Black Arrow Cyber Threat Briefing 26 July 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
CrowdStrike Insured Losses May Top $1.5B, MSP Insurance Expert Advises “Read the Fine Print” on Your Policy
A recent analysis by CyberCube estimates that the 19 July CrowdStrike outage will result in insured losses between $400 million and $1.5 billion, the largest single insured loss event in cyber insurance history. It should be noted that many insurance policies exclude coverage for software design flaws, likely surprising many affected organisations. The incident highlights the importance of reading policy fine print and may lead to higher premiums. The outage's non-malicious nature means contingent business interruption coverage will be the primary trigger, affecting policies differently based on their specifics. Other estimates place global financial losses from the outage potentially reaching $15 billion, with the banking and healthcare sectors likely incurring over $3 billion in losses. Airlines are expected to suffer the most per company, losing in the region of $143 million each, followed by the tech industry at around $113 million per company.
Fragmented and Multiplied Cyber Criminal Landscape, Warns New Europol Report
A recent report published by Europol, the 10th edition of the Internet Organised Crime Threat Assessment (IOCTA), highlights significant developments in cyber crime over the past year. The report notes the fragmentation of ransomware groups and the rise in attacks on small and medium-sized businesses due to their lower defences. E-merchants and banks are frequently targeted by digital skimming, while phishing, BEC, and online frauds remain prevalent. The use of AI and cryptocurrencies in cyber crime is increasing, with AI-assisted child sexual abuse material (CSAM) posing a growing challenge. Europol emphasises the need for enhanced tools, training, and legislation to combat these evolving threats effectively.
Ransomware and BEC Make Up 60% of Cyber Incidents
A recent report by Cisco Talos reveals that ransomware and business email compromise (BEC) attacks constituted 60% of all incidents in Q2 2024. The technology sector was the most targeted, accounting for 24% of incidents, a 30% rise from the previous quarter. Compromised credentials were the primary initial access method, comprising 60% of attacks, a 25% increase. Vulnerable or misconfigured systems and inadequate MFA implementation were notable weaknesses, both rising by 46%. Ransomware made up 30% of incidents, with 80% of ransomware engagements lacking proper MFA on critical systems. BEC attacks also represented 30% of incidents, a decline from 50% in Q1 2024.
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams
A recent report reveals significant gaps in cyber security training among UK employees, with 51% untrained in avoiding phishing scams and 18% never receiving any cyber security training. The study highlights that 60% of employees lack training on remote work best practices, despite the shift to remote/hybrid working. Additionally, critical areas such as breach response (66%), social engineering (82%), deepfakes and AI (83%), and BYOD policies (84%) are largely neglected. Only 42% of workers have signed their organisation's cyber security policy, and a third admit to bypassing policies for convenience. The report stresses the urgent need for updated and comprehensive training to mitigate evolving cyber threats.
Cyber Threat Landscape is ‘The Worst it has Been in the Past Five Years’
The recent CrowdStrike outage, affecting millions of computers and critical services, highlights our reliance on technology and its vulnerabilities. Any attacks on it can have far reaching consequences. Research found 52% of European organisations faced successful cyber attacks last year, with the UK at 55%. In response, the UK will introduce the Cyber Security and Resilience Bill for quick incident reporting and resilience plans. Cybernews reported an average of 1,636 weekly cyber attacks globally between April and June, a 25% increase from the first quarter. Check Point attributes this to sophisticated threat actors and AI advancements targeting education, research, government, military, and healthcare sectors.
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training
As cyber attack stakes rise, organisations invest heavily in new services and equipment. However, many still use a one-size-fits-all approach to securing the most critical threat vector: the human element. Human error is projected to play a role in 68% to 90% of breaches in 2024. Traditional security awareness training is insufficient, as it fails to address individual risk levels. Studies indicate that 8% of employees cause 80% of incidents, with managers receiving 2.5 times more phishing emails than non-managers. Organisations should analyse security data to create personalised risk profiles, leading to adaptive training and targeted interventions. Such measures can enhance security while effectively utilising resources, improving overall organisational resilience against cyber threats.
Malware Attacks Surge 30% in First Half of 2024
A recent report by SonicWall reveals a 30% surge in malware-based threats in the first half of 2024 compared to the same period in 2023, with May witnessing a 92% year-on-year increase. The report identified 78,923 new malware variants, averaging 526 per day, and noted that 15% of malware utilised software packing techniques. PowerShell is exploited by over 90% of malware families to bypass security measures. IoT device attacks rose by 107%, with the TP-Link command injection flaw (CVE-2023-1389) being the most targeted vulnerability. Additionally, ransomware attacks increased by 15% in North America and 51% in Latin America, while decreasing by 49% in EMEA.
AI-generated Deepfake Attacks Force Companies to Reassess Cyber Security, as Deepfakes Demean, Defraud and Disinform
A recent report highlights the increasing threat of AI-generated deepfake attacks, with 73% of US organisations developing response plans to combat this menace. Deepfakes convincingly mimic human appearances and voices, spreading misinformation and enabling financial fraud. From 2022 to 2023, detected deepfakes increased tenfold, with 72% of consumers worried about deception. Separately, research by the UK’s telecommunications regulator Ofcom reveals 43% of people over 15 and 50% of children aged 8-15 have encountered deepfakes online recently. Non-consensual intimate deepfakes have been viewed over 4.2 billion times, primarily targeting women and causing psychological harm. Ofcom recommends a multi-faceted defence strategy involving prevention, embedding, detection, and enforcement. Companies must enhance cyber security training to counter this growing threat and to raise awareness of deepfake usage in attacks.
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware
A recent incident at KnowBe4 highlights a sophisticated infiltration attempt by a North Korean operative posing as a software engineer. The deception was uncovered when the employee's company-provided Mac began loading malware immediately after the subject received it. The operative manipulated session history files and attempted unauthorised actions but was detected within 25 minutes. Although the fake IT worker was hired after passing routine background checks and video interviews, it was later identified that they were using AI-modified photos and stolen IDs.
This incident should be a cautionary tale for HR departments that further evidences the need to be mindful and wary of deepfakes and potential employees not being who they claim to be. Once on the inside a deliberately malicious employee can cause a lot of damage.
Low Level Cyber Criminals are Pouncing on CrowdStrike Connected Outage
A recent report reveals that cyber criminals are exploiting the CrowdStrike Falcon software outage, which affected millions of Windows computers globally. Threat actors have registered over 2,000 CrowdStrike-themed domains and are distributing malware via phishing emails and malicious documents. Documented attacks include malicious payloads including information stealers and loaders. Additionally sophisticated phishing emails have delivered wiper malware under the guise of remediation instructions for the Falcon issue.
The Importance of Cyber Resilience in the Face of Global IT Failures
A recent study highlights the crucial need to shift more focus from merely a prevention mindset to more of a resilience mindset in cyber security. While traditional defences focus on keeping threats out, experts now emphasise the importance of preparing for inevitable breaches. Findings reveal that new attack vectors are emerging frequently, with AI and quantum computing being weaponised by malicious actors. Notably, many organisations still neglect basic fixes, such as updating passwords and applying patches.
A separate survey of cyber executives underscored the need for comprehensive recovery plans, defining resilience as the ability to minimise harm and maximise recovery efficacy post-incident. Although many view cyber security as a purely technical issue within IT departments, it has far-reaching implications across all facets of society and has long been a much wider issue than just IT. Understanding the necessity for cyber resilience and the connection between cyber safety and IT infrastructure is vital for businesses and communities alike.
Russia’s Shadow War Against Europe has Begun as Cyber Attacks Abusing Microsoft Infrastructure Increase
A recent report highlights a significant increase in brute force attacks targeting corporate and institutional networks across Europe, with the majority originating from Russia. These attacks, exploiting weak passwords through trial and error, have been active since at least May 2024. Russian threat actors are specifically targeting Microsoft infrastructure to evade detection, posing a substantial risk to organisational security. Over half of these attacks are traced back to IP addresses in Moscow, targeting cities in the UK, Lithuania, Denmark, and Hungary. Additionally, 60% of the IPs used are new, with 65% recently compromised. Motivations include data exfiltration, service disruption, and financial gain, with evidence pointing to ties with Chinese and Indian infrastructure.
Sources:
https://www.msspalert.com/news/crowdstrike-outage-could-cost-cyber-insurers-1-5-billion-cybercube
https://www.theregister.com/2024/07/26/crowdstrike_insurance_money/
https://www.infosecurity-magazine.com/news/ransomware-bec-cyber-incidents/
https://www.scmagazine.com/brief/unprecedented-global-cyberattack-prevalence-reported-in-q2
https://www.infosecurity-magazine.com/news/malware-attacks-surge-30-per-cent/
https://www.helpnetsecurity.com/2024/07/26/deepfake-response-plans/
https://securityboulevard.com/2024/07/how-to-prepare-your-workforce-for-the-deepfake-era/
https://cyberscoop.com/low-level-cybercriminals-are-pouncing-on-crowdstrike-connected-outage/
https://techround.co.uk/tech/importance-cyber-resilience-global-it-failures/
https://hbr.org/2024/07/when-cyberattacks-are-inevitable-focus-on-cyber-resilience
Governance, Risk and Compliance
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
Mitigating cyber risks in mergers and acquisitions | ITPro
Cyber threat landscape is ‘the worst it has been in the past five years’ (managementtoday.co.uk)
Unprecedented global cyber attack prevalence reported in Q2 | SC Media (scmagazine.com)
Risky security behaviours rife in the workplace | Retail Technology Review
Cyber Security ROI: Top metrics and KPIs - Help Net Security
CIOs and CISOs Battle Cyber Threats, Climate, Compliance - Compare the Cloud
CISOs are burned out – now they face personal liability too - Raconteur
Most CISOs feel unprepared for new compliance regulations - Help Net Security
How to Measure the Effectiveness of Your IT Security Solutions - DevX
Navigating Cyber Security Legal Liabilities - Security Boulevard
Risk Mitigation Beyond Remediation (forbes.com)
End-user cyber security errors that can cost you millions (bleepingcomputer.com)
SEC’s Lawsuit Against SolarWinds and CISO Dismissed | MSSP Alert
Are you a CISO who doesn’t know jack? Here’s how to bridge your own skills gap | CSO Online
Why C-Suite Executives Won’t Cut it Without Data Skills Anymore | HackerNoon
Threats
Ransomware, Extortion and Destructive Attacks
Why businesses must reckon with the human cost of ransomware - Raconteur
Ransomware Remains a ‘Brutal’ Threat in 2024 (govtech.com)
Experts Expect Ransomware Surge After Police Disruption (silicon.co.uk)
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (thehackernews.com)
Government Agencies Are Paying the Most for Ransomware Attacks - Business Insider
Stop following the herd to start fighting ransomware | TechRadar
New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US)
17-Year-Old Linked to Scattered Spider Cyber Crime Syndicate Arrested in UK (thehackernews.com)
Russians plead guilty to involvement in LockBit ransomware attacks (bleepingcomputer.com)
The cost of dealing with a ransomware attack is skyrocketing for some industries | TechRadar
US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks (bleepingcomputer.com)
North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
Emulating the Prickly Cactus Ransomware - Security Boulevard
Secrets of a ransomware negotiator (economist.com)
Ransomware Victims
Less than two days left of Type O blood after Russian cyber attack, NHS warns as health... - LBC
NHS hack prompts tougher UK cyber security rules for private providers (ft.com)
Ransomware attack shuts down three dozen Los Angeles courts | SC Media (scmagazine.com)
Largest US trial court forced to shut down following ransomware attack | TechRadar
North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
Phishing & Email Based Attacks
CrowdStrike outage: Phishing jumps as scam artists exploit event | Fortune
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams - IT Security Guru
New phishing kit on dark web bypasses security, targets logins (newsbytesapp.com)
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (thehackernews.com)
Three ways to mitigate digital impersonation attacks | SC Media (scmagazine.com)
Real estate wire fraud: Silicon Valley exec had $400,000 stolen (cnbc.com)
Warning after spike in cyber attacks in Guernsey - BBC News
CrowdStrike Warns of New Phishing Scam Targeting German Customers (thehackernews.com)
BEC
Real estate wire fraud: Silicon Valley exec had $400,000 stolen (cnbc.com)
Other Social Engineering
Meta takes down 63,000 accounts linked to sextortion scams targeting US men (yahoo.com)
Smishing Texts: What To Look Out For & How To Stop Them (slashgear.com)
QR Codes: Convenience or Cyber Threat? | Trend Micro (US)
Artificial Intelligence
The Urgent Need To Protect AI (forbes.com)
Europol fears increasing use of AI tools by cyber criminals (belganewsagency.eu)
AI-generated deepfake attacks force companies to reassess cyber security - Help Net Security
Top Tech Agree to Standardize AI Security (darkreading.com)
How to Prepare Your Workforce for the Deepfake Era - Security Boulevard
The CISO’s approach to AI: Balancing transformation with trust - Help Net Security
A Deep Dive into Deepfakes | Law Society of Scotland (lawscot.org.uk)
The most urgent security risks for GenAI users are all data-related - Help Net Security
Corporate Data Security at Risk From ‘Shadow AI’ Accounts (technewsworld.com)
UK faces down threat of deepfakes that demean, defraud, disinform | Biometric Update
16% of organisations experience disruptions due to insufficient AI maturity - Help Net Security
2FA/MFA
Warning after spike in cyber attacks in Guernsey - BBC News
Starlink Quietly Adds Two-Factor Authentication to Stop Account Hijackings (pcmag.com)
Malware
Fake CrowdStrike fixes target companies with malware, data wipers (bleepingcomputer.com)
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware - Security Week
Malware Attacks Surge 30% in First Half of 2024 - Infosecurity Magazine (infosecurity-magazine.com)
Logic bombs explained: Definition, examples, prevention | CSO Online
SocGholish malware used to spread AsyncRAT malware (securityaffairs.com)
Chinese Hackers Target Taiwan and US NGO with MgBot Malware (thehackernews.com)
FrostyGoop malware used to shut down heat in Ukraine attack • The Register
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers (thehackernews.com)
Chinese hackers deploy new Macma macOS backdoor version (bleepingcomputer.com)
Updated malware arsenal leveraged in Chinese Daggerfly attacks | SC Media (scmagazine.com)
'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware (darkreading.com)
Chrome Browser to Better Explain Why It Blocked a File Download (pcmag.com)
This new Google Chrome security warning is very important | Digital Trends
PHP Vulnerability Used For Malware And DDOS Attacks - Security Boulevard
French police push PlugX malware self-destruct payload to clean PCs (bleepingcomputer.com)
China's 'Evasive Panda' APT Spies on Taiwan Targets Across Platforms (darkreading.com)
Hamster Kombat’s 250 million players targeted in malware attacks (bleepingcomputer.com)
Mobile
Why mobile security audits are important in the enterprise | TechTarget
Google Confirms Play Store App Deletion—Now Just 6 Weeks Away (forbes.com)
Now-patched Telegram for Android vulnerability exposed users to malicious videos - SiliconANGLE
Swipe Right for Data Leaks: Dating Apps Expose Location, More (darkreading.com)
Growth in nude image sharing heightens cyber abuse risk | Computer Weekly
Smishing Texts: What To Look Out For & How To Stop Them (slashgear.com)
Denial of Service/DoS/DDOS
DDoS attacks have doubled so far in 2024 | ITPro
Three 'pro-Russian' hackers arrested in Spain over cyber attacks | Reuters
NCA cracks digitalstress DDoS-for-hire operation | Computer Weekly
Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank (darkreading.com)
PHP Vulnerability Used For Malware And DDOS Attacks - Security Boulevard
DDoS: The tool of Hacktivism | TechRadar
Internet of Things – IoT
Burglars are jamming Wi-Fi security cameras — here's what you can do | PCWorld
Hacking EVs and level 3 chargers through 1920's technology (newatlas.com)
Can Hackers Remotely Steal Your Cars? (analyticsindiamag.com)
Cyber Attacks Shift Gears: The Growing Threat to Automotive Technology | NADA
Data Breaches/Leaks
Hackney Council failure to change password led to cyber attack | Times Series (times-series.co.uk)
Verizon to pay $16 million in TracFone data breach settlement (bleepingcomputer.com)
Hackers leak documents stolen from Pentagon contractor Leidos | CSO Online
CrowdStrike gets hit with some more bad news | Digital Trends
Greece’s Land Registry agency breached in wave of 400 cyber attacks (bleepingcomputer.com)
BreachForums v1 hacking forum data leak exposes members’ info (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cyber crooks are typosquatting to exploit CrowdStrike fallout • The Register
Low-level cyber criminals are pouncing on CrowdStrike-connected outage | CyberScoop
Fragmented and multiplied cyber criminal landscape, warns new Europol report | Europol (europa.eu)
Tech firms top list of most targeted industry in Q2 by cyber criminals | SC Media (scmagazine.com)
Microsoft confirms CrowdStrike update also hit Windows 365 PCs (bleepingcomputer.com)
Chinese Crime Ring Hides Behind Stealth Tech and Soccer (darkreading.com)
Insurers must prepare for a rise in cyber crime :: Insurance Day
BreachForums v1 hacking forum data leak exposes members’ info (bleepingcomputer.com)
Philippines to end online casinos, maybe scams too • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ongoing Cyber Attack Targets Exposed Selenium Grid Services for Crypto Mining (thehackernews.com)
Insider Risk and Insider Threats
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware - Security Week
Risky security behaviours rife in the workplace | Retail Technology Review
Uncle Sam accuses telco IT pro of decade of spying for China • The Register
Insurance
Cyber insurance 2.0: The systemic changes required for future security - Help Net Security
Insurers’ losses from global IT outage could reach billions (ft.com)
Cyber Insurance Market Evolves as Threat Landscape Changes - Security Boulevard
Insurers must prepare for a rise in cyber crime :: Insurance Day
Supply Chain and Third Parties
CrowdStrike global tech outage and Microsoft Azure bugs: Everything to know (qz.com)
CrowdStrike outage: Phishing jumps as scam artists exploit event | Fortune
Outage Shows All Our Eggs Are in One Cyber Security Basket: Szabo | NTD
IT outage exposes fragility of tech infrastructure - BBC News
What Can We Learn From Payment System Failures and Global IT Outage? | The Fintech Times
Are We Really Ready for a Fully Digital Financial System? (financemagnates.com)
The Critical Role of Supply Chain Resilience in Today's Digital Landscape - Zimperium
Cyber crooks are typosquatting to exploit CrowdStrike fallout • The Register
EU gave CrowdStrike keys to Windows kernel, Microsoft claims • The Register
CrowdStrike Microsoft Outage Demands More Resilient Cloud Computing - Bloomberg
NHS hack prompts tougher UK cyber security rules for private providers (ft.com)
When Cyber Attacks Are Inevitable, Focus on Cyber Resilience (hbr.org)
Tech firms top list of most targeted industry in Q2 by cyber criminals | SC Media (scmagazine.com)
CEO at cyber security firm that caused a global outage forgot to apologize | Fortune
Is the UK resilient enough to withstand a major cyber attack? | Microsoft IT outage | The Guardian
CrowdStrike’s Falcon Sensor linked to Linux crashes, too • The Register
Delta cancels another 600 flights on Monday in wake of cyber outage | Reuters
CrowdStrike incident has CIOs rethinking their cloud strategies | CIO
Data pilfered from Pentagon IT supplier Leidos • The Register
Fighting Third-Party Risk With Threat Intelligence (darkreading.com)
Learning from CrowdStrike’s quality assurance failures - Help Net Security
CrowdStrike faces backlash over 10 dollar apology vouchers for IT outage | Evening Standard
Cloud/SaaS
Cyber Pros Spot Spike in Malicious Activity Over CrowdStrike Outage | MSSP Alert
Cyber crooks are typosquatting to exploit CrowdStrike fallout • The Register
CrowdStrike Microsoft Outage Demands More Resilient Cloud Computing - Bloomberg
Tech firms top list of most targeted industry in Q2 by cyber criminals | SC Media (scmagazine.com)
Fortune 500 stands to lose $5bn plus from CrowdStrike incident | Computer Weekly
Warning after spike in cyber attacks in Guernsey - BBC News
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (thehackernews.com)
CrowdStrike could have an EU-sized data problem on its hands - Fast Company
Learning from CrowdStrike’s quality assurance failures - Help Net Security
Microsoft confirms CrowdStrike update also hit Windows 365 PCs (bleepingcomputer.com)
US opens probe into Delta Air Lines' handling of CrowdStrike • The Register
CrowdStrike faces backlash over 10 dollar apology vouchers for IT outage | Evening Standard
Outages
Cyber Pros Spot Spike in Malicious Activity Over CrowdStrike Outage | MSSP Alert
CrowdStrike Says Logic Error Caused Windows BSOD Chaos - SecurityWeek
One faulty CrowdStrike update caused a global outage | AP News
IT outage exposes fragility of tech infrastructure - BBC News
CrowdStrike Microsoft Outage Demands More Resilient Cloud Computing - Bloomberg
The CrowdStrike Failure Was a Warning - The Atlantic
Mass global IT outage a wake-up call for resilient cyber security - SHINE News
Without Backup Plans, Global IT Outages Will Happen Again (claimsjournal.com)
Is the UK resilient enough to withstand a major cyber-attack? | Microsoft IT outage | The Guardian
Are global IT outages becoming more frequent? What the experts say (yahoo.com)
Microsoft blames EU rules for allowing world's biggest IT outage to happen (telegraph.co.uk)
TechScape: Why CrowdStrike-style chaos is here to stay | Technology | The Guardian
CrowdStrike Outage Is Another Sharp Warning for Banks - Bloomberg
Microsoft: CrowdStrike's outage affected 8.5 million Windows PCs worldwide - Neowin
Identity and Access Management
Time to Rethink Identity: What Security Leaders Need to Know (govinfosecurity.com)
Linux and Open Source
Focusing open source on security, not ideology | InfoWorld
CrowdStrike’s Falcon Sensor linked to Linux crashes, too • The Register
New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US)
Switzerland now requires all government software to be open source | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
Hackney Council failure to change password led to cyber attack | Times Series (times-series.co.uk)
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (thehackernews.com)
Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication (darkreading.com)
Mitigating the growing threats of account takeover attacks in 2024 | TechRadar
Social Media
Social Media and Travel: Be Careful of What You Share - Security Boulevard
Study: TikTok Lite is a 'safety hazard' for millions of users around the world | ZDNET
Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model (thehackernews.com)
10 social media scams and how to avoid them (techtarget.com)
Training, Education and Awareness
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams - IT Security Guru
Regulations, Fines and Legislation
Hackney Council failure to change password led to cyber attack | Times Series (times-series.co.uk)
NHS hack prompts tougher UK cyber security rules for private providers (ft.com)
Verizon to pay $16 million in TracFone data breach settlement (bleepingcomputer.com)
White House mandates stricter cyber security for R&D institutions (securityintelligence.com)
Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model (thehackernews.com)
CrowdStrike could have an EU-sized data problem on its hands - Fast Company
New legislation will help counter the cyber threat to our... - NCSC.GOV.UK
UK school reprimanded by ICO for using facial recognition without DPIA | Biometric Update
CISOs are burned out – now they face personal liability too - Raconteur
Most CISOs feel unprepared for new compliance regulations - Help Net Security
Judge Dismisses Major SEC Charges Against SolarWinds and CISO - Security Week
Preparing for Cyber Security Audits: Insights from US Regulations | UpGuard
Backup and Recovery
Without Backup Plans, Global IT Outages Will Happen Again (claimsjournal.com)
Data Protection
CrowdStrike could have an EU-sized data problem on its hands - Fast Company
Careers, Working in Cyber and Information Security
Closing cyber skills gap needs public-private collaboration | World Economic Forum (weforum.org)
Enhancing the cyber security talent pool is key to securing our digital future - IT Security Guru
Shocked, Devastated, Stuck: Cyber Security Pros Open Up About Their Layoffs (darkreading.com)
9 ways CSOs lose their jobs | CSO Online
Are you a CISO who doesn’t know jack? Here’s how to bridge your own skills gap | CSO Online
How dark data and scarcity of cyber experts are threatening organisations | Ctech (calcalistech.com)
Critical sectors short on cyber security pros | Canada's National Observer: Climate News
Law Enforcement Action and Take Downs
Three 'pro-Russian' hackers arrested in Spain over cyber attacks | Reuters
17-Year-Old Linked to Scattered Spider Cyber Crime Syndicate Arrested in UK (thehackernews.com)
Russians plead guilty to involvement in LockBit ransomware attacks (bleepingcomputer.com)
NCA cracks digitalstress DDoS-for-hire operation | Computer Weekly
Ransomware takedowns leave crims scrambling for stability • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Don’t sanction cyberweapons — sanction how they’re used | Euronews
Global cyberespionage campaign launched by novel TAG-100 operation | SC Media (scmagazine.com)
Nation State Actors
China
Chinese Hacker Gang GhostEmperor Re-Emerges After Two Years (darkreading.com)
Threat Hunting Case Study: Looking for Volt Typhoon | Intel471
Study: TikTok Lite is a 'safety hazard' for millions of users around the world | ZDNET
Chinese Hackers Target Taiwan and US NGO with MgBot Malware (thehackernews.com)
Chinese hackers deploy new Macma macOS backdoor version (bleepingcomputer.com)
Updated malware arsenal leveraged in Chinese Daggerfly attacks | SC Media (scmagazine.com)
China's 'Evasive Panda' APT Spies on Taiwan Targets Across Platforms (darkreading.com)
Uncle Sam accuses telco IT pro of decade of spying for China • The Register
Microsoft: CrowdStrike's outage affected 8.5 million Windows PCs worldwide - Neowin
Chinese Crime Ring Hides Behind Stealth Tech and Soccer (darkreading.com)
Russia
NATO, Others Targeted by Novel Hacktivist Collective | MSSP Alert
Less than two days left of Type O blood after Russian cyber attack, NHS warns as health... - LBC
Russian Cyber Army members face US sanctions | SC Media (scmagazine.com)
Kaspersky Is an Unacceptable Risk Threatening the US's Cyber Defence (darkreading.com)
FrostyGoop malware used to shut down heat in Ukraine attack • The Register
Russia Adjusts Cyber Strategy for the Long Haul in Ukraine War (darkreading.com)
Three 'pro-Russian' hackers arrested in Spain over cyber attacks | Reuters
Russians plead guilty to involvement in LockBit ransomware attacks (bleepingcomputer.com)
North Korea
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (thehackernews.com)
North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop
North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
NATO, Others Targeted by Novel Hacktivist Collective | MSSP Alert
Tools and Controls
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
Without Backup Plans, Global IT Outages Will Happen Again (claimsjournal.com)
Stop following the herd to start fighting ransomware | TechRadar
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams - IT Security Guru
Why mobile security audits are important in the enterprise | TechTarget
Cyber insurance 2.0: The systemic changes required for future security - Help Net Security
Large US banks are failing on operational risk, secret OCC report finds | Fortune
The Importance of Red Teaming - DevX
Fighting Third-Party Risk With Threat Intelligence (darkreading.com)
Cyber Security ROI: Top metrics and KPIs - Help Net Security
Don't Leave The Door Open: The API Model To Defend Against Intruders (forbes.com)
Chrome Browser to Better Explain Why It Blocked a File Download (pcmag.com)
This new Google Chrome security warning is very important | Digital Trends
Types of MDR security services: MEDR vs. MNDR vs. MXDR | TechTarget
Small Businesses Need Default Security in Products Now (darkreading.com)
How CISOs enable ITDR approach through the principle of least privilege - Help Net Security
The Imperative of Threat Hunting for a Mature Security Posture | Binary Defence
Understanding Threat Intelligence: Exploring The Cyber Realm (informationsecuritybuzz.com)
How to Measure the Effectiveness of Your IT Security Solutions - DevX
The Future Of Cyber Security In A Net-Zero World (forbes.com)
Microsoft's licensing practices harm cyber security, coalition says - Global Competition Review
Preparing for Cyber Security Audits: Insights from US Regulations | UpGuard
Reports Published in the Last Week
Internet Organised Crime Threat Assessment (IOCTA) 2024 | Europol (europa.eu)
Other News
Google abandons plan to drop third-party cookies in Chrome • The Register
Risky security behaviours rife in the workplace | Retail Technology Review
Privilege escalation: unravelling a novel cyber attack technique - IT Security Guru
Cyber security measures 'cost SMEs £60,000 a year' - CIR Magazine
End-user cyber security errors that can cost you millions (bleepingcomputer.com)
Study reveals cyber attack response times in UK CNI - CIR Magazine
Is Our Water Safe to Drink? Securing Our Critical Infrastructure (darkreading.com)
Vulnerability Management
The complexities of cyber security update processes (welivesecurity.com)
CrowdStrike Explains Why Bad Update Was Not Properly Tested - Security Week
Poor patch posture isn't just a problem in your office • The Register
Microsoft's new way of updating Windows will hopefully be a hit (xda-developers.com)
Are You Configured for Failure? - Security Boulevard
Vulnerabilities
One faulty CrowdStrike update caused a global outage | AP News
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers (thehackernews.com)
Secure Boot is completely broken on 200+ models from 5 big device makers | Ars Technica
Cisco patches critical flaw in Secure Email Gateway appliances (computing.co.uk)
SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software (thehackernews.com)
Juniper Networks Critical Security Update Released - Security Boulevard
Now-patched Telegram for Android vulnerability exposed users to malicious videos - SiliconANGLE
Chrome 127 Patches 24 Vulnerabilities - Security Week
Organisations Warned of Exploited Twilio Authy Vulnerability - Security Week
PHP Vulnerability Used For Malware And DDOS Attacks - Security Boulevard
CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software (thehackernews.com)
Windows: latest security update is causing huge issues for some users - gHacks Tech News
Progress warns of critical RCE bug in Telerik Report Server (bleepingcomputer.com)
Critical ServiceNow RCE flaws actively exploited to steal credentials (bleepingcomputer.com)
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins (thehackernews.com)
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 - Security Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.