Black Arrow Cyber Threat Briefing 24 May 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Human Error and AI Tops Cyber Threats as 70% of CISOs Worry About Risk

According to a survey of 1,600 CISOs, 70% worry about the risk of a material cyber attack over the next 12 months. Additionally, nearly 31% believe an attack is very likely, compared to 25% in 2023.  Amongst the largest concerns were human error, with 75% of CISOs identifying it as their most significant cyber vulnerability, up from 60% in 2023. Furthermore, 80% anticipate that human risk and employee negligence in particular will be major cyber security issues in the next two years.  Additionally, artificial intelligence was identified as an emerging concern for 54% of CISOs.

Sources: [The Register] [Infosecurity Magazine] [Cryptopolitan]

The State of Cyber Security: AI and Geopolitics Mean a Bigger Threat Than Ever

A recent report by Check Point reveals that global organisations faced an average of 1,158 weekly cyber attacks in 2023, an increase from 2022. In the UK, 50% of businesses experienced cyber attacks in the past year, with medium and large-sized businesses more affected at 70% and 74%, respectively. A ClubCISO survey found 62% of CISOs believe organisations are ill-equipped for AI-driven attacks, yet 77% haven't increased cyber security spending.

Additionally, a British Foreign Policy Group (BFPG) article highlights cyber threats from geopolitical tensions, with a recent attack on the Ministry of Defence exposing HR and payroll data. The National Cyber Security Centre attributes such attacks to state-affiliated actors like China and Russia. Despite efforts to establish international cyber norms, enforcement remains challenging. Businesses must recognise that cyber security is now deeply intertwined with geopolitics, affecting strategic partnerships and procurement.

Sources: [Verdict] [BFPG]

Threat Research Highlights Growing Mobile Security Risks

A recent report by a cloud security vendor focusing on the mobile threat landscape found that in the first quarter of 2024, the number of phishing, malicious, denylisted and offensive links delivered to their customers’ mobile devices tripled compared to Q1 2023. The report, which bases its data on 220 million devices, 325 million apps and billions of web items, found that the most common misconfiguration in mobiles was out of date operating systems (37%). When it came to the prevalence of attacks, 75% of organisations reported experiencing mobile phishing attempts targeting their employees.

This comes as a representative from the US Cybersecurity and Infrastructure Security Agency told the Federal Communications Commission earlier this year that there had been “numerous incidents of successful, unauthorised attempts” to steal location data, monitor voice and text messages, and deliver spyware.

Sources: [Economist] [Business Wire]

Family Offices Become Prime Targets for Cyber Hacks and Ransomware

A recent Dentons survey reveals that nearly 80% of family offices perceive a dramatic increase in cyber attack threats, with a quarter experiencing an attack in 2023, up from 17% in 2020. Despite their wealth, family offices often lack the staff and technology to manage these risks effectively. Less than a third report well-developed cyber risk management processes, and only 29% believe their cyber training programs are sufficient. This gap between awareness and action highlights the need for family offices to prioritise comprehensive cyber security measures, including better training, updated policies, and secure communication practices.

Source: [CNBC]

Ransomware Fallout: 94% Experience Downtime, 40% Face Work Stoppage

According to a report by cyber security provider Arctic Wolf, within the last 12 months 48% of organisations identified evidence of a successful breach within their environment and 70% of organisations were the targets of attempted Business Email Compromise (BEC) attacks, with 29% of these targets becoming victims of one or more successful BEC occurrences.

In its survey, the company says “45% of the organizations we spoke with admitted to being the victim of a ransomware attack within the last 12 months”,  an increase from the prior year. Of those impacted by ransomware, 86% of attacks including successful data exfiltration and 94% of those impacted by a ransom event experienced a significant downtime and delays. 40% of victims stated they experienced a period of total work stoppage due to ransomware.

Source: [Help Net Security]

Employee Discontent: Insider Threat No. 1

Chief Information Security Officers (CISOs) must integrate human factors into insider risk management (IRM), not just rely on detection technologies. IRM must consider factors such as those raised by recent research where only half of US workers are very satisfied with their jobs, and 28% feel their employers don't care about them. CISOs themselves are affected by job satisfaction; the 2024 IANS/Artico report shows three out of four CISOs are ready to leave their roles. DTEX Systems found 77% of malicious insiders concealed their activities, emphasising the importance of human engagement and feedback in mitigating risks.

Source: [CSO]

Report Reveals 341% Rise in Advanced Phishing Attacks

A recent report has revealed malicious emails increased by 341% over the past 6 months. This included a 217% increase in credential harvesting phishing attacks and a 29% increase in Business Email Compromise (BEC) attacks. The report highlighted the impact of artificial intelligence, noting that since the launch of ChatGPT in November 2022, there has been a 4,151% surge in malicious phishing messages.

Source: [Security Magazine] [ Infosecurity Magazine]

Ransomware and GenAI Raise Security Challenges, Driving Cyber Investment

A recent study by Infosecurity Europe reveals that nearly 40% of cyber security leaders are increasing investments to combat the growing threats of ransomware and AI-generated attacks. A separate survey found 94% of organisations have or plan to implement generative AI use policies, and a third strictly forbid AI tech in their environment. This data highlights the ongoing effort to balance AI benefits with security risks, indicating that there isn’t a one-size-fits-all strategy for formalising AI adoption and usage policies.

Source: [Security Boulevard] [Infosecurity Magazine]

New Rules Prompt 93% of Organisations to Rethink Cyber Security Plans

A recent report reveals that 93% of organisations have re-evaluated their cyber security strategies due to new regulations, with 58% reconsidering their entire approach. The survey, which included 500 cyber security decision-makers from the US and UK, found that 92% reported increased security budgets, with 36% seeing rises of 20-49% and 23% experiencing over 50% increases. Despite this, only 40% feel confident in their resources to comply with regulations, and just one-third believe they can meet all requirements, highlighting significant gaps in preparedness.

Source: [security magazine]

HR and IT Related Phishing Scams Still Most Popular According to KnowBe4’s Latest Phishing Report

A recent KnowBe4 report reveals that HR-related phishing emails account for 42% of top-clicked phishing attempts, followed by IT-related emails at 30%. These phishing tactics exploit employees' trust and evoke immediate responses by mimicking legitimate business communications about dress code changes, tax updates, and training notifications. The report also highlights that nearly a third of users are vulnerable to phishing, emphasising the need for robust security awareness training. A well-trained workforce is essential in defending against increasingly sophisticated phishing attacks that leverage AI and emotional manipulation.

Source: [IT Security Guru]

80% of Exposures from Misconfigurations, as 15 Vendors Account for 62% of Global Attack Surface

A recent XM Cyber report highlights a significant gap in cyber security focus with identity and credential misconfigurations accounting for 80% of security exposures. The study, based on hundreds of thousands of attack path assessments, found that 62% of the global attack surface is concentrated in just 15 vendors. Furthermore, 41% of organisations had at least one compromised device, and 11% experienced ransomware incidents. The report underscores the need for a shift from patching all vulnerabilities to addressing high-impact exposures, especially those around identity management and critical asset protection.

Sources: [Security Magazine] [The Hacker News]

UK to Propose Mandatory Reporting for Ransomware Attacks and Licensing Regime for all Payments

A forthcoming proposal in Britain aims to overhaul the response to ransomware by mandating victims to report incidents and obtain a license before making extortion payments. This initiative, part of a public consultation, includes a ban on ransom payments for critical national infrastructure to deter attacks. The National Cyber Security Centre has highlighted concerns over underreporting, with a 2023 increase in ransomware-related data breaches. The plan’s success hinges on replacing the delayed Action Fraud reporting platform. This proposal marks a significant step in global ransomware policy, with Britain leading international efforts against cyber criminals.

Source: [The Record Media]

UK’s Legal Sector Needs to Improve its Cyber Security, Says Experts

One in ten UK data breaches in 2023 occurred in the legal sector, highlighting that UK law firms are attractive targets for cyber criminals. A recent analysis of the UK’s Information Commissioner's Office (ICO) data found that the legal sector is one of the worst performing sectors for data breaches, with nearly 86 per cent of the incidents within the legal sector involving breaches of personal identifiable information, including instances also affecting sensitive economic and financial data.

Sources [CITY AM]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence


Vulnerability Management

Vulnerabilities

Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Previous
Previous

Black Arrow Cyber Threat Briefing 31 May 2024

Next
Next

Black Arrow Cyber Alert 20 May 2024 – Flaw in Popular PDF Reader Foxit Exploited by Hackers to Deliver Variety of Malware