked - here's what we know | TechRadar
Organised Crime & Criminal Actors
Microsoft wants tougher punishments for cyber criminals • The Register
Cyber crime's constant rise is becoming everyone's problem - Help Net Security
Southeast Asian Cyber Crime Profits Fuel Shadow Economy (darkreading.com)
Microsoft logs 600 million identity attacks per day as threat actors collaborate more | ITPro
Escalating Cyber Threats Demand Stronger Global Defence and Cooperation - Microsoft On the Issues
The Wiretap: Microsoft Says Kremlin Is Working With Cyber Criminals To Spy On Ukraine (forbes.com)
Cyber Gangs Aren't Afraid of Prosecution (darkreading.com)
Brazilian Police Arrest Notorious Hacker USDoD - SecurityWeek
Two alleged operators of Anonymous Sudan named, charged • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Someone Just Lost $35 Million Worth of Crypto After Falling for This Phishing Scam
North Korean hackers steal $3B in crypto since 2017: report | Invezz
Radiant Capital Suffers $50M Loss in Second Major Hack - DailyCoin
Insider Risk and Insider Threats
The NHI management challenge: When employees leave - Help Net Security
LLMs Are a New Type of Insider Adversary (darkreading.com)
Insurance
Would banning ransomware insurance stop the scourge? • The Register
Data breaches trigger increase in cyber insurance claims - Help Net Security
Supply Chain and Third Parties
Supply chain vulnerabilities are facilitating a surge in ransomware | TechRadar
How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)
Cyber Security Experts Brace for the Next Crisis After the CrowdStrike Near-Disaster - ClearanceJobs
UK Public sector at risk from supply chain attacks, new report warns | ITPro
Cloud/SaaS
Why are we still confused about cloud security? | InfoWorld
Why companies are struggling to keep up with SaaS data protection - Help Net Security
Tenable releases report on cloud security (devx.com)
38% of organisations are at risk of critical exposures | Security Magazine
Cyber Crime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users (forbes.com)
Outages
Cyber Security Experts Brace for the Next Crisis After the CrowdStrike Near-Disaster - ClearanceJobs
Identity and Access Management
The Invisible Army of Non-Human Identities (darkreading.com)
Microsoft's guidance to help mitigate Kerberoasting | Microsoft Security Blog
Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks | HackerNoon
The NHI management challenge: When employees leave - Help Net Security
NHIs may be your biggest — and most neglected — security hole | CSO Online
Orgs With SSO Are Vulnerable to Identity-Based Attacks (darkreading.com)
Encryption
The CISO’s guide to establishing quantum resilience | CSO Online
The quantum dilemma: Game-changer or game-ender - Help Net Security
Chinese researchers claim quantum encryption attack • The Register
Linux and Open Source
New FASTCash malware Linux variant helps steal money from ATMs (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
How Hybrid Password Attacks Work and How to Defend Against Them (thehackernews.com)
The War on Passwords Is One Step Closer to Being Over | WIRED
FIDO Alliance is Standardizing Passkey Portability - Thurrott.com
Understand these seven password attacks and how to stop them (bleepingcomputer.com)
Are Password Managers Safe to Use? (Benefits, Risks & Best Practices) (techrepublic.com)
Social Media
Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI
Training, Education and Awareness
Regulations, Fines and Legislation
NIS2: Most EU countries miss deadline to meet new cyber security rules (cnbc.com)
EU cyber security bill NIS2 hits compliance deadline | Computer Weekly
European companies anxious over non-implementation of EU cyber rules | Euronews
What is the NIS2 Directive and Why Now? - Infosecurity Magazine (infosecurity-magazine.com)
NIS 2 Compliance Deadline Approaches: What You Need To Know (techrepublic.com)
Huge number of businesses not ready for new EU cyber security laws (businessplus.ie)
Ireland to miss EU cyber security deadline (rte.ie)
Are Irish businesses ready for new cyber security rules? (rte.ie)
Only two EU countries meet NIS2 deadline - TechCentral.ie
Is your organisation ready for NIS2? | Intel 471
How NIS2 will impact sectors from healthcare to energy - Help Net Security
Ex-NCSC Chief: UK Cyber Incident Reporting a 'Good Step' (govinfosecurity.com)
Contractor pays $300K to settle Medicare data breach • The Register
AI Companies Are Not Meeting EU AI Act Standards (informationsecuritybuzz.com)
New Cyber Security Rules Threaten Defence Industrial Base - Law360
NY's Financial Regulator Releases AI Cyber Security Guidance - Law360
Models, Frameworks and Standards
EU cyber security bill NIS2 hits compliance deadline | Computer Weekly
European companies anxious over non-implementation of EU cyber rules | Euronews
What is the NIS2 Directive and Why Now? - Infosecurity Magazine (infosecurity-magazine.com)
NIS2: Most EU countries miss deadline to meet new cyber security rules (cnbc.com)
Huge number of businesses not ready for new EU cyber security laws (businessplus.ie)
Only two EU countries meet NIS2 deadline - TechCentral.ie
Is your organisation ready for NIS2? | Intel 471
NIS2 Directive: Experts share their views on the cyber security law (telecomstechnews.com)
How NIS2 will impact sectors from healthcare to energy - Help Net Security
Data Protection
CISOs' Privacy Responsibilities Keep Growing (darkreading.com)
Is a CPO Still a CPO? Privacy Leadership's Evolving Role (darkreading.com)
Careers, Working in Cyber and Information Security
CISSP and CompTIA Security+ lead as most desired security credentials - Help Net Security
The Cyber Security Burnout Crisis Is Reaching The Breaking Point (forbes.com)
Breaking into Cyber Security: It's Never Too Late- IT Security Guru
A quarter of cyber security leaders are ready to quit (betanews.com)
Stagnant salaries risk growth of infosec sector | The Global Recruiter
Security leaders can't catch a break, with many on the verge of quitting | TechRadar
Five alternative paths to the CISO chair | SC Media (scworld.com)
Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)
Cyber Security Careers Go Beyond Coding | NIST
SMBs are being hit hardest by cyber security skills gap | TechRadar
Law Enforcement Action and Take Downs
Dutch police dismantled dual dark web market 'Bohemia/Cannabia' (securityaffairs.com)
Cyber Gangs Aren't Afraid of Prosecution (darkreading.com)
Brazilian Police Arrest Notorious Hacker USDoD - SecurityWeek
Two alleged operators of Anonymous Sudan named, charged • The Register
Alabama man arrested for role in SEC Twitter account hijacking | CyberScoop
Microsoft wants tougher punishments for cyber criminals • The Register
Misinformation, Disinformation and Propaganda
How nation-states exploit political instability to launch cyber operations - Help Net Security
Flood of Election-Related Cyber Activity Unleashed (darkreading.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation-State Cyber Threats: The Hidden War on Infrastructure - Security Boulevard
Nation State Actors
How nation-states exploit political instability to launch cyber operations - Help Net Security
Gap Between Cyber Threats And Defences ‘Widening’, Cyber Security Chief Warns - PM Today
UK Reports 50% Spike in 'Nationally Significant' Incidents (inforisktoday.com)
'Nationally significant' cyber attacks are surging, warns the UK's new cyber chief (therecord.media)
Schools under siege: from nation-states to ransomware gangs • The Register
China
Meet the Chinese 'Typhoon' hackers preparing for war | TechCrunch
China Accuses US of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns (thehackernews.com)
US lawmakers demand probe into China's Salt Typhoon hacks • The Register
White House forms emergency team to deal with China espionage hack | Stars and Stripes
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws (darkreading.com)
UK Fears Chinese Hackers Compromised Critical Infrastructure (bloomberglaw.com)
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks - SecurityWeek
Chinese researchers claim quantum encryption attack • The Register
Intel denies Chinese claims it helps US intelligence orgs • The Register
China trade group claims Intel ignore... - Mobile World Live
China infosec body slams Intel over chip security • The Register
Russia
Agencies warn about Russian government hackers going after unpatched vulnerabilities | CyberScoop
How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)
Russia is actively scanning everything for known vulns • The Register
The Wiretap: Microsoft Says Kremlin Is Working With Cyber Criminals To Spy On Ukraine (forbes.com)
Uncle Sam puts $10M bounty on Russian troll farm Rybar • The Register
Independent Russian news site rides out a week of DDoS incidents (therecord.media)
The Door Closes on Kaspersky: Russia’s Tech World-Beater - CEPA
Russian court websites down after breach claimed by pro-Ukraine hackers (therecord.media)
Iran
Report: Iran cyber attacks against Israel surge after Gaza war (voanews.com)
Iran's APT34 Abuses MS Exchange (darkreading.com)
A cyber attack hit Iranian government sites and nuclear facilities (securityaffairs.com)
North Korea
Firm hacked after accidentally hiring North Korean cyber criminal - BBC News
North Korean hackers steal $3B in crypto since 2017: report | Invezz
Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
Despite massive security spending, 44% of CISOs fail to detect breaches - Help Net Security
The Invisible Army of Non-Human Identities (darkreading.com)
SOC Teams: Threat Detection Tools Are Stifling Us (darkreading.com)
Microsoft's guidance to help mitigate Kerberoasting | Microsoft Security Blog
Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks | HackerNoon
The dark side of API security - Help Net Security
Organisations Slow to Protect Doors Against Hackers: Researcher - SecurityWeek
FIDO Alliance is Standardizing Passkey Portability - Thurrott.com
New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)
CIOs want a platform that combines AI, networking, and security - Help Net Security
Why Continuous API Security is Essential for Modern Businesses - Security Boulevard
NHIs may be your biggest — and most neglected — security hole | CSO Online
Why companies are struggling to keep up with SaaS data protection - Help Net Security
Rampant ransom payments highlight need for urgent action on cyber resiliency | TechRadar
Return on cyber investment | Professional Security Magazine
Orgs With SSO Are Vulnerable to Identity-Based Attacks (darkreading.com)
Hybrid Work Exposes New Vulnerabilities in Print Security (darkreading.com)
Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)
What is Business Continuity Plan? How it Works! (cybersecuritynews.com)
Secure by Design: The (Necessary) Future of Hardware and Software - IT Security Guru
Finance and Insurance API Security: A Critical Imperative - Security Boulevard
While Cyber Attacks Are Inevitable, Resilience Is Vital (automation.com)
CISOs' strategies for managing a growing attack surface - Help Net Security
Reports Published in the Last Week
Other News
Microsoft wants tougher punishments for cyber criminals • The Register
Defenders must adapt to shrinking exploitation timelines - Help Net Security
The Lingering Beige Desktop Paradox (darkreading.com)
New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)
Most businesses “overconfident and underprepared” for 2025 cyber threats – PCR (pcr-online.biz)
Microsoft: K-12, Universities Face Thousands of Attacks (darkreading.com)
Breaking down government hacks: The rise of the modern kill chain (federalnewsnetwork.com)
British intelligence services to protect all UK schools from ransomware attacks (therecord.media)
Top 10 Countries with Best Cyber Security, Finland Ranked First - Life En.tempo.co
6 biggest healthcare security threats | CSO Online
Retail CISOs Take on More Risk to Foster Innovation (darkreading.com)
Marlink reports increase in maritime cyber threats - Port Technology International
Vulnerability Management
Agencies warn about Russian government hackers going after unpatched vulnerabilities | CyberScoop
Google: 70% of exploited flaws disclosed in 2023 were zero-days (bleepingcomputer.com)
Russia is actively scanning everything for known vulns • The Register
Patch-22: The Catch of Waiting to Fix Cyber Security Vulnerabilities - Security Boulevard
How to defend against zero-day vulnerabilities | TechRadar
Secure by Design: The (Necessary) Future of Hardware and Software - IT Security Guru
Zero-Days Account for Most Exploited Bugs in 2023 | MSSP Alert
Vulnerabilities
86k Fortinet devices still vulnerable to active exploits • The Register
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites (thehackernews.com)
Oracle Patches Over 200 Vulnerabilities With October 2024 CPU - SecurityWeek
Windows 11 bug steals 8.63GB of storage space that you can't get back | Windows Central
Windows 11's 2024 update is now also killing internet connections | PCWorld
Juniper Networks Patches Dozens of Vulnerabilities - SecurityWeek
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws (darkreading.com)
Akira, Fog Ransomware Leverages Critical Veeam RCE | MSSP Alert
Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities - SecurityWeek
Vulnerable instances of Log4j still being used nearly 3 years later | SC Media (scworld.com)
Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site - SecurityWeek
VMware fixes high-severity SQL injection CVE-2024-38814 in HCX (securityaffairs.com)
SolarWinds hardcoded credential now exploited in the wild • The Register
Fortinet Edge Devices Under Attack - Again - InfoRiskToday
Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)
Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters - SecurityWeek
F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability - SecurityWeek
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)
Mozilla releases second Firefox 131 security update - gHacks Tech News
Recent Firefox Zero-Day Exploited Against Tor Browser Users - SecurityWeek
Chrome 130 Released with Fix for 17 Security Flaws (cybersecuritynews.com)
CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (thehackernews.com)
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks - SecurityWeek
Iran's APT34 Abuses MS Exchange (darkreading.com)
Netgear WiFi Extender Vulnerability Let Attackers Inject Malicious Commands - Cyber Security News
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.