Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Groups Are Shifting Their Focus Away from Larger Targets

Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.

Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.

Sources: [Techcentral] [Helpnet Security]

Cover-ups Still the Norm as Half of Cyber Attacks go Unreported

A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.

The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.

Sources: [Computer Weekly] [InfoSecurity Magazine]

Reported Cyber Security Breaches Increase Threefold for Financial Services Firms

New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.

Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.

Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]

Attacks on SME’s Surged in The First Half of 2023

According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.

An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices.  Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.

Sources: [Inquirer] [HelpNet Security] [Insurance Times]

The CISO Carousel and Its Effect on Enterprise Cyber Security

The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.

In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.

Source: [Security Week]

Bermuda Struggles to Recover from Ransomware Attack

The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.

The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.

Sources: [Duo] [GovInfo Security] [Bleeping Computer]

Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern

A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.

Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.

Source: [Reinsurance News]

Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations

According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.

Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]

Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign

Booking.com users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.

With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.

Sources: [BleepingComputer] [Inforsecurity Magazine]

Cyber Leaders Worry That AI Will Overwhelm Cyber Defences

A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.

AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.

Source: [Management Issues]

Boards Still Lack Cyber Security Expertise

A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]

4 Legal Surprises You May Encounter After a Cyber Security Incident

In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.

Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Dark Reading]

Governance, Risk and Compliance

• The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week

• Boards Still Lack Cyber Security Expertise - WSJ

• Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)

• It's time to safeguard the financial sector: Navigate employee turnover to defend against escalating cyber attacks (betanews.com)

• Businesses Unprepared for Cyber Attacks Despite Steady Concern (insurancejournal.com)

• Cyber criminals are targeting the financial sector more than ever | TechRadar

• The hidden costs of neglecting cyber security for small businesses - Help Net Security

• Majority of UK SME c-suites lacking awareness of cyber risks | Insurance Times

• Business leaders most anxious about ransomware attacks (techinformed.com)

• Cyber security incident response: Your company's ICU (channelweb.co.uk)

• Cover-ups still the norm in the wake of a cyber incident | Computer Weekly

• Many firms aren't reporting breaches to the proper authorities | TechRadar

• Half of Cyber-Attacks Go Unreported - Infosecurity Magazine (infosecurity-magazine.com)

• CISOs are struggling to get cyber security budgets: Report | CSO Online

• CISOs are spending more on cyber security - but it might not be enough | TechRadar

• Cyber threats remain top concern for businesses in 2023: Travelers Risk Index - Reinsurance News

• Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security

• The Hot Seat: CISO Accountability in a New Era of SEC Regulation (darkreading.com)

• Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)

• Essential guide to cyber security compliance | Intruder

• 4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)

• Moving From Qualitative to Quantitative Cyber Risk Modeling - Security Week

• Financial crime compliance costs exceed $206 billion - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware soars as enterprises struggle to respond - Verdict

• Ransomware groups are once again targeting smaller businesses for more lucrative payouts - TechCentral.ie

• Ransomware groups are shifting their focus away from larger targets - Help Net Security

• Business leaders most anxious about ransomware attacks (techinformed.com)

• Why is Ransomware Such a Prevalent Threat and Popular Tool for Attackers? | MSSP Alert

• ShadowSyndicate: A New Cyber Crime Group Linked to 7 Ransomware Families (thehackernews.com)

• The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt

• FBI: Dual ransomware attack victims now get hit within 48 hours (bleepingcomputer.com)

• Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security

• MOVEit cyber attack is pause for concern | Ary Rosenbaum - The Rosenbaum Law Firm P.C. - JDSupra

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• 'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times

• Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)

• Youth hacking ring at the center of cyber crime spree | CyberScoop

• Current ransomware defencs efforts are not working - Help Net Security

• VMware users anxious about costs and ransomware threats - Help Net Security

• MSP shares details of Kaseya VSA ransomware attack, recovery | TechTarget

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)

• Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)

• Trend Micro Report Reveals Increase of LockBit Ransomware Attacks in US (thedefensepost.com)

• Hospital Ransomware Attacks Go Beyond Health Care Data (securityintelligence.com)

• Patient Care at Risk as Hospitals Increasingly on Frontlines of Ransomware Attacks | The Epoch Times

• Ransomware a threat to the trucking industry - FreightWaves

Ransomware Victims

• Bermuda Struggles to Recover From Cyber Attack (govinfosecurity.com)

• Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security

• Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)

• MGM, Caesars Cyber Attack Responses Required Brutal Choices (darkreading.com)

• Russian ransomware LockBit threatens to leak internal data from The Weather Network on dark web - The Globe and Mail

• City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack. (securityaffairs.com)

• Ransomware Group Claims to Have Breached 'All of Sony Systems' (vgchartz.com)

• 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week

• Youth hacking ring at the center of cyber crime spree | CyberScoop

• MGM Resorts and Caesars face class action lawsuits over September cyber attacks By Investing.com

• UK logistics firm blames ransomware attack for insolvency, 730 redundancies (therecord.media)

• Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware group demands $51 million from Johnson Controls after cyber attack (bitdefender.com)

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars (securityaffairs.com)

• Leekes cyber attack? NoEscape ransomware gang claims breach (techmonitor.ai)

Phishing & Email Based Attacks

• This devious phishing scam makes it look like dodgy emails are actually safe | TechRadar

• Booking.com Customers Targeted in Major Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Use of QR codes in email phishing | Securelist

• How Does Modern Phishing Work? | HackerNoon

• New AtlasCross hackers use American Red Cross as phishing lure (bleepingcomputer.com)

• Hackers Trick Outlook Into Showing Fake AV Scan | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

BEC – Business Email Compromise

• Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)

• BEC Attacks Increase By 279% in Healthcare - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Rise in cyber criminals leveraging voice phishing and OTP theft for data breaches: Report | Tech News (hindustantimes.com)

Artificial Intelligence

• Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)

• No 10 worried AI could be used to create advanced weapons that escape human control | Artificial intelligence (AI) | The Guardian

• The Biggest AI Trends in Cyber Security - CNET

• Google is working to keep Bard chats out of Search • The Register

• Nuclear Brinkmanship in AI-Enabled Warfare: A Dangerous Algorithmic Game of Chicken - War on the Rocks

• New working group to probe AI risks and applications | CyberScoop

• A Primer On Artificial Intelligence And Cyber Security (forbes.com)

• How should organisations navigate the risks and opportunities of AI? - Help Net Security

Malware

• Malware attacks on SMEs surged in H1 | Inquirer Business

• Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)

• 'Culturestreak' Malware Lurks Inside GitLab Python Package (darkreading.com)

• Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (thehackernews.com)

• New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)

• A powerful new malware backdoor is targeting governments across the world | TechRadar

• Researchers uncover thriving market for malware targeting IoT devices - The Hindu

• ZenRAT Malware Uncovered in Bitwarden Impersonation - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Spyware: Spyware can infect your phone or computer via the ads you see online: report - The Economic Times (indiatimes.com)

• China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)

• iOS 17 update secretly changed your privacy settings; here's how to set them back (bitdefender.com)

• Dangerous XenomorphAndroid malware is stealing from 100 banking apps — protect yourself now | Tom's Guide (tomsguide.com)

• Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks - Security Week

• Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)

Botnets

• Bot Swarm: Attacks From Middle East & Africa Are Notably Up (darkreading.com)

• New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)

• Asian banks are a favorite target of cyber cooks, and malicious bots their preferred tool | ZDNET

Denial of Service/DoS/DDOS

• Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Internet of Things – IoT

• If You Have An Amazon Alexa Device, You Need To Check This Security Update List (slashgear.com)

• Researchers uncover thriving market for malware targeting IoT devices - The Hindu

• Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog

Data Breaches/Leaks

• Billions of usernames and passwords leaked online — how to see if you’re affected | Tom's Guide (tomsguide.com)

• ICO sees breach reports from FS firms triple - CIR Magazine

• UK pension schemes reveal 4,000% rise in cyber security breaches - Pensions Age Magazine

• Reported cyber security breaches increase threefold for financial services firms (cityam.com)

• British charities warn supporters their personal data has been breached • Graham Cluley

• Air Canada discloses data breach of employee and 'certain records' (bleepingcomputer.com)

• National Student Clearinghouse data breach impacts 890 schools (bleepingcomputer.com)

• BORN Ontario child registry data breach affects 3.4 million people (bleepingcomputer.com)

• 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week

• Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)

• Hospital alert as 24,000 letters meant for GPs lost in computer error - Mirror Online

Organised Crime & Criminal Actors

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• 'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times

• Asian banks are a favourite target of cyber cooks, and malicious bots their preferred tool | ZDNET

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• NFT Hype Collapse Means 95% of The Digital Assets Are Now 'Worthless' | Tom's Hardware (tomshardware.com)

• Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)

• Yet another hack hits NFT marketplace OpenSea - SiliconANGLE

• Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)

• Bitcoin scammer who was snared by victims sentenced - BBC News

• Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)

Insider Risk and Insider Threats

• 75% who didn't report cyber attack to leadership, felt guilty about it | Security Magazine

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

• Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security

Fraud, Scams & Financial Crime

• Hotel hackers redirect guests to fake Booking.com to steal cards (bleepingcomputer.com)

• Beware: fraud and smishing scams targeting students | Bournemouth University

• Yet another hack hits NFT marketplace OpenSea - SiliconANGLE

• Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)

• Fraud prevention forces scammers to up their game - Help Net Security

• Why young people are more prone to online scams than boomers are (news5cleveland.com)

• Bitcoin scammer who was snared by victims sentenced - BBC News

• Security researcher warns of chilling effect after feds search phone at airport | TechCrunch

AML/CFT/Sanctions

• Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)

• Financial crime compliance costs exceed $206 billion - Help Net Security

Insurance

• Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra

• Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost - IT Security Guru

Dark Web

• Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• How the Okta Cross-Tenant Impersonation Attacks Succeeded (darkreading.com)

• Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)

• 3 phases of the third-party risk management lifecycle | TechTarget

Cloud/SaaS

• Guide: SaaS Offboarding Checklist - Help Net Security

Containers

• Kubernetes attacks in 2023: What it means for the future - Help Net Security

Encryption

• The UK just passed an online safety law that could make people less safe (theconversation.com)

• Regulators Are 'Hurting Their Own Country' in Seeking Encryption Backdoors: Nym CEO - Decrypt

Open Source

• Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog

• Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why Shouldn’t You Use the Same Password Everywhere Online (makeuseof.com)

• Are You Willing to Pay the High Cost of Compromised Credentials? (thehackernews.com)

Biometrics

• The multi-national push to ban facial recognition in public spaces | Biometric Update

Social Media

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• X scraps tool to report electoral fake news - researchers - BBC News

Malvertising

• Spyware: Spyware can infect your phone or computer via the ads you see online: report - The Economic Times (indiatimes.com)

Training, Education and Awareness

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

Travel

• Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt

• The UK just passed an online safety law that could make people less safe (theconversation.com)

• Are we about to lose the last pillar of our digital security? | Euronews

• New working group to probe AI risks and applications | CyberScoop

• SEC Gives Finality on Cyber Security Disclosures for Public Companies | Sheppard Mullin Richter & Hampton LLP - JDSupra

• Why California's Delete Act matters for the whole country - Help Net Security

• Financial crime compliance costs exceed $206 billion - Help Net Security

Models, Frameworks and Standards

• MITRE ATT&CK project leader on why the framework remains vital for cyber security pros - Help Net Security

• Why It’s Wrong To Judge SIEM Success Only Against The ATT&CK Framework (forbes.com)

• Urgent actions for protecting utilities against cyber-attack: Navigating NIS 2 - Utility Week

Careers, Working in Cyber and Information Security

• The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week

• Demand for cyber security staff trebled since 2019 | Business Post

• Cyber security and staffing issues key risks for companies | Accountancy Daily

• Cyber security skills employers are desperate to find in 2023 - Help Net Security

• Preventing security professionals from ‘quietly quitting’ due to alert fatigue (securitybrief.co.nz)

Law Enforcement Action and Take Downs

• Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)

• Western District of Washington | French cyber criminal pleads guilty to fraud and aggravated identity theft for hacking private information | United States Department of Justice

Misinformation, Disinformation and Propaganda

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• X scraps tool to report electoral fake news - researchers - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russia’s APT29 intensifies espionage operations | SC Media (scmagazine.com)

• Russian hacking operations target Ukrainian law enforcement | CyberScoop

• Cyber-Attacks on Ukraine Surge 123%, But Success Rates Plummet - Infosecurity Magazine (infosecurity-magazine.com)

• Government of Bermuda blames Russian threat actors for the cyber attack (securityaffairs.com)

• Bermuda probes major cyber attack as officials slowly bring operations back online (thestar.com)

• Ukraine war: Cyber Attack in Crimea after Black Sea fleet HQ hit | News UK Video News | Sky News

• Russian hackers trying to steal evidence of Moscow’s war crimes in Ukraine - cyber chief (ukrinform.net)

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• Examining the Activities of the Turla APT Group (trendmicro.com)

• Scottish Tory MSP has website hacked by 'hostile Russian group' | The National

• Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)

• Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)

• Cyber Attack on Russian Air Booking System Sparks Flight Delays - The Moscow Times

China

• China's BlackTech Hacking Group Exploited Cisco Routers to Target US and Japanese Companies (thehackernews.com)

• Chinese hackers stole 60,000 emails from US State Department in Microsoft hack, Senate staffer says (databreaches.net)

• Taiwan is bracing for Chinese cyber attacks, White House official says - POLITICO

• China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - Security Week

• Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org | Symantec Enterprise Blogs (security.com)

• China’s national security minister lists top digital threats • The Register

Misc Nation State/Cyber Warfare

• 'Marriages of Convenience' Between State Actors and Cyber Criminals Provide Cover for Both | Decipher (duo.com)

• Sophisticated APT Clusters Target Southeast Asia - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

• Another Chrome security issue is exploited in the wild (and affecting all Chromium-based browsers) - gHacks Tech News

• Google assigns new maximum rated CVE to libwebp bug exploited in attacks (bleepingcomputer.com)

• Cisco Warns of IOS Software Zero-Day Exploitation Attempts - Security Week

• Researchers Release Details of New RCE Exploit Chain for SharePoint (darkreading.com)

• High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server (thehackernews.com)

• GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica

• Firefox 118 Patches High-Severity Vulnerabilities - Security Week

• Hackers actively exploiting Openfire flaw to encrypt servers (bleepingcomputer.com)

• Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)

• China's BlackTech Hacking Group Exploited Cisco Routers to Target US and Japanese Companies (thehackernews.com)

• macOS 14 Sonoma Patches 60 Vulnerabilities - Security Week

Tools and Controls

• Cyber security incident response: Your company's ICU (channelweb.co.uk)

• CISOs are spending more on cyber security - but it might not be enough | TechRadar

• 4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)

• Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost - IT Security Guru

• The 5 most dangerous Wi-Fi attacks, and how to fight them | PCWorld

• The Biggest AI Trends in Cyber Security - CNET

• How SOAR helps improve MTTD and MTTR metrics | TechTarget

• What Is a Network Security Assessment and Why You Need It | MSSP Alert

• Why You Should Phish In Your Own Pond (informationsecuritybuzz.com)

• The pitfalls of neglecting security ownership at the design stage - Help Net Security

• Guide: SaaS Offboarding Checklist - Help Net Security

• A Primer On Artificial Intelligence And Cyber Security (forbes.com)

• Preventing employees from becoming the gateway for cyber attacks | TechRadar

• Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)

• Looking Beyond the Hype Cycle of AI/ML in Cyber Security (darkreading.com)

• The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies (thehackernews.com)

• Moving From Qualitative to Quantitative Cyber Risk Modelling - SecurityWeek

• Cyber security budgets show moderate growth - Help Net Security

• Evaluating Security Outsourcing in the Wake of Recent High-Profile Cyber Attacks: Info-Tech Research Group Publishes New Resource (prnewswire.com)

• Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra

Other News

• Cyber criminals are targeting the financial sector more than ever | TechRadar

• The hidden costs of neglecting cyber security for small businesses - Help Net Security

• SMBs face growing cyber security threats, but basic measures can lower risks | ZDNET

• Why aviation needs to prioritise cyber security – Airport World (airport-world.com)

• The key threats facing ICS/OT environments (betanews.com)

• Are Fire Departments Prepared for a Cyber Attack? | HackerNoon

• Fintechs must brace for rising cyber security challenges | Mint (livemint.com)

• Space Force chief says commercial satellites may need defending | Ars Technica

• UK Cyber Security Council CEO reflects on a year of progress | CSO Online

• Google Loophole Lets Drug Dealers Hijack Nearly Any Website to Sell Narcotics (businessinsider.com)

• Cyber Hygiene: A First Line of  Against Evolving Cyber Attacks (darkreading.com)

• Cyber Attacks hit military, Parliament websites as India hacker group targets Canada (cheknews.ca)

• KnowBe4 Finds US. Healthcare a Top Target For Cyber Attacks (prnewswire.com)

• US Government Shutdown Could Bench 80% of CISA Staff - SecurityWeek

• Recommendations for Managing Cyber Security Threats in the Manufacturing Sector | Foley & Lardner LLP - JDSupra

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.