Black Arrow Cyber Threat Intelligence Briefing 29 November 2024

1 Dec

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Phishing Attacks Dominate Threat Landscape in Q3 2024

ReliaQuest's recent report reveals that spear phishing attacks accounted for 46% of security incidents in Q3 2024, becoming the most prevalent threat. High employee turnover and accessible phishing kits contribute to this trend, with untrained new hires increasing vulnerability. The report also highlights a 20% surge in cloud-based security threats and a 7% rise in insider threat activity, with cyber criminals offering up to $10,000 weekly for insider assistance. Despite awareness of these risks, organisations continue to face significant challenges in mitigating them.

Rising Cyber Threat Driven by Single Point of Failure Risk

CyberCube reports that escalating cloud service provider outages and single point of failure events are significantly increasing the risk of unplanned technology outages for organisations. These disruptions are accelerating, impacting critical services across sectors. The report highlights that the Energy & Utilities industry is highly exposed with varying security levels, while the Transportation & Logistics sector is exposed but more secure. Many US public sector entities are under-secured despite high exposure to cyber threats. It emphasises that insurers must adapt by refining policy language, enhancing threat intelligence, and collaborating with governments to mitigate these evolving risks.

Cloned Customer Voice Beats Bank Security Checks

Recent investigations have revealed that AI-cloned voices can bypass voice recognition security in banking systems. A BBC test showed that cloned voices successfully overcame voice ID checks at major banks, including Santander and Halifax. Despite assurances from banks about the security of voice ID, the ease with which these systems were breached, even using basic equipment, highlights significant vulnerabilities. Cyber security experts warn that the rapid advancement of generative AI presents new risks to biometric authentication methods. This raises concerns about the effectiveness of current security measures and underscores the need for enhanced protections against sophisticated AI-enabled fraud.

Avoiding Cyber Complacency as a Small Business

A recent survey revealed that half of all UK businesses, including many small and medium-sized enterprises, experienced a cyber attack in the past year. Despite this high incidence, only 22% have a formal incident response plan, indicating widespread cyber complacency. With the average cost to remedy an attack estimated at £21,000, small businesses are at significant financial risk. Many maintain outdated security measures and prioritise other concerns due to limited resources. To mitigate these risks, organisations are advised to stay vigilant, educate employees on threats like phishing, implement robust backup solutions, and develop clear disaster recovery plans.

Your IT Infrastructure May Be More Outdated Than You Think

Kyndryl's recent survey reveals a significant disconnect between CEOs and IT leaders regarding IT infrastructure readiness. While about two-thirds of CEOs are concerned their IT systems are outdated or nearing end-of-life, 90% of IT leaders believe their infrastructure is best in class. Contradictorily, only 39% of IT leaders feel prepared to manage future risks and disruptions, and 44% of executives admit their IT systems have aged past expected lifespans. The report underscores the need for continual reassessment of IT tools to balance operational needs with innovation, as outdated systems can quickly hinder an organisation's competitiveness.

Cyber Attacks Cost UK Businesses £44 Billion During Past 5 Years, Howden Survey

Howden's research has revealed that cyber attacks have cost UK businesses £44 billion in lost revenue over the past five years. Over half of these businesses, particularly those with revenues over £100 million, have suffered at least one cyber attack, with compromised emails and data theft being the most common causes. Despite this significant impact, the uptake of basic cyber security measures remains low, with only 61% using antivirus software and 55% employing network firewalls. The report suggests that implementing fundamental cyber security practices could reduce cyber attack costs by up to 75%, saving approximately £30 billion over five years.

83% of Organisations Reported Insider Attacks in 2024

A publication by news site Cybersecurity Insiders reports that 83% of organisations experienced at least one insider attack in the past year. The incidence of insider threats has escalated, with the percentage of organisations facing between 11 to 20 attacks increasing from 4% to 21% in the last 12 months. Despite 93% recognising the importance of strict visibility and control, only 36% have effective solutions in place. Recovery costs are significant, with 32% of organisations spending between $100,000 and $499,000, and 21% facing costs between $1 million and $2 million. Lack of employee awareness is a major factor, with 32% citing it as a contributor to attacks.

Blue Yonder Ransomware Attack Disrupts Supply Chains Across UK and US

Blue Yonder, a supply chain software company, has experienced a ransomware attack that disrupted services for major clients. The incident impacted key customers, including Starbucks and leading UK supermarkets like Morrisons and Sainsbury's, causing operational disruptions and forcing activation of contingency plans. Despite working with external cyber security experts, Blue Yonder has yet to provide a timeline for restoration. This event underscores the increasing vulnerability of supply chains to cyber attacks. A recent survey found that 62% of organisations faced ransomware attacks from software supply chain partners in the past year, highlighting the widespread nature of these threats.

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Microsoft has reported that North Korean hackers have stolen over $10 million in cryptocurrency through sophisticated social engineering campaigns on LinkedIn. These cyber security threats are escalating, with attackers posing as recruiters or venture capitalists to trick targets into downloading malware. Despite increased awareness, organisations remain vulnerable as hackers use artificial intelligence tools to create convincing fake profiles and documents. North Korean IT workers abroad have also generated at least $370,000 through legitimate work, but pose additional risks by abusing access to steal intellectual property and demand ransoms.

UK Scam Losses Surge 50% Annually to £11.4bn

Cifas reports that UK online fraud losses have surged to over £11bn in the past year, a £4bn increase from the previous year. 15% of the 2000 survey participants lost money to scammers in 2024, up from 10% in 2023, with average losses of £1400 per victim. Less than a fifth recovered their money, and only 28% reported the incidents to the police. Email was the most common fraud channel, cited by nearly 70% of respondents. With scams expected to intensify during the holiday season, there is a pressing need for improved security measures and cross-sector collaboration.

In a Growing Threat Landscape, Companies Must do Three Things to Get Serious About Cyber Security

Enterprises are facing a more sophisticated threat landscape due to digital transformation, hybrid work, and AI adoption, making it imperative to prioritise cyber security. Leadership at the C-suite and board level must drive this change by investing appropriately, as underfunded security can lead to lost revenue and legal issues. A strong, empowered CISO is crucial for identifying vulnerabilities and guiding necessary actions. Adopting frameworks like NIST Cybersecurity Framework 2.0 helps organisations manage risks effectively, promoting prevention and response strategies that can also reduce liability in the event of a breach.

Russian Threat Actors Poised to Cripple Power Grid, UK Warns

The UK government warns that Russian cyber threat actors are poised to conduct cyber attacks that could disrupt critical national infrastructure, potentially "turning off the lights for millions". These threats have already targeted UK media, telecoms, and political institutions. However, experts caution that such rhetoric may overstate Russia's actual capabilities and risk causing unnecessary panic. In response, the government is investing £8.22 million in a new AI cyber lab to bolster national security and an additional £1 million to enhance incident response among allies.

Sources:

https://informationsecuritybuzz.com/phishing-attacks-dominate-threat-lands/

https://www.emergingrisks.co.uk/rising-cyber-threat-driven-by-single-point-of-failure-risk/

https://www.bbc.co.uk/news/articles/c1lg3ded6j9o

https://betanews.com/2024/11/28/avoiding-cyber-complacency-as-a-small-business/

https://www.cio.com/article/3610867/your-it-infrastructure-may-be-more-outdated-than-you-think.html

https://www.insurancejournal.com/news/international/2024/11/27/802913.htm

https://securityintelligence.com/articles/83-percent-organizations-reported-insider-threats-2024/

https://www.techmonitor.ai/technology/cybersecurity/blue-yonder-ransomware-attack-disrupts-supply-chains-across-uk-and-us

https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html

https://www.infosecurity-magazine.com/news/uk-scam-losses-surge-50-annually/

https://securityboulevard.com/2024/11/in-a-growing-threat-landscape-companies-must-do-three-things-to-get-serious-about-cybersecurity/

https://www.computerweekly.com/news/366616324/Russian-threat-actors-poised-to-cripple-power-grid-UK-warns

Governance, Risk and Compliance

Cyber attacks cost British businesses $55 billion in past five years, broker says | Reuters

What Companies Can Do To Protect Against Cyber Attacks … and the Litigation That Often Follows | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

Beyond the Technical: The Evolving CISO - InfoRiskToday

What Does Enterprise-Wide Cyber Security Culture Look Like?

Howden urges insurers to tackle cyber cover penetration gap as 52% report attack in last five years | Insurance Times

In a Growing Threat Landscape, Companies Must do Three Things to Get Serious About Cyber Security - Security Boulevard

Cyber Security Under Threat: New Study Exposes 'Security Chaos' | Pressat

What is compliance risk? | Definition from TechTarget

Top challenges holding back CISOs’ agendas | CSO Online

The CISO as a Chess Piece: A Comprehensive Strategic Analysis | Mandelbaum Barrett PC - JDSupra

Cyber Security Toolkit for Boards: updated briefing pack... - NCSC.GOV.UK

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters

“Cyber war is now a daily reality”, UK government minister says

UK calls for stronger NATO cyber defences

Wire cutters: how the world’s vital undersea data cables are being targeted | Telecoms | The Guardian

5th Generation War: A War Without Borders and its Impact on Global Security - Modern Diplomacy

Nation State Actors

China

The Cyberthreats from China are Ongoing: U.S. Officials - Security Boulevard

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

Chinese vessel 'sabotaged' Baltic deep sea cables and may have been under orders from Russia

Satellite Image Shows Chinese Ship Suspected of Sabotage in 'NATO Lake' - Newsweek

Salt Typhoon’s cyber storm reaches beyond US telcos • The Register

Chinese hackers preparing for conflict, says US cyber official | The Straits Times

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems | SC Media

China's Cyber Offensives Helped by Private Firms, Academia

Accident or sabotage? American and European officials disagree as key undersea cables are cut | CNN

Google Deindexes Chinese Propaganda Network - Infosecurity Magazine

China's telco attacks mean 'thousands' of boxes compromised • The Register

Top senator calls Salt Typhoon “worst telecom hack in our nation’s history” - The Washington Post

CrowdStrike identifies new China hackers breaching telecom networks

NSA Director Wants Industry to Disclose Details of Telecom Hacks - Bloomberg

T-Mobile Engineers Spotted Hackers Running Commands on Routers - Bloomberg

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions | Trend Micro (US)

US must counter new Chinese cyber attacks. Remember how it lost nuclear monopoly?

China Conceling State, Corporate & Academic Assets For Offensive Attacks

China’s Surveillance State Is Selling Citizen Data as a Side Hustle | WIRED

Aggressive Chinese APT Group Targets Governments with New Backdoors - Infosecurity Magazine

Google blocked 1000 pro China websites from services • The Register

Telco engineer spying on employer for Beijing gets 4 years • The Register

US Citizen Sentenced for Spying on Behalf of China's Intelligence Agency

Telco engineer spying on employer for Beijing gets 4 years • The Register

Imagine a land where algorithms don't ruin the Internet • The Register

Russia

Russia ‘aggressive’ and ‘reckless’ in cyber realm and threat to Nato, UK minister to warn | UK news | The Guardian

Britain should prepare for 'aggressive and reckless' Russian cyber attacks, minister warns

UK warns of imminent Russian cyber attacks targeting NATO amid Ukraine war | World News - Hindustan Times

Chinese vessel 'sabotaged' Baltic deep sea cables and may have been under orders from Russia

Russian Cyberespionage Group Hit 60 Victims in Asia, Europe - SecurityWeek

Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED

Nato countries are in a ‘hidden cyber war’ with Russia, says Liz Kendall | The Standard

Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters

Nato countries in 'hidden cyber war' with Russia, minister warns | ITV News

Russian hybrid attacks may lead to NATO invoking Article 5, says German intel chief | Reuters

UK closely monitoring Russian spy ship as it passes near British Isles — 'undersea cables are a shared concern' says Ministry of Defence | Tom's Hardware

Accident or sabotage? American and European officials disagree as key undersea cables are cut | CNN

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyber Attacks

Firefox and Windows zero-days exploited by Russian RomCom hackers

Is Your Router In The Matrix—35 Million Devices Under Blue Pill Attack

Russia-linked APT TAG-110 uses targets Europe and Asia - Security Affairs

'Operation Undercut' Adds to Russia Influence Campaigns

CyberVolk analysis explores ransomware, hacktivism interconnections | SC Media

CISA says BianLian ransomware now focuses only on data theft

Here’s how simple it is for script kiddies to stand up DDoS services | CyberScoop

Pro-Russian Hacktivists Launch Branded Ransomware Operations - Infosecurity Magazine

North Korea

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

North Korea Deploying Fake IT Workers in China, Russia, Other Countries - SecurityWeek

North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers | TechCrunch

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

Man warns 'this is just the beginning' after cyber attack on Merseyside Police - Liverpool Echo

Tools and Controls

VPN Vulnerabilities Drive Nearly 30% Of Q3 Ransomware Attacks

2024 saw a surge in malicious free VPN apps | TechRadar

How to recognize employment fraud before it becomes a security issue - Help Net Security

AI in cyber security: Not yet autonomous, but the time to prepare is now

Incident response diplomacy: UK to launch new capability to help attacked allies | The Record from Recorded Future News

Email Phishing and DMARC Statistics - Security Boulevard

Ransomware Groups Targeting VPNs for Initial Access: Report | MSSP Alert

Microsoft Teams monitoring tips for admins | TechTarget

Cyber security’s oversimplification problem: Seeing AI as a replacement for human agency | CSO Online

What is compliance risk? | Definition from TechTarget

Is Cyber Threat Intelligence Worthless? - Security Boulevard

Machine Learning in Cyber Security: Harnessing the Power of Five AI Tribes - Security Boulevard

CIOs warned of AI over-reliance in cyber security defence

AI Used for Good and Bad — Like Making Trickier Malware, Says Report

Modern workplaces increasingly resemble surveillance zones • The Register

The role of data recovery in cyber resilience

AI is the latest tool in the cyber security cat-and-mouse game - Fast Company

Businesses prioritize cyber security in digital transformation: GSMAi

Data Security Best Practices: 7 Tips to Crush Bad Actors | MSSP Alert

Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours

DOJ: Man hacked networks to pitch cyber security services

'Hacker' breaks into gym to get hired, gets arrested instead | PCWorld

The ‘Great IT Rebrand’: Restructuring IT for business success | CIO

Other News

Your beloved old tech is a security risk. It's time to let go | PCWorld

Latest Multi-Stage Attack Scenarios with Real-World Examples

Avoiding cyber complacency as a small business

Will 2025 be the turning point for cyber security in finance? - FinTech Futures: Fintech news

Microsoft CEO Nadella Calls for 'Culture Change' After Security Lapses - Business Insider

Microsoft aims for better Windows security • The Register

The threats of USB-based attacks for critical infrastructure | TechRadar

The industries impacted most by cyber crime in 2024

Cyber Attacks On Healthcare: A Global Threat That Can’t Be Ignored | Scoop News

Six future-proofing strategies family offices need to stay ahead

The rise in public sector cyber attacks and what can be done | London City Hall

TfL cyber attack: Independent review will examine huge hack and response | The Standard

Craigslist founder on his $100M pledge to fight cyber attacks on US

DOJ Will Reportedly Force Google to Sell Off Chrome Browser

10 Of The Worst Cyber Security Mistakes You're Probably Making Right Now

Protect your charity from cyber crime - GOV.UK

Forensic audit of the US election is needed to protect democracy

Vulnerability Management

VPN Vulnerabilities Drive Nearly 30% Of Q3 Ransomware Attacks

400,000 Systems Potentially Exposed to 2023's Most Exploited Flaws - SecurityWeek

Google’s AI-powered fuzzing tool discovers 26 new vulnerabilities | SC Media

How should software producers be held accountable for shoddy cyber security products?

The effect of compliance requirements on vulnerability management strategies - Help Net Security

Vulnerabilities

Researchers reveal exploitable flaws in corporate VPN clients - Help Net Security

Critical 7-Zip Vulnerability Let Attackers Execute Arbitrary Code

Firefox and Windows zero-days exploited by Russian RomCom hackers

Hackers abuse Avast anti-rootkit driver to disable defences

Microsoft Patches Exploited Vulnerability in Partner Network Website - SecurityWeek

WordPress Plugin Flaw Exposes 200,000 WordPress Sites To Hacking

VMware Patches High-Severity Vulnerabilities in Aria Operations - SecurityWeek

Hackers exploit critical bug in Array Networks SSL VPN products

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

Zyxel firewalls targeted in recent ransomware attacks

Malicious Actors Exploit ProjectSend Critical Vulnerability - Infosecurity Magazine

Critical QNAP Vulnerability Let Attackers Execute Remote Code

IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR - SecurityWeek

Weekend QNAP, Veritas bugs hit patch pipelines • The Register

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 29 November 2024

Top Cyber Stories of the Last Week

Phishing Attacks Dominate Threat Landscape in Q3 2024

Rising Cyber Threat Driven by Single Point of Failure Risk

Cloned Customer Voice Beats Bank Security Checks

Avoiding Cyber Complacency as a Small Business

Your IT Infrastructure May Be More Outdated Than You Think

Cyber Attacks Cost UK Businesses £44 Billion During Past 5 Years, Howden Survey

83% of Organisations Reported Insider Attacks in 2024

Blue Yonder Ransomware Attack Disrupts Supply Chains Across UK and US

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

UK Scam Losses Surge 50% Annually to £11.4bn

In a Growing Threat Landscape, Companies Must do Three Things to Get Serious About Cyber Security

Russian Threat Actors Poised to Cripple Power Grid, UK Warns

Sources:

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Bots/Botnets

Mobile

Denial of Service/DoS/DDoS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Outages

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Tools and Controls

Other News

Vulnerability Management

Vulnerabilities

Sector Specific

Black Arrow Cyber Threat Intelligence Briefing 06 December 2024

Black Arrow Cyber Threat Intelligence Briefing 22 November 2024