Black Arrow Cyber Threat Intelligence Briefing 22 November 2024

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Security Dominates Concerns Among the C-Suite, Small Businesses and the Nation

Cyber security is now the top concern for organisations globally, with the 2024 Allianz Risk Barometer naming cyber events as the number one business risk. Gartner forecasts a 15% increase in information security spending by 2025, reaching $212 billion. Small businesses are also vulnerable, with 60% ranking cyber security risks as major concerns. Generative AI introduces new threats, and Gartner predicts that by 2027, 17% of cyber attacks and data leaks will involve generative AI.

Cyber Criminals Don’t Take Holidays Warns Expert

Semperis has found that cyber attacks during holidays and weekends pose a significant risk to businesses because many are underprepared to handle incidents outside of standard working hours. These risks intensify when an organisation’s security capability is reduced on holidays and weekends. The report highlighted that identity-related attacks are a major concern, yet a quarter of respondents feel they lack the expertise to protect against them, and over 22% don't have an identity recovery plan in place.

The Urgent and Critical Need to Prioritise Mobile Security

Recent findings reveal that mobile security threats are a top concern for organisations. With over 55% of organisations increasing their mobile device users and more than 70% of employees using smartphones for work tasks, threats like mobile phishing and malware are intensifying. The report indicates that 82% of phishing websites are designed for mobile users, and 200 malicious apps on Google Play have been downloaded 8 million times. Despite this, many organisations face challenges in mitigating mobile risks due to device diversity and user control, highlighting a critical need for improved mobile security measures.

Companies Take Over Seven Months to Recover from Cyber Incidents

A new report reveals that organisations are underestimating recovery times from cyber incidents, with actual recovery averaging over seven months, 25% longer than anticipated. This gap widens to nearly 11 months for companies reducing cyber security investments. Despite efforts like implementing stronger security measures (43%) and offering additional employee training (41%), nearly half of organisations are rethinking how they use existing cyber security tools. The study also highlights a shift towards shared responsibility, with platform engineering teams and app developers increasingly held accountable alongside traditional roles like Chief Information Security Officers (CISOs) and CIOs.

Data is the New Uranium – Incredibly Powerful and Amazingly Dangerous

Recent insights from Chief Information Security Officers (CISOs) indicate that data-related risks are becoming a primary concern for organisations. The vast and dispersed nature of data storage has led many CISOs to feel that the cost of managing data now outweighs its value. There’s a growing perception that the business proposition of ‘big data’ is shifting from a net positive to a net negative. This underscores the urgent need for organisations to manage data carefully and to be fully aware of the risks and costs associated with potential breaches.

‘Scam Yourself’ Attacks Just Increased Over 600% - Here’s What to Look For

Gen, the company behind Norton and Avast, reports a 614% surge in ‘scam yourself’ cyber attacks in the third quarter compared to the second. These scams leverage social engineering to trick users into downloading malware themselves. Notably, over two million people worldwide were targeted by fake captcha scams in the past quarter. Despite increased vigilance, users remain vulnerable to fake updates, deceptive fixes, and counterfeit tutorials that often instruct them to disable antivirus software or input commands that compromise security.

60% of Emails with QR Codes Classified as Spam or Malicious

Cisco Talos has found that 60% of emails containing QR codes are classified as spam, with some being malicious and targeting users with phishing or credential theft. Despite representing only about one in 500 global emails, these QR code emails effectively bypass security filters. Attackers use deceptive methods like blending QR codes into attractive designs. The report emphasises the importance of ‘defanging’ QR codes to neutralise threats, and advises treating QR codes with the same caution as unknown URLs. Users should be vigilant when scanning QR codes and avoid entering credentials into unknown sites linked via QR codes.

Coalition Highlights 68% Surge in Ransomware Claims Severity, as Active Ransomware Groups Increase 56%

Coalition's latest report reveals a 68% surge in the severity of ransomware claims, with average losses escalating to $353,000. Searchlight Cyber has found a 56% increase in active ransomware groups in the first half of 2024, tracking 73 groups compared to 46 last year. This rise indicates that the fight against ransomware is far from over. The impact of ransomware has intensified, particularly affecting larger companies. Coalition also notes a rise in significant cyber risk aggregation events (which cause widespread loss to other organisations) disrupting a substantial proportion of healthcare firms and auto dealerships with revenues over $100 million. Business email compromise remains the most common cyber incident, increasing by 4% and constituting nearly one-third of all cyber insurance claims. Meanwhile, claims severity overall rose by 14%.

One Deepfake Digital Identity Attack Strikes Every Five Minutes

Entrust has reported that deepfake attacks are occurring every five minutes in 2024, posing a significant threat to digital identity verification systems. The report found that deepfakes account for 24% of fraudulent attempts to bypass motion-based biometric checks used by banks and service providers. In contrast, only 5% of these attacks target basic selfie-based authentication methods. The growing accessibility of generative AI technology is enabling fraudsters to circumvent advanced security measures. Entrust highlighted that organisations must proactively adapt their security strategies, as these evolving threats are pervasive across all sectors.

Supply Chain Attacks Up Over 400% Since 2021

Cowbell Insurance has found that supply chain attacks have surged by 431% since 2021. Large enterprises with over $50 million in revenue are 2.5 times more likely to face cyber incidents. Manufacturing is the most vulnerable sector due to its reliance on automation and exposure to intellectual property threats. Public administration and educational services also face elevated risks, with a 70% increase in attacks on educational institutions over the past year. The report identifies five risky technology categories: operating systems, content management tools, virtualisation technologies, server-side technologies, and business applications. No business is immune to cyber threats and the consequences can be devastating.

Rethinking Cyber Security from Cost Centre to Value Driver

A University of Maryland study found that cyber attacks occur every 39 seconds, amounting to 2,244 attacks daily. Cybersecurity Ventures predicts annual cyber damages will reach $10.5 trillion by 2025. Despite these alarming figures, many organisations treat cyber security as a minimal compliance exercise. Leadership must transform this approach by integrating cyber security into business strategy, fostering a culture of trust and resilience. By prioritising employee training and leveraging technologies like artificial intelligence, companies can enhance customer loyalty, avoid regulatory issues, and shift cyber security from a cost centre to a value driver.

Majority of UK Businesses Lack Readiness for Rising AI-Led Phishing Attacks, Reveals Survey

Vodafone Business has found that most UK businesses are unprepared for the rapid rise in AI-led phishing attacks, which have increased 60% globally over the past year. Despite over three quarters of business leaders expressing confidence in employees' ability to detect scams, only a third could identify fraudulent communications. The report highlighted that over half of UK businesses lack a response plan for AI-driven phishing, and younger employees are particularly susceptible, with nearly half aged 18 to 24 not updating passwords in over a year.

Sources:

https://securityintelligence.com/articles/cybersecurity-dominates-concerns-c-suite-small-businesses-nation/

https://www.emergingrisks.co.uk/cyber-criminals-dont-take-holidays-warns-expert/

https://www.securityweek.com/the-urgent-and-critical-need-to-prioritize-mobile-security/

https://www.infosecurity-magazine.com/news/companies-seven-months-recover/

https://www.theregister.com/2024/11/20/data_is_the_new_uranium/

https://www.zdnet.com/article/scam-yourself-attacks-just-increased-over-600-heres-what-to-look-for/

https://www.infosecurity-magazine.com/news/60-emails-qr-codes-spam-malicious/

https://www.reinsurancene.ws/coalition-highlights-68-surge-in-ransomware-claims-severity/

https://securityintelligence.com/news/research-finds-56-percent-increase-active-ransomware-groups/

https://www.infosecurity-magazine.com/news/deepfake-identity-attack-every/

https://betanews.com/2024/11/21/supply-chain-attacks-up-over-400-percent-since-2021/

https://www.forbes.com/councils/forbesfinancecouncil/2024/11/18/rethinking-cybersecurity-from-cost-center-to-value-driver/

https://www.techmonitor.ai/technology/cybersecurity/majority-of-uk-businesses-lack-readiness-for-rising-ai-led-phishing-attacks-finds-survey


Governance, Risk and Compliance

Cyber security dominates concerns among the C-suite, small businesses and the nation

Rethinking Cyber Security From Cost Center To Value Driver

Cyber Threats, Changes in Climate, and Business Interruption are Insurance Buyers’ and Sellers’ Top Risk Concerns, Says New Munich Re/Triple-I Survey | Business Wire

So, you don’t have a chief information security officer? 9 signs your company needs one | CSO Online

Cyber criminals don’t take holidays warns expert

Chris Inglis: Why cyber security success hinges on strategic choices, not just tech | SC Media

Data is the new uranium – both powerful and dangerous • The Register

FINMA Risk Monitor 2024: Principal risks for the financial sector and uncertainties due to geopolitical tensions | FINMA

Cyber Security is Everyone’s Responsibility - Security Boulevard

Overcoming the cyber paradox: Shrinking budgets – growing threats | Computer Weekly

Hackers Aren’t Cutting Back, Why is Your Security Budget?

Applying the Enterprise Risk Mindset to Navigate Cyber Security Threats - New Risk Mindset Series | Mayer Brown - JDSupra

Full recovery from breaches takes longer than expected - Help Net Security

Google report shows CISOs must embrace change to stay secure - Help Net Security

Soaring cyber risks: Large enterprises, supply chains and key industries in the crosshairs

Emerging Security Practices in Digital Finance: By Shiv Nanda

Poor cyber hygiene enabled nearly 30% of cyber attacks last quarter | StateScoop

Insights from Cohesity on cyber resilience as a technical team sport - SiliconANGLE

Interconnectivity and cyber risk: A double-edged sword - IT Security Guru

We Can Do Better Than Free Credit Monitoring After a Breach

Breaches Don't Have to Be Disasters

CISOs can now obtain professional liability insurance | CyberScoop

Experts warn businesses of escalating cyber security threats

CISOs Look to Establish Additional Leadership Roles - Security Boulevard


Threats

Ransomware, Extortion and Destructive Attacks

Armis: Triple Extortion Attacks Becoming More Common | SC Media UK

Research finds 56% increase in active ransomware groups

Ransomware gang Akira leaks unprecedented number of victims’ data in one day

Ransomware is doubling down—What you need to know about the recent surge - Security Boulevard

Akira Ransomware Racks Up 30+ Victims in a Single Day

Cloud ransomware threats rise, targeting S3 & Azure

FBI says BianLian based in Russia, moving from ransomware attacks to extortion

Ransomware Evolution: From Triple-Quadruple Extortion to RaaS - Security Boulevard

Coalition highlights 68% surge in ransomware claims severity - Reinsurance News

Ransomware Groups Use Cloud Services For Data Exfiltration - Infosecurity Magazine

Hibernation is Over? Akira Ransomware: Published Over 30 New Victims on their DLS – DataBreaches.Net

Ransomware attacks primarily caused by poor cyber hygiene | SC Media

Cyber insurers address ransom reimbursement policy concerns | TechTarget

Ransomware Gangs on Recruitment Drive for Pen Testers - Infosecurity Magazine

Trellix report reveals evolving ransomware ecosystem trends

Security Bite: Ransomware groups surge in Q3 2024, with shifting dominance - 9to5Mac

Ransomware Attacks On Healthcare Sector Surge In 2024

Linux Variant of Helldown Ransomware Targets VMware

Helldown ransomware exploits Zyxel VPN flaw to breach networks

Alleged Russian Phobos ransomware administrator extradited to U.S., in custody | CyberScoop

Threat Landscape: Corporate Japan Its Own Worst Enemy in the Ransomware War | Nippon.com

Ransomware Victims

How the British Library hack has caused havoc for UK research

SafePay ransomware gang claims attack on UK's Microlise • The Register

Ransomware Attack on Oklahoma Medical Center Impacts 133,000 - SecurityWeek

Aspen Healthcare Services Announces Data Breach Following Ransomware Attack | Console and Associates, P.C. - JDSupra

Change Healthcare’s clearing house restored after 9 months • The Register

Cyber attack dents Arnold Clark’s profits but group will face ‘no further action’ – Car Dealer Magazine

Phishing & Email Based Attacks

Phishing emails increasingly use SVG attachments to evade detection

Communication platforms play a major role in data breach risks

You're Not Imagining It: Phishing Attacks Are Rampant

Why email security is still so bad today - 9to5Mac

Why AI alone can't protect you from sophisticated email threats - Help Net Security

Phishing Decoded: How Cyber Criminals Target You And How To Fight Back

Majority of UK businesses lack readiness for rising AI-led phishing attacks, reveals survey

60% of Emails with QR Codes Classified as Spam or Malicious - Infosecurity Magazine

One in five DocuSign spoofs targeting businesses found to be impersonations of regulatory agencies | SC Media

What is a whaling attack (whaling phishing)? | Definition from TechTarget

Job termination scam warns staff of phony Employment Tribunal decision | CSO Online

'Scattered Spider' scammers charged in sophisticated, million-dollar phishing scheme | Mashable

Microsoft Takes Phishing-as-a-Service Platform to Court

Fake Donald Trump Assassination Story Used in Phishing Scam - Infosecurity Magazine

No, Microsoft doesn't have dirt on you, it's just a sextortion scam - Neowin

Microsoft 365 Admin portal abused to send sextortion emails

North Korean IT Worker Network Tied to BeaverTail Phishing Campaign - Infosecurity Magazine

New phishing scam targeting companies with fake gov’t requests: What FBI says to do

Other Social Engineering

60% of Emails with QR Codes Classified as Spam or Malicious - Infosecurity Magazine

NCSC Warns UK Shoppers Lost £11.5m Last Christmas - Infosecurity Magazine

6 Reasons Social Engineering Is More Successful in Holiday Seasons | Mimecast

'Scam yourself' attacks just increased over 600% - here's what to look for | ZDNET

Malicious QR codes sent in the mail deliver malware | Malwarebytes

UK consumers losing more than ever to holiday scams | Computer Weekly

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

Security Alert: Fake Accounts Threaten Black Friday Gaming Sales - Security Boulevard

‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise - Infosecurity Magazine

Meta cracks down on millions of accounts it tied to pig-butchering scams | CyberScoop

Watch Out for Malicious QR Codes Sent Through the Mail

Cyber security chief warns Black Friday shoppers to be alert to scams | The Standard

Don't Fall for This Fake Image Generator and Its Political AI Slop

No, Microsoft doesn't have dirt on you, it's just a sextortion scam - Neowin

Active network of North Korean IT front companies exposed - Help Net Security

You Can Prevent Smishing Scams With These Features and Tricks

Artificial Intelligence

AI fuels 244% surge in digital forgeries, says new study

97% of organisations hit by Gen AI-related security breaches, survey finds

One Deepfake Digital Identity Attack Hits Every Five Minutes - Infosecurity Magazine

Google Issues New Security Cloaking Warning As Attackers Use AI In Attacks

Majority of UK businesses lack readiness for rising AI-led phishing attacks, reveals survey

76% of Cyber security Professionals Believe AI Should Be Heavily Regulated, New Study by StrongDM Finds

Largest Companies View AI as a Risk Multiplier

Terrorists Exploit AI for Propaganda and Operations, Exposing Critical Gaps in Tech Safeguards - The Media Line

Don't Fall for This Fake Image Generator and Its Political AI Slop

Phishing on the Rise: CUJO AI Blocks Over 12,000 Attacks per Minute

The limits of AI-based deepfake detection - Help Net Security

Microsoft Data Security Index annual report highlights evolving generative AI security needs | Microsoft Security Blog

OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List - Infosecurity Magazine

Supply chain threats highlight security gaps in LLMs and AI | TechRadar

AI in Cyber Crime: Hackers Exploiting OpenAI - Security Boulevard

Fake AI video generators infect Windows, macOS with infostealers

AI About-Face: 'Mantis' Turns LLM Attackers Into Prey

Artificial intelligence, international security, and the risk of war

Did you play Pokémon Go? You didn't know it, but you were training AI to map the world | ZDNET

Malware

Phishing emails increasingly use SVG attachments to evade detection

Don’t Hold Down The Ctrl Key—New Warning As Cyber Attacks Confirmed

Malicious QR codes sent in the mail deliver malware | Malwarebytes

Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - SecurityWeek

‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise - Infosecurity Magazine

Watch Out for Malicious QR Codes Sent Through the Mail

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

Scammers resort to physical Swiss post to spread malware • The Register

Fake Bitwarden ads on Facebook push info-stealing Chrome extension

Don't Fall for This Fake Image Generator and Its Political AI Slop

Fake AI video generators infect Windows, macOS with infostealers

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

Botnet exploits GeoVision zero-day to install Mirai malware

Researchers unearth two previously unknown Linux backdoors - Help Net Security

Lumma Stealer Proliferation Fueled by Telegram Activity - Infosecurity Magazine

Black Lotus, Emotet, Beep, and Dark Pink, still the top malware threats of 2024 | SC Media

Microsoft accused of Malware-like Bing Wallpaper app - gHacks Tech News

Bots/Botnets

'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse

Dangerous global botnet fueling residential proxies is being hit in major crackdown | TechRadar

Botnet serving as ‘backbone’ of malicious proxy network taken offline  | CyberScoop

Mobile

The Urgent And Critical Need To Prioritize Mobile Security - SecurityWeek

No work phone? Companies tell staff to bring their own

Mobile UK on fraud ahead of Reeves' Mansion House speech

Google Issues New Security Cloaking Warning As Attackers Use AI In Attacks

Protect Your Phone From Juice Jacking: Public Charging Risks Explained

New Ghost Tap attack abuses NFC mobile payments to steal money

NSO Group used another WhatsApp zero-day after being sued, court docs say

LightSpy Spyware Operation Expands to Windows - SecurityWeek

It’s Time to Get Paranoid About Your Phone, Says This Security Expert | KQED

iOS 18 reboots iThings after 72 hours - secretly and smartly • The Register

This hacking tool can unlock an iPhone 16. Here's how it works | Digital Trends

You Can Prevent Smishing Scams With These Features and Tricks

Denial of Service/DoS/DDoS

DDoS Attack Growing Bigger & Dangerous, New Report Reveals

Internet of Things – IoT

Threat Actor Turns Thousands of IoT Devices Into Residential Proxies - SecurityWeek

'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse

Eken hit with $700K fine for putting an inactive address on FCC filings - The Verge

Data Breaches/Leaks

Ten Lessons Learned from The Mother of All Breaches Data Leak - Security Boulevard

97% of organisations hit by Gen AI-related security breaches, survey finds

Fintech giant Finastra confirms it's investigating a data breach | TechCrunch

Equinox discloses data breach involving health info of clients, staff | Reuters

T-Mobile confirms it was hacked in recent wave of telecom breaches

What is Data Egress? How It Works and How to Manage Costs | Definition from TechTarget

Threat actor sells data of +750,000 patients from a French hospital

US-UK Armed Forces Dating Service Exposes Over 1 Million Records Online

We Can Do Better Than Free Credit Monitoring After a Breach

Breaches Don't Have to Be Disasters

The Crucial Influence of Human Factors in Security Breaches - Security Boulevard

171K AnnieMac customers informed of data breach • The Register

Space tech giant Maxar confirms hacker accessed employees' personal data | TechCrunch

Ford 'actively investigating' breach claims • The Register

Ford rejects breach allegations, says customer data not impacted

Helpline for Yakuza victims fears it leaked personal info • The Register

Andrew Tate Hack: Online Course Data Breached

Organised Crime & Criminal Actors

Cyber criminals don’t take holidays warns expert

Microsoft killed 240 sites selling ONNX phishing kits

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cyber Crime Scheme

Threat Actor Turns Thousands of IoT Devices Into Residential Proxies - SecurityWeek

Zimbabwe police arrest 1,000 cyber criminals - Bulawayo24 News

Targeting the Cyber Crime Supply Chain - Microsoft On the Issues

US seizes PopeyeTools cyber crime marketplace, charges administrators

AI in Cyber Crime: Hackers Exploiting OpenAI - Security Boulevard

Russian women stepping up for cyber crime outfits | SC Media

UK supports Nigeria to tackle cyber threats

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Man Who Stole and Laundered Roughly $1B in Bitcoin Is Sentenced to 5 Years in Prison - SecurityWeek

Crypto Tool or Data Thief? How Meme-Token-Hunter-Bot and Its Clones Steal from macOS Users | HackerNoon

Now BlueSky hit with crypto scams as it crosses 20 million users

Insider Risk and Insider Threats

The Crucial Influence of Human Factors in Security Breaches - Security Boulevard

Insurance

Cyber Threats, Changes in Climate, and Business Interruption are Insurance Buyers’ and Sellers’ Top Risk Concerns, Says New Munich Re/Triple-I Survey | Business Wire

Coalition highlights 68% surge in ransomware claims severity - Reinsurance News

Cyber threats, climate change, and BI lead insurance concerns: Munich Re & Triple-I - Reinsurance News

Cyber insurers address ransom reimbursement policy concerns | TechTarget

Marsh launches cyber security compliance program | Insurance Business America

CISOs can now obtain professional liability insurance | CyberScoop

Supply Chain and Third Parties

Supply chain attacks up over 400 percent since 2021

Soaring cyber risks: Large enterprises, supply chains and key industries in the crosshairs

IT pros revise pipelines for software supply chain security | TechTarget

Gatwick Airport's Cyber Security Chief on Supply Chain Risks - Infosecurity Magazine

Cloud/SaaS

Cloud ransomware threats rise, targeting S3 & Azure

Cracking the Code: Tackling the Top 5 Cloud Security Challenges - Security Boulevard

Ransomware Groups Use Cloud Services For Data Exfiltration - Infosecurity Magazine

Outages

After the CrowdStrike disaster, Microsoft is improving Windows security to avoid outages

Identity and Access Management

One Deepfake Digital Identity Attack Hits Every Five Minutes - Infosecurity Magazine

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

The trouble with identity in an increasingly fake world | SC Media

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics - Security Boulevard

10 Most Impactful PAM Use Cases for Enhancing Organisational Security

Encryption

Now Online Safety Act is law, UK outlines 'priorities' • The Register

NIST Publishes Draft Strategy For Post-Quantum Cryptography Transition

Linux and Open Source

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Debunking myths about open-source security - Help Net Security

Open Cyber Security Schema Framework (OCSF) Joins the Linux Foundation to Optimize Critical Security Data

Linux Variant of Helldown Ransomware Targets VMware

Researchers unearth two previously unknown Linux backdoors - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

123456 is the world's most popular password – again | Tom's Guide

Research Highlights SHA256 Password Security Strengths and Risks - IT Security Guru

700,000 passengers suffered delays after password of engineer allowed to work remotely... - LBC

Navigating NIST’s updated password rotation guidelines | TechRadar

More than 200 major companies already support passkeys

Put your usernames and passwords in your will, Japan advises • The Register

Social Media

Ireland orders X, TikTok and Instagram to curb terrorist content | Ireland | The Guardian

Fake Bitwarden ads on Facebook push info-stealing Chrome extension

Meta cracks down on millions of accounts it tied to pig-butchering scams | CyberScoop

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

Canada Shuts Down TikTok Office Over National Security Risks

Now BlueSky hit with crypto scams as it crosses 20 million users

Malvertising

Fake Bitwarden ads on Facebook push info-stealing Chrome extension

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

How does malvertising work? | TechTarget

Training, Education and Awareness

Cyber Awareness Is a Joke: Here’s How to Actually Prepare for Attacks

New educational campaign "Flex Your Cyber" launched - IT Security Guru

KnowBe4 Releases 2024 Holiday Kit to Boost Cyber Resilience - IT Security Guru

Regulations, Fines and Legislation

Cyber Security Transparency Under Fire: Tech Firms Pay Big for Downplaying SolarWinds Breaches | Miller Nash LLP - JDSupra

The SEC Cyber Security Rule: Awareness Rises, Compliance Lags - Security Boulevard

76% of Cyber Security Professionals Believe AI Should Be Heavily Regulated, New Study by StrongDM Finds

The Cyber Resilience Act published

NIS 2 Directive: Transposition Period is Up for EU Member States | Jones Day - JDSupra

ENISA's Draft NIS2 Guidance Consultation for Industry

Beyond The EU: How British Businesses Can Prepare For NIS2

EU Council approves declaration on international law in cyber space - JURIST - News

Preparing for DORA Compliance in 2025 - Financial News

Increased GDPR Enforcement Highlights the Need for Data Security

A Fifth of UK Enterprises “Not Sure” If NIS 2 Applies - Infosecurity Magazine

Now Online Safety Act is law, UK outlines 'priorities' • The Register

What CISOs need to know about the SEC’s breach disclosure rules | CSO Online

CISA no more? Rand Paul has a plan, and it’s not good for US cyber defenders | Cybernews

Trump 2.0 May Mean Fewer Cyber Security Regs

With Rise in Healthcare Data Breaches, Compliancy Group Urges Organisations to Complete Their HIPAA Security Risk Assessments

The Accountability Dilemma: Civilian Cyber Vigilantism and International Law | directions blog

What a second Trump term means for the future of ransomware | TechCrunch

Why the NIS2 Directive causes growing pains for businesses - Help Net Security

CISA Dir. Jen Easterly to Resign on Inauguration Day

Czech banks on alert: Czech National Bank's adoption of TIBER-EU signals new era in cyber security supervision

With Tech Considerations for Securities Lawyers | Mayer Brown Free Writings + Perspectives - JDSupra

Models, Frameworks and Standards

A Fifth of UK Enterprises “Not Sure” If NIS 2 Applies - Infosecurity Magazine

The Cyber Resilience Act published

NIS 2 Directive: Transposition Period is Up for EU Member States | Jones Day - JDSupra

ENISA's Draft NIS2 Guidance Consultation for Industry

Beyond The EU: How British Businesses Can Prepare For NIS2

Preparing for DORA Compliance in 2025 - Financial News

Increased GDPR Enforcement Highlights the Need for Data Security

With Rise in Healthcare Data Breaches, Compliancy Group Urges Organisations to Complete Their HIPAA Security Risk Assessments

Open Cyber Security Schema Framework (OCSF) Joins the Linux Foundation to Optimize Critical Security Data

NIST Publishes Draft Strategy For Post-Quantum Cryptography Transition

Backup and Recovery

Five backup lessons learned from the UnitedHealth ransomware attack - Help Net Security

Law Enforcement Action and Take Downs

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cyber Crime Scheme

Brit charged in US over Scattered Spider cyber attacks | Computer Weekly

Man Who Stole and Laundered Roughly $1B in Bitcoin Is Sentenced to 5 Years in Prison - SecurityWeek

US seizes PopeyeTools cyber crime marketplace, charges administrators

Man avoids conviction after hacker finds AI-generated child exploitation images on his computer - NZ Herald

Office of Public Affairs | California Teenager Pleads Guilty in Florida to Making Hundreds of ‘Swatting’ Calls Across the United States | United States Department of Justice

Zimbabwe police arrest 1,000 cyber criminals - Bulawayo24 News

Alleged Russian Phobos ransomware administrator extradited to U.S., in custody | CyberScoop

UK supports Nigeria to tackle cyber threats

Misinformation, Disinformation and Propaganda

Terrorists Exploit AI for Propaganda and Operations, Exposing Critical Gaps in Tech Safeguards - The Media Line


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Artificial intelligence, international security, and the risk of war

Sweden, Finland and Norway release new advice on surviving war - BBC News

Nation State Actors

China

A Look at Trending Chinese APT Techniques | Intel 471

UK warned of cyber threats from China-backed Volt Typhoon

China Espionage Soon ‘the Number 1 Issue’ for US Security Community: Cyber Security Expert | NTD

Chinese hackers are using this open-source VPN to mask spying activities | TechRadar

T-Mobile confirms it was hacked in recent wave of telecom breaches

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

Cyber-espionage group Volt Typhoon resurfaces globally

LightSpy Spyware Operation Expands to Windows - SecurityWeek

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

State-Sponsored Cyber Attacks: T-Mobile, Singtel Breaches & AI/ML in Telecom Security - Modern Diplomacy

Chinese APT Group Targets Telecom Firms Linked to BRI - Infosecurity Magazine

Chinese spies, Musk’s biz ties, ‘a real risk’ to US security • The Register

Chinese spies and the security of America's networks

China's Liminal Panda APT Attacks Telcos, Steals Data

Chinese ship casts shadow over Baltic subsea cable snipfest • The Register

Suspected undersea cable sabotage had ‘little-to-no observable impact’ on internet service and quality — Cloudflare says suspected sabotage incident mitigated with redundant design | Tom's Hardware

Canada Shuts Down TikTok Office Over National Security Risks

Lithuania bans remote Chinese access to solar, wind, storage devices – pv magazine International

Coast Guard Warns of Continued Risks in Chinese Port Cranes

Russia

UAWire - Russia's hybrid warfare tactics intensify: EU faces heightened threat from espionage and cyber attacks

Severed subsea internet cables raise network security questions | ITPro

Suspected undersea cable sabotage had ‘little-to-no observable impact’ on internet service and quality — Cloudflare says suspected sabotage incident mitigated with redundant design | Tom's Hardware

Sweden, Finland and Norway release new advice on surviving war - BBC News

Russian women stepping up for cyber crime outfits | SC Media

FBI says BianLian based in Russia, moving from ransomware attacks to extortion

BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk - Infosecurity Magazine

Russian sanctions busting linked to British Overseas Territories

Undersea cable between Germany and Finland severed - BBC News

Finland and Lithuania Report Severed Undersea Data Cables - Bloomberg

Fears of sabotage rise after Baltic cable disruptions

North Korea

North Korean Front Companies Impersonate US IT Firms to Fund Missile Programs

Active network of North Korean IT front companies exposed - Help Net Security

North Korean IT Worker Network Tied to BeaverTail Phishing Campaign - Infosecurity Magazine

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Terrorists Exploit AI for Propaganda and Operations, Exposing Critical Gaps in Tech Safeguards - The Media Line

LightSpy Spyware Operation Expands to Windows - SecurityWeek

NSO Group used another WhatsApp zero-day after being sued, court docs say

The Accountability Dilemma: Civilian Cyber Vigilantism and International Law | directions blog


Tools and Controls

The Urgent And Critical Need To Prioritize Mobile Security - SecurityWeek

No work phone? Companies tell staff to bring their own

Rethinking Cyber Security From Cost Center To Value Driver

Cyber Threats, Changes in Climate, and Business Interruption are Insurance Buyers’ and Sellers’ Top Risk Concerns, Says New Munich Re/Triple-I Survey | Business Wire

Cyber threats, climate change, and BI lead insurance concerns: Munich Re & Triple-I - Reinsurance News

Companies Take Over Seven Months to Recover From Cyber Incidents - Infosecurity Magazine

State of SIEM Detection Risk: A Wake-Up Call for Enterprise Security Teams - Security Boulevard

Why Custom IOCs Are Necessary for Advanced Threat Hunting and Detection - SecurityWeek

5 Threat Intel Tricks MSSPs Can Use to Thwart Adversaries | MSSP Alert

Underfunded, under pressure: We must act to support cyber teams | Computer Weekly

Overcoming the cyber paradox: Shrinking budgets – growing threats | Computer Weekly

Chris Inglis: Why cyber security success hinges on strategic choices, not just tech | SC Media

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

The trouble with identity in an increasingly fake world | SC Media

How Cloud Security Advances Help Future-Proof Resilience

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Avoiding Common API Security Mistakes

Hackers Aren’t Cutting Back, Why is Your Security Budget?

Applying the Enterprise Risk Mindset to Navigate Cyber Security Threats - New Risk Mindset Series | Mayer Brown - JDSupra

Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics - Security Boulevard

Adopting more security tools doesn't keep you safe, it just overloads your teams and creates greater risks | ITPro

Cross-Site Scripting: 2024's Most Dangerous Software

Cyber criminals hijack DNS to build stealth attack networks - Help Net Security

Unlocking the power of public data to make your security team faster and more effective | SC Media

Safeguarding the DNS through registries - Help Net Security

Red red team team: threat actors hire pentesters to test out ransomware effectiveness | SC Media

Weaponized pen testers are becoming a new hacker staple | CSO Online

5 Questions CISOs Should Be Asking Regarding DSPM

8 Security Risks Of Shared Email Accounts - Security Boulevard

Guarding Your Brand: Why Domain Protection is Essential for Every Business Owner - Security Boulevard

Insights from Cohesity on cyber resilience as a technical team sport - SiliconANGLE

Eight essential steps to fortify cyber security after a breach | SC Media

The limits of AI-based deepfake detection - Help Net Security

Navigating NIST’s updated password rotation guidelines | TechRadar

How Can PR Protect Companies During a Cyber Attack?

We Need to Talk: Breaking up With Your SIEM Vendor | MSSP Alert


Other News

Severed subsea internet cables raise network security questions | ITPro

Cyber Security is Everyone’s Responsibility - Security Boulevard

8 Security Risks Of Shared Email Accounts - Security Boulevard

300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks - SecurityWeek

Cross-Site Scripting: 2024's Most Dangerous Software

Weaponized pen testers are becoming a new hacker staple | CSO Online

Eight essential steps to fortify cyber security after a breach | SC Media

Telecom Cable Disruption Reported Between Finland and Germany - Nord News

Poor cyber hygiene enabled nearly 30% of cyber attacks last quarter | StateScoop

Cyber attack leaves Stop & Shop shelves empty 10 days before Thanksgiving - CBS News

6 Ways Your Computer Isn't as Secure as You Think

The rising tide of maritime cyberthreats in global trade | TechRadar

Nearly 90% of UK industrial firms hit by cyber attacks in past year - Drives&Controls

ICS Security: 145,000 Systems Exposed to Web, Many Industrial Firms Hit by Attacks - SecurityWeek

5 alarming Windows cyber security facts you probably don’t know

Cisco reveals top cyber security threats trends

Expert warns construction industry on costly ransomware attacks | Project Scotland

Australian government cyber security falls in global ranking | The Canberra Times | Canberra, ACT

Cyber security tips for the education sector | Education Business

Navigating the surge of cyber threats in global maritime

Thames Water’s IT ‘falling apart’ and is hit by cyber-attacks, sources claim | Thames Water | The Guardian

Thames Water Dismisses Claims on Cyber-Attacks | SC Media UK

Fortra Reports Alarming Increase In Abuse Of Cloudflare Services

Airplane cyber security: Past, present, future

70% of Hong Kong companies saw cyber attacks in 2024

Gambling and lottery giant disrupted by cyber attack, working to bring systems back online

CISA Director Jen Easterly to depart agency on January 20 | TechCrunch


Vulnerability Management

Microsoft beefs up Windows security with new recovery and patching features | TechCrunch

CWE top 25 most dangerous software weaknesses - Help Net Security

MITRE shares 2024's top 25 most dangerous software weaknesses

Vulnerabilities

Critical 9.8-rated VMware vCenter RCE bug under exploit • The Register

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

Microsoft Vulnerability Poses Risk To Domain Control

Critical RCE bug in VMware vCenter Server now exploited in attacks

Mystery Palo Alto Networks 0-day RCE now actively exploited • The Register

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - SecurityWeek

Millions of WordPress sites potentially hijackable due to critical plugin bug | SC Media

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Chrome Security Update, Fix For Multiple Vulnerabilities

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Fortinet VPN design flaw hides successful brute-force attacks

Microsoft pauses Exchange security updates over buggy patch • The Register

Microsoft Pulls Exchange Patches Amid Mail Flow Issues

Security plugin flaw in millions of WordPress sites gives admin access

Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) - Help Net Security

Linux Variant of Helldown Ransomware Targets VMware

Exploitation Attempts Target Citrix Session Recording Vulnerabilities - SecurityWeek

Helldown ransomware exploits Zyxel VPN flaw to breach networks

NSO Group used another WhatsApp zero-day after being sued, court docs say

D-Link urges users to retire VPN routers impacted by unfixed RCE flaw


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Previous
Previous

Black Arrow Cyber Threat Intelligence Briefing 29 November 2024

Next
Next

Black Arrow Cyber Threat Intelligence Briefing 15 November 2024