Black Arrow Cyber Threat Briefing 18 October 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

70% of Senior Executives Targeted by Cyber Attack in Past 18 Months, New Study Reveals

A recent report from GetApp highlights that 70% of senior executives have been targeted by cyber attacks in the last 18 months, with AI-driven deepfakes contributing to 22% of attacks. 42% of companies overlook the risks of unsecured communication channels, and 41% fail to regularly update systems. Additionally, 28% of organisations globally do not provide specialised cyber security training for executives, leaving businesses vulnerable to evolving threats.

Defenders Must Adapt to Shrinking Exploitation Timelines

A Mandiant report reveals that the time for attackers to exploit vulnerabilities has dropped sharply to just five days in 2023, down from 32 days in 2022. Zero-day vulnerabilities, which are unknown to vendors, have been favoured over publicly known (n-day) flaws, accounting for 70% of first exploits. Despite media attention, only a portion of vulnerabilities are actively exploited. The findings emphasise the importance of rapid patching and segmented network architectures to reduce risk, as threat actors increasingly exploit vulnerabilities across diverse technologies. Effective prioritisation of patching is now more critical than ever.

Supply Chain Vulnerabilities are Facilitating a Surge in Ransomware

A new report highlights the rising threat of ransomware attacks stemming from software supply chain vulnerabilities, with 62% of small and medium-sized businesses impacted. The findings reveal that 91% of businesses are concerned about ransomware affecting their downstream partners, with nearly half considering changing vendors. The role of AI in cyber attacks is also increasing, with 55% of businesses feeling more at risk due to AI-enhanced threats. Despite the challenges, 97% of those affected managed to restore their data, though 46% had to pay a ransom, with 31% paying over $1 million.

Limited Visibility and Tool Proliferation Prevent CISOs from Detecting Breaches

Despite global security spending set to reach $215 billion in 2024, 44% of CISOs reported failing to detect data breaches over the past year. A key issue is limited visibility, with 70% acknowledging their tools fall short in identifying breaches across hybrid cloud infrastructure. Gaining full visibility into encrypted and lateral traffic is critical, as 93% of malware hides there. CISOs are also overwhelmed by tool proliferation, with 60% prioritising tool consolidation. Concerns around AI-driven cyber attacks are rising, and 46% plan to implement AI to address visibility gaps and improve detection capabilities.

Organisations Need to Better Prepare to Recover Swiftly from Cyber Attacks, New NCSC Head Warns

The new head of the UK’s National Cyber Security Centre, Dr Richard Horne, has warned of escalating cyber threats, and the importance of preparing organisations to recover swiftly from cyber attacks. In 2024 alone, the NCSC responded to 50% more major incidents compared to the previous year, with severe attacks tripling. This rise in threats is driven by the expanding cyber crime marketplace, lowering the barriers for attackers. Horne stressed the need for global collaboration and for security to be embedded in technology from the start.

Microsoft Logs 600 million Identity Attacks Per Day as Nation-States Team Up with Cyber Criminals for Attacks

Microsoft’s 2024 Digital Defence Report reveals a significant rise in identity-based cyber attacks, tracking 600 million attacks over the fiscal year. Despite 41% of enterprises adopting multi-factor authentication (MFA), attackers bypass MFA through infrastructure vulnerabilities. Password attacks, such as phishing and brute force methods, still account for over 99% of these incidents. Although attempted ransomware attacks surged by 2.75 times, successful data encryption fell by threefold. Notably, state-backed cyber criminal collaborations are growing, complicating attack attribution, while AI and passwordless authentication are highlighted as essential for future protection.

Over 90% of Phishing Campaigns Lead Victims to Malware

A recent Comcast Business report highlights phishing as the top cyber security threat in 2023, with over 2.6 billion interactions detected. More than 90% of these phishing attempts aimed to direct victims to sites hosting malware, emphasising the need for stronger anti-phishing measures and staff education. Remote services were the primary method for lateral movement, with over 409 million events detected. The report recommends adopting tools like endpoint detection and response (EDR) and managed detection and response (MDR) to help IT teams detect and respond to early-stage threats through real-time network monitoring.

Here’s How Attackers Are Getting Around Phishing Defences

Email security provider Egress' latest report reveals that cyber attackers are bypassing phishing defences by manipulating natural language processing (NLP) technologies used in email filters. They achieve this by inserting benign text, links, and other obfuscation techniques, allowing malicious emails to pass through undetected. Notably, 78% of malicious emails incorporate multiple evasion tactics. Attackers exploit weaknesses in email security systems, including slow processing times that may cause incomplete scans. This trend is concerning, as phishing remains a significant threat, contributing to 31% of all security incidents according to Verizon’s 2024 breach report.

Firm Hacked After Accidentally Hiring North Korean Cyber Criminal

A company was hacked after unknowingly hiring a North Korean cyber criminal as a remote IT worker. The individual, who falsified employment history and personal details, gained access to the company’s network, stole sensitive data, and later demanded a ransom in cryptocurrency. This incident highlights an increasing threat of North Korean workers infiltrating Western firms to fund their regime, with many cases emerging since 2022. While most of these workers are after steady income, this case marks a significant shift towards data theft and extortion from within company defences.

Rampant Ransom Payments Highlight Need for Urgent Action on Cyber Resiliency

According to the Global Cyber Resilience Report 2024, 69% of organisations have paid ransoms this year, despite 77% having a 'do not pay' policy. Only 2% of firms can recover data within 24 hours, despite 98% setting that as their target. This highlights a major gap between perceived and actual cyber resilience. Organisations are unprepared for modern threats, with fewer than half implementing essential security measures like multi-factor authentication. To reduce risks, businesses must adopt modern data security practices, engage in realistic threat simulations, and invest in automated recovery systems to mitigate the growing threat of AI-driven cyber attacks.

October is Cyber Security Awareness Month – It’s a Good Time to Update Your Training Programme

October marks the 21st annual Cyber Security Awareness Month, highlighting the importance of user awareness in defending against cyber attacks. The US Cyber Security and Infrastructure Security Agency (CISA) reports that 90% of successful cyber attacks start with phishing, and Verizon notes that human factors are involved in 68% of breaches. This underscores the need for continuous training across all levels of an organisation. Key actions include using strong passwords, enabling multi-factor authentication, and maintaining up-to-date systems. It’s a good time to review or implement training programmes, ensuring they meet current standards and promote security awareness both at work and home.

Phishing Tactics: The Top Attacks Trends in 2024

Phishing attacks have evolved beyond email, with AI enabling more personalised and sophisticated tactics, such as voice cloning and deepfakes. Attackers increasingly combine phishing with other cyber attacks, like ransomware, to compromise entire networks. This can lead to data breaches, financial losses, and legal consequences under regulations like GDPR. Organisations must adopt a multi-layered defence strategy, combining employee training, multi-factor authentication, and advanced filtering tools. Regular incident response planning is also crucial to minimise the impact of phishing attacks, as techniques continue to grow more complex and harder to detect.

Sources:

https://www.proactiveinvestors.com.au/companies/news/1058404/70-of-senior-executives-targeted-by-cyberattack-in-past-18-months-new-study-reveals-1058404.html

https://www.helpnetsecurity.com/2024/10/16/time-to-exploit-vulnerabilities-2023/

https://www.techradar.com/pro/supply-chain-vulnerabilities-are-facilitating-a-surge-in-ransomware

https://www.helpnetsecurity.com/2024/10/18/cisos-security-tools/

https://www.infosecurity-magazine.com/news/cyber-threats-defend-ncsc-head/

https://www.itpro.com/security/cyber-attacks/microsoft-logs-600-million-identity-attacks-per-day-as-threat-actors-collaborate-more

https://www.securitymagazine.com/articles/101115-over-90-of-phishing-campaigns-lead-victims-to-malware

https://cyberscoop.com/email-natural-language-obfuscation-phishing-egress/

https://www.bbc.co.uk/news/articles/ce8vedz4yk7o

https://www.techradar.com/pro/rampant-ransom-payments-highlight-need-for-urgent-action-on-cyber-resiliency

https://www.jdsupra.com/legalnews/october-is-cybersecurity-awareness-5531410/

https://www.itpro.com/security/cyber-attacks/phishing-tactics-the-top-attacks-trends-in-year


Governance, Risk and Compliance

Gap Between Cyber Threats And Defences ‘Widening’, Cyber Security Chief Warns - PM Today

UK Reports 50% Spike in 'Nationally Significant' Incidents (inforisktoday.com)

'Nationally significant' cyber attacks are surging, warns the UK's new cyber chief (therecord.media)

Cyber Threats Escalating Beyond Ability to Defend, New NCSC Head Warns - Infosecurity Magazine (infosecurity-magazine.com)

Despite massive security spending, 44% of CISOs fail to detect breaches - Help Net Security

Cyber crime's constant rise is becoming everyone's problem - Help Net Security

The Cyber Security Burnout Crisis Is Reaching The Breaking Point (forbes.com)

A quarter of cyber security leaders are ready to quit (betanews.com)

Human Resources’ Role in Data Privacy and Cyber Security, Part II: Assessing Five Key Areas of Risk | Ogletree, Deakins, Nash, Smoak & Stewart, P.C. - JDSupra

Most businesses “overconfident and underprepared” for 2025 cyber threats – PCR (pcr-online.biz)

Why Cyber Security’s Core Focus Should Be Defending Data (govinfosecurity.com)

Cyber security compliance: the heavy burden of regulations on IT leaders - Raconteur

Return on cyber investment | Professional Security Magazine

What Cyber Security Leaders Can Learn From Golf (darkreading.com)

Cyber Security Awareness Month: How CISOs can engage, educate, and empower - Security Boulevard

CISOs' Privacy Responsibilities Keep Growing (darkreading.com)

What Is the ‘Most Pressing Concern’ for Cyber Professionals? (techrepublic.com)

While Cyber Attacks Are Inevitable, Resilience Is Vital (automation.com)

Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)


Threats

Ransomware, Extortion and Destructive Attacks

More Ransoms Being Paid and More Data Being Lost: Hornetsecurity - Security Boulevard

RansomHub becomes dominant ransomware group in Q3 2024 (securitybrief.co.nz)

Basic cyber hygiene still offers the best defence against ransomware | SC Media (scworld.com)

53% of survey respondents admit to paying over $500,000 ransom | Security Magazine

Are You Prepared for Ransomware IRL? - Security Boulevard

Ransomware Attacks Tripled for Microsoft Customers Last Year (tech.co)

Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks (securityaffairs.com)

Supply chain vulnerabilities are facilitating a surge in ransomware | TechRadar

Would banning ransomware insurance stop the scourge? • The Register

Schools under siege: from nation-states to ransomware gangs • The Register

99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)

Ransomware Threats Surge with 31 New Groups in 2024 (techinformed.com)

Ransomware still a major threat despite disruption to RaaS groups (betanews.com)

Rampant ransom payments highlight need for urgent action on cyber resiliency | TechRadar

Cicada3301 Ransomware Targets Critical Sectors in US and UK - Infosecurity Magazine (infosecurity-magazine.com)

Akira, Fog Ransomware Leverages Critical Veeam RCE | MSSP Alert

INC ransomware rebranded to Lynx, say security researchers • The Register

Ransomware Victims

53% of survey respondents admit to paying over $500,000 ransom | Security Magazine

How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)

Casio Confirms Ransomware Outage and Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft - SecurityWeek

Schools under siege: from nation-states to ransomware gangs • The Register

Cicada3301 Ransomware Targets Critical Sectors in US and UK - Infosecurity Magazine (infosecurity-magazine.com)

Casio says 'no prospect of recovery yet' after ransomware attack  | TechCrunch

Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says (therecord.media)

India’s biggest health insurer gets ransomware following data breach | TechRadar

Hackers blackmail Globe Life after stealing customer data (bleepingcomputer.com)

BianLian ransomware claims attack on Boston Children's Health Physicians (bleepingcomputer.com)

Phishing & Email Based Attacks

How AI created an email security gap | SC Media (scworld.com)

Attackers are using QR codes sneakily crafted in ASCII and blob URLs in phishing emails | CSO Online

70% of senior executives targeted by cyber attack in past 18 months, new study reveals (proactiveinvestors.com.au)

Here’s how attackers are getting around phishing defences | CyberScoop

Phishing tactics: The top attacks trends in 2024 | ITPro

Over 90% of phishing campaigns lead victims to malware | Security Magazine

Chinese and Iranian hackers use ChatGPT and LLM tools to create malware and phishing attacks — OpenAI report has recorded over 20 cyber attacks created with ChatGPT | Tom's Hardware (tomshardware.com)

Phishing tactics: The top attacks trends in 2024 | ITPro

Microsoft consultant says 2.5 billion Gmail users could fall victim to a "super realistic AI scam" | Windows Central

99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)

Be Aware of These Eight Underrated Phishing Techniques - SecurityWeek

Someone Just Lost $35 Million Worth of Crypto After Falling for This Phishing Scam

Coffee Lovers Warned of New Starbucks Phishing Scam - Infosecurity Magazine (infosecurity-magazine.com)

Business Email Compromise (BEC)/Email Account Compromise (EAC)

70% of senior executives targeted by cyber attack in past 18 months, new study reveals (proactiveinvestors.com.au)

Other Social Engineering

70% of senior executives targeted by cyber attack in past 18 months, new study reveals (proactiveinvestors.com.au)

Firm hacked after accidentally hiring North Korean cyber criminal - BBC News

North Korea Escalates Fake IT Worker Schemes to Extort Employers - Infosecurity Magazine (infosecurity-magazine.com)

'They fall in love with me': Inside the fraud factories driving the online scam boom | World News | Sky News

99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)

Scammers use AI to create convincing Gmail phishing calls (appleinsider.com)

What is tailgating (piggybacking) and how to prevent it? | Definition from TechTarget

Alabama man arrested for role in SEC Twitter account hijacking | CyberScoop

Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI

Coffee Lovers Warned of New Starbucks Phishing Scam - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

How AI created an email security gap | SC Media (scworld.com)

70% of senior executives targeted by cyber attack in past 18 months, new study reveals (proactiveinvestors.com.au)

OpenAI Says Bad Actors Are Using ChatGPT To Write Malware, Sway Elections (informationsecuritybuzz.com)

From Misuse to Abuse: AI Risks and Attacks (thehackernews.com)

World Economic Forum: AI, Quantum Require ‘Paradigm Shift’ in Security - Security Boulevard

What Is Deepfake Technology? Ultimate Guide To AI Manipulation (eweek.com)

Chinese and Iranian hackers use ChatGPT and LLM tools to create malware and phishing attacks — OpenAI report has recorded over 20 cyber attacks created with ChatGPT | Tom's Hardware (tomshardware.com)

AI is bringing XSS vulnerabilities back to the spotlight | CSO Online

Microsoft consultant says 2.5 billion Gmail users could fall victim to a "super realistic AI scam" | Windows Central

Navigating the Cyber Security Risks of Shadow & Open-Source GenAI - Security Boulevard

New ConfusedPilot Attack Targets AI Systems with Data Poisoning - Infosecurity Magazine (infosecurity-magazine.com)

LLMs Are a New Type of Insider Adversary (darkreading.com)

Over 80 percent of hackers believe the AI threat landscape is moving too fast to secure (betanews.com)

Anthropic flags AI's potential to 'automate sophisticated destructive cyber attacks' | ZDNET

Deepfake lovers swindle victims out of $46M in Hong Kong AI scam - Ars Technica

What are digital arrests, the newest deepfake tool used by cyber criminals? | Science and Technology News | Al Jazeera

AI Report Finds 74% of Cyber Security Leaders Aware of Sensitive Data Risks | Business Wire

AI data collection under fire - Help Net Security

4 Frightening Things Coming For Security This Season (informationsecuritybuzz.com)

How to Mitigate the Impact of Rogue AI Risks | Trend Micro (US)

Government Launches AI Safety Scheme to Tackle Deepfakes - Infosecurity Magazine (infosecurity-magazine.com)

NY's Financial Regulator Releases AI Cyber Security Guidance - Law360

AI Companies Are Not Meeting EU AI Act Standards (informationsecuritybuzz.com)

2FA/MFA

Cyber Crime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users (forbes.com)

Malware

OpenAI Says Bad Actors Are Using ChatGPT To Write Malware, Sway Elections (informationsecuritybuzz.com)

Over 90% of phishing campaigns lead victims to malware | Security Magazine

Two-thirds of Attributable Malware Linked to Nation States - Infosecurity Magazine (infosecurity-magazine.com)

OpenAI confirms threat actors use ChatGPT to write malware (bleepingcomputer.com)

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT (thehackernews.com)

New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)

Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (thehackernews.com)

New FASTCash malware Linux variant helps steal money from ATMs (bleepingcomputer.com)

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (thehackernews.com)

Fake Google Meet pages deliver infostealers - Help Net Security

Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (thehackernews.com)

Bots/Botnets

How DDoS Botent is used to Infect your Network? - Security Boulevard

Mobile

Over 200 malicious apps on Google Play downloaded millions of times (bleepingcomputer.com)

Which? warns UK users to keep mobile numbers to avoid security risks - Neowin

TrickMo’s Latest Trick -  Stealing PINs And Unlock Patterns (informationsecuritybuzz.com)

The hidden risks of IoT: Why businesses need to modernize mobile security | TechRadar

Cerberus Android Banking Trojan Deployed in New Malicious Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Android banking trojan stealing money: no antivirus software can detect it | Cybernews

What to do if your iPhone or Android smartphone gets stolen? - Help Net Security

Not iPhones, but secure Android phones: that's what Trump's campaign uses - PhoneArena

Trump campaign gets 'unhackable' phones • The Register

Denial of Service/DoS/DDoS

A Deep Dive into DDoS Carpet-Bombing Attacks - Security Boulevard

How DDoS Botent is used to Infect your Network? - Security Boulevard

Independent Russian news site rides out a week of DDoS incidents (therecord.media)

Largest DDoS Cloudflare Attack On Global Sectors Mitigated - Security Boulevard

Internet of Things – IoT

Hackers took over robovacs to chase pets and yell slurs - The Verge

Hackers Made Robot Vacuums Shout Racist Slurs in Their Owners’ Homes (pcmag.com)

The hidden risks of IoT: Why businesses need to modernize mobile security | TechRadar

Organisations Slow to Protect Doors Against Hackers: Researcher - SecurityWeek

Speakers, vacuums, doorbells and fridges – the government plans to make your ‘smart things’ more secure (theconversation.com)

Data Breaches/Leaks

Data breaches trigger increase in cyber insurance claims - Help Net Security

Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft - SecurityWeek

Cyber attack on TfL disrupts taxi licensing leaving some cabbies unlicensed and unable work, says trade rep (taxi-point.co.uk)

Cisco investigates breach after stolen data for sale on hacking forum (bleepingcomputer.com)

Data Breaches: The Not-So-Hidden Cost of Doing Business | Baker Donelson - JDSupra

Fidelity Investments Data Breach Impacts 77,000 Customers - SecurityWeek

US healthcare org admits up to 400k people's data stolen • The Register

Cisco confirms ongoing probe into alleged data breach • The Register

Contractor pays $300K to settle Medicare data breach • The Register

Casio confirms customer data stolen in a ransomware attack (bleepingcomputer.com)

Hackers blackmail Globe Life after stealing customer data (bleepingcomputer.com)

Hackers may have access to personal details of thousands of customers after debt collection firm attacked | Irish Independent

Game Freak Confirms 1TB Data Leaked in Breach | MSSP Alert

Hundreds of thousands of CVs leaked - here's what we know | TechRadar

Organised Crime & Criminal Actors

Microsoft wants tougher punishments for cyber criminals • The Register

Cyber crime's constant rise is becoming everyone's problem - Help Net Security

Southeast Asian Cyber Crime Profits Fuel Shadow Economy (darkreading.com)

The internet is now a "cyber storm" — Microsoft says customers face 600 million attacks per day and the lines between nation states and cyber criminals are blurring | TechRadar

Microsoft logs 600 million identity attacks per day as threat actors collaborate more | ITPro

Escalating Cyber Threats Demand Stronger Global Defence and Cooperation - Microsoft On the Issues

The Wiretap: Microsoft Says Kremlin Is Working With Cyber Criminals To Spy On Ukraine (forbes.com)

Microsoft: Nation-States Team Up with Cyber Criminals for Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Cyber Gangs Aren't Afraid of Prosecution (darkreading.com)

Brazilian Police Arrest Notorious Hacker USDoD - SecurityWeek

Two alleged operators of Anonymous Sudan named, charged • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Someone Just Lost $35 Million Worth of Crypto After Falling for This Phishing Scam

North Korean hackers steal $3B in crypto since 2017: report | Invezz

Radiant Capital Suffers $50M Loss in Second Major Hack  - DailyCoin

Insider Risk and Insider Threats

October is Cyber Security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

The NHI management challenge: When employees leave - Help Net Security

LLMs Are a New Type of Insider Adversary (darkreading.com)

Insurance

Would banning ransomware insurance stop the scourge? • The Register

Data breaches trigger increase in cyber insurance claims - Help Net Security

Insurers brace for cyber evolution: 'It's like mandating seatbelts and airbags' | Insurance Business America (insurancebusinessmag.com)

Supply Chain and Third Parties

Supply chain vulnerabilities are facilitating a surge in ransomware | TechRadar

How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)

Cyber Security Experts Brace for the Next Crisis After the CrowdStrike Near-Disaster - ClearanceJobs

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (thehackernews.com)

UK Public sector at risk from supply chain attacks, new report warns | ITPro

Cloud/SaaS

Why are we still confused about cloud security? | InfoWorld

Why companies are struggling to keep up with SaaS data protection - Help Net Security

Tenable releases report on cloud security (devx.com)

38% of organisations are at risk of critical exposures | Security Magazine

Cyber Crime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users (forbes.com)

Outages

Cyber Security Experts Brace for the Next Crisis After the CrowdStrike Near-Disaster - ClearanceJobs

Resilience over reliance: Preparing for IT failures in an unpredictable digital world - Help Net Security

Identity and Access Management

The Invisible Army of Non-Human Identities (darkreading.com)

Microsoft's guidance to help mitigate Kerberoasting   | Microsoft Security Blog

Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks | HackerNoon

The NHI management challenge: When employees leave - Help Net Security

NHIs may be your biggest — and most neglected — security hole | CSO Online

Orgs With SSO Are Vulnerable to Identity-Based Attacks (darkreading.com)

Encryption

Chinese Scientists Report Using Quantum Computer to Hack Military-grade Encryption (thequantuminsider.com)

The CISO’s guide to establishing quantum resilience | CSO Online

Most Organisations Unprepared for Post-Quantum Threat - Infosecurity Magazine (infosecurity-magazine.com)

The quantum dilemma: Game-changer or game-ender - Help Net Security

Chinese researchers claim quantum encryption attack • The Register

Linux and Open Source

New FASTCash malware Linux variant helps steal money from ATMs (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

How Hybrid Password Attacks Work and How to Defend Against Them (thehackernews.com)

The War on Passwords Is One Step Closer to Being Over | WIRED

FIDO Alliance is Standardizing Passkey Portability - Thurrott.com

Understand these seven password attacks and how to stop them (bleepingcomputer.com)

Iranian hackers are going after critical infrastructure sector passwords, agencies caution | CyberScoop

Feeling safe with that complicated password? Think again, security experts say - complexity affects memorability and fosters unsafe practices | ITPro

Are Password Managers Safe to Use? (Benefits, Risks & Best Practices) (techrepublic.com)

Social Media

EU Court Restricts Meta's Use Of Facebook Data For Targeted Advertising (informationsecuritybuzz.com)

Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI

Training, Education and Awareness

October is Cyber Security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

Regulations, Fines and Legislation

NIS2 Confusion: Concerns Over Readiness as Deadline Reached - Infosecurity Magazine (infosecurity-magazine.com)

NIS2: Most EU countries miss deadline to meet new cyber security rules (cnbc.com)

EU cyber security bill NIS2 hits compliance deadline | Computer Weekly

European companies anxious over non-implementation of EU cyber rules | Euronews

What is the NIS2 Directive and Why Now? - Infosecurity Magazine (infosecurity-magazine.com)

NIS 2 Compliance Deadline Approaches: What You Need To Know (techrepublic.com)

Huge number of businesses not ready for new EU cyber security laws (businessplus.ie)

Ireland to miss EU cyber security deadline (rte.ie)

Are Irish businesses ready for new cyber security rules? (rte.ie)

Only two EU countries meet NIS2 deadline - TechCentral.ie

Is your organisation ready for NIS2? | Intel 471

Navigating the New Cyber Security Landscape: Key Implications of the EU’s NIS 2 Directive | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

How NIS2 will impact sectors from healthcare to energy - Help Net Security

Ex-NCSC Chief: UK Cyber Incident Reporting a 'Good Step' (govinfosecurity.com)

Contractor pays $300K to settle Medicare data breach • The Register

AI Companies Are Not Meeting EU AI Act Standards (informationsecuritybuzz.com)

New Cyber Security Rules Threaten Defence Industrial Base - Law360

Speakers, vacuums, doorbells and fridges – the government plans to make your ‘smart things’ more secure (theconversation.com)

NY's Financial Regulator Releases AI Cyber Security Guidance - Law360

Models, Frameworks and Standards

EU cyber security bill NIS2 hits compliance deadline | Computer Weekly

European companies anxious over non-implementation of EU cyber rules | Euronews

What is the NIS2 Directive and Why Now? - Infosecurity Magazine (infosecurity-magazine.com)

NIS2: Most EU countries miss deadline to meet new cyber security rules (cnbc.com)

Huge number of businesses not ready for new EU cyber security laws (businessplus.ie)

Only two EU countries meet NIS2 deadline - TechCentral.ie

Is your organisation ready for NIS2? | Intel 471

Navigating the New Cyber Security Landscape: Key Implications of the EU’s NIS 2 Directive | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

NIS2 Directive: Experts share their views on the cyber security law (telecomstechnews.com)

How NIS2 will impact sectors from healthcare to energy - Help Net Security

Data Protection

CISOs' Privacy Responsibilities Keep Growing (darkreading.com)

Is a CPO Still a CPO? Privacy Leadership's Evolving Role (darkreading.com)

Careers, Working in Cyber and Information Security

CISSP and CompTIA Security+ lead as most desired security credentials - Help Net Security

The Cyber Security Burnout Crisis Is Reaching The Breaking Point (forbes.com)

Breaking into Cyber Security: It's Never Too Late- IT Security Guru

A quarter of cyber security leaders are ready to quit (betanews.com)

Stagnant salaries risk growth of infosec sector | The Global Recruiter

Security leaders can't catch a break, with many on the verge of quitting | TechRadar

Five alternative paths to the CISO chair   | SC Media (scworld.com)

Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)

Cyber Security Careers Go Beyond Coding | NIST

Skills Shortages Now a Top-Two Security Risk for SMBs - Infosecurity Magazine (infosecurity-magazine.com)

SMBs are being hit hardest by cyber security skills gap | TechRadar

Law Enforcement Action and Take Downs

Dutch police dismantled dual dark web market 'Bohemia/Cannabia' (securityaffairs.com)

Cyber Gangs Aren't Afraid of Prosecution (darkreading.com)

Brazilian Police Arrest Notorious Hacker USDoD - SecurityWeek

Two alleged operators of Anonymous Sudan named, charged • The Register

Alabama man arrested for role in SEC Twitter account hijacking | CyberScoop

Teenagers as young as 13 under suspicion for UK far-right terrorism | UK security and counter-terrorism | The Guardian

Microsoft wants tougher punishments for cyber criminals • The Register

Misinformation, Disinformation and Propaganda

OpenAI Says Bad Actors Are Using ChatGPT To Write Malware, Sway Elections (informationsecuritybuzz.com)

How nation-states exploit political instability to launch cyber operations - Help Net Security

Darknet Activity Increases Ahead of 2024 Presidential Vote - Infosecurity Magazine (infosecurity-magazine.com)

Flood of Election-Related Cyber Activity Unleashed (darkreading.com)


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation-State Cyber Threats: The Hidden War on Infrastructure - Security Boulevard

Escalation of Cyber Warfare in the Israel-Palestine Conflict: A Deep Dive into Recent Israeli Breaches - Security Boulevard

Nation State Actors

How nation-states exploit political instability to launch cyber operations - Help Net Security

Gap Between Cyber Threats And Defences ‘Widening’, Cyber Security Chief Warns - PM Today

UK Reports 50% Spike in 'Nationally Significant' Incidents (inforisktoday.com)

Two-thirds of Attributable Malware Linked to Nation States - Infosecurity Magazine (infosecurity-magazine.com)

'Nationally significant' cyber attacks are surging, warns the UK's new cyber chief (therecord.media)

Cyber Threats Escalating Beyond Ability to Defend, New NCSC Head Warns - Infosecurity Magazine (infosecurity-magazine.com)

Schools under siege: from nation-states to ransomware gangs • The Register

China

Meet the Chinese 'Typhoon' hackers preparing for war | TechCrunch

China Accuses US of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns (thehackernews.com)

US lawmakers demand probe into China's Salt Typhoon hacks • The Register

White House forms emergency team to deal with China espionage hack | Stars and Stripes

Chinese and Iranian hackers use ChatGPT and LLM tools to create malware and phishing attacks — OpenAI report has recorded over 20 cyber attacks created with ChatGPT | Tom's Hardware (tomshardware.com)

Serious Adversaries Circle Ivanti CSA Zero-Day Flaws (darkreading.com)

UK Fears Chinese Hackers Compromised Critical Infrastructure (bloomberglaw.com)

Chinese Scientists Report Using Quantum Computer to Hack Military-grade Encryption (thequantuminsider.com)

Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks - SecurityWeek

Chinese researchers claim quantum encryption attack • The Register

Czech opposition MP, who criticizes cyber security law, met Huawei leadership in China | Radio Prague International

Intel denies Chinese claims it helps US intelligence orgs • The Register

China trade group claims Intel ignore... - Mobile World Live

China infosec body slams Intel over chip security • The Register

Russia

Agencies warn about Russian government hackers going after unpatched vulnerabilities | CyberScoop

How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale (securityaffairs.com)

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale (securityaffairs.com)

Russia is actively scanning everything for known vulns • The Register

Iran, Russia and North Korea changed cyber attack tactics in the last year, says Microsoft | Science & Tech News | Sky News

The Wiretap: Microsoft Says Kremlin Is Working With Cyber Criminals To Spy On Ukraine (forbes.com)

Microsoft: Nation-States Team Up with Cyber Criminals for Attacks - Infosecurity Magazine (infosecurity-magazine.com)

NCCC and Council of Europe held a forum on electronic evidence and OSINT in the context of documenting war crimes of Russia - National Security and Defence Council of Ukraine (rnbo.gov.ua)

Uncle Sam puts $10M bounty on Russian troll farm Rybar • The Register

Independent Russian news site rides out a week of DDoS incidents (therecord.media)

The Door Closes on Kaspersky: Russia’s Tech World-Beater - CEPA

Russian court websites down after breach claimed by pro-Ukraine hackers (therecord.media)

Iran

Chinese and Iranian hackers use ChatGPT and LLM tools to create malware and phishing attacks — OpenAI report has recorded over 20 cyber attacks created with ChatGPT | Tom's Hardware (tomshardware.com)

Iran, Russia and North Korea changed cyber attack tactics in the last year, says Microsoft | Science & Tech News | Sky News

Report: Iran cyber attacks against Israel surge after Gaza war (voanews.com)

Iranian hackers are going after critical infrastructure sector passwords, agencies caution | CyberScoop

Escalation of Cyber Warfare in the Israel-Palestine Conflict: A Deep Dive into Recent Israeli Breaches - Security Boulevard

Iran's APT34 Abuses MS Exchange (darkreading.com)

A cyber attack hit Iranian government sites and nuclear facilities (securityaffairs.com)

North Korea

Firm hacked after accidentally hiring North Korean cyber criminal - BBC News

Iran, Russia and North Korea changed cyber attack tactics in the last year, says Microsoft | Science & Tech News | Sky News

North Korea Escalates Fake IT Worker Schemes to Extort Employers - Infosecurity Magazine (infosecurity-magazine.com)

North Korean hackers steal $3B in crypto since 2017: report | Invezz

Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Teenagers as young as 13 under suspicion for UK far-right terrorism | UK security and counter-terrorism | The Guardian


Tools and Controls

Despite massive security spending, 44% of CISOs fail to detect breaches - Help Net Security

The Invisible Army of Non-Human Identities (darkreading.com)

SOC Teams: Threat Detection Tools Are Stifling Us (darkreading.com)

Microsoft's guidance to help mitigate Kerberoasting   | Microsoft Security Blog

Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks | HackerNoon

The dark side of API security - Help Net Security

Organisations Slow to Protect Doors Against Hackers: Researcher - SecurityWeek

FIDO Alliance is Standardizing Passkey Portability - Thurrott.com

New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)

Resilience over reliance: Preparing for IT failures in an unpredictable digital world - Help Net Security

CIOs want a platform that combines AI, networking, and security - Help Net Security

Why Continuous API Security is Essential for Modern Businesses - Security Boulevard

NHIs may be your biggest — and most neglected — security hole | CSO Online

Why companies are struggling to keep up with SaaS data protection - Help Net Security

Rampant ransom payments highlight need for urgent action on cyber resiliency | TechRadar

Return on cyber investment | Professional Security Magazine

Orgs With SSO Are Vulnerable to Identity-Based Attacks (darkreading.com)

Hybrid Work Exposes New Vulnerabilities in Print Security (darkreading.com)

Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)

What is Business Continuity Plan? How it Works! (cybersecuritynews.com)

Secure by Design: The (Necessary) Future of Hardware and Software - IT Security Guru

Finance and Insurance API Security: A Critical Imperative - Security Boulevard

Human Resources’ Role in Data Privacy and Cyber Security, Part II: Assessing Five Key Areas of Risk | Ogletree, Deakins, Nash, Smoak & Stewart, P.C. - JDSupra

While Cyber Attacks Are Inevitable, Resilience Is Vital (automation.com)

Ethical Hackers Embrace AI Tools Amid Rising Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

CISOs' strategies for managing a growing attack surface - Help Net Security




Vulnerability Management

Agencies warn about Russian government hackers going after unpatched vulnerabilities | CyberScoop

Google: 70% of exploited flaws disclosed in 2023 were zero-days (bleepingcomputer.com)

Russia is actively scanning everything for known vulns • The Register

Patch-22: The Catch of Waiting to Fix Cyber Security Vulnerabilities  - Security Boulevard

How to defend against zero-day vulnerabilities | TechRadar

The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (thehackernews.com)

Organisations can substantially lower vulnerabilities with secure-by-design practices, report finds | CyberScoop

Secure by Design: The (Necessary) Future of Hardware and Software - IT Security Guru

Zero-Days Account for Most Exploited Bugs in 2023 | MSSP Alert

Vulnerabilities

86k Fortinet devices still vulnerable to active exploits • The Register

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites (thehackernews.com)

Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks (securityaffairs.com)

Oracle Patches Over 200 Vulnerabilities With October 2024 CPU - SecurityWeek

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale (securityaffairs.com)

Windows 11 bug steals 8.63GB of storage space that you can't get back | Windows Central

Windows 11's 2024 update is now also killing internet connections | PCWorld

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale (securityaffairs.com)

Juniper Networks Patches Dozens of Vulnerabilities - SecurityWeek

Serious Adversaries Circle Ivanti CSA Zero-Day Flaws (darkreading.com)

Akira, Fog Ransomware Leverages Critical Veeam RCE | MSSP Alert

Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities - SecurityWeek

Vulnerable instances of Log4j still being used nearly 3 years later | SC Media (scworld.com)

Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site - SecurityWeek

VMware fixes high-severity SQL injection CVE-2024-38814 in HCX (securityaffairs.com)

SolarWinds hardcoded credential now exploited in the wild • The Register

Fortinet Edge Devices Under Attack - Again - InfoRiskToday

Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters - SecurityWeek

F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability - SecurityWeek

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)

Mozilla releases second Firefox 131 security update - gHacks Tech News

Recent Firefox Zero-Day Exploited Against Tor Browser Users - SecurityWeek

Chrome 130 Released with Fix for 17 Security Flaws (cybersecuritynews.com)

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (thehackernews.com)

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (thehackernews.com)

Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks - SecurityWeek

Iran's APT34 Abuses MS Exchange (darkreading.com)

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (thehackernews.com)

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (thehackernews.com)

Netgear WiFi Extender Vulnerability Let Attackers Inject Malicious Commands - Cyber Security News


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime & Shipping

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Previous
Previous

Black Arrow Cyber Threat Intelligence Briefing 25 October 2024

Next
Next

Black Arrow Cyber Threat Briefing 11 October 2024