Black Arrow Cyber Threat Briefing 29 December 2023
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions
The UK’s power network has long been an attractive target for enemies of the state and that remains true today. In fact, according to the UK Government, the risk of the whole country’s electricity system being shut down is growing. So are the dangers to citizens if it happens.
The UK’s National Risk Register, the official document assessing 89 different possible threats to the country, explains that a cyber attack on the National Grid could be launched by culprits “encrypting, stealing or destroying data upon which critical systems depend, or via disruption to operational systems”.
Source: [iNews]
Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance
Billions of people around the world are expected to go to the polls and vote in 2024, in what will be the most significant election year in recent memory, and cyber security and government officials have already warned about countries using technology to influence operations. This includes disinformation campaigns and hacking attempts. Officials have further warned that artificial intelligence will likely be used to fuel such campaigns.
Sources: [The Record] [Security Affairs]
The Most Popular Passwords of 2023 are Easy to Guess and Crack
NordPass released a list of the top 200 common passwords recently, which included “123456” and “admin” as the top two. Of particular note, the top 40 passwords were all deemed to take less than 12 seconds to crack, or could be determined by an actor with no knowledge of the password. Many people would argue that there are so many passwords needed these days that it becomes hard to remember, hence their choice of easier passwords, and often reusing or recycling them across multiple sites and services. The use of a password manager can greatly reduce this need, requiring the user to only remember one password whilst also allowing for more complex and harder to crack passwords.
Source: [gHacks]
Dangerous Malware Pretends to be Some of Your Most Used Business Software
Hackers are using an old form of banking malware, known as Carbanak, to launch damaging ransomware attacks. Hackers are using compromised websites to host the malware, impersonating popular business-related software such as HubSpot, Veeam, or Xero.
Source: [TechRadar]
MFA Helps You Stay Resilient, But Nothing is a Silver Bullet
Multi-factor authentication (MFA) is a great resource for improving your organisation’s cyber resilience, but no technology is 100% secure and the human element will nearly always remain. With notable security breaches bypassing MFA to compromise organisations including Uber, games company EA, and authentication business Okta, organisations need to be aware that it is a possibility. As such, organisations need to ensure they implement MFA effectively and educate their users in their implementation; even the strongest of controls are rendered useless if they can be bypassed with one social engineering phone call.
Source: [Help Net Security]
Ransomware Leak Site Victims Reached Record-High in November
Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39% increase from October and a 110% increase compared with November 2022. Further, this is the eleventh consecutive month in which there has been a year-on-year increase in ransomware victims, and the ninth with a victim count over 300.
Source: [Infosecurity Magazine]
MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023
2023 was a colossal year for data breaches, with the likes of MOVEit, Capita, Citrix, Royal Mail, MGM resorts and 3CX among some of the most significant victims. Such attacks have involved a number of vectors, such as file transfer vulnerabilities, social engineering, supply chain attacks and zero-day exploits. The result? Millions of people’s data compromised, and hundreds of millions paid out to attackers; the attack on MGM resorts alone is reported to have costed upwards of $100 million.
Source: [TechCrunch]
Europol Warns 443 Online Shops Infected with Credit Card Stealers
Europol has notified over 400 websites that their online shop had been hacked, with malicious scripts that steal card information from paying customers. The scripts are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses, which are then uploaded to an attacker. This information is then used, or sold on the dark web to be used. Unfortunately, some of these attacks can go undetected for weeks or even several months.
Source: [Bleeping Computer]
Physical Access Systems Open Door to IT Networks
Cyber attackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorised building access to sensitive locations, as well as breach internal IP networks directly from these systems, research has shown. At a recent leading security conference, analysts demonstrated this is an attack. Assets such as these can often be forgotten about and therefore omitted from protections, highlighting the need for organisations to have an up to date and accurate asset register.
Source: [Dark Reading]
Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks
Hacking can be sophisticated, but often it is not sophisticated at all. Some of the biggest hacks this year started with what seemed like an innocent phone call, but which in fact were fairly simple social engineering attacks. Additionally, hackers continued to target companies that failed to promptly update their systems, even after patches were released to fix critical vulnerabilities. The best first step to protect an organisation is to establish a culture of good cyber security hygiene across people, operations and technology.
Source: [Pymnts]
Daily Malicious Files Rise to 411,000 a day in 2023
Cyber criminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky. Malicious desktop files in particular rose by 53%. Cyber criminals favoured Microsoft Office services’ vulnerabilities, which represented 69% of all exploited vulnerabilities.
Source: [Infosecurity Magazine]
Android Malware Actively Infecting Devices to Take Full Control
Android Malware is actively being used to take control of devices for illicit purposes, such as stealing sensitive information and enabling remote attacks, and least 327,000 devices are reported to have been infected with such malware. Research has found that amongst the most targeted countries are the UK and US. Often, for the malware to work, users need to allow it access to information such as contacts, email. In some cases, the user would only be aware they have consented if they were to manually check the apps settings. For organisations, this can mean employees bringing personal or work phones into the corporate environment, with malware potentially along for the ride.
Source: [GBhackers]
Threats
Ransomware, Extortion and Destructive Attacks
Rethinking data security in the age of ransomware and AI - SiliconANGLE
Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)
Do the casino ransomware attacks make the case to pay? • The Register
Windows CLFS and five exploits used by ransomware operators | Securelist
Cyber crime experts reveal how to infiltrate ransomware gangs • The Register
How ransomware operators try to stay under the radar | Malwarebytes
How many times are you going to think about ransomware in 2024? (betanews.com)
Ransomware Victims
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Lockbit ransomware disrupts emergency care at German hospitals (bleepingcomputer.com)
Integris Health patients get extortion emails after cyber attack (bleepingcomputer.com)
Ransomware Group Claims 100 Gb of Data Stolen From Nissan Australia - Security Week
Indian IT services giant HCL Technologies hit by ransomware | TechRadar
LockBit gang claims to have breached accountancy firm Xeinadin (securityaffairs.com)
Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)
Australia’s Largest Auto Dealer Group Hit By Massive Cyber Attack | Carscoops
Artificial Intelligence
Elections 2024, Artificial Intelligence could upset world balances (securityaffairs.com)
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week
Rethinking data security in the age of ransomware and AI - SiliconANGLE
GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)
Why data, AI, and regulations top the threat list for 2024 - Help Net Security
5 Ways that AI Is Set To Transform Cyber Security (informationweek.com)
The Emerging Landscape of AI-Driven Cyber Security Threats: A Look Ahead - Security Week
Skynet Ahoy? What to Expect for Next-Gen AI Security Risks (darkreading.com)
2FA/MFA
Malware
Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)
Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware (thehackernews.com)
This growing malware threat actor is set to unleash a surge of attacks, experts warn | TechRadar
'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick (darkreading.com)
Microsoft disables MSIX protocol handler abused in malware attacks (bleepingcomputer.com)
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices (thehackernews.com)
Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)
Fake VPN Chrome extensions force-installed 1.5 million times (bleepingcomputer.com)
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)
New Rugmi Malware Loader Surges with Hundreds of Daily Detections (thehackernews.com)
Game mod on Steam breached to push password-stealing malware (bleepingcomputer.com)
How the new Instegogram threat creates liability for organisations | CSO Online
Mobile
TikTok makes users give iPhone passwords, reasons unclear (nypost.com)
Android Malware Actively Infecting Devices to Take Full Control (gbhackers.com)
Chameleon Android Malware Can Bypass Biometric Security - Security Week
SMS Scams Set to Peak on Saturday in UK - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Essential DDoS statistics for understanding attack impact - Help Net Security
How to Prepare for DDoS Attacks During Peak Business Times (darkreading.com)
In Cyber Security and Fashion, What's Old Is New Again (darkreading.com)
Internet of Things – IoT
Tech gifts you shouldn’t buy your family and friends for the holidays | TechCrunch
Physical Access Systems Open Door to IT Networks (darkreading.com)
Ho Ho Home For Christmas? Tips For Avoiding Tech Terrors This Festive Season - IT Security Guru
Data Breaches/Leaks
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Mortgage firm LoanCare warns 1.3 million people of data breach (bleepingcomputer.com)
Real estate agency exposes details of 690k customers (securityaffairs.com)
Insomniac Games Releases Statement Over Recent Cyber Attack - Gameranx
Ubisoft says it's investigating reports of a new security breach (bleepingcomputer.com)
Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)
Inmate, Staff Information Stolen in Rhode Island Prison Data Breach - Security Week
Mint Mobile discloses new data breach exposing customer data (bleepingcomputer.com)
Hackers steal customer data from Europe’s largest parking app operator | Hacking | The Guardian
Yakult Australia confirms 'cyber incident' after 95 GB data leak (bleepingcomputer.com)
CBS, Paramount owner National Amusements says it was hacked | TechCrunch
Panasonic discloses data breach after December 2022 cyber attack (bleepingcomputer.com)
Customers warned after major car dealership group Eagers Automotive hacked | The West Australian
Cyber Attacks Impacts Two Major Australian Companies Including Leaked Passports | The Epoch Times
Organised Crime & Criminal Actors
Simple Hacking Techniques Prove Successful in Cyber Attacks (pymnts.com)
Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch
Hacking or Social Engineering? What You Need to Know to Keep Yourself Safe | HackerNoon
3 Clues That Hackers May Know More About Your Business Than You Do | Inc.com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Hacking group Pink Drainer strikes again, pilfering $4.4M from just 1 victim (cointelegraph.com)
Supply Chain and Third Parties
Third-party issues disrupt 45% of firms despite cyber security spends (securitybrief.co.nz)
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Cloud/SaaS
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Data security and cost are key cloud adoption challenges for financial industry - Help Net Security
The Future of Hybrid Cloud: What to Expect in 2024 and Beyond (techtarget.com)
Encryption
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Linux and Open Source
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
The most popular passwords of 2023 are easy to guess and crack - gHacks Tech News
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week
Social Media
Regulations, Fines and Legislation
Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024 (darkreading.com)
Why data, AI, and regulations top the threat list for 2024 - Help Net Security
Europe classifies three adult sites as worthy of its toughest internet regulations • The Register
5 US cyber security compliance deadlines in 2024 | SC Media (scmagazine.com)
EU updates product liability regime to include software, Artificial Intelligence – EURACTIV.com
Models, Frameworks and Standards
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers (darkreading.com)
Top Tips from CISOs for CISOs - Infosecurity Magazine (infosecurity-magazine.com)
How leaders can look after information security professionals | ITPro
Building Mental Resilience: A CISO's Journey - GovInfoSecurity
What Does the Future Hold for Today’s Cyber Security Leaders? (huntress.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Ministers fear a cyber attack cutting all our electricity – this is why (inews.co.uk)
How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)
Nation State Actors
China
Russia
Ukrainian remote workers targeted in new espionage campaign (therecord.media)
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)
Russian firms subjected to new cyber espionage campaign | SC Media (scmagazine.com)
Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies (thehackernews.com)
Inside the World of Deep-Cover Russian Spies Who Are Infiltrating the West (businessinsider.com)
Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)
Iran
Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)
Israel and Iran are waging a cyber war in the shadows - opinion - The Jerusalem Post (jpost.com)
A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes
North Korea
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)
Kim Jong Un Expected To Conduct Military, Cyber Attacks During US Elections - Benzinga
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (securityaffairs.com)
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - Security Week
Google Releases Eighth Zero-Day Patch of 2023 for Chrome (darkreading.com)
Windows CLFS and five exploits used by ransomware operators | Securelist
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers (bleepingcomputer.com)
Tools and Controls
Physical Access Systems Open Door to IT Networks (darkreading.com)
Even cyber security pros don't fully trust AI just yet | TechRadar
GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)
Verification roadblocks cause frustration for digital nomads - Help Net Security
Strengthening Resilience: Navigating the Cyber Security Landscape (darkreading.com)
API security in 2024: Predictions and trends - Help Net Security
Other News
5 Things You Can Do Today to Prepare for 2024’s Security Threats (informationweek.com)
Pensions Regulator publishes updated cyber security guidance for trustees | Mayer Brown - JDSupra
All I really need to know about cyber security, I learned in kindergarten (venturebeat.com)
New insights into the global industrial cyber security landscape - Help Net Security
NASA Releases First Space Cyber Security Best Practices Guide (inforisktoday.com)
Unveiling the true cost of healthcare cyber security incidents - Help Net Security
Hackers see wealth of information to steal in kids' school records (cnbc.com)
A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes
How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)
Post-pandemic Cyber Security: Lessons from the global health crisis (att.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.