Black Arrow Cyber Threat Briefing 26 May 2023
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy
Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).
Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.
https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/
Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim
Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.
The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.
Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.
https://www.itweb.co.za/content/mYZRX79g8gRqOgA8
SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups
Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.
Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.
SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.
IT Employee Piggybacked on Cyber Attack for Personal Gain
A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.
The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.
“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.
While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.
https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/
Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More
Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.
Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.
Microsoft Reports Jump in Business Email Compromise (BEC) Activity
Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.
Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.
Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.
Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions
The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.
Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.
Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.
Advanced Phishing Attacks Surge 356% in 2022
A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.
The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.
Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.
https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/
Today’s Cyber Defence Challenges: Complexity and a False Sense of Security
Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.
To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.
Almost All Ransomware Attacks Target Backups
Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.
According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.
Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.
With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.
NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure
The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.
The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.
https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/
Half of All Companies were Impacted by Spearphishing in 2022
Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.
The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.
The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.
https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/
Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.
There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.
https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool
Governance, Risk and Compliance
Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek
The Rising Threat of Secrets Sprawl and the Need for Action (thehackernews.com)
Mass resignations, layoffs seen as major threat to corporate cyber security - The Korea Times
Improving Cyber security Requires Building Better Public-Private Cooperation (darkreading.com)
5 Cyber security Woes That Threaten Digital Growth (analyticsinsight.net)
Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)
What Security Professionals Need to Know About Aggregate Cyber Risk (darkreading.com)
Where to Focus Your Company’s Limited Cyber security Budget (hbr.org)
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online
CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (darkreading.com)
Today’s Cyber Defence Challenges: Complexity and a False Sense of Security - SecurityWeek
The biggest threats are always those we fail to predict - Big Think
How continuous security monitoring is changing the compliance game - Help Net Security
Defining CISOs, CTOs, and CIOs' Roles in Cyber security (analyticsinsight.net)
Threats
Ransomware, Extortion and Destructive Attacks
3 Common Initial Attack Vectors Account for Most Ransomware Campaigns (darkreading.com)
12 vulnerabilities newly associated with ransomware - Help Net Security
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Ransomware threats are growing, and targeting Microsoft devices more and more | TechRadar
Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (bleepingcomputer.com)
FIN7 gang returned and was spotted delivering Clop ransomware - Security Affairs
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking (darkreading.com)
Cyble — New Ransomware Wave Engulfs over 200 Corporate Victims
Updated 'StopRansomware Guide' warns of shifting tactics | TechTarget
The Week in Ransomware - May 19th 2023 - A Shifting Landscape (bleepingcomputer.com)
US saw 45% fewer ransomware victims posted on the dark web | Security Magazine
Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert
Ransomware tales: The MitM attack that really had a Man in the Middle – Naked Security (sophos.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (thehackernews.com)
Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (thehackernews.com)
Ransomware Victims
Food Distributor Sysco Says Cyber Attack Exposed 126,000 Individuals - SecurityWeek
Suzuki motorcycle plant shut down by cyber attack (bitdefender.com)
Iowa hospital discloses breach following Royal ransomware leak | TechTarget
Arms maker Rheinmetall confirms BlackBasta ransomware attack (bleepingcomputer.com)
Dish Network says February ransomware attack impacted +300K - Security Affairs
Philly Inquirer disputes Cuba ransomware gang's leak claims • The Register
Dorchester school IT system held to ransom in cyber attack - BBC News
BlackByte lists city of Augusta after cyber 'incident' • The Register
Phishing & Email Based Attacks
Advanced Phishing Attacks Surge 356% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
50% of companies had spearphishing puncture wounds in 2022 (techrepublic.com)
Microsoft 365 phishing attacks use encrypted RPMSG messages (bleepingcomputer.com)
Threat actors exploit new channels for advanced phishing attacks - Help Net Security
Malicious links and misaddressed emails slip past security controls - Help Net Security
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
BEC – Business Email Compromise
Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog
Microsoft reports jump in business email compromise activity | CSO Online
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
Employees are banned from using ChatGPT at these companies | Fortune
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs
6 ChatGPT risks for legal and compliance leaders - Help Net Security
5 Ways Hackers Will Use ChatGPT For Cyber attacks (informationsecuritybuzz.com)
Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security
Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop
AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)
The Security Hole at the Heart of ChatGPT and Bing | WIRED UK
2FA/MFA
Malware
New PowerExchange malware backdoors Microsoft Exchange servers (bleepingcomputer.com)
Hackers Use Weaponised DOCX File to Deploy Stealthy Malware (gbhackers.com)
Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware (thehackernews.com)
Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware (thehackernews.com)
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)
Threat actors leverage kernel drivers in new attacks | TechTarget
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs
Malicious links and misaddressed emails slip past security controls - Help Net Security
Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica
New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)
Legion Malware Upgraded to Target SSH Servers and AWS Credentials (thehackernews.com)
AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)
Mobile
Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)
Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)
New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)
Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)
Botnets
How smart bots are infecting and exploiting the internet - Help Net Security
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai
Denial of Service/DoS/DDOS
Internet of Things – IoT
Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
Data Breaches/Leaks
Capita under fire after ‘confidential’ files published online (thetimes.co.uk)
Luxottica confirms 2021 data breach after info of 70M leaks online (bleepingcomputer.com)
Hackers steal the SSN of nearly 6 million people (pandasecurity.com)
Food Distributor Sysco Says Cyber attack Exposed 126,000 Individuals - SecurityWeek
Organised Crime & Criminal Actors
IT employee piggybacked on cyber attack for personal gain - Help Net Security
Child hackers: How are kids becoming sophisticated cyber criminals? | Euronews
UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)
The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum
FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Cyber criminals masquerading as MFA vendors - Help Net Security
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)
FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)
Insider Risk and Insider Threats
How to prevent against the 5 main types of insider threats - IT Security Guru
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Get-rich-quick schemes, pyramids and ponzis: five signs you're being scammed (theconversation.com)
Scammers Using ChatGPT "Fleeceware" Apps to Cash In on AI Hype, Sophos Report - MSSP Alert
Online scams target bargain-hunting holiday travelers - Help Net Security
Ads for lucrative jobs in Asia may be tech slavery scams • The Register
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
79-year-old woman tricks German scammers into getting arrested (iamexpat.de)
Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Supply Chain and Third Parties
Capita under fire after ‘confidential’ files published online (thetimes.co.uk)
UK councils caught in Capita unsecured AWS bucket data leak • The Register
New Cyber Security Training Packages Launched to Manage Supply Chain Risk - NCSC
Software Supply Chain
GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains (thehackernews.com)
Cloud/SaaS
UK councils caught in Capita unsecured AWS bucket data leak • The Register
CISO-level tips for securing corporate data in the cloud - Help Net Security
Google Cloud Bug Allows Server Takeover From CloudSQL Service (darkreading.com)
Attack Surface Management
Identity and Access Management
7 access management challenges during M&A - Help Net Security
Think security first when switching from traditional Active Directory to Azure AD | CSO Online
Encryption
API
API bug in OAuth dev tool opened websites, apps to account hijacking | SC Media (scmagazine.com)
The fragmented nature of API security ownership - Help Net Security
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Inactive accounts pose significant account takeover security risks | CSO Online
What’s a Double-Blind Password Strategy and When Should It Be Used (bleepingcomputer.com)
Netflix's Password-Sharing Ban Offers Security Upsides (darkreading.com)
Biometrics
Social Media
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)
Pentagon explosion hoax goes viral after verified Twitter accounts push (bleepingcomputer.com)
Training, Education and Awareness
Travel
Online scams target bargain-hunting holiday travelers - Help Net Security
Four ways your devices can be hacked in hotels and how to stay safe | This is Money
Tips to Protect Against Holiday and Airline Scams - IT Security Guru
Parental Controls and Child Safety
Regulations, Fines and Legislation
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)
Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop
Models, Frameworks and Standards
NIST Launches Cyber security Initiative for Small Businesses (securityintelligence.com)
New security model launched to eliminate 95% of cyber breaches - IT Security Guru
Backup and Recovery
Almost all ransomware attacks target backups, says Veeam | Computer Weekly
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)
79-year-old woman tricks German scammers into getting arrested (iamexpat.de)
Privacy, Surveillance and Mass Monitoring
UK police to 'embed' facial recog but oversight is at risk • The Register
Abuse of government spying powers: What's to worry about? • The Register
Reflections on Ten Years Past The Snowden Revelations (ietf.org)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)
Russia's War in Ukraine Shows Cyber attacks Can Be War Crimes (darkreading.com)
The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED
Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (thehackernews.com)
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)
Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (thehackernews.com)
Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop
New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)
United Nations official and others in Armenia hacked by NSO Group spyware | Hacking | The Guardian
Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)
Nation State Actors
APT attacks: Exploring Advanced Persistent Threats and their evasive techniques (malwarebytes.com)
SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups | CSO Online
The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)
Five Eyes and Microsoft accuse China US infrastructure raids • The Register
Iranian hackers use new Moneybird ransomware to attack Israeli orgs (bleepingcomputer.com)
Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop
GCHQ warns of fresh threat from Chinese state-sponsored hackers | Hacking | The Guardian
New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)
Five Eyes agencies detail how Chinese hackers breached US infrastructure - Help Net Security
Lazarus Group Striking Vulnerable Windows IIS Web Servers (darkreading.com)
'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns (darkreading.com)
Vulnerability Management
12 vulnerabilities newly associated with ransomware - Help Net Security
Fresh perspectives needed to manage growing vulnerabilities - Help Net Security
Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert
How to check for new exploits in real time? VulnCheck has an answer | CSO Online
Vulnerabilities
12 vulnerabilities newly associated with ransomware - Help Net Security
Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)
Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws (informationsecuritybuzz.com)
Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)
Microsoft: Windows issue causes file copying, saving failures (bleepingcomputer.com)
GitLab 'strongly recommends' patching max severity flaw ASAP (bleepingcomputer.com)
83C0000B: The error code that means a software update bricked your HP printer (bitdefender.com)
CISA adds iPhone bugs to Known Exploited Vulnerabilities catalog - Security Affairs
Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security
Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)
Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)
Tools and Controls
Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek
Malicious links and misaddressed emails slip past security controls - Help Net Security
Making The Most Of A Penetration Test: The Organisational Perspective (forbes.com)
Against the Clock: Cyber Incident Response Plan (trendmicro.com)
Investigating Risks Through Threat Hunting Capability Guide (informationsecuritybuzz.com)
Almost all ransomware attacks target backups, says Veeam | Computer Weekly
How continuous security monitoring is changing the compliance game - Help Net Security
Blacklist untrustworthy apps that peek behind your firewall - Help Net Security
How generative AI is reshaping the identity verification landscape - Help Net Security
The fragmented nature of API security ownership - Help Net Security
Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans (darkreading.com)
Cutting Through the Noise: What is Zero Trust Security? - SecurityWeek
CISO-level tips for securing corporate data in the cloud - Help Net Security
6 ways generative AI chatbots and LLMs can enhance cyber security | CSO Online
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Attributes of a mature cyber-threat intelligence program | CSO Online
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.