Black Arrow Cyber Threat Briefing 23 August 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Why C-Suite Leaders Are Prime Cyber Targets
A recent report by GetApp reveals that 72% of surveyed cyber security professionals have observed cyber attacks targeting senior executives in the past 18 months, with incidents involving AI-generated deepfakes in 27% of cases. Despite this growing threat, 37% of companies globally do not provide specialised cyber security training for their top leaders, leaving a significant vulnerability. The report also notes a sharp rise in attack frequency, with 69% of US companies experiencing increased attacks over the past three years, higher than the global average. Over half of US firms reported at least one identity fraud incident affecting a senior executive, highlighting the urgent need for enhanced cyber security strategies, including ongoing training and advanced security tools.
Most Ransomware Attacks Occur Between 1am and 5am When Security Staff are Asleep, Study Finds
The 2024 ThreatDown State of Ransomware report by Malwarebytes reveals that ransomware attacks are increasingly timed to exploit periods when security professionals are off-duty, with most incidents occurring between 1 am and 5 am. The report highlights a 33% global increase in ransomware attacks over the past year, with the UK experiencing a 67% rise and the US a 63% increase. Traditional response measures to ransomware are proving inadequate, as threat actors now move rapidly to compromise networks. This stresses the need for continuous security coverage to keep pace with evolving ransomware tactics.
Companies are Not as Resilient as They Think, Cyber Resilience Overestimation Leads to Business Continuity Issues, Ransom Payments
Cohesity’s Global Cyber Resilience Report 2024 reveals a worrying disconnect between organisations' confidence in their cyber resilience strategies and the reality of escalating cyber threats. The survey of over 3,100 IT and security decision-makers across eight countries found that 67% of respondents had fallen victim to a ransomware attack in 2024, with 69% admitting to paying a ransom, despite 77% of these organisations having a "do not pay" policy. While 78% expressed confidence in their resilience strategies, an overwhelming 96% acknowledged that the threat to their industry had increased or would increase this year, with many willing to pay over $1 million to recover data.
Third of Firms Put Money Aside to Pay Cyber Ransoms
A recent survey reveals that nearly a third of businesses have set aside funds specifically to pay ransoms in the event of a ransomware attack, reflecting the growing threat landscape. The survey found that half of the companies had suffered a ransomware breach in the past year, with one in three admitting to paying a ransom. Additionally, 31% of businesses reported severe impacts from cyber security incidents, either within their organisation or supply chain. Despite these challenges, 29% of respondents expect a successful cyber attack in the next year, with medium-to-large enterprises planning to invest an average of €1.18 million in cyber security, although a significant portion still feel their defences are outdated.
AI-Powered Cyber Threats Are Too Overpowering for Over 50% of Security Teams
A recent report by Absolute Security reveals that over half (54%) of UK Chief Information Security Officers (CISOs) feel their security teams are unprepared for emerging AI-powered threats. The Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 CISOs, highlights growing concerns about the impact of AI on cyber resilience. Nearly half (46%) view AI as more of a threat than a benefit to their organisation's security. Additionally, 39% of CISOs have personally stopped using AI due to cyber breach concerns, and 44% have banned AI use by employees for the same reason. The findings underscore the need for enhanced strategies to address AI-driven cyber risks.
Five Novel Email Phishing Attacks and What to Do About Them
Phishing attacks are continuing to grow in sophistication, driven by AI and evolving techniques. Notably, "pastejacking" tricks victims into running malicious code via copied commands, while phishing through Google Drawings exploits the tool's perceived safety to steal personal data. Cyber criminals are also abusing URL protection services, re-writing URLs to bypass security checks. A new trend blends spear phishing with mass phishing, using AI to personalise large-scale attacks. Real-time phishing, which bypasses two-factor authentication, is now widespread, with ready-made kits available on dark web markets, illustrating the growing complexity and reach of modern phishing tactics.
NFC Traffic Stealer Targets Android Users and Their Banking Info
ESET has uncovered a new Android malware named NGate, capable of cloning contactless payment data from physical credit and debit cards, posing significant risks of fraudulent transactions. This malware, the first of its kind observed in the wild, is based on NFCgate, a legitimate tool developed by students at Germany's University of Darmstadt for research purposes. NGate exploits NFCgate’s ability to capture and relay near-field communication (NFC) traffic, extending the range of contactless communication. Threat actors are using this capability alongside phishing and social engineering tactics to steal funds via fraudulent ATM transactions.
91% of Cyber Attacks Targeted Multiple Organisations Using Mass Scanning to Uncover and Exploit Vulnerabilities
The latest "Fastly Threat Insights Report" highlights a significant rise in cyber attacks, with 91% now targeting multiple organisations by scanning them online en-mass, up from 69% in 2023. The report, based on data from Fastly’s Network Learning Exchange, reveals that 36% of global internet traffic originates from bots, with short-lived IP addresses being used by attackers to evade detection. Notably, the High-Tech sector remains the top target, accounting for 37% of attacks. Fastly's findings underscore the need for adaptive security measures, as attackers increasingly exploit vulnerabilities across a broader range of targets using advanced techniques.
You Really Need to Stop Using Work Laptops for Personal Use. Here's Why
A recent study by ESET has revealed that 90% of employees use their company-provided laptops for personal activities, creating significant cyber security risks. Risky behaviours, such as viewing adult content and connecting to unsecured public Wi-Fi, were particularly common among younger workers. ESET attributes these risks to the shift towards hybrid and remote work, urging companies to enhance security measures for corporate devices and to educate employees on safe practices. These findings emphasised the need for stronger endpoint security.
Human Nature is Causing Our Cyber Security Problem
A recent analysis highlights the persistent challenge of cyber attacks, now the most significant threat to businesses, yet many organisations continue to delay adopting necessary security measures. This reluctance is attributed to a motivational deficit rooted in temporal discounting—a human tendency to prioritise immediate gratification over long-term benefits. Despite the severe consequences of security breaches and increasing regulatory pressures, organisations often procrastinate on implementing modern processes and critical tools. The article suggests that, much like automatic enrolment in retirement plans has increased participation, similar mechanisms are needed to combat procrastination and improve cyber security practices.
Cyber Crime Consolidation: The Big Fish Are Getting Bigger
A recent report by Chainalysis reveals that cyber criminals seized $16.7 billion in illicit funds during the first half of 2024, a 20% drop from the previous year, marking the fourth consecutive annual decline. Despite this overall decrease, large-scale crypto heists nearly doubled to $1.58 billion, and ransomware payments reached $459.8 million, a 2% increase from the same period last year. The median ransom payment has surged from under $200,000 in early 2023 to $1.5 million by mid-2024, reflecting a shift towards targeting larger organisations and critical infrastructure. The year is on track to be the highest-grossing for ransomware, despite disruptions to major gangs like ALPHV/BlackCat and LockBit.
Why End of Life for Applications Is the Beginning of Life for Hackers
A recent analysis highlights the significant cyber security risks posed by aging software, with over 35,000 applications set to reach end-of-life status in the next year. End-of-life software may still receive critical security patches, but end-of-support applications will no longer receive any updates, making them prime targets for threat actors. Chief Information Security Officers (CISOs) face challenges in securing backing for updates, particularly when applications are tied to outdated hardware or unsupported vendors. The Apache Log4j vulnerability exemplifies the dangers of neglecting software updates. Effective risk management requires proactive planning to address these aging software assets before they become significant vulnerabilities.
Beyond Prevention: Why Breach Readiness Is Your Cyber Security Lifeline
A recent analysis underscores the limitations of breach prevention strategies in the evolving cyber security landscape. Despite significant investments in firewalls, endpoint detection and response (EDR) and intrusion detection systems, the increasing sophistication of cyber threats has rendered breaches almost inevitable. The high number of recent breaches highlights that prevention alone is insufficient to protect critical business processes and data. Organisations must shift from relying solely on prevention to adopting a resilience-by-design approach, ensuring that they can continue operations even in the face of an attack. This proactive stance is essential to address the growing capabilities of cyber criminals.
Sources:
https://www.helpnetsecurity.com/2024/08/22/c-suite-leaders-prime-cyber-targets/
https://www.techrepublic.com/article/ransomware-trends-malwarebytes/
https://www.insurancejournal.com/news/national/2024/08/22/789621.htm
https://www.scmagazine.com/perspective/five-novel-email-phishing-attacks-and-what-to-do-about-them
https://cybernews.com/security/cybercrime-consolidation-big-fish-getting-bigger/
Governance, Risk and Compliance
Why C-suite leaders are prime cyber targets - Help Net Security
What is digital executive protection and how does it work? | CSO Online
The Cyber Security Paradox: Why Free Costs Too Much | HackerNoon
72% of cyber security leaders faced a cyber attack in last 18 months | Security Magazine
Cyber crime consolidation: the big fish are getting bigger | Cybernews
Companies aren’t as cyber resilient as they think | CIO Dive
Human Nature Is Causing Our Cyber Security Problem (darkreading.com)
You really need to stop using work laptops for personal use — here's why | TechRadar
Beyond prevention: Why breach readiness is your cyber security lifeline (securitybrief.co.nz)
CISOs list human error as their top cyber security risk (securityintelligence.com)
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
3 CIO lessons for maximizing cyber security investments | CIO Dive
Strategies for security leaders: Building a positive cyber security culture - Help Net Security
The influence of optimism bias and loss aversion in cyber risk management decisions (techxplore.com)
Governance, Risk and Compliance: The Current Context | MSSP Alert
CISOs on the Hook: SEC Tightens Cyber security Disclosures (govinfosecurity.com)
Threats
Ransomware, Extortion and Destructive Attacks
Why Are Organisations Losing the Ransomware Battle? (darkreading.com)
Ransomware Surge Exploits Cyber security Gaps Caused by M&A - Security Boulevard
Ransomware Victims Paid $460 Million in First Half of 2024 - SecurityWeek
Ransomware Trends: Most Attacks Hit Between 1am and 5am, Study Finds (techrepublic.com)
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
Cyber Crime Goes Corporate As Ransomware Gangs Want More (pymnts.com)
Ransomware on track for record profits, even as fewer victims pay | SC Media (scmagazine.com)
Third of firms put money aside to pay cyber ransoms (rte.ie)
Ransomware attacks rise 20% in July, industrial sectors hit hardest (securitybrief.co.nz)
Ransomware Attack Proceeds, Crypto Theft Rise in First Half | MSSP Alert
No honour among ransomware thieves: affiliates' trust craters after takedown (computing.co.uk)
Tracing the destructive path of ransomware's evolution (betanews.com)
Ransomware attacks rise over 60 percent (betanews.com)
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack - IT Security Guru
Q2’24 marks second highest quarter for ransomware attacks, says Corvus - Reinsurance News
RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary (darkreading.com)
Chainalysis: Illicit Crypto Activity Down 20%, Stolen Funds and Ransomware Up | Cryptoglobe
Why you need to know about ransomware | Malwarebytes
Critical industries top ransomware hitlist, attacks dwindle • The Register
Understanding the 'Morphology' of Ransomware: A Deeper Dive - SecurityWeek
U.S. charges Karakurt extortion gang’s “cold case” negotiator (bleepingcomputer.com)
Qilin Targets Chrome-Stored Credentials In “Troubling” New Attack (informationsecuritybuzz.com)
The changing dynamics of ransomware as law enforcement strikes - Help Net Security
Ransomware Victims
How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch
Top US oilfield firm Halliburton hit by cyber attack, source says (yahoo.com)
Halliburton Suffers Cyber Attack | Houston Press
Medibank's data breach costs anticipated to reach $126m by mid-2025 - Security - iTnews
AutoCanada Hit by Cyber Attack - SecurityWeek
Three councils fall victim to cyber-attack (themj.co.uk)
CDK Global antitrust lawsuit leads to $100 million payout for car dealers (qz.com)
Top architectural firm reveals it was hit by major ransomware attack | TechRadar
Phishing & Email Based Attacks
The evolving threat landscape: Staying ahead of phishing attack trends | TechRadar
Five novel email phishing attacks – and what to do about them | SC Media (scmagazine.com)
The cyber attack cycle: First comes outage, next comes phishing (securityintelligence.com)
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks - SecurityWeek
Abnormal sees 350% uptick in phishing via file-sharing sites (securitybrief.co.nz)
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
Android and iOS users targeted with novel banking app phishing campaign | Cybernews
Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs (cybersecuritynews.com)
Anatomy of an Attack (thehackernews.com)
This sophisticated new phishing campaign is going after US government contractors | TechRadar
Iran named as source of Trump campaign phish, leaks • The Register
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (thehackernews.com)
Other Social Engineering
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Artificial Intelligence
AI-powered cyber threats are too overpowering for over 50% of security teams - IT Security Guru
Protecting against AI-enabled cyber crime | Professional Security
73% of orgs embracing gen AI, but far fewer are assessing risks | VentureBeat
Fraud tactics and the growing prevalence of AI scams - Help Net Security
xAI’s new Grok image generator floods X with controversial AI fakes - The Verge
Could AI be your company’s Achilles heel? - Raconteur
Deepfakes Are Having a Deeper Impact on These Three Industries (techspective.net)
Organisations turn to biometrics to counter deepfakes - Help Net Security
Artificial intelligence, real anxiety: Why we can't stop worrying and love AI | ZDNET
Microsoft Copilot Studio Vulnerability Led to Information Disclosure - SecurityWeek
OpenAI kills Iranian accounts spreading US election disinfo • The Register
2FA/MFA
The Silver Bullet of MFA Was Never Enough (darkreading.com)
Microsoft Mandates MFA for All Azure Sign-Ins - Infosecurity Magazine (infosecurity-magazine.com)
Malware
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (thehackernews.com)
Cyber criminals launch new malware that can completely wipe out your antivirus | TechRadar
This new threat proves that Macs aren't immune from malware | Digital Trends
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
New Russian threat targets over 100 Apple macOS browser extensions | Fox News
Beyond the wail: deconstructing the BANSHEE infostealer — Elastic Security Labs
Styx Stealer Malware Stealing Browser And Instant Messenger Data (cybersecuritynews.com)
5 Emerging Malware Variants You Must Be Aware Of (informationsecuritybuzz.com)
Cyber criminals Exploit Popular Software Searches to Spread FakeBat Malware (thehackernews.com)
Massive infostealer campaign exploits legitimate brands | SC Media (scmagazine.com)
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (thehackernews.com)
Hackers deployed new malware against university in Taiwan (therecord.media)
New macOS Malware TodoSwift Linked to North Korean Hacking Groups (thehackernews.com)
Chinese Threat Actors Use MSI Files to Bypass Windows, VT Detection (darkreading.com)
Hackers may have found an entirely new way to backdoor into Windows systems | TechRadar
Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds (darkreading.com)
New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data (thehackernews.com)
Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware - SecurityWeek
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware (thehackernews.com)
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics (thehackernews.com)
Has my PC been hacked? 5 ways to detect virus attacks, step-by-step | PCWorld
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (thehackernews.com)
Mobile
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
Google Pixels Carry Verizon App Doubling As a Backdoor (darkreading.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs (cybersecuritynews.com)
Czech Mobile Users Targeted in New Banking Credential Theft Scheme (thehackernews.com)
Does Your Smartphone Need An Antivirus App? - TechRound
Denial of Service/DoS/DDOS
Average DDoS attack costs $6,000 per minute - Help Net Security
Moscow detains scientist suspected of carrying out DDoS attacks on Russia (therecord.media)
Russia blames mass tech outages on DDoS attack | TechRadar
49% of DDoS attacks targeted gaming organisations | Security Magazine
Internet of Things – IoT
Russia fears Ukraine hijacking home CCTV systems for intel • The Register
Data Breaches/Leaks
The saga of the National Public Data Social Security number leak continues - The Verge
Thousands of Oracle NetSuite sites said to be exposing customer data | SC Media (scmagazine.com)
Florida data broker says it was ransacked by cyber-thieves • The Register
The Slow-Burn Nightmare of the National Public Data Breach | WIRED
FlightAware admits passwords, SSNs exposed for over 3 years • The Register
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Security flaws in Microsoft's Health Bot put patient data at risk (computing.co.uk)
Apple Prototypes and Corporate Secrets Are for Sale Online—If You Know Where to Look | WIRED
Organised Crime & Criminal Actors
Cyber crime consolidation: the big fish are getting bigger | Cybernews
Researchers Uncover New Infrastructure Tied to FIN7 Cyber crime Group (thehackernews.com)
Digital wallets can allow purchases with stolen credit cards • The Register
Kim Dotcom: 5 outrageous moments from the internet’s anti-hero (thenextweb.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ransomware Attack Proceeds, Crypto Theft Rise in First Half | MSSP Alert
Hackers linked to $14M Holograph crypto heist arrested in Italy (bleepingcomputer.com)
Digital wallets can allow purchases with stolen credit cards • The Register
Chainalysis: Illicit Crypto Activity Down 20%, Stolen Funds and Ransomware Up | Cryptoglobe
Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds (darkreading.com)
Unicoin recovers from G-Suite raid, hints at data woes • The Register
PostgreSQL databases under attack - Help Net Security
11 Cyber security Risks for NFT Buyers | HackerNoon
Insider Risk and Insider Threats
You really need to stop using work laptops for personal use — here's why | TechRadar
CISOs list human error as their top cyber security risk (securityintelligence.com)
Human Nature Is Causing Our Cyber security Problem (darkreading.com)
Insurance
Supply Chain and Third Parties
Three councils fall victim to cyber-attack (themj.co.uk)
Cloud/SaaS
Survey Surfaces Growing SaaS Application Security Concerns - Security Boulevard
45% of tech leaders have experienced a SaaS cyber security incident | Security Magazine
Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign - SecurityWeek
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence? (thehackernews.com)
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
It's Time To Untangle the SaaS Ball of Yarn (thehackernews.com)
8 cloud security gotchas most CISOs miss | CSO Online
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence? - Security Boulevard
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
GitHub Enterprise Server vulnerable to critical auth bypass flaw (bleepingcomputer.com)
Microsoft Mandates MFA for All Azure Sign-Ins - Infosecurity Magazine (infosecurity-magazine.com)
Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue - SecurityWeek
Azure Kubernetes Services Vulnerability Exposed Sensitive Information - SecurityWeek
Authentication bypass discovered in Microsoft Entra ID | Security Magazine
North Korean Hackers Pivot Away From Public Cloud (inforisktoday.com)
Outages
The cyber attack cycle: First comes outage, next comes phishing (securityintelligence.com)
CrowdStrike hits out at rivals’ ‘shady’ attacks after global IT outage
CrowdStrike outage lessons learned: Questions to ask vendors | TechTarget
CrowdStrike deja vu for IT admins with 'performance issue' • The Register
Post Office systems crash hits 'collapsing' Horizon system | Computer Weekly
Encryption
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Linux and Open Source
Don't panic! It's only 60 Linux CVE security bulletins a week | ZDNET
PostgreSQL databases under attack - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
The saga of the National Public Data Social Security number leak continues - The Verge
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
Qilin Targets Chrome-Stored Credentials In “Troubling” New Attack (informationsecuritybuzz.com)
Czech Mobile Users Targeted in New Banking Credential Theft Scheme (thehackernews.com)
Social Media
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Training, Education and Awareness
The Cyber Security Paradox: Why Free Costs Too Much | HackerNoon
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
The worst security test ever? University slammed over fake Ebola scare as phishing test | TechRadar
Regulations, Fines and Legislation
Cisco wants United Nations to revisit cyber crime Convention • The Register
Cyber security Is Everywhere: ENISA COO - GovInfoSecurity
EU Directive Network and Information Security (NIS2): Modernizing security compliance (betanews.com)
CISOs on the Hook: SEC Tightens Cyber security Disclosures (govinfosecurity.com)
FAA Proposes New Aircraft Cyber security Rules - Infosecurity Magazine (infosecurity-magazine.com)
Models, Frameworks and Standards
ISO 27001 vs NIST: The Differences and How They Overlap - Security Boulevard
EU Directive Network and Information Security (NIS2): Modernizing security compliance (betanews.com)
Careers, Working in Cyber and Information Security
British civil service to target cyber specialists with new graduate scheme (therecord.media)
Law Enforcement Action and Take Downs
Hackers linked to $14M Holograph crypto heist arrested in Italy (bleepingcomputer.com)
National Crime Agency threatens extraditions over rise in sextortion cases (yahoo.com)
U.S. charges Karakurt extortion gang’s “cold case” negotiator (bleepingcomputer.com)
No honour among ransomware thieves: affiliates' trust craters after takedown (computing.co.uk)
Misinformation, Disinformation and Propaganda
FBI says Iranian hackers are targeting both presidential campaigns (engadget.com)
Are 2024 US Political Campaigns Prepared for Coming Cyber Threats? (darkreading.com)
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
Meet the Iranian cyber attackers suspected of trying to hack the U.S. election - Washington Times
US warns of Iranian hackers escalating influence operations (bleepingcomputer.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
Are 2024 US Political Campaigns Prepared for Coming Cyber Threats? (darkreading.com)
China
US lawmakers urge probe into TP-Link over fears of possible cyber attacks | TechRadar
Chinese Threat Actors Use MSI Files to Bypass Windows, VT Detection (darkreading.com)
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Hackers deployed new malware against university in Taiwan (therecord.media)
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics (thehackernews.com)
Russia
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (thehackernews.com)
Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks - SecurityWeek
Cyber attack hits Monobank, Ukraine's largest direct bank (kyivindependent.com)
Ukraine subjected to novel malware attack | SC Media (scmagazine.com)
Russia fears Ukraine hijacking home CCTV systems for intel • The Register
Moscow detains scientist suspected of carrying out DDoS attacks on Russia (therecord.media)
Russia blames mass tech outages on DDoS attack | TechRadar
Iran
Meet the Iranian cyber attackers suspected of trying to hack the U.S. election - Washington Times
FBI says Iranian hackers are targeting both presidential campaigns (engadget.com)
Iran named as source of Trump campaign phish, leaks • The Register
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware (thehackernews.com)
OpenAI kills Iranian accounts spreading US election disinfo • The Register
Iran and Israel are already engaged in a fierce cyberwar (economist.com)
North Korea
New macOS Malware TodoSwift Linked to North Korean Hacking Groups (thehackernews.com)
North Korean Hackers Pivot Away From Public Cloud (inforisktoday.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
Ransomware Gangs Introduce New EDR-Killing Tool (informationsecuritybuzz.com)
73% of orgs embracing gen AI, but far fewer are assessing risks | VentureBeat
The Cyber security Paradox: Why Free Costs Too Much | HackerNoon
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
Beyond prevention: Why breach readiness is your cyber security lifeline (securitybrief.co.nz)
The Silver Bullet of MFA Was Never Enough (darkreading.com)
Cyber criminals launch new malware that can completely wipe out your antivirus | TechRadar
Common API security issues: From exposed secrets to unauthorized access - Help Net Security
Organisations turn to biometrics to counter deepfakes - Help Net Security
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
This system can sort real pictures from AI fakes — why aren’t platforms using it? - The Verge
RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary (darkreading.com)
How Pen Testing is Evolving and Where it’s Headed Next - Security Boulevard
Cyber security and Physical Security Go Hand-in-Hand | HHS.gov
3 lessons for maximizing cyber security investments | CIO Dive
The influence of optimism bias and loss aversion in cyber risk management decisions (techxplore.com)
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Are virtual machines safe for end users? | TechTarget
AI for application security: Balancing automation with human oversight - Help Net Security
EDR vs. MDR vs. XDR: Key differences | TechTarget
Top Cyber security Risk Mitigation Strategies Every Business Should Implement (cybersaint.io)
Other News
72% of cyber security leaders faced a cyber attack in last 18 months | Security Magazine
72% of Senior Executives Targeted by Cyber attacks in the Last 18 Months | Business Wire
Sitting Ducks Attack: Over 1M Domains At Risk Of Takeover! - Security Boulevard
How Hollywood hacking scenes turn cyber security into entertainment (globenewswire.com)
Browser Syncing Is Useful, but Be Aware of These 4 Security Issues (makeuseof.com)
36% of global internet traffic originated from bots | Security Magazine
How might the UK's cyber landscape change under Labour? | Computer Weekly
Are the New FAA Cyber Requirements for Future Planes Enough? (govinfosecurity.com)
Preparing the IT Infrastructure For the Next Era of Cyber attacks | Entrepreneur
Switzerland to join European Cyber Security Organisation (aa.com.tr)
Protecting connected, self-driving vehicles from hackers (techxplore.com)
Empowering SMBs On The Path To Cyber security Maturity (forbes.com)
Olympics were case in point of cyber threat to global sport (emergingrisks.co.uk)
Africa's Economies Feel Pain of Cyber security Deficit (darkreading.com)
Food security: Accelerating national protections around critical infrastructure - Help Net Security
Security Alert: U.K. Political Donation Sites at Risk - Security Boulevard
Vulnerability Management
Fastly report reveals 91% of cyber attacks now target multiple organisations - SiliconANGLE
Why End of Life for Applications Is the Beginning of Life for Hackers (darkreading.com)
The Fundamentals of Vulnerability Management Explained | MSSP Alert
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Vulnerability prioritization is only the beginning - Help Net Security
Vulnerabilities
PoC Exploit Released for Windows 0-Day Downgrade Attack (cybersecuritynews.com)
Google fixes ninth Chrome zero-day exploited in attacks this year (bleepingcomputer.com)
If You Have an AMD CPU, You Must Install This Vital Security Update (makeuseof.com)
Microsoft shares workaround for Outlook crashing after opening (bleepingcomputer.com)
Kubernetes Vulnerability Exposes Clusters to Command Injection Attacks (cybersecuritynews.com)
Windows 0-Day Flaw Exploited by Lazarus to Gain Unauthorized Access (cybersecuritynews.com)
Serious flaws in Microsoft apps on macOS could let hackers spy on users | ITPro
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (thehackernews.com)
F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus - SecurityWeek
Symantec warns of new sophisticated backdoor exploiting patched PHP vulnerability - SiliconANGLE
AMD changes its mind, says it will patch more Ryzen chips against security flaw | TechRadar
Authentication bypass discovered in Microsoft Entra ID | Security Magazine
Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue - SecurityWeek
Security flaws in Microsoft's Health Bot put patient data at risk (computing.co.uk)
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (thehackernews.com)
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira - SecurityWeek
SolarWinds left hardcoded credentials in helpdesk product • The Register
Azure Kubernetes Services Vulnerability Exposed Sensitive Information - SecurityWeek
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks (bleepingcomputer.com)
GitHub Enterprise Server vulnerable to critical auth bypass flaw (bleepingcomputer.com)
Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.