Black Arrow Cyber Threat Briefing 30 June 2023
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible
Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.
The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.
https://cybernews.com/zurich-insurance-data-leak/
Employees Worry Less About Cyber Security Best Practices in the Summer
IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.
In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.
https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/
https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/
Businesses are Ignoring Third-Party Security Risks
With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.
https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/
Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back
When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.
When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.
Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing
The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.
Widespread BEC Attacks Threaten European Organisations
Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.
BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?
This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.
https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/
Lloyd’s Syndicates Sued Over Cyber Insurance
The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.
UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.
95% Fear Inadequate Cloud Security Detection and Response
A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.
It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.
https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/
The Growing Use of Generative AI and the Security Risks They Pose
A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.
Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.
The CISO’s Toolkit Must Include Political Capital Within The C-Suite
Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime
Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.
This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.
https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah
https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html
SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics
Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.
This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.
The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.
https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors
Governance, Risk and Compliance
Businesses are ignoring third-party security risks - Help Net Security
Employees worry less about cyber security best practices in the summer - Help Net Security
Digital-First Economy Has Transformed Role of CISO- IT Security Guru
SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
NCSC Launches Cyber Risk Management Toolbox - Infosecurity Magazine (infosecurity-magazine.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit hackers may have found simpler business model beyond ransomware | SC Media (scmagazine.com)
Dozens of Businesses Hit Recently by '8Base' Ransomware Gang - SecurityWeek
UK cyber spies warn ransomware criminals targeting law firms • The Register
Cl0p in Your Network? Here's How to Find Out (darkreading.com)
July is Ransomware Month: Reminder to Prepare, Defend Against Hijackers - MSSP Alert
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)
Ransomware Victims
Casualties keep growing in this month’s mass exploitation of MOVEit 0-day | Ars Technica
8 Tech And IT Companies Targeted In The MOVEit Attacks | CRN
MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed (bleepingcomputer.com)
Clop names PWC, Ernst & Young, and Sony in MOVEit hack | Cybernews
UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks (darkreading.com)
Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack - SecurityWeek
10 banks alleged victims of ransomware attacks on file transfer software | American Banker
Almost 770,000 Calpers members hit by cyber attack | Financial Times (ft.com)
Ransomware and phishing attacks continue to plague businesses in Singapore | ZDNET
K-12 schools are revisiting their cyber strategies after year of ransomware attacks (axios.com)
Phishing & Email Based Attacks
Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
How a Layered Security Approach Can Minimise Email Threats - MSSP Alert
Less than half of UK banks implement most secure DMARC level | CSO Online
BEC – Business Email Compromise
Widespread BEC attacks threaten European organisations - Help Net Security
The Current State of Business Email Compromise Attacks (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)
Artificial Intelligence
Sharing Your Business’ Data With ChatGPT: How Risky Is It? - MSSP Alert
OpenAI lawsuit: Maker of ChatGPT sued over alleged data usage | CNN Business
Lawyers who cited fake cases invented by ChatGPT must pay • The Register
Generative AI Projects Pose Major Cyber security Risk to Enterprises (darkreading.com)
How to Deploy Generative AI Safely and Responsibly (trendmicro.com)
Generative-AI apps & ChatGPT: Potential risks and mitigation strategies (thehackernews.com)
Does the world need an arms control treaty for AI? | CyberScoop
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)
AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)
2FA/MFA
Malware
SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)
Hackers Use Weaponized PDF Files to Attack Organisations (cybersecuritynews.com)
New Mockingjay Process Injection Technique Could Let Malware Evade Detection (thehackernews.com)
Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online
NSA warns of ‘false sense of security’ against BlackLotus malware (therecord.media)
Trojanized Super Mario Bros game spreads malware- - Security Affairs
New PindOS JavaScript dropper deploys Bumblebee, IcedID malware (bleepingcomputer.com)
NPM Plagued with ‘Manifest Confusion’ Malware-Hiding Weakness (darkreading.com)
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data (thehackernews.com)
North Korean Andariel APT used a new malware named EarlyRat - Security Affairs
Mobile
Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge
Anatsa Android trojan now steals banking info from users in US, UK (bleepingcomputer.com)
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes (thehackernews.com)
Denial of Service/DoS/DDOS
Global rise in DDoS attacks threatens digital infrastructure - Help Net Security
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)
Internet of Things – IoT
Someone sent mysterious smartwatches to US Military personnel - Security Affairs
The tech flaw that lets hackers control surveillance cameras - BBC News
Data Breaches/Leaks
Latitude hit with $1 million lawsuit over data breach (9news.com.au)
Recruitment portal exposes data of US pilot candidates • The Register
3 Steps to Successfully & Ethically Navigate a Data Breach (darkreading.com)
Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek
US Patent Office Data Spill Exposes Trademark Applications (darkreading.com)
Organised Crime & Criminal Actors
2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek
Security analyst wanted by both Russia and the US • The Register
Former Group-IB manager has been arrested in Kazahstan - Security Affairs
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)
JOKERSPY used to target a cryptocurrency exchange in Japan - Security Affairs
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)
Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)
This Chatbot Gives Phone Call Scammers a Taste of Their Own Medicine (pcmag.com)
The robotic falcon maker who was targeted by cyber criminals - BBC News
Deepfakes
Insurance
University of California Sues Lloyd’s Syndicates Over Cyber Insurance - WSJ
Insurance companies using AI for underwriting and due diligence amid cyber threats | Fox Business
How Big Is the Cyber Insurance Market? Can It Keep Growing? | Lawfare (lawfaremedia.org)
Dark Web
Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs
Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities (bleepingcomputer.com)
Supply Chain and Third Parties
Cloud/SaaS
95% fear inadequate cloud security detection and response - Help Net Security
Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online
5 Pitfalls in Cloud Cyber security’s Shared Responsibility Model - MSSP Alert
Uncovering attacker tactics through cloud honeypots - Help Net Security
How hardening Microsoft 365 tenants mitigates potential cloud attacks - Help Net Security
Outlook for the web outage impacts users across America (bleepingcomputer.com)
3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)
Identity and Access Management
Encryption
Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge
Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer
How to stop quantum computers from breaking the internet’s encryption (sciencenews.org)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Travel
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)
US firm 'breached GDPR' by reputation-scoring EU citizens • The Register
JP Morgan accidentally deletes 47 million comms records • The Register
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
SEC notice to SolarWinds CISO and CFO roils cyber security industry | CSO Online
Skill gap plagues cyber security industry as jobs go unfilled | Mint (livemint.com)
Law Enforcement Action and Take Downs
Hacker responsible for 2020 Twitter breach sentenced to prison | TechCrunch
Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs
2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers (thehackernews.com)
Russian Spies, War Ministers Reliant on Cyber Crime in Pariah State (darkreading.com)
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)
Microsoft hackers say they work for Sudan, not Russia | Fortune
'Chinese spy balloon' was 'crammed' with US hardware • The Register
Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group | CyberScoop
China
China's 'Volt Typhoon' APT Now Exploits Zoho ManageEngine (darkreading.com)
'Chinese spy balloon' was 'crammed' with US hardware • The Register
Iran
The potent cyber adversary threatening to further inflame Iranian politics | CyberScoop
From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon (thehackernews.com)
Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer
North Korea
Misc/Other/Unknown
Vulnerability Management
SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)
Remediation Ballet Is a Pas de Deux of Patch and Performance (darkreading.com)
Micropatches: What they are and how they work - Help Net Security
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)
It's 2023 and out-of-bounds write bugs are still number one • The Register
Vulnerabilities
VMware fixed five memory corruption issues in vCenter Server - Security Affairs
US Cyber security Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog (thehackernews.com)
CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks - SecurityWeek
Serious IDOR Vulnerability Found In Microsoft Teams (latesthackingnews.com)
Fortinet fixes critical FortiNAC RCE, install updates asap - Security Affairs
Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain - SecurityWeek
Critical flaw in VMware Aria Operations for Networks sees mass exploitation | CSO Online
Internet Systems Consortium (ISC) fixed three DoS flaw in BIND - Security Affairs
Chrome 114 Update Patches High-Severity Vulnerabilities - SecurityWeek
Grafana warns of critical auth bypass due to Azure AD integration (bleepingcomputer.com)
The tech flaw that lets hackers control surveillance cameras - BBC News
Exploit released for new Arcserve UDP auth bypass vulnerability (bleepingcomputer.com)
Tools and Controls
95% fear inadequate cloud security detection and response - Help Net Security
How a Layered Security Approach Can Minimize Email Threats - MSSP Alert
ITDR Combines and Refines Familiar Cyber security Approaches (darkreading.com)
Uncovering attacker tactics through cloud honeypots - Help Net Security
10 things every CISO needs to know about identity and access management (IAM) | VentureBeat
FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise (darkreading.com)
3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)
Other News
Businesses count the cost of network downtime - Help Net Security
Exploring the persistent threat of cyber attacks on healthcare - Help Net Security
How Can Manufacturers Stop Being The Top Target For Cyber Crime? (informationsecuritybuzz.com)
Ex-FBI employee jailed for mishandling classified material • The Register
Rapid7: Japan Threat Landscape Takes on Global Significance - SecurityWeek
Over 1500 gas stations disrupted in Canada, after energy giant hacked (bitdefender.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.