Black Arrow Cyber Threat Briefing 21 June 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Hackers Switch Focus to Cloud Apps for Data Theft, as Cloud Services Increasingly Seen as Huge Soft Target by Attackers
A recent report by Google’s Mandiant reveals that the Scattered Spider gang, also known as UNC3944, has escalated its tactics to target software-as-a-service (SaaS) applications and cloud infrastructure, focusing on data theft for extortion without using ransomware. They exploit genuine tools and permissions, then create new virtual machines and exfiltrate data to other cloud platforms they have under their control. Additionally, other reports this week highlight a rise in the exploitation of legitimate cloud services, with over half of all malware in March 2024 delivered via these services. Notably, 59% of cloud-based malware originated from 235 distinct apps. Sophisticated attacks, such as North Korea’s targeting of South Korean security professionals, underscore the urgent need for enhanced cloud security measures and a proactive defence strategy.
The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe, 1 in 10 Email-Based Attacks are Now Business Email Compromise
Recent reports highlight a significant shift in phishing tactics due to advancements in generative AI (GenAI). Historically, phishing relied on high-volume, low-effort strategies, but improved security measures have led to more sophisticated, targeted attacks such as Business Email Compromise (BEC). The advent of GenAI tools like ChatGPT has drastically reduced the time and effort required to craft convincing phishing emails, resulting in a 21% increase in BEC attempts from Q2 2022 to Q2 2023. BEC now accounts for 10.6% of social engineering attacks, up from 8% in 2022. Conversation hijacking has surged by 70% since 2022, despite its complexity.
Analysis of 69 million attacks on 4.5 million mailboxes highlights new tactics, such as using QR codes and URL shorteners, which evade traditional email filters. Gmail was the most exploited webmail service, used in 22% of social engineering attacks.
Furthermore, image-based phishing attacks, which evade natural language processing defences, have surged by 175% over the past year, illustrating the growing global threat posed by AI-enhanced phishing.
Regulatory Changes Are on the Horizon. Are Companies Ready?
A recent report highlights the increasing complexity of cyber security compliance across Europe, America, and Asia. European organisations face over 100 pieces of legislation, creating significant challenges in determining applicable laws, especially those with extraterritorial effects. This emphasises the importance of bespoke internal management and governance programmes tailored to specific business risks and data handling practices. The upcoming NIS 2 Directive in the EU is expected to further impact compliance requirements, as DORA will for financial services firms operating within the EU or those outside the EU providing critical services to EU organisations. Additionally, robust incident response plans and ensuring third-party compliance are crucial for effective cyber security management.
How Hackers Can Crack Your Password in an Hour
A recent analysis of 193 million leaked passwords by Kaspersky revealed alarming security weaknesses. 59% of these passwords could be cracked in under an hour using modern GPUs and advanced algorithms. The study found that 45% of passwords were vulnerable to cracking within a minute, highlighting the risks of predictable patterns and common phrases. Despite the increased threat, many users continue to use easily guessable passwords. To mitigate these risks, it is recommended to use strong, unique passwords, employ a password manager, and enable two-factor authentication (2FA) where possible.
US Bans Kaspersky Software, Citing National Security Risks
A recent announcement by the US Department of Commerce's Bureau of Industry and Security (BIS) has imposed a ban on Kaspersky Lab's US subsidiary from selling its security software due to national security risks. The ban, effective from July 20, stems from concerns over Kaspersky’s ties to the Russian government, which could potentially exploit the software for espionage and data theft. Existing customers have until September 29 to find alternatives. This decision follows previous restrictions, with Kaspersky added to the Federal Communications Commission's (FCC) "Covered List" and similar actions by Germany and Canada.
Quarter of Firms Suffer an API-Related Breach
A recent State of Application Programming Interfaces (API) Security Report by Salt Security reveals that nearly a quarter (23%) of organisations experienced breaches via production APIs last year. An API can be thought of as a set of rules and tools that allow different software applications to communicate with each other and exchange data.
The report, based on a survey of 250 respondents globally, found that 95% had encountered API security issues, including vulnerabilities (37%) and sensitive data exposure (38%). Despite a 167% increase in API counts, only 8% of companies consider their API security strategy to be advanced, and 37% lack a strategy entirely. Furthermore, just 58% have processes to discover all APIs, even though 46% discuss API security at the C-level. This highlights the urgent need for sophisticated API security measures.
More than 70% of Companies Increased Spending on Proactive Security
A recent study reveals that over 70% of organisations are boosting their spending on proactive security solutions, prioritising attack surface management and risk-based vulnerability management. Key investments focus on enhanced attack surface visibility (65%), security control optimisation (60%), and improved manpower productivity (54%). The research highlights that 47% of organisations aim to reduce threats using proactive security within the next 12 to 24 months, while 48% anticipate disruption from these new solutions. Confidence remains high in firewalls and routers, with only 6% of financial institutions proactively assessing firewalls and 4% assessing routers.
The Resurgence of Major Data Breaches?
A recent surge in data breaches has seen millions of records exposed and shared on dark web forums, predominantly driven by the hacker group ShinyHunters. This resurgence mirrors the "golden age" of data breaches from 2019 to 2021, where ShinyHunters notoriously targeted companies like Tokopedia and Microsoft’s GitHub. Recent breaches include a massive attack on Santander Bank, affecting 30 million customers, and Ticketmaster, compromising 560 million customer records. Organisations need to take appropriate steps to prevent breaches from happening in the first place, and ensure they have plans in place for what to do when something goes wrong.
Is Cyber Becoming a Primary Domain of Warfare?
A recent analysis by Cyberint reveals that cyber operations in conflicts such as the Ukraine-Russia and Israel-Hamas wars now focus on critical infrastructure and supply chains, with wiper malware frequently used to disrupt organisations. Hacktivists, equipped with new tools and greater capabilities, pose a significant threat, blurring lines between nation-state actors and cyber criminals. This overlap complicates attack attribution and motive understanding. Cyber operations, even when unsuccessful, can have profound psychological impacts on public safety. Enhanced targeting of essential services highlights the urgent need for robust defence strategies in modern cyber warfare.
Cyber Threats Present Ever Greater Risks to International Peace and Security: UK Statement at UN Security Council
A recent statement by the UK at the UN Security Council highlights three critical trends in cyber threats impacting international peace and security.
Firstly, ransomware attacks disrupt government functions and public services, necessitating an international response for resilience. The UK, co-chairing the Counter Ransomware Initiative with Singapore, urges global participation.
Secondly, the rise of AI systems poses new cyber security challenges, with the UK advocating secure AI design having published "Guidelines for Secure AI System Development" with international partners.
Thirdly, the market for advanced cyber intrusion capabilities is growing, increasing threat unpredictability. The UK and France invite collaboration through the Pall Mall Process to address this concern. The UK also calls for stricter enforcement of North Korea sanctions due to their use of cyber activities to fund illegal weapons programmes.
Cyber Security and AI at Top of Risk List for UK Trustees
A recent report by LCP reveals that cyber threats and artificial intelligence (AI) are the top concerns for UK pension trustees, with 23% identifying these as their primary worry. Over half of the respondents (61%) rated their concern about cyber risks as seven or higher on a scale of one to ten. Trustees from larger schemes felt marginally more prepared for cyber risks than those from smaller schemes.
Qilin: We Knew Our Synnovis Attack Would Cause a Healthcare Crisis at London Hospitals
A recent cyber attack by the ransomware gang Qilin has caused a healthcare crisis in London, targeting Synnovis, a partnership between Synlab and two NHS Trusts. The gang confirmed the attack was politically motivated, aiming to disrupt healthcare services. Qilin demanded a $50 million ransom, claiming to have stolen over one terabyte of data. The attack has led to the cancellation of more than 1,500 operations and appointments, significantly impacting patient care. Despite expressing token sympathy for the affected patients, Qilin remains unrepentant. The incident highlights the need for robust cyber security measures in critical infrastructure sectors.
Ransomware Attacks Are Getting Worse
A recent report highlights the escalating crisis of ransomware targeting schools, hospitals, and critical infrastructure, with over 1,200 data breaches reported by the UK Information Commissioner’s Office in 2023, a 25% increase from the previous year. The healthcare sector is notably affected, following a $44 million payout by Change Healthcare in March. 75% of organisations faced ransomware attacks, and 84% encountered phishing attempts, yet only 31% conducted a cyber security risk assessment. With the average cost of a breach at £3.4 million, the report underscores the urgent need for robust cyber security measures, including regular software updates, strong password policies, insider threat management, incident response plans, and multi-factor authentication. Increasing levels of regulation are coming in across Europe, US and Asia to try to enforce more resilience to these types of attacks.
Sources
https://www.infosecurity-magazine.com/blogs/threat-targeting-cloud-services/
https://www.govinfosecurity.com/regulatory-changes-are-on-horizon-are-companies-ready-a-25507
https://www.kaspersky.co.uk/blog/password-can-be-hacked-in-one-hour/27738/
https://thehackernews.com/2024/06/us-bans-kaspersky-software-citing.html
https://www.infosecurity-magazine.com/news/quarter-firms-suffer-api-related/
https://securityboulevard.com/2024/06/the-resurgence-of-major-data-breaches/
https://www.inforisktoday.com/cyber-becoming-primary-domain-warfare-a-25521
https://www.europeanpensions.net/ep/Cyber-threats-take-top-spot-in-UK-trustee-risk-list.php
https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/
https://www.wired.com/story/security-news-this-week-ransomware-attacks-are-getting-worse/
https://channeleye.co.uk/data-breaches-brought-on-by-ransomware-escalate/
Governance, Risk and Compliance
Cyber security and AI at top of risk list for trustees, LCP says (professionalpensions.com)
Regulatory Changes Are on the Horizon. Are Companies Ready? (govinfosecurity.com)
More than 70% of companies increased spending on proactive security | Security Magazine
Regulators urged to promote cyber security investment - Risk.net
The Perilous Role of the CISO: Navigating Modern Minefields - SecurityWeek
Cyber security Deserves the Proverbial Seat at the Table (govinfosecurity.com)
Pressure mounts on CISOs as SEC bares teeth with legal action - Help Net Security
Why Regulated Industries are Turning to Military-Grade Cyber Defenses (thehackernews.com)
Cyber Security Burnout Crisis: Burnout in Next 12 Months (thehrdirector.com)
9 ways CSOs lose their jobs | CSO Online
Why Resilience Is More Than Just Cyber Security (inforisktoday.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
How Cyber Security Can Steer Organisations Toward Sustainability (darkreading.com)
Your firm's reputation depends on strong data security. Don't undervalue it - spectator.sme.sk
Why Your Business Needs To Level Up Its Defence Life Cycle Management (forbes.com)
The High Cost of Downtime and How to Reduce It | MSSP Alert
Is it time to split the CISO role? | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Scattered Spider hackers switch focus to cloud apps for data theft (bleepingcomputer.com)
Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica
Ransomware Attacks Are Getting Worse | WIRED
Notorious cyber gang UNC3944 attacks vSphere and Azure • The Register
Why ransomware is still important to business resilience - IT Security Guru
UK Man Suspected of Being 'Scattered Spider' Leader Arrested - Security Week
Ransomware resurgence gives small businesses cause for concern | TechFinitive
The Financial Dynamics Behind Ransomware Attacks (securityaffairs.com)
Data breaches brought on by ransomware escalate. – Channel EYE
LockBit Ransomware Again Most Active - Real Attack Surge or Smokescreen? - Security Week
Ransomware attacks skyrocket, with LockBit 3.0 at the forefront - Exponential-e Blog
New ransomware over browser threat targets uploaded files (securityintelligence.com)
CISA warns of Windows bug exploited in ransomware attacks (bleepingcomputer.com)
Zero-Day Exploits and Ransomware Trends for 2024 (govinfosecurity.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Qilin Ransomware: What You Need To Know | Tripwire
Linux version of RansomHub ransomware targets VMware ESXi VMs (bleepingcomputer.com)
Ransomware Victims
London Hospitals Knew of Cyber Vulnerabilities Years Before Hack (claimsjournal.com)
More than 100,000 patients ‘likely’ impacted by NHS cyber attack (holyrood.com)
Cyber criminals publish data from attack on NHS | UKAuthority
Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyber Attack - Security Week
512,000 radiology patient records accessed in cyber attack • The Register
Tally of victims reaches 100,000 in NHS cyber attack (thetimes.com)
Hackers demand $50M ransom payment from UK lab provider following hospital disruption - SiliconANGLE
Qilin has ‘no regrets’ over the healthcare crisis it caused • The Register
Don't blame us for people suffering - London hospital hackers - BBC News
Borders: NHS board warns patients over stolen personal details | The National
Cyber attack on a UK staffing company: a 'war story' - Osborne Clarke | Osborne Clarke
Hospital cyber attack turns deadly as drugs given to wrong patients - Washington Times
British Library to renew entire IT system as it reveals £1.6m cyber attack loss (civilsociety.co.uk)
Panera Bread likely paid a ransom in March ransomware attack (bleepingcomputer.com)
NHS boss says Scottish trust didn't meet attackers' demands • The Register
Cyber attack shuts down Israeli pharma company's distribution | Ctech (calcalistech.com)
Phishing & Email Based Attacks
Nigerian national faces prison for $1.5M phishing scam • The Register
Email threats are becoming more dangerous than ever — so keep an eye on your inbox | TechRadar
Worldwide 2023 Email Phishing Statistics and Examples | Trend Micro (US)
Your company needs a BEC policy and five other email security trends (betanews.com)
Malicious emails trick consumers into false election contributions - Help Net Security
Convicted BEC scammer could face over 100 years in prison (bitdefender.com)
Security bug allows anyone to spoof Microsoft employee emails | TechCrunch
Why You Shouldn't Unsubscribe From Spam Emails | HackerNoon
Cyber Criminals Target Trump Supporters with Donation Scams - Security Boulevard
Latest Cyber Insurance Policy Takes Aim at Phishing Attacks (inforisktoday.com)
BEC
Your company needs a BEC policy and five other email security trends (betanews.com)
Convicted BEC scammer could face over 100 years in prison (bitdefender.com)
Other Social Engineering
Notorious cyber gang UNC3944 attacks vSphere and Azure • The Register
Malware peddlers love this one social engineering trick! - Help Net Security
Fake Google Chrome errors trick you into running malicious PowerShell scripts (bleepingcomputer.com)
Explained: Android overlays and how they are used to trick people | Malwarebytes
Cyber Criminals Target Trump Supporters with Donation Scams - Security Boulevard
Artificial Intelligence
'Sleepy Pickle' Exploit Subtly Poisons ML Models (darkreading.com)
Criminals, too, see productivity gains from AI | CSO Online
AI’s impact on data privacy remains unclear - Help Net Security
Can governments turn AI safety talk into action? | ZDNET
How to bypass ChatGPT restrictions (androidpolice.com)
Apple Intelligence Could Introduce Device Security Risks (darkreading.com)
How big is the AI threat to the cyber security of tech companies? | TechRadar
NIS2 Directive: Stronger EU Cyber Security in the AI era | News | GRC World Forums
Hallucinated Packages, Malicious AI Models, and Insecure AI-Generated Code - Security Boulevard
Microsoft's Recall changes might be too little, too late | TechTarget
Meta Pauses AI Training on EU User Data Amid Privacy Concerns (thehackernews.com)
CISA leads first tabletop exercise for AI cyber security | CyberScoop
How AI lies, cheats, and grovels to succeed - and what we need to do about it | ZDNET
2FA/MFA
The absence of multi factor authentication led to the Medibank hack, regulator alleges - ABC News
Medibank breach: Security failures revealed (lack of MFA among them) - Help Net Security
Scathing report on Medibank cyber attack highlights unenforced MFA (bleepingcomputer.com)
'ONNX' MFA Bypass Targets Microsoft 365 Accounts (darkreading.com)
Malware
Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor (thehackernews.com)
The art of concealment: how hackers hide malware | Cybernews
New Malware Targets Exposed Docker APIs for Cryptocurrency Mining (thehackernews.com)
New ransomware over browser threat targets uploaded files (securityintelligence.com)
Clever macOS malware delivery campaign targets cryptocurrency users - Help Net Security
NiceRAT Malware Targets South Korean Users via Cracked Software (thehackernews.com)
Mobile
Explained: Android overlays and how they are used to trick people | Malwarebytes
Internet of Things – IoT
IoT password ban a start, but admins can’t afford to wait for regulators | TechRadar
Data Breaches/Leaks
Hackers Demand as Much as $5 Million From Snowflake Clients | Company Business News (livemint.com)
Cyber criminals publish data from attack on NHS | UKAuthority
Scathing report on Medibank cyber attack highlights unenforced MFA (bleepingcomputer.com)
The Resurgence of Major Data Breaches? - Security Boulevard
Insurance giant Globe Life investigating web portal breach (bleepingcomputer.com)
Truist Bank confirms breach after stolen data shows up on hacking forum (bleepingcomputer.com)
More than 100,000 patients ‘likely’ impacted by NHS cyber attack (holyrood.com)
Total Fitness database exposed 474k member and staff images • The Register
Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED
Dark-web kingpin puts 'stolen' internal AMD data up for sale • The Register
AMD Investigates Possible Breach Amid Hacker’s Sale of Company Data (pcmag.com)
Optus cyber attack could have been prevented four years prior, says telecoms watchdog - ABC News
T-Mobile denies it was hacked, links leaked data to vendor breach (bleepingcomputer.com)
Threat Actor Claims AMD and Apple Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyber Attack - Security Week
512,000 radiology patient records accessed in cyber attack • The Register
Coding error in forgotten API blamed for massive data breach • The Register
Panera Notifies Employees of Compromised Data (darkreading.com)
Cyber Attack Exposes Freelancer Personal Data - Freelance Informer
Hackers Derail Amtrak Guest Rewards Accounts in Breach (darkreading.com)
Organised Crime & Criminal Actors
UK Man Suspected of Being 'Scattered Spider' Leader Arrested - Security Week
Are We Turning the Corner in the Fight Against Cyber Crime? It’s Complicated. - Security Boulevard
Convicted BEC scammer could face over 100 years in prison (bitdefender.com)
Microsoft hacker avoids jail over multiple cyber attacks - BBC News
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
New Malware Targets Exposed Docker APIs for Cryptocurrency Mining (thehackernews.com)
Clever macOS malware delivery campaign targets cryptocurrency users - Help Net Security
"Researchers" exploit Kraken exchange bug, steal $3 million in crypto (bleepingcomputer.com)
Insider Risk and Insider Threats
The Rise of the Outside Insider Threat | AFCEA International
Former IT employee gets 2.5 years for wiping 180 virtual servers (bleepingcomputer.com)
10 Ways Employees Are Sabotaging Your Cyber Security Stance (informationweek.com)
Want To Stop Cyber Attacks? Start With The Human Edge (forbes.com)
Insurance
Latest Cyber Insurance Policy Takes Aim at Phishing Attacks (inforisktoday.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Supply Chain and Third Parties
Hackers Demand as Much as $5 Million From Snowflake Clients | Company Business News (livemint.com)
Hackers demand $50M ransom payment from UK lab provider following hospital disruption - SiliconANGLE
London Hospitals Knew of Cyber Vulnerabilities Years Before Hack (claimsjournal.com)
Cyber attacks on London's hospitals affect 800 planned operations - BBC News
Tally of victims reaches 100,000 in NHS cyber attack (thetimes.com)
Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED
T-Mobile denies it was hacked, links leaked data to vendor breach (bleepingcomputer.com)
Cloud/SaaS
Scattered Spider hackers switch focus to cloud apps for data theft (bleepingcomputer.com)
Hackers Demand as Much as $5 Million From Snowflake Clients | Company Business News (livemint.com)
Notorious cyber gang UNC3944 attacks vSphere and Azure • The Register
Microsoft admits no guarantee of sovereignty for UK policing data | Computer Weekly
The rise of SaaS security teams - Help Net Security
The Annual SaaS Security Report: 2025 CISO Plans and Priorities (thehackernews.com)
Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED
'ONNX' MFA Bypass Targets Microsoft 365 Accounts (darkreading.com)
The NCSC’s Take on SaaS - Adaptive Shield (adaptive-shield.com)
Encryption
Stop playing games with online security, Signal president warns EU lawmakers | TechCrunch
Signal, MEPs urge EU Council to drop encryption-eroding law • The Register
Linux and Open Source
New Linux malware is controlled through emojis sent from Discord (bleepingcomputer.com)
New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (bleepingcomputer.com)
Linux version of RansomHub ransomware targets VMware ESXi VMs (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
What is a password spraying attack? | Proton
Scathing report on Medibank cyber attack highlights unenforced MFA (bleepingcomputer.com)
Hackers can crack 59% of passwords in an hour | Kaspersky official blog
Criminals are Easily Bypassing Passkeys – How Organisations Can Stay Safe - Security Boulevard
Social Media
Why Trading Privacy for 'Free' Web Services Must End (darkreading.com)
4 ways oversharing on social media puts your privacy at risk | TechRadar
New Linux malware is controlled through emojis sent from Discord (bleepingcomputer.com)
US surgeon general wants social media warning labels - BBC News
Meta Pauses AI Training on EU User Data Amid Privacy Concerns (thehackernews.com)
Malvertising
Google Chrome Will Track You For The Next 200 Days—Then It May Get Worse (forbes.com)
Training, Education and Awareness
Want To Stop Cyber Attacks? Start With The Human Edge (forbes.com)
Regulations, Fines and Legislation
Regulatory Changes Are on the Horizon. Are Companies Ready? (govinfosecurity.com)
Regulators urged to promote cyber security investment - Risk.net
UK organisations are confident they will meet the NIS 2 compliance timeline | The Independent
Pressure mounts on CISOs as SEC bares teeth with legal action - Help Net Security
Why Regulated Industries are Turning to Military-Grade Cyber Defences (thehackernews.com)
Can governments turn AI safety talk into action? | ZDNET
NIS2 Directive: Stronger EU Cyber Security in the AI era | News | GRC World Forums
The absence of multi factor authentication led to the Medibank hack, regulator alleges - ABC News
Signal, MEPs urge EU Council to drop encryption-eroding law • The Register
SEC cyber security filings on the rise as new reporting rules bite | ITPro
Models, Frameworks and Standards
Why NIS2 is set to become a ‘cornerstone’ of cyber security (siliconrepublic.com)
Careers, Working in Cyber and Information Security
Most cyber security pros took time off due to mental health issues - Help Net Security
The Perilous Role of the CISO: Navigating Modern Minefields - Security Week
Navigating the Cyber Security Hiring Trenches: Challenges, Realities, and Paths Forward | HackerNoon
To Address Burnout, Cyber Security Must Learn to Tolerate Failure (informationweek.com)
Cyber security burnout is costing US enterprises over $620 million a year (techinformed.com)
Effectively upskilling cyber security professionals to help close the skills gap | CSO Online
Cyber Security Burnout Crisis: Burnout in Next 12 Months (thehrdirector.com)
9 ways CSOs lose their jobs | CSO Online
Making the Move From Tech Expert to Cyber Security Leader (inforisktoday.com)
Is it time to split the CISO role? | CSO Online
ISC2/CIISec Tips on Recruitment, Retention in Cyber Security (govinfosecurity.com)
Law Enforcement Action and Take Downs
Nigerian national faces prison for $1.5M phishing scam • The Register
Former IT employee gets 2.5 years for wiping 180 virtual servers (bleepingcomputer.com)
UK Man Suspected of Being 'Scattered Spider' Leader Arrested - Security Week
Suspected dark-web Empire Market admins charged in the US • The Register
Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing - Security Week
Convicted BEC scammer could face over 100 years in prison (bitdefender.com)
Rogue IT director pleads guilty to $2.1M scam charges • The Register
Sellafield pleads guilty to criminal charges over cyber security failings (yahoo.com)
Microsoft hacker avoids jail over multiple cyber attacks - BBC News
Misinformation, Disinformation and Propaganda
Addressing Misinformation in Critical Infrastructure Security (darkreading.com)
ISIS Created Fake CNN and Al Jazeera Broadcasts | WIRED
US election official: ‘Whack-a-mole’ strategies less effective to combat disinfo | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Is Cyber Becoming a Primary Domain of Warfare? (inforisktoday.com)
Nation State Actors
China
Chinese Threats Aim for Government Sector - Security Boulevard
British army delays King Charles cap badges over China spying fears (ft.com)
Bug Bounty Programs, Hacking Contests Power China's Cyber Offense (darkreading.com)
China's 'Velvet Ant' APT Nests Inside Multiyear Espionage Effort (darkreading.com)
China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices (thehackernews.com)
Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021 (thehackernews.com)
Russia
ICC probes cyber attacks in Ukraine as possible war crimes, sources say | Reuters
US Bans Kaspersky Software, Citing National Security Risks (thehackernews.com)
The Rise of the Outside Insider Threat | AFCEA International
France wants to remind you of Russia’s threat to democracy • The Register
Poland points to Russian hackers in disruption of Euro 2024 broadcast (therecord.media)
Sweden says Russia is interfering with Nordic satellites • The Register
USA and G7 to increase cyber security of their energy sector / The New Voice of Ukraine (nv.ua)
Russians report some outages on bank apps after cyber attack, says Kommersant daily (yahoo.com)
Iran
Germany Warns of Growing Espionage, Cyber Threats from Iran | Iran International (iranintl.com)
North Korea
NiceRAT Malware Targets South Korean Users via Cracked Software (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
ISIS Created Fake CNN and Al Jazeera Broadcasts | WIRED
Hamas Hackers Sling Stealthy Spyware Across Egypt, Palestine (darkreading.com)
Tools and Controls
More than 70% of companies increased spending on proactive security | Security Magazine
Get your legal ducks in a row to contain a crisis - Katy MacAskill (scotsman.com)
The importance of collaborating AI with human expertise (securitybrief.co.nz)
Edge Devices: The New Frontier for Mass Exploitation Attacks - Security Week
Your company needs a BEC policy and five other email security trends (betanews.com)
The rise of SaaS security teams - Help Net Security
The Software Licensing Disease Infecting Our Nation's Cyber Security (darkreading.com)
Massachusetts 911 Outage Caused by Errant Firewall - Security Week
How Cyber Security Can Steer Organisations Toward Sustainability (darkreading.com)
How A Cyber Security Audit Can Identify Risk of Compromise | HealthLeaders Media
Defending your ever-changing attack surface - IT Security Guru
US, Allies Publish Guidance on Securing Network Access - Security Week
Want To Stop Cyber Attacks? Start With The Human Edge (forbes.com)
Microsoft 365's Security Gaps: Logging and Beyond (govinfosecurity.com)
From Reactive to Proactive Threat Hunting - GovInfoSecurity
Cyber Security Practices For Remote Working - TechRound
Tabletop exercises are headed to the next frontier: Space (talosintelligence.com)
What Will the Next-Gen of Security Tools Look Like? | HackerNoon
The NCSC’s Take on SaaS - Adaptive Shield (adaptive-shield.com)
Reports Published in the Last Week
Report urges extending scope of cyber security measures | UKAuthority
240528_McPartland_Review.pdf (stephen-mcpartland.com)
National Cyber Resilience Advisory Board (NCRAB) minutes: March 2024 - gov.scot (www.gov.scot)
The Annual SaaS Security Report: 2025 CISO Plans and Priorities (thehackernews.com)
Other News
The importance of collaborating AI with human expertise (securitybrief.co.nz)
Report urges extending scope of cyber security measures | UKAuthority
What is the current state of Security Culture in Europe? | TechRadar
Cyber attack shuts down Israeli pharma company's distribution | Ctech (calcalistech.com)
Sellafield pleads guilty to criminal charges over cyber security failings (yahoo.com)
How resilient is UK Critical National Infrastructure to cyber attack? - Committees - UK Parliament
Microsoft 365's Security Gaps: Logging and Beyond (govinfosecurity.com)
Massachusetts 911 Outage Caused by Errant Firewall - Security Week
Microsoft 'accepts responsibility' for cyber security failures, top exec says (qz.com)
What Does the Future of Cyber Security in Space Look Like? (govtech.com)
Space: The Final Frontier for Cyber Attacks (darkreading.com)
A new fear for CSOs: The sky is falling | CSO Online
The Software Licensing Disease Infecting Our Nation's Cyber Security (darkreading.com)
Cyber Security Challenges For UK Private Bankers - TechRound
New maritime cyber security body launches - Port Technology International
Vietnam's internet again in trouble as 3/5 sub cables cut • The Register
Cyber Attack Hits Software Provider for Car Dealers Across the US (claimsjournal.com)
Improving OT cyber security remains a work in progress - Help Net Security
Vulnerability Management
The Ultimate Guide to Troubleshooting Vulnerability Scan Failures - Security Boulevard
Zero-Day Exploits and Ransomware Trends for 2024 (govinfosecurity.com)
Vulnerabilities
Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica
New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now (forbes.com)
Arm Memory Tag Extensions broken by speculative execution • The Register
VMware by Broadcom warns of critical vCenter flaws • The Register
Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft (darkreading.com)
CISA warns of Windows bug exploited in ransomware attacks (bleepingcomputer.com)
Security Researchers Expose Critical Flaw in Ivanti Software (databreachtoday.co.uk)
New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (bleepingcomputer.com)
Dark-web kingpin puts 'stolen' internal AMD data up for sale • The Register
AMD Investigates Possible Breach Amid Hacker’s Sale of Company Data (pcmag.com)
Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition - Security Week
Fortinet, Ivanti zero-day victims face evolved persistence by the espionage actor | CSO Online
SolarWinds Serv-U path traversal flaw actively exploited in attacks (bleepingcomputer.com)
Atlassian fixed six high-severity bugs in Confluence (securityaffairs.com)
ASUS fixed critical remote authentication bypass bug in several routers (securityaffairs.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.