Black Arrow Cyber Threat Briefing 19 July 2024

21 Jul

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Crowdstrike: Software Update Triggered Worldwide Microsoft IT Outages

A recent report by cyber security firm Crowdstrike reveals that a "defect" in its software update caused major IT outages globally, affecting industries such as airlines, banking, and healthcare. The issue, which impacted Windows operating systems, was identified, isolated, and resolved, but not until a huge amount of disruption had been experienced around the world. American Airlines and other affected services have since restored operations. This incident, the worst since the 2017 WannaCry attack, resulted in a fall of over 20% ($16 billion) in Crowdstrike's value before markets opened. The event raises questions about the resilience of economic infrastructure reliant on concentrated cloud security services.

Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months

A recent report by JumpCloud reveals that 49% of SME IT teams believe they lack the resources to defend against cyber threats. The survey, which included 612 IT decision-makers in the UK and US, found that nearly half (45%) of SMEs experienced a cyber attack in the first half of 2024. Of these, 28% faced two attacks and 17% encountered three. Phishing was the most common attack source (43%), followed by shadow IT (37%) and stolen credentials (33%). The report also highlights that 60% of respondents identified security as their biggest IT challenge, with 84% expressing concern about shadow IT (referring to any software, hardware, or other IT resource that is used within an organisation without the explicit approval, knowledge, or oversight of the IT department). Furthermore, 71% of respondents believe budget cuts would increase organisational risk, underscoring the high threat level SMEs face.

Cyber Criminals Exploit AI for Near-Perfect Phishing Emails

A new report by ReliaQuest reveals cyber criminals exploiting AI tools like ChatGPT for operations, notably creating near-perfect phishing emails with a 2.8% success rate. Although seemingly small, this rate is significant given the vast number of phishing emails sent daily. Criminals bypass AI security filters to generate harmful content, sharing and refining their techniques in cyber criminal forums.

Hotel Wi-Fi: A Hotspot for Cyber Threats

A recent report highlights significant cyber threats associated with hotel Wi-Fi networks, which prioritise guest access over robust security. Hotels had the third-least secure public Wi-Fi as of February 2023. In 2019, none of the 45 hotels across five countries that were tested passed a Wi-Fi hacking test, reflecting widespread vulnerabilities. Hotels are the third most common target for cyber attacks, accounting for 13% of all cyber compromises in 2020. Nearly 31% of hospitality organisations have experienced a data breach, with 89% facing multiple breaches annually. These breaches, averaging $3.4 million in costs, pose severe reputational risks in the competitive hospitality industry, and bigger risks for the hotel guests using them.

Cyber Security Can Be a Business Enabler

Many cyber security leaders tout the notion that cyber security is a business enabler as a way to elevate their personal brand, but the idea is backed up by knowledge and real-world examples. By reducing unnecessary controls and ensuring secure yet functional operations, organisations can enhance productivity and innovation. Effective cyber security can reduce legal fees and financial losses from breaches, while also boosting customer and partner confidence. Furthermore, compliance with regulations enhances business value, and strong security practices can differentiate an organisation from its competitors, fostering growth and trust.

Navigating Insider Risks: Are your Employees Enabling External Threats?

A recent report highlights the growing threat of accidental insiders in network security breaches. These insiders, through negligence or lack of awareness, expose internal weaknesses. Common issues include weak password practices and falling victim to phishing. Such lapses can lead to significant financial losses, reputational damage, and operational disruption. The report highlights the importance of security awareness training and fostering a culture of security to mitigate these risks effectively.

How Tabletop Exercises Can Sharpen Incident Response from Chaos to Calm

Every 39 seconds some company is hit by a cyber attack. Security incidents are a constant threat, an inevitability rather than a possibility. Incident response plans can help organisations with the aftermath of a cyber attack. Effective execution of these plans requires regular practice through tabletop exercises. These hypothetical, scenario-based activities involve key stakeholders and help clarify roles, enhance communication, and build team resilience. By conducting these exercises at least annually, organisations can identify gaps, refine their response plans, and improve overall cyber security awareness. Furthermore, involving internal and/or external stakeholders like legal counsel and law enforcement can enhance coordination during real incidents, ultimately strengthening the organisation's preparedness and response capabilities.

Gap Found Between Data Security Perceptions and Breach Reality

A recent report reveals a significant disparity between organisations' perceptions of data security and the actual frequency of breaches. Despite 63% of organisations believing their security measures are effective, 2023 saw a record-breaking number of data breaches. The report highlights major concerns of data breaches, ransomware, insider threats, and misconfigurations. It found that 72% of organisations use audits and compliance tools to meet regulatory requirements, and 60% employ role-based access control systems. However, ongoing challenges persist, with only 27% adopting data cataloguing tools and many relying on manual processes. The report recommends comprehensive data discovery, automated monitoring, and a zero-trust security model to bridge the gap between perceived and actual data security.

Why Top Leadership Must Foster a Security-Conscious Culture

A recent report highlights the crucial role of organisational culture in building cyber resilience. Despite technical defences, organisations remain vulnerable to cyber attacks due to a vast attack surface. Emphasising collective responsibility, a robust cyber security culture involves all employees, from executives to frontline staff, in protecting digital assets. Leadership is pivotal, requiring a genuine commitment to security, clear communication, and active participation in cyber security initiatives. Transparency and psychological safety are essential, encouraging employees to report suspicious activity without fear. Continuous learning and improvement, beyond mere compliance, are vital to adapting to evolving threats and fostering a security-conscious environment for long-term success.

Hackers Use PoC Exploits in Attacks 22 Minutes After Release

A recent report by Cloudflare reveals that threat actors can weaponise proof-of-concept (PoC) exploits as quickly as 22 minutes after they are made public. Covering activity from May 2023 to March 2024, the report highlights significant threats, including heightened scanning for CVEs (known vulnerabilities) and rapid exploitation attempts. This emphasises the need for robust vulnerability management and timely patching of vulnerable systems.

There's No Margin for Error in Cyber Security

A recent report reveals that human error is responsible for 74% of cyber attacks, with employees using an average of 2.5 devices for work, creating numerous potential breach points. Notable incidents include the 2020 Marriott breach affecting 5.2 million guests, caused by stolen employee credentials, and Sequoia Capital’s 2021 phishing attack. Verizon's report highlights that 49% of breaches begin with compromised credentials. Effective cyber security measures include using unique, complex passwords, enabling multi-factor authentication, updating software regularly, and cautious email practices. Organisations should implement Unified Endpoint Management (UEM) and Identity and Access Management (IAM) solutions, alongside continuous employee training, to mitigate these risks.

UK to Introduce Watered-Down Version of Mandatory Reporting for Ransomware Attacks

A recent announcement from the UK Government reveals plans to introduce the Cyber Security and Resilience Bill, updating the country's cyber security regulations. This new legislation will mandate ransomware attack reporting for regulated entities, addressing record levels of ransomware incidents in British businesses. This measure, part of the King’s Speech, responds to increasing cyber threats impacting public services and infrastructure, such as the recent Russian attack on Synnovis, which is still having repercussions for the NHS weeks later. The bill expands regulatory oversight to include supply chains and demands incident reporting to improve understanding of the cyber crime landscape. Experts highlight the bill’s alignment with the EU’s NIS2 Directive, emphasising the importance of robust security governance and mandatory notification obligations for effective policy design.

CISOs Must Shift from Tactical Defence to Strategic Leadership

A recent report highlights the evolving role of the CISO, demanding a blend of technical expertise and strong diplomatic skills. Despite increased cyber security budgets in 2024, nearly one-third of IT professionals lack documented strategies to address AI risks. The report shows a confidence gap: while 60% of non-IT leaders are confident in their cyber security, only 46% of IT professionals share this view. Moreover, 55% of IT leaders believe non-IT executives do not fully understand vulnerability management , potentially undermining security efforts. Cyber security is now a board-level discussion, CISOs must align technical risks with business priorities, effectively communicating the financial and reputational impacts of cyber threats.

One-Third of Dev Professionals Unfamiliar with Secure Coding Practices

A recent report by OpenSSF and the Linux Foundation underscores the critical need for robust software security as attackers continue to exploit software vulnerabilities. Nearly one-third of development professionals feel unfamiliar with secure software practices, with 69% relying on on-the-job experience, which takes at least five years for basic security familiarity. Lack of time (58%) and inadequate training (50%) are the main barriers to implementing secure development practices. Furthermore, 44% cite a lack of knowledge about good courses as a reason for not pursuing secure software development education. The report advocates for industry-wide efforts and language-agnostic courses to address these educational gaps.

Sources:

https://www.bbc.co.uk/news/live/cnk4jdwp49et

https://securityboulevard.com/2024/07/survey-nearly-half-of-smes-fell-victim-to-cyberattack-in-last-six-months/

https://securitybrief.co.nz/story/cybercriminals-exploit-chatgpt-for-near-perfect-phishing-emails

https://securityboulevard.com/2024/07/hotel-wi-fi-a-hotspot-for-cyber-threats/

https://www.inforisktoday.com/blogs/cybersecurity-be-businesses-enabler-p-3668

https://thehackernews.com/2024/07/navigating-insider-risks-are-your.html

https://www.forbes.com/sites/forbestechcouncil/2024/07/15/how-tabletop-exercises-can-sharpen-incident-response-from-chaos-to-calm/

https://securitybrief.co.nz/story/gap-found-between-data-security-perceptions-breach-reality

https://www.scmagazine.com/perspective/why-top-leadership-must-foster-a-security-conscious-culture

https://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/

https://www.entrepreneur.com/science-technology/theres-no-margin-for-error-in-cybersecurity-how-to/476097

https://therecord.media/uk-cyber-security-resilience-bill-labour-government

https://www.helpnetsecurity.com/2024/07/19/cyber-threats-size-sophistication/

https://www.helpnetsecurity.com/2024/07/19/devs-secure-coding-practices/

Governance, Risk and Compliance

Cyber Security Can Be a Businesses Enabler - InfoRiskToday

Half of SMEs Unprepared for Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

How Tabletop Exercises Can Sharpen Incident Response From Chaos To Calm (forbes.com)

Gap found between data security perceptions & breach reality (securitybrief.co.nz)

There's No Margin for Error in Cyber Security — Here's How to Build a Strong Online Defence through Everyday Habits | Entrepreneur

Why top leadership must foster a security-conscious culture | SC Media (scmagazine.com)

Survey: Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months - Security Boulevard

CISOs must shift from tactical defence to strategic leadership - Help Net Security

What savvy hiring execs look for in a CISO today | CSO Online

New Ivanti Research Reveals 55% of IT & Security Professionals Believe That Non-IT Leaders Don’t Understand Vulnerability Management and 47% of Leaders Agree | Business Wire

The Cyber Security Maelstrom Of 2024: A Dizzying Dance Of Threats And Defences (informationsecuritybuzz.com)

SMEs vulnerable to cyber security breaches, report reveals - NZ Herald

What business leaders need to know about the Cyber Security and Resilience Bill - Raconteur

Why CISOs should report to the CEO—and not the CIO | Fortune

7 Tips for Navigating Cyber Security Risks in M&As (darkreading.com)

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Weaponised AI: The Malicious Mind of Hackers (financemagnates.com)

UK and its allies face ‘deadly quartet’ of nations, says defence expert | Defence policy | The Guardian

NATO to Establish Integrated Cyber Security Centre in Europe (thedefensepost.com)

IDF Has Rebuffed 3B Cloud Cyber Attacks Since Oct. 7, Colonel Claims (darkreading.com)

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks (thehackernews.com)

Nation State Actors

China

‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years (therecord.media)

Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges (darkreading.com)

Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns - Security Week

China-linked APT17 Targets Italian Companies with 9002 RAT Malware (thehackernews.com)

Thousands of Indians forced into cyber crime at Chinese-run ‘scam centres’ in Southeast Asia: CBI (scroll.in)

London council hit by 70,000 attempted cyber attacks 'mostly from China and Russia' in last month - MyLondon

Russia

APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer - Security Week

For MSPs, Kaspersky’s US exit is a reminder to not ignore geopolitics - Security - CRN Australia

US Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (thehackernews.com)

Kaspersky Exits US Market Following Commerce Department Ban (thehackernews.com)

Surge in cyber attacks after Romania donates Patriot to Ukraine - Verdict

Void Banshee APT exploited "lingering Windows relic" in zero-day attacks - Help Net Security

Putin's Spies Are a Threat to Paris Olympics, Google Warns - Newsweek

London council hit by 70,000 attempted cyber attacks 'mostly from China and Russia' in last month - MyLondon

Australian Spycatchers Snatch Pair of Married Russian Operatives (darkreading.com)

Hacktivist Groups Target Romania Amid Geopolitical Tensions - Infosecurity Magazine (infosecurity-magazine.com)

Kaspersky offers free security software for six months in US goodbye (bleepingcomputer.com)

Iran

IDF computer chief: 3 billion cyber attacks against Israel since beginning of war | The Times of Israel

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks (thehackernews.com)

Iranian MuddyWater Upgrades Arsenal With New Custom Backdoor - Infosecurity Magazine (infosecurity-magazine.com)

New BugSleep malware implant deployed in MuddyWater attacks (bleepingcomputer.com)

IDF Has Rebuffed 3B Cloud Cyber Attacks Since Oct. 7, Colonel Claims (darkreading.com)

North Korea

DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls (darkreading.com)

Defending against APTs: A learning exercise with Kimsuky (securitybrief.co.nz)

North Korean Cyber Threats Escalate with Crypto Job Posting Hacks, Report Reveals (bitcoinist.com)

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

For MSPs, Kaspersky’s US exit is a reminder to not ignore geopolitics - Security - CRN Australia

Damaged Internet Subsea Cables Repaired in Red Sea Amid Militant Attacks on Ships – BNN Bloomberg

Hacktivist Groups Target Romania Amid Geopolitical Tensions - Infosecurity Magazine (infosecurity-magazine.com)

Disney faces potential data breach, hacker group claims massive leak (computing.co.uk)

Stalkerware vendor mSpy breached for a third time • The Register

Tools and Controls

How Tabletop Exercises Can Sharpen Incident Response From Chaos To Calm (forbes.com)

The Impact of SEC Cyber Rules on Corporate Risk Management - Security Boulevard

Decoding NIS2 to Secure Your Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)

Encrypted traffic: A double-edged sword for network defenders - Help Net Security

Cyber insurance evolves to cover financial losses due to cyber attacks and breaches | The Straits Times

The Hidden Pitfalls Of AI: Why Implementing AI Without A Strategic Vision Could Harm Your Business (informationsecuritybuzz.com)

BianLian Ransomware Leveraging RDP Credentials To Gain Initial Access (cybersecuritynews.com)

API Transformation Cyber Risks and Survival Tactics - Security Boulevard

Threat Prevention & Detection in SaaS Environments - 101 (thehackernews.com)

Overlooked essentials: API security best practices - Help Net Security

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums (thehackernews.com)

Cloudflare reports almost 7% of internet traffic is malicious | ZDNET

Using Threat Intelligence to Predict Potential Ransomware Attacks - Security Week

Teams facing 'alert fatigue' need certainty | Professional Security

One-third of dev professionals unfamiliar with secure coding practices - Help Net Security

20 Million Trusted Domains Vulnerable to Email Hosting Exploits (darkreading.com)

6 Steps to Build an Incident Response Workflow for Your Business - Security Boulevard

DNS hijacks target crypto platforms registered with Squarespace (bleepingcomputer.com)

Cyber insurance: How to achieve the right coverage | SC Media (scmagazine.com)

Firms skip security reviews of updates about half the time • The Register

Securing datacenters may soon need sniffer dogs • The Register

Reports Published in the Last Week

Huntress Cyber Threat Report: Hackers Hiding in Plain Sight | MSSP Alert

How Bad Is It Out There? Our Thoughts on Verizon’s 2024 Data Breach Investigations Report (DBIR) | Wiley Rein LLP - JDSupra

Other News

There's No Margin for Error in Cyber Security — Here's How to Build a Strong Online Defence through Everyday Habits | Entrepreneur

The Cyber Security Maelstrom Of 2024: A Dizzying Dance Of Threats And Defences (informationsecuritybuzz.com)

SMEs vulnerable to cyber security breaches, report reveals - NZ Herald

IT providers must navigate AI, cyber security, efficiency and economic fluctuations – Channel EYE

Hotel Wi-Fi: A Hotspot for Cyber Threats - Security Boulevard

How Startups Can Bolster Defences as Cyber Threats Loom in Cloud Era | HackerNoon

Cyber: Understanding the threats to national security – Defence Talks: Securing UK Advantage (geostrategy.org.uk)

Staying Safe on the Go: Insider Risk and Travel Security Tips - Security Boulevard

US military project aims to prevent hackers targeting satellites and recognizes rising threat of cyber attacks in space | Space

CISA broke into US federal agency, wasn't spotted for months • The Register

UK Retailers Most Concerned About Cyber, Data Security Risks, Study Finds | ESM Magazine

Improving cyber resilience of frontline forces in Europe - GOV.UK (www.gov.uk)

Defending OT Requires Agility, Proactive Controls (darkreading.com)

MSP security confidence remains high despite facing a torrent of cyber threats | ITPro

Paris 2024 Olympics to face complex cyber threats - Help Net Security

Automated Threats Pose Increasing Risk to the Travel Industry (thehackernews.com)

Vulnerability Management

Hackers use PoC exploits in attacks 22 minutes after release (bleepingcomputer.com)

ZDI shames Microsoft for coordinated vuln disclosure snafu • The Register

Microsoft is changing how it delivers Windows updates: 4 things you need to know | ZDNET

Firms skip security reviews of updates about half the time • The Register

Vulnerabilities

CrowdStrike code update bricking PCs around the world • The Register

Critical Exim bug bypasses security filters on 1.5 million mail servers (bleepingcomputer.com)

Year-Old Veeam Vulnerability Exploited in Fresh Ransomware Attacks - Security Week

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln (darkreading.com)

Microsoft Issues Update Warning For All Outlook Users As ‘Dangerous’ New Threat Confirmed (forbes.com)

APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer - Security Week

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (thehackernews.com)

Attacks Exploiting Internet Explorer Persist | MSSP Alert

Chrome 126 Updates Patch High-Severity Vulnerabilities - Security Week

Oracle Patches 240 Vulnerabilities With July 2024 CPU - Security Week

A critical flaw in Cisco SSM On-Prem allows attackers to change any user's password (securityaffairs.com)

Recent Adobe Commerce Vulnerability Exploited in Wild - Security Week

Cyber Security teams advised to look out for critical Adobe, Cisco bugs | SC Media (scmagazine.com)

20 Million Trusted Domains Vulnerable to Email Hosting Exploits (darkreading.com)

Cisco Releases Security Updates for Multiple Products | CISA

Netgear warns users to patch auth bypass, XSS router flaws (bleepingcomputer.com)

Void Banshee APT exploited "lingering Windows relic" in zero-day attacks - Help Net Security

CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (bleepingcomputer.com)

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin

Black Arrow Cyber Threat Briefing 19 July 2024

Top Cyber Stories of the Last Week

Crowdstrike: Software Update Triggered Worldwide Microsoft IT Outages

Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months

Cyber Criminals Exploit AI for Near-Perfect Phishing Emails

Hotel Wi-Fi: A Hotspot for Cyber Threats

Cyber Security Can Be a Business Enabler

Navigating Insider Risks: Are your Employees Enabling External Threats?

How Tabletop Exercises Can Sharpen Incident Response from Chaos to Calm

Gap Found Between Data Security Perceptions and Breach Reality

Why Top Leadership Must Foster a Security-Conscious Culture

Hackers Use PoC Exploits in Attacks 22 Minutes After Release

There's No Margin for Error in Cyber Security

UK to Introduce Watered-Down Version of Mandatory Reporting for Ransomware Attacks

CISOs Must Shift from Tactical Defence to Strategic Leadership

One-Third of Dev Professionals Unfamiliar with Secure Coding Practices

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda