Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Santander Staff and '30 million' Customers Hacked via Cloud Provider Breach

Hackers known as ShinyHunters claim to have stolen confidential data from Santander, affecting all staff globally and millions of customers in Chile, Spain, and Uruguay. The breach includes 30 million bank account details, 6 million account numbers and balances, and 28 million credit card numbers. Santander confirmed the theft but assured no transactional data or online banking credentials were compromised. The attack is linked to an ongoing hack of cloud storage company Snowflake, accessed through a former employee's demo account. Santander is proactively contacting affected individuals and continues to ensure secure transactions. ShinyHunters have this week also claimed responsibility for the massive Ticketmaster breach below.

Source: [BBC]

ABN Amro Disclose Data Breach Following an Attack on a Third-Party Provider

A recent disclosure by Dutch bank ABN Amro revealed a data breach due to a ransomware attack on their third-party service provider, AddComm. This attack potentially exposed data of some ABN Amro clients, prompting the bank to notify affected clients and the Dutch Data Protection Authority. AddComm has since contained the incident, restored affected systems, and is investigating the breach with external security experts. While there are no signs of misuse of client data, ABN Amro has ceased using AddComm's services and warned clients to remain vigilant against phishing attempts.

Source: [SecurityAffairs]

Ticketmaster Confirms Massive Breach of 560m Users After Stolen Data Offered for Sale Online

Live Nation has confirmed a data breach at Ticketmaster, attributed to unauthorised activity within a third-party cloud database, believed to be Snowflake. The breach, identified on May 20, 2024, exposed data of over 560 million users, including personal details and ticket information. A threat actor known as ShinyHunters, the same threat actor claiming responsibility for the Santander attack above, has been attempting to sell this data on the dark web for $500,000. Despite the severity, Live Nation stated the breach is not expected to materially impact business operations or financial condition. The company is working with law enforcement and notifying affected users and regulatory authorities

Source: [BleepingComputer]

Material Cyber Attacks a Concern Among Many CISOs, with Human Error Still Perceived as the Achilles’ Heel of Cyber Security

A recent survey from Proofpoint reveals that 70% of CISOs feel at risk of a significant cyber attack within the next 12 months, up from 68% last year and 48% in 2022. Despite this, only around half feel prepared for such an attack. Human error remains a key vulnerability, with 74% identifying it as the most significant risk. Notably, 87% of CISOs are deploying AI-powered solutions to mitigate these risks. The top concerns include ransomware (41%), malware (38%), and email fraud (36%), with a notable increase in ransomware threats.

Sources: [HelpNetSecurity] [SCMagazine]

Old But Gold: Why Shoulder Surfing is an Underacknowledged Cyber Threat

A recent incident in the UK has highlighted the persistent threat of shoulder surfing, a social engineering tactic where sensitive information is obtained by observing someone's device screen. On 22 May 2024, The Times reported that information from a private memo by British Cabinet Minister Johnny Mercer was leaked after a fellow train passenger photographed Mercer's laptop screen. The memo contained accusations against Downing Street officials and advisors, illustrating the ease with which malicious actors can access confidential information through simple observation. This event underscores the need for heightened awareness and protective measures to combat shoulder surfing, including being mindful of your surroundings and using privacy screen filters.

Source: [ITPro]

Hackers Phish Finance Orgs Using Trojanised Minesweeper Clone

A recent cyber security alert highlights that hackers are leveraging code from a clone of Microsoft's Minesweeper game to conceal malicious scripts in attacks targeting financial institutions in Europe and the US. The threat actor, identified as 'UAC-0188,' uses this legitimate code to hide Python scripts that install remote management software on compromised systems. At least five breaches have been identified across financial and insurance sectors. The attack initiates with an email from "support@patient-docs-mail.com," prompting recipients to download a malicious file from Dropbox, which includes both innocuous and malicious code to evade security detection.

Source: [BleepingComputer]

Deepfake Scams Have Robbed Companies of Millions. Experts Warn It Could Get Worse

A recent surge in deepfake scams has resulted in millions of dollars in losses for companies globally, with experts predicting an increase in such frauds as criminals leverage generative AI. In one major incident, a Hong Kong finance worker was deceived into transferring over $25 million to fraudsters using deepfake technology to impersonate senior executives on a video call. UK engineering firm Arup confirmed involvement in this case, though details remain under investigation. The accessibility of AI tools like OpenAI’s Chat GPT has lowered the entry barrier for cyber criminals, enhancing both the volume and sophistication of these types of scams.

Source: [CNBC]

Ransomware in the Finance Sector: Emerging threats

A recent analysis highlights ransomware as a critical threat, particularly to the financial services sector due to its integral role in the global economy and sensitive data handling. Cyber criminals have enhanced their tactics, including pre-emptive data exfiltration, to coerce victims into paying ransoms. Phishing emails remain the primary delivery method, exploiting user unawareness to execute these attacks. These emails allow attackers to reach numerous targets cost-effectively, increasing the likelihood of successful breaches. This evolution in ransomware strategies underscores the need for heightened cyber security measures across all sectors.

Source: [Verdict]

Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware

A coordinated law enforcement effort codenamed Operation Endgame led by Europol has dismantled the infrastructure of several malware loader operations, including IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot. The operation, conducted between May 27 and May 29, resulted in the takedown of over 100 servers worldwide and the arrest of four individuals in Armenia and Ukraine. Europol's actions targeted high-value criminal infrastructure, resulting in the seizure of more than 2,000 domains and the disruption of services used to facilitate ransomware and other malicious attacks. One suspect allegedly profited €69 million ($74.6 million) from renting out these criminal services.

Source: [TheHackerNews]

Hacktivist Attacks on Europe Have Doubled Since 2023, Top EU Cyber Security Official says: ‘This is Part of the Russian War of Aggression’

A recent surge in disruptive digital attacks, largely attributed to Russia-backed groups, has doubled within the European Union, targeting critical infrastructure and election-related services. Juhan Lepassaar, head of the European Union Agency for Cybersecurity (ENISA), reported a significant increase in hacktivist attacks since Russia's invasion of Ukraine, with methods often tested in Ukraine before extending to the EU. Upcoming elections in the EU and other countries have heightened security concerns. ENISA has been working to bolster the resilience of election agencies and noted a rise in ransomware targeting public institutions. The agency also warned of the growing threat of AI-enabled disinformation campaigns.

Source: [Fortune]

North Korean 'Moonstone Sleet' Threat Group Melds Espionage, Financial Goals - Microsoft

A recent report by Microsoft has uncovered the North Korean threat group "Moonstone Sleet," which engages in both espionage and financial cyber attacks. Initially overlapping with the DPRK's Diamond Sleet, Moonstone Sleet has since developed its own unique tactics, using techniques like fake job offers, custom ransomware, and trojanised software delivered via social media. The group has targeted aerospace, education, and software organisations by masquerading as legitimate companies such as "StarGlow Ventures" and "C.C. Waterfall." Their methods, including using trusted platforms like LinkedIn and Telegram, complicate defensive measures and exploit the inherent trust in these platforms.

Source: [DarkReading]

Europe on High Alert after Suspected Moscow-linked Arson and Sabotage

A recent spate of arson and sabotage attacks across Europe, potentially linked to Russian operatives, has heightened security concerns. Incidents include a fire at an Ikea in Lithuania, an arson attack in east London, antisemitic graffiti in Paris, and in Germany suspicions of foreign intelligence-driven attacks in addition to a wave of cyber-attacks in 2023 by a hacker group linked to Russian intelligence. Security services suspect these acts aim to destabilise the West amidst its support for Ukraine. Polish authorities have arrested nine individuals for alleged sabotage under Russian orders, while Estonia and Germany report similar threats. This issue, discussed at a Brussels summit, highlights the need for increased vigilance against hybrid attacks orchestrated by foreign entities.

Source: [TheGuardian]

Making the Case for 'Reasonable' Cyber Security

A recent white paper from the Center for Internet Security (CIS) discusses the concept of "reasonable cyber security" and its alignment with privacy laws. This standard, highlighted at the RSA Conference, is context-dependent and varies by industry. For instance, while the Payment Card Industry Data Security Standard (PCI DSS) prescribes specific controls, the GDPR emphasises transparency and good faith efforts. The importance of quantifying cyber risk was underscored by the US Federal Reserve emphasising improved data on cyber threats for better risk assessment. Implementing security frameworks like the NIST Cybersecurity Framework can help meet these evolving regulatory and insurance requirements

Source: [DarkReading]

Hundreds of Thousands of Internet Routers Destroyed in Attack on Telco

A significant cyber attack last October targeted a US telecoms company, disabling over 600,000 internet routers across multiple states, according to Lumen Technologies' Black Lotus Labs. The attack, undisclosed until recently, involved malicious firmware updates that rendered the routers inoperable. Researchers did not identify the hackers or the affected company. The malware, still circulating online, disrupted internet access from October 25 to 27. This attack is considered one of the most severe against the US telecommunications sector and illustrates the vulnerability of telecoms provided routers to these types of attacks.

Source: [YahooFinance]

Governance, Risk and Compliance

• New KnowBe4 phishing report reveals top choices for phishing scams – PCR (pcr-online.biz)

• Material cyber attacks a concern among many CISOs | SC Media (scmagazine.com)

• The Link Between Cyber Security and Reputation Management for Executives - Security Boulevard

• The SEC’s SolarWinds Case: What CISOs Should Do Now (darkreading.com)

• Old but gold: Why shoulder surfing is an underacknowledged cyber threat | ITPro

• 70% of CISOs feel vulnerable to a material cyber attack in 2024 | Security Magazine

• The evolution of security metrics for NIST CSF 2.0 - Help Net Security

• Cyber security teams gear up for tougher challenges in 2024 - Help Net Security

• 4-Step Approach to Mapping and Securing Your Organisation's Most Critical Assets (thehackernews.com)

• Cyber security Skills Shortage Is Ranked as the Biggest Risk (globenewswire.com)

• The complexity of global cyber security threats (devx.com)

• How Corporate Boards Are Setting CEO’s Up For Cyber Security Failure (forbes.com)

• CISO priorities must shift in a heightened threat landscape - Raconteur

• Cyber security is the cause of all MSPs’ headaches • The Register

• Bridging Cyber Security Expectations And Reality To Empower CISOs (forbes.com)

• Making the Case for 'Reasonable' Cyber Security (darkreading.com)

• Why cyber criminals and hackers are targeting small businesses - Marketplace

• Social Distortion: The Threat of Fear, Uncertainty and Deception in Creating Security Risk - SecurityWeek

• Widespread data silos slow down security response times - Help Net Security

• Absolute Security Survey Reveals UK CISOs Ignore NCSC Guidance | Business Wire

• Reducing CIO-CISO tension requires recognizing the signs | CIO

• Avoiding the cyber security blame game - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• ‘World’s largest botnet’ knocked offline after raking in billions | The Independent

• Ransomware Networks Brought Down In Major Global Police Operation | HuffPost Latest News

• Massive ransomware network taken down by ‘Endgame’ international police operation | Fortune Europe

• Ransomware in the finance sector: Emerging threats - Verdict

• New ShrinkLocker ransomware uses BitLocker to encrypt your files (bleepingcomputer.com)

• Ransomware operators shift tactics as law enforcement disruptions increase - Help Net Security

• 6 Facts About How INTERPOL Fights Cyber crime (darkreading.com)

• Potent youth cyber crime ring made up of 1,000 people, FBI official says | CyberScoop

• LockBit Black Ransomware Bot Sprays “Millions of Messages” | MSSP Alert

• Microsoft links North Korean hackers to new FakePenny ransomware (bleepingcomputer.com)

• How to improve ransomware attack outcomes | SC Media (scmagazine.com)

• Why healthcare data is often the target of ransomware attacks (techtarget.com)

• Ransomware against healthcare and manufacturing on the rise: What to know, how to respond | SC Media (scmagazine.com)

• Essential Strategies for Recovering from Ransomware Attacks - Security Boulevard

Ransomware Victims

• ABN Amro discloses data breach following an attack on a third-party provider (securityaffairs.com)

• MediSecure: Australia grapples with surge in cyber attacks | news.com.au — Australia’s leading news site

• After Cyber Attack, Christie’s Gives Details of Hacked Client Data - The New York Times (nytimes.com)

Phishing & Email Based Attacks

• New KnowBe4 phishing report reveals top choices for phishing scams – PCR (pcr-online.biz)

• Phishing-as-a-service (PhaaS): What is it and How it work? (todayq.com)

• Hackers phish finance orgs using trojanized Minesweeper clone (bleepingcomputer.com)

• New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI (thehackernews.com)

• LockBit Black Ransomware Bot Sprays “Millions of Messages” | MSSP Alert

• Google: Stop Trying to Trick Employees With Fake Phishing Emails | PCMag

• Free Piano phish targets American university students, staff (bleepingcomputer.com)

BEC

• HP Report Surfaces Shifts in Cyber Attack Tactics - Security Boulevard

Other Social Engineering

• Old but gold: Why shoulder surfing is an underacknowledged cyber threat | ITPro

• No 10 neglecting popular MPs, laments minister in leaked memo (thetimes.co.uk)

• "So some little weirdo has gone round snapping my laptop reading private messages from a private email account," Mercer Xeeted.

Artificial Intelligence

• Kroll cyber threat landscape report: AI assists attackers | CSO Online

• 'GODMODE GPT': Hacker releases jailbroken version of ChatGPT (newsbytesapp.com)

• Critical Flaw in AI Platform Exposes Proprietary Data (darkreading.com)

• The Rise and Risks of Shadow AI - Security Boulevard

• NIST Releases Risk ‘Profile’ for Generative AI | Polsinelli - JDSupra

• OODA Loop - The Cyber Arms Race Gives Way to AI Weaponization

• Four Security Questions to Ask Your Enterprise Generative AI Provider (darkreading.com)

• Where’s the ROI for AI? CIOs struggle to find it | CIO

• OpenAI sets up safety committee as it starts training new model | Reuters

• How AI will change democracy | CyberScoop

Malware

• ‘World’s largest botnet’ knocked offline after raking in billions | The Independent

• Over 100 malware servers shut down in 'largest ever' operation against botnets (therecord.media)

• Ransomware Networks Brought Down In Major Global Police Operation | HuffPost Latest News

• Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware (thehackernews.com)

• Massive ransomware network taken down by ‘Endgame’ international police operation | Fortune Europe

• TeaBot Banking Trojan Activity on the Rise, Zscaler Observes - Infosecurity Magazine (infosecurity-magazine.com)

• Why cloud attacks no longer need malware [Q&A] (betanews.com)

• Is Your Computer Part of ‘The Largest Botnet Ever?’ – Krebs on Security

• Trio of Chinese botnet operators sanctioned by United States • The Register

• macOS version of elusive 'LightSpy' spyware tool discovered (bleepingcomputer.com)

• Cyber criminals pose as "helpful" Stack Overflow users to push malware (bleepingcomputer.com)

• Law enforcement operation takes aim at an often-overlooked cyber crime linchpin | Ars Technica

• RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability (thehackernews.com)

• CERT-UA warns of malware campaign conducted by threat actor UAC-0006 (securityaffairs.com)

• Pirated Microsoft Office delivers malware cocktail on systems (bleepingcomputer.com)

Mobile

• Hacking phones is too easy. Time to make it harder (economist.com)

• Privacy vs. Mobile Security: Why You Don’t Have to Choose | MSSP Alert

• 90+ Malicious Apps Totaling 5.5M Downloads Lurk on Google Play (darkreading.com)

• Phones of journalists and activists in Europe targeted with Pegasus | CyberScoop

• Data shows deceitful Android malware is on the rise: Take this one step to keep your phone safe | Laptop Mag

• NSA Warns iPhone & Android Users To Turn It Off And On Again (forbes.com)

Denial of Service/DoS/DDOS

• New DoS Attack ‘DNSBomb’ Exploiting DNS Queries & Responses (cybersecuritynews.com)

• Internet Archive is continuing to face DDoS attacks after several days - Neowin

Internet of Things – IoT

• These are the most insecure devices you might still have in your home (xda-developers.com)

• Hundreds of thousands of US internet routers destroyed in newly discovered 2023 hack (yahoo.com)

Data Breaches/Leaks

• ABN Amro discloses data breach following an attack on a third-party provider (securityaffairs.com)

• Data breach exposes details of 25,000 current and former BBC employees | BBC | The Guardian

• Dutch Social housing tenants' data may have been stolen after IT supplier hack | NL Times

• Almost all citizens of city of Eindhoven have their personal data exposed (bitdefender.com)

• Critical Flaw in AI Platform Exposes Proprietary Data (darkreading.com)

• Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors (securityaffairs.com)

• Cencora data breach exposes US patient info from 11 drug companies (bleepingcomputer.com)

• Good luck keeping the past private now —criminal records of millions of Americans leaked online in major database breach | TechRadar

• 400% rise in MoD data breaches fuels fear of cyber threat from Russia and China (inews.co.uk)

• MITRE December 2023 attack: threat actors created rogue VMs to evade detection (securityaffairs.com)

• Software firm fined $74k for data breach caused by weak password; half a million users affected | The Straits Times

• Nearly 3 million affected by Sav-Rx data breach (therecord.media)

• MediSecure: Australia grapples with surge in cyber attacks | news.com.au — Australia’s leading news site

• First American December data breach impacts 44,000 people (bleepingcomputer.com)

• Hackers Claim Ticketmaster Data Breach: 560 Million Users' Info Up for Sale (hackread.com)

• Update on BBC data security incident (bbc.co.uk)

• MPs email passwords exposed on the dark web, study suggests (cityam.com)

• Everbridge warns of corporate systems breach exposing business data (bleepingcomputer.com)

• FBCS Data Breach Impact Grows to 3.2 Million Individuals - SecurityWeek

• Cooler Master hit by data breach exposing customer information (bleepingcomputer.com)

• Spyware maker pcTattletale says it's 'out of business' and shuts down after data breach | TechCrunch

Organised Crime & Criminal Actors

• Digital Arrests: The New Frontier of Cyber crime | MSSP Alert

• Cyber crime study finds global human-initiated digital attack rate up 19% | Chain Store Age

• Phishing-as-a-service (PhaaS): What is it and How it work? (todayq.com)

• Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web (hackread.com)

• Hacker defaces spyware app’s site, dumps database and source code (bleepingcomputer.com)

• BreachForums returns just weeks after FBI-led takedown • The Register

• 6 Facts About How INTERPOL Fights Cyber Crime (darkreading.com)

• Russian indicted for selling access to US corporate networks (bleepingcomputer.com)

• Cops Are Just Trolling Cyber Criminals Now | WIRED

• Potent youth cyber crime ring made up of 1,000 people, FBI official says | CyberScoop

• Cyber criminals pose as "helpful" Stack Overflow users to push malware (bleepingcomputer.com)

• US arrests man allegedly behind enormous botnet that enabled cyber attacks and fraud - The Verge

• Law enforcement operation takes aim at an often-overlooked cyber crime linchpin | Ars Technica

• Ferraris, Bomb Threats, Billions: FBI Nabs Alleged Cyber crime Kingpin YunHe Wang (thedailybeast.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Indian man stole $37 million in crypto using fake Coinbase Pro site (bleepingcomputer.com)

• Former FTX executive Salame sentenced to over 7 years in prison - BBC News

• RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability (thehackernews.com)

• Hackers who finally unlocked $3 million Bitcoin wallet after 11 years explain how they did (unilad.com)

Insider Risk and Insider Threats

• Human error still perceived as the Achilles' heel of cyber security - Help Net Security

• New Research Warns About Weak Offboarding Management and Insider Risks (thehackernews.com)

Insurance

• AI’s role in FS businesses’ cyber defence and risk assessment (finextra.com)

Supply Chain and Third Parties

• ABN Amro discloses data breach following an attack on a third-party provider (securityaffairs.com)

Cloud/SaaS

• Santander hit by massive cyberattack: All staff and '30million' customers have personal data stolen by gang 'behind Ticketmaster hack' | Daily Mail Online

• 34% of organisations lack cloud cyber security skills - Help Net Security

• Impact of Remote Work and Cloud Migrations on Security Perimeters (securityaffairs.com)

• Why cloud attacks no longer need malware [Q&A] (betanews.com)

• Update on data security incident (bbc.co.uk)

Identity and Access Management

• Identity-related incidents becoming severe, costing organisations a fortune - Help Net Security

Encryption

• Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors (securityaffairs.com)

• New ShrinkLocker ransomware uses BitLocker to encrypt your files (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why strong passwords are still the first line of defence against cyber threats (securitybrief.co.nz)

• Software firm fined $74k for data breach caused by weak password; half a million users affected | The Straits Times

• Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature (securityaffairs.com)

• Password auditing: Purge weak passwords from your organisation | ITPro

• Enhancing cyber security with 'moving trees' (techxplore.com)

• Hackers who finally unlocked $3 million Bitcoin wallet after 11 years explain how they did (unilad.com)

Malvertising

• Arc browser’s Windows launch targeted by Google ads malvertising (bleepingcomputer.com)

Training, Education and Awareness

• Using Scary but Fun Stories to Aid Cyber Security Training - Security Boulevard

• Beyond the Code: Modern Cyber Security Training for 2024 (informationweek.com)

• Why Human Risk Management is Cyber Security's Next Step for Awareness - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• New cyber attack reporting requirement for Swiss financial institutions (cms-lawnow.com)

• The SEC’s SolarWinds Case: What CISOs Should Do Now (darkreading.com)

• GDPR Turns Six: Reflecting on a Global Privacy Benchmark - IT Security Guru

• The SEC's New Take on Cyber Security Risk Management (darkreading.com)

Models, Frameworks and Standards

• The evolution of security metrics for NIST CSF 2.0 - Help Net Security

• How NIST Cybersecurity Framework 2.0 Tackles Risk Management (securityintelligence.com)

Data Protection

• GDPR Turns Six: Reflecting on a Global Privacy Benchmark - IT Security Guru

Careers, Working in Cyber and Information Security

• 34% of organisations lack cloud cyber security skills - Help Net Security

• Cyber security Skills Shortage Is Ranked as the Biggest Risk (globenewswire.com)

• 9 Tips to Avoid Burnout in Cyber Security (darkreading.com)

• New cyber security school to pay students $4K monthly salary

Law Enforcement Action and Take Downs

• ‘World’s largest botnet’ knocked offline after raking in billions | The Independent

• Over 100 malware servers shut down in 'largest ever' operation against botnets (therecord.media)

• Ransomware Networks Brought Down In Major Global Police Operation | HuffPost Latest News

• Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware (thehackernews.com)

• Massive ransomware network taken down by ‘Endgame’ international police operation | Fortune Europe

• BreachForums returns just weeks after FBI-led takedown • The Register

• Indian man stole $37 million in crypto using fake Coinbase Pro site (bleepingcomputer.com)

• Ransomware operators shift tactics as law enforcement disruptions increase - Help Net Security

• 6 Facts About How INTERPOL Fights Cyber crime (darkreading.com)

• Russian indicted for selling access to US corporate networks (bleepingcomputer.com)

• Cops Are Just Trolling Cyber criminals Now | WIRED

• Four arrested as international police operation takes down ransomware networks | BelfastTelegraph.co.uk

• US arrests man allegedly behind enormous botnet that enabled cyber attacks and fraud - The Verge

• Law enforcement operation takes aim at an often-overlooked cyber crime linchpin | Ars Technica

• Ferraris, Bomb Threats, Billions: FBI Nabs Alleged Cyber crime Kingpin YunHe Wang (thedailybeast.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Airlines grapple with spike in GPS interference. Experts say it's collateral damage from global conflicts | CBC News

• OODA Loop - The Cyber Arms Race Gives Way to AI Weaponization

• Could the Next War Begin in Cyberspace? (informationweek.com)

• Global stability issues alter cyber threat landscape, ESET reports | CSO Online

• Cyber Psychological Warfare: Hacking Operational Technology (inforisktoday.com)

• Negotiations over new NATO cyber centre still ongoing weeks from planned launch (therecord.media)

Nation State Actors

China

• 400% rise in MoD data breaches fuels fear of cyber threat from Russia and China (inews.co.uk)

• Ongoing Chinese cyberespionage operation targets government orgs | SC Media (scmagazine.com)

• Trio of Chinese botnet operators sanctioned by United States • The Register

Russia

• 400% rise in MoD data breaches fuels fear of cyber threat from Russia and China (inews.co.uk)

• Russia-linked cyber attacks on Europe have doubled since 2023, top EU cyber security official says | Fortune Europe

• Putin hijacked Austria’s spy service. Now he’s going after its government – POLITICO

• Map shows Russia's campaign of terror, sabotage and hacking in Europe | World News | Metro News

• Critics of Putin and his allies targeted with spyware inside the EU | Hacking | The Guardian

• FlyingYeti phishing crew grounded after failed Ukraine ops • The Register

• Europe on high alert after suspected Moscow-linked arson and sabotage | Russia | The Guardian

• German officer gave up secrets to Russia 'to prevent nuclear war'

• Germany's cyber ambassador on the response to Russia: 'All of this takes time' (therecord.media)

• FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine (thehackernews.com)

• CERT-UA warns of malware campaign conducted by threat actor UAC-0006 (securityaffairs.com)

• Russia Has Figured Out How to Mess up Ukraine's Starlink Internet: NYT (businessinsider.com)

• Surveillance Risk: Apple's Wi-Fi-Based Positioning System (govinfosecurity.com)

• Major Russian delivery company down for three days due to cyber attack (therecord.media)

• Russian indicted for selling access to US corporate networks (bleepingcomputer.com)

• Most EU election interference domestic in origin, not Russian: Meta (therecord.media)

North Korea

• New North Korean Hacking Group Identified by Microsoft - Infosecurity Magazine (infosecurity-magazine.com)

• Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks | Microsoft Security Blog

• Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group (thehackernews.com)

• Global stability issues alter cyber threat landscape, ESET reports | CSO Online

• Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals (darkreading.com)

• New North Korean group tied to ransomware, gaming campaigns • The Register

• Microsoft links North Korean hackers to new FakePenny ransomware (bleepingcomputer.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Phones of journalists and activists in Europe targeted with Pegasus | CyberScoop

Vulnerability Management

• The Importance of Patching Vulnerabilities in Cyber Security - Security Boulevard

• NIST expects to clear backlog in vulnerabilities database by end of fiscal year (therecord.media)

• Why CVEs Are an Incentives Problem (darkreading.com)

• The most dangerous CVEs of 2023 and 2024: fix these today (kaspersky.co.uk)

• NIST says NVD will be back on track by September 2024 - Help Net Security

• 59% of public sector apps carry long-standing security flaws - Help Net Security

• NIST Getting Outside Help for National Vulnerability Database - SecurityWeek

• An Argument for Coordinated Disclosure of New Exploits (darkreading.com)

Vulnerabilities

• Cisco Releases May 2024 Cisco ASA, FMC, and FTD Software Security Publication | CISA

• Critical Flaw in AI Platform Exposes Proprietary Data (darkreading.com)

• High-severity flaw affects Cisco Firepower Management Center (securityaffairs.com)

• Hackers target Check Point VPNs to breach enterprise networks (bleepingcomputer.com)

• Exploit released for maximum severity Fortinet RCE bug, patch now (bleepingcomputer.com)

• Check Point VPN zero-day exploited in attacks since April 30 (bleepingcomputer.com)

• VMware Workstation and Fusion: Critical Security Flaws Fixed - Security Boulevard

• Google fixes eighth actively exploited Chrome zero-day this year (bleepingcomputer.com)

• An XSS flaw in GitLab allows attackers to take over accounts (securityaffairs.com)

• WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites (thehackernews.com)

• The most dangerous CVEs of 2023 and 2024: fix these today (kaspersky.co.uk)

• Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors - SecurityWeek

• RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability (thehackernews.com)

• FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine (thehackernews.com)

• Security flaw in this TP-Link Archer router receives 10 out of 10 severity rating | TechSpot

Tools and Controls

• Why strong passwords are still the first line of defence against cyber threats (securitybrief.co.nz)

• Microsoft battens security hatches on Windows admin accounts | PCWorld

• 34% of organisations lack cloud cyber security skills - Help Net Security

• New DoS Attack ‘DNSBomb’ Exploiting DNS Queries & Responses (cybersecuritynews.com)

• Farewell VBScript: Microsoft confirms plans to begin phasing out the programming language | ITPro

• The evolution of security metrics for NIST CSF 2.0 - Help Net Security

• 4-Step Approach to Mapping and Securing Your Organisation's Most Critical Assets (thehackernews.com)

• How to combat alert fatigue in cyber security - Help Net Security

• Why leaders must prioritise network security - Raconteur

• Network Segmentation: Top Challenges And How To Solve Them (forbes.com)

• New Research Warns About Weak Offboarding Management and Insider Risks (thehackernews.com)

• Identity-related incidents becoming severe, costing organisations a fortune - Help Net Security

• Password auditing: Purge weak passwords from your organisation | ITPro

• Beyond the blind spots: why CISOs must embrace deep observability - Raconteur

• Evolving Detection Engineering Capabilities with Breach & Attack Simulation (BAS) - Security Boulevard

• How NIST Cybersecurity Framework 2.0 Tackles Risk Management (securityintelligence.com)

• Contextual Intelligence is the Key - Security Boulevard

• Why Human Risk Management is Cyber Security's Next Step for Awareness - Infosecurity Magazine (infosecurity-magazine.com)

• AI’s role in FS businesses’ cyber defence and risk assessment (finextra.com)

• Report: The Dark Side of Phishing Protection (thehackernews.com)

• Essential Strategies for Recovering from Ransomware Attacks - Security Boulevard

Reports Published in the Last Week

• Q1 2024 Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices (kroll.com)

Other News

• Cyber security of elections - POST (parliament.uk)

• Why cyber criminals and hackers are targeting small businesses - Marketplace

• Shell says 'potential cyber security incident' under investigation | CTV News

• Defending Professional Sports Organisations Against Cyber Threats (forbes.com)

• How Manufacturers Can Build Their Cyber Defence (forbes.com)

• Manufacturing Is #1 in Cyber Attacks for Third Straight Year. What Can Be Done? | IndustryWeek

• How Can Small Businesses Alleviate Cyber Risks? (forbes.com)

• Cyber security is the cause of all MSPs’ headaches • The Register

• Most EU election interference domestic in origin, not Russian: Meta (therecord.media)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Human Error and AI Tops Cyber Threats as 70% of CISOs Worry About Risk

According to a survey of 1,600 CISOs, 70% worry about the risk of a material cyber attack over the next 12 months. Additionally, nearly 31% believe an attack is very likely, compared to 25% in 2023.  Amongst the largest concerns were human error, with 75% of CISOs identifying it as their most significant cyber vulnerability, up from 60% in 2023. Furthermore, 80% anticipate that human risk and employee negligence in particular will be major cyber security issues in the next two years.  Additionally, artificial intelligence was identified as an emerging concern for 54% of CISOs.

Sources: [The Register] [Infosecurity Magazine] [Cryptopolitan]

The State of Cyber Security: AI and Geopolitics Mean a Bigger Threat Than Ever

A recent report by Check Point reveals that global organisations faced an average of 1,158 weekly cyber attacks in 2023, an increase from 2022. In the UK, 50% of businesses experienced cyber attacks in the past year, with medium and large-sized businesses more affected at 70% and 74%, respectively. A ClubCISO survey found 62% of CISOs believe organisations are ill-equipped for AI-driven attacks, yet 77% haven't increased cyber security spending.

Additionally, a British Foreign Policy Group (BFPG) article highlights cyber threats from geopolitical tensions, with a recent attack on the Ministry of Defence exposing HR and payroll data. The National Cyber Security Centre attributes such attacks to state-affiliated actors like China and Russia. Despite efforts to establish international cyber norms, enforcement remains challenging. Businesses must recognise that cyber security is now deeply intertwined with geopolitics, affecting strategic partnerships and procurement.

Sources: [Verdict] [BFPG]

Threat Research Highlights Growing Mobile Security Risks

A recent report by a cloud security vendor focusing on the mobile threat landscape found that in the first quarter of 2024, the number of phishing, malicious, denylisted and offensive links delivered to their customers’ mobile devices tripled compared to Q1 2023. The report, which bases its data on 220 million devices, 325 million apps and billions of web items, found that the most common misconfiguration in mobiles was out of date operating systems (37%). When it came to the prevalence of attacks, 75% of organisations reported experiencing mobile phishing attempts targeting their employees.

This comes as a representative from the US Cybersecurity and Infrastructure Security Agency told the Federal Communications Commission earlier this year that there had been “numerous incidents of successful, unauthorised attempts” to steal location data, monitor voice and text messages, and deliver spyware.

Sources: [Economist] [Business Wire]

Family Offices Become Prime Targets for Cyber Hacks and Ransomware

A recent Dentons survey reveals that nearly 80% of family offices perceive a dramatic increase in cyber attack threats, with a quarter experiencing an attack in 2023, up from 17% in 2020. Despite their wealth, family offices often lack the staff and technology to manage these risks effectively. Less than a third report well-developed cyber risk management processes, and only 29% believe their cyber training programs are sufficient. This gap between awareness and action highlights the need for family offices to prioritise comprehensive cyber security measures, including better training, updated policies, and secure communication practices.

Source: [CNBC]

Ransomware Fallout: 94% Experience Downtime, 40% Face Work Stoppage

According to a report by cyber security provider Arctic Wolf, within the last 12 months 48% of organisations identified evidence of a successful breach within their environment and 70% of organisations were the targets of attempted Business Email Compromise (BEC) attacks, with 29% of these targets becoming victims of one or more successful BEC occurrences.

In its survey, the company says “45% of the organizations we spoke with admitted to being the victim of a ransomware attack within the last 12 months”,  an increase from the prior year. Of those impacted by ransomware, 86% of attacks including successful data exfiltration and 94% of those impacted by a ransom event experienced a significant downtime and delays. 40% of victims stated they experienced a period of total work stoppage due to ransomware.

Source: [Help Net Security]

Employee Discontent: Insider Threat No. 1

Chief Information Security Officers (CISOs) must integrate human factors into insider risk management (IRM), not just rely on detection technologies. IRM must consider factors such as those raised by recent research where only half of US workers are very satisfied with their jobs, and 28% feel their employers don't care about them. CISOs themselves are affected by job satisfaction; the 2024 IANS/Artico report shows three out of four CISOs are ready to leave their roles. DTEX Systems found 77% of malicious insiders concealed their activities, emphasising the importance of human engagement and feedback in mitigating risks.

Source: [CSO]

Report Reveals 341% Rise in Advanced Phishing Attacks

A recent report has revealed malicious emails increased by 341% over the past 6 months. This included a 217% increase in credential harvesting phishing attacks and a 29% increase in Business Email Compromise (BEC) attacks. The report highlighted the impact of artificial intelligence, noting that since the launch of ChatGPT in November 2022, there has been a 4,151% surge in malicious phishing messages.

Source: [Security Magazine] [ Infosecurity Magazine]

Ransomware and GenAI Raise Security Challenges, Driving Cyber Investment

A recent study by Infosecurity Europe reveals that nearly 40% of cyber security leaders are increasing investments to combat the growing threats of ransomware and AI-generated attacks. A separate survey found 94% of organisations have or plan to implement generative AI use policies, and a third strictly forbid AI tech in their environment. This data highlights the ongoing effort to balance AI benefits with security risks, indicating that there isn’t a one-size-fits-all strategy for formalising AI adoption and usage policies.

Source: [Security Boulevard] [Infosecurity Magazine]

New Rules Prompt 93% of Organisations to Rethink Cyber Security Plans

A recent report reveals that 93% of organisations have re-evaluated their cyber security strategies due to new regulations, with 58% reconsidering their entire approach. The survey, which included 500 cyber security decision-makers from the US and UK, found that 92% reported increased security budgets, with 36% seeing rises of 20-49% and 23% experiencing over 50% increases. Despite this, only 40% feel confident in their resources to comply with regulations, and just one-third believe they can meet all requirements, highlighting significant gaps in preparedness.

Source: [security magazine]

HR and IT Related Phishing Scams Still Most Popular According to KnowBe4’s Latest Phishing Report

A recent KnowBe4 report reveals that HR-related phishing emails account for 42% of top-clicked phishing attempts, followed by IT-related emails at 30%. These phishing tactics exploit employees' trust and evoke immediate responses by mimicking legitimate business communications about dress code changes, tax updates, and training notifications. The report also highlights that nearly a third of users are vulnerable to phishing, emphasising the need for robust security awareness training. A well-trained workforce is essential in defending against increasingly sophisticated phishing attacks that leverage AI and emotional manipulation.

Source: [IT Security Guru]

80% of Exposures from Misconfigurations, as 15 Vendors Account for 62% of Global Attack Surface

A recent XM Cyber report highlights a significant gap in cyber security focus with identity and credential misconfigurations accounting for 80% of security exposures. The study, based on hundreds of thousands of attack path assessments, found that 62% of the global attack surface is concentrated in just 15 vendors. Furthermore, 41% of organisations had at least one compromised device, and 11% experienced ransomware incidents. The report underscores the need for a shift from patching all vulnerabilities to addressing high-impact exposures, especially those around identity management and critical asset protection.

Sources: [Security Magazine] [The Hacker News]

UK to Propose Mandatory Reporting for Ransomware Attacks and Licensing Regime for all Payments

A forthcoming proposal in Britain aims to overhaul the response to ransomware by mandating victims to report incidents and obtain a license before making extortion payments. This initiative, part of a public consultation, includes a ban on ransom payments for critical national infrastructure to deter attacks. The National Cyber Security Centre has highlighted concerns over underreporting, with a 2023 increase in ransomware-related data breaches. The plan’s success hinges on replacing the delayed Action Fraud reporting platform. This proposal marks a significant step in global ransomware policy, with Britain leading international efforts against cyber criminals.

Source: [The Record Media]

UK’s Legal Sector Needs to Improve its Cyber Security, Says Experts

One in ten UK data breaches in 2023 occurred in the legal sector, highlighting that UK law firms are attractive targets for cyber criminals. A recent analysis of the UK’s Information Commissioner's Office (ICO) data found that the legal sector is one of the worst performing sectors for data breaches, with nearly 86 per cent of the incidents within the legal sector involving breaches of personal identifiable information, including instances also affecting sensitive economic and financial data.

Sources [CITY AM]

Governance, Risk and Compliance

• 70% of CISOs Expect Cyber Attacks in Next Year, Report Finds - Infosecurity Magazine (infosecurity-magazine.com)

• UK's legal sector needs to improve its cyber security, say experts (cityam.com)

• How to stay on top of evolving cyber security legislation | RSM UK

• New rules prompt 93% of organisations to rethink cyber security plans | Security Magazine

• Ransomware and AI-Powered Hacks Drive Cyber Investment - Infosecurity Magazine (infosecurity-magazine.com)

• One CISO Can’t Fill Your Board’s Cyber Security Gaps (mit.edu)

• Security Compliance 101: What It Is and How to Master It - Security Boulevard

• Family offices become prime targets for cyber hacks and ransomware (cnbc.com)

• Worried about job security, cyber teams hide security incidents - Help Net Security

• Law firms warn global risks on the rise (emergingrisks.co.uk)

• Financial companies must have data breach incident plans, SEC says | SC Media (scmagazine.com)

• Businesses must overcome security communication roadblocks – Channel EYE

• Why Culture is the Bedrock of Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

• 10 Leadership Challenges For An AI World (forbes.com)

• IT Security Leaders Are Failing to Close a Boardroom Credibility Gap (prnewswire.com)

• Effective GRC programs rely on team collaboration - Help Net Security

• Are AI and Cyber Security the New Driving Forces Behind Mergers and Acquisitions in the Coming Years? - The Global Treasurerputty

• Understanding cyber risks beyond data breaches - Help Net Security

• De-risking the business - how to evolve your approach to security | TechRadar

• IT and security data is siloed in most organisations (betanews.com)

• Can Cyber Security Be a Unifying Factor in Digital Trade Negotiations? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Family offices become prime targets for cyber hacks and ransomware (cnbc.com)

• Ransomware fallout: 94% experience downtime, 40% face work stoppage - Help Net Security

• Ransomware Attacks Evolve as Average Ransom Demand Tops $1.26 Million - Security Boulevard

• UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (therecord.media)

• Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising (bleepingcomputer.com)

• Cyber criminals shift tactics to pressure more victims into paying ransoms - Help Net Security

• Unpatched vulnerabilities making bad ransomware outcomes worse: What you need to know | SC Media (scmagazine.com)

• Cyber Attacks Over Work Email Most Used; Ransomware Hits Victims Hard: Artic Wolf (insurancejournal.com)

• This wiper malware takes data destruction to a whole new level | TechRadar

• A Surge in Ransomware: Insights from Our 2024 Cyber Threat Report | Huntress

• New ransomware group abusing BitLocker | Securelist

• Ransomware, BEC, GenAI Raise Security Challenges - Security Boulevard

• LockBit takedown taking toll as gang plummets down rankings • The Register

• First LockBit, now BreachForums: Are cops winning the war? • The Register

• 2024 sees continued increase in ransomware activity - Help Net Security

• Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern (thehackernews.com)

• What role does an initial access broker play in the RaaS model? | TechTarget

• Casino cyber attacks put a bullseye on Scattered Spider • The Register

• Ransomware innovation slowdown a product of crims' success • The Register

Ransomware Victims

• National Records of Scotland reveals its data stolen in 'distressing' NHS health board cyber attack (scotsman.com)

• OmniVision Says Personal Information Stolen in Ransomware Attack - Security Week

• Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors (securityaffairs.com)

• LockBit says they stole data in London Drugs ransomware attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• HR and IT related phishing scams still most popular according to KnowBe4’s latest Phishing Report - IT Security Guru

• Report Reveals 341% Rise in Advanced Phishing Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide (thehackernews.com)

• Phishing statistics that will make you think twice before clicking - Help Net Security

• Cyber Attacks Over Work Email Most Used; Ransomware Hits Victims Hard: Artic Wolf (insurancejournal.com)

• Q1 2024 Global Phishing Report (knowbe4.com)

• Phishing, BEC, and Beyond: Tackling the Top Cyber Threats to UK Banks (prnewswire.co.uk)

• Two-stage Dropbox spear phishing | Kaspersky official blog

• Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns (thehackernews.com)

• Only 60 percent of brands can protect their customers from digital impersonation (betanews.com)

• A phish by any other name should still not be clicked – Computerworld

• Active Chinese Cyber espionage Campaign Rifling Email Servers (inforisktoday.com)

• YouTube has become a significant channel for cyber crime - Help Net Security

BEC

• The last six months shows a 341% increase in malicious emails | Security Magazine

• Phishing, BEC, and Beyond: Tackling the Top Cyber Threats to UK Banks (prnewswire.co.uk)

• Ransomware, BEC, GenAI Raise Security Challenges - Security Boulevard

• 10 Years in Prison for $4.5 million BEC Scammer Who Bought Ferrari to Launder Money | Tripwire

Other Social Engineering

• ‘Unblockable’ HMRC scam message on iPhones sparks warning (yahoo.com)

• Cyber criminals Exploit Cloud Storage For SMS Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• The state of cyber security: AI and geopolitics mean a bigger threat than ever - Verdict

• Three Questions Every Leader Needs To Ask About AI Cyber Security (forbes.com)

• Ransomware, BEC, GenAI Raise Security Challenges - Security Boulevard

• Beware – Your Customer Chatbot is Almost Certainly Insecure: Report - Security Week

• Human Error and AI Tops Cyber Security Threats in CISO Survey | Cryptopolitan

• Consumers continue to overestimate their ability to spot deepfakes - Help Net Security

• CIO’s 2024 Checklist: Generative AI, Digital Transformation And More (forbes.com)

• Are AI and Cyber Security the New Driving Forces Behind Mergers and Acquisitions in the Coming Years? - The Global Treasurer

• Deepfakes Rank As the Second Most Common Cyber Security Incident for US Businesses (darkreading.com)

• Data regulator looking into Microsoft’s AI Recall feature | The Independent

• New Microsoft Recall feature is a 'security nightmare' and could make Copilot+ PCs a top target for cyber criminals | ITPro

• Why We Need to Get a Handle on AI - Security Week

• CISOs pursuing AI readiness should start by updating the org’s email security policy - Help Net Security

• 10 Leadership Challenges For An AI World (forbes.com)

• US Intelligence Agencies’ Embrace of Generative AI Is at Once Wary and Urgent - Security Week

• User Outcry as Slack Scrapes Customer Data for AI Model Training - Security Week

• Balancing generative AI cyber security risks and rewards | TechTarget

• AI Is The Past, Present And Future Of Cyber Security (forbes.com)

• US AI Experts Targeted in SugarGh0st RAT Campaign (darkreading.com)

• The ‘dead internet theory’ makes eerie claims about an AI-run web. The truth is more sinister (theconversation.com)

• Transparency is sorely lacking amid growing AI interest | ZDNET

• UK Government in £8.5m Bid to Tackle AI Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Microsoft to Mandate Multi-Factor Authentication for All Azure Users (cybersecuritynews.com)

• Here's why you should get a YubiKey (xda-developers.com)

• Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report - Security Week

Malware

• Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide (thehackernews.com)

• Ukraine blackouts caused by malware attacks warn against evolving cyber security threats to the physical world (techxplore.com)

• 400K Linux Servers Recruited by Resurrected Ebury Botnet (darkreading.com)

• Another nasty Mac malware is spoofing legitimate software to target macOS users | TechRadar

• Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (thehackernews.com)

• What Does Malware Look Like? Check Out These Real-World Examples (pcmag.com)

• Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail (thehackernews.com)

• Dangerous nostalgia: Taking Windows XP online will result in auto-installed viruses in a matter of minutes | TechSpot

• Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users (thehackernews.com)

• MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks (thehackernews.com)

• Keylogger Embedded Microsoft Exchange Server Steals Login Credentials (cybersecuritynews.com)

• Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns (thehackernews.com)

• Researchers spot cryptojacking attack that disables endpoint protections | Ars Technica

• US AI Experts Targeted in SugarGh0st RAT Campaign (darkreading.com)

• New BiBi Wiper version also destroys the disk partition table (bleepingcomputer.com)

• Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth (darkreading.com)

• Malicious actors are cat-phishing targets in order to spread malware | Security Magazine

Mobile

• It is dangerously easy to hack the world’s phones (economist.com)

• How often should you turn off your phone? Here's what the NSA says | PCWorld

• New Android Banking Trojan Mimics Google Play Update App - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked Kimsuky APT attack targets victims via Messenger (securityaffairs.com)

• US Official Warns a Cell Network Flaw Is Being Exploited for Spying | WIRED

• How to recognise if the security of your work device has been breached (siliconrepublic.com)

• Vultur Malware Mimic As Mobile Antivirus Steals Login Credentials (cybersecuritynews.com)

• ‘Unblockable’ HMRC scam message on iPhones sparks warning (yahoo.com)

• Lookout Threat Research Highlights Growing Mobile Security Risks | Business Wire

Internet of Things – IoT

• Teslas Can Still Be Stolen With a Cheap Radio Hack—Despite New Keyless Tech | WIRED

Data Breaches/Leaks

• Aon reveals cyber attack/data breach as top risk for financial institutions - Reinsurance News

• PSNI Faces £750,000 Data Breach Fine After Spreadsheet Leak - Infosecurity Magazine (infosecurity-magazine.com)

• NYSE parent fined $10M for breach reporting failure • The Register

• Were The Ashley Madison Hackers Ever Caught? (screenrant.com)

• 2.4 Million Impacted by WebTPA Data Breach - Security Week

• National Records of Scotland reveals its data stolen in 'distressing' NHS health board cyber attack (scotsman.com)

• 49 Million Customers Impacted by API Security Flaw - Security Boulevard

• Army personnel fear for their jobs after huge MoD cyber attack | The Independent

• Criminal record database of millions of Americans dumped online | Malwarebytes

• Optus denies claims of ‘cloaking’ Deloitte cyber attack report findings - Lawyers Weekly

• Record breaking number of data breaches reported | Bailiwick Express

• 400,000 Impacted by CentroMed Data Breach - Security Week

• 55,000 Impacted by Cyber Attack on California School Association  - Security Week

Organised Crime & Criminal Actors

• Were The Ashley Madison Hackers Ever Caught? (screenrant.com)

• HP Catches Cyber Criminals 'Cat-Phishing' Users (darkreading.com)

• Cyber crime on the rise as account takeovers become leading method (investmentnews.com)

• Moroccan cyber crime group impersonates nonprofits and abuses cloud services to rake in gift card cash | CyberScoop

• YouTube has become a significant channel for cyber crime - Help Net Security

• Ransomware innovation slowdown a product of crims' success • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking (thehackernews.com)

• Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam (thehackernews.com)

• Researchers spot cryptojacking attack that disables endpoint protections | Ars Technica

• Dutch police tracked a crypto theft to one of world’s worst botnets (thenextweb.com)

• He Trained Cops to Fight Crypto Crime—and Allegedly Ran a $100M Dark-Web Drug Market | WIRED

Insider Risk and Insider Threats

• Human Error and AI Tops Cyber Security Threats in CISO Survey | Cryptopolitan

• Employee discontent: Insider threat No. 1 | CSO Online

• Can we fix the human error problem in cyber security? (siliconrepublic.com)

Insurance

• Cyber insurance Company Offers MDR to MSPs | MSSP Alert

• Should You Buy Cyber Insurance in 2024? Pros & Cons (techopedia.com)

• Cyber insurance trends: reshaping the industry - SiliconANGLE

Supply Chain and Third Parties

• Implementing Third-Party Risk Management Workflows | UpGuard

• Managing third-party risk with cyber security | RSM UK

• Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report - Security Week

• JAVS courtroom recording software backdoored in supply chain attack (bleepingcomputer.com)

Cloud/SaaS

• Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms (darkreading.com)

• Veeam 2024 Cloud Protection Trends Report Provides New Insight into Cloud‑Powered Data Protection Strategies | Business Wire

• Security concerns impeding cloud migration | SC Media (scmagazine.com)

• Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users (thehackernews.com)

• Are Your SaaS Backups as Secure as Your Production Data? (thehackernews.com)

• Cyber Criminals Exploit Cloud Storage For SMS Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

Identity and Access Management

• Report: Organisations Are Scrambling to Overhaul Their Identity Security Frameworks Amidst Surge in Recent Attacks (globenewswire.com)

• 77 percent of organisations suffer cyber attacks due to identity issues (betanews.com)

Encryption

• Yet more ransomware uses BitLocker to encrypt victims' files • The Register

Linux and Open Source

• The economic model that made the internet, and the hack that almost broke it : Planet Money : NPR

• 400K Linux Servers Recruited by Resurrected Ebury Botnet (darkreading.com)

• Are all Linux vendor kernels insecure? A new study says yes, but there's a fix | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

• Cyber crime on the rise as account takeovers become leading method (investmentnews.com)

Social Media

• YouTube has become a significant channel for cyber crime - Help Net Security

• How Secure Is The Metaverse? (A Look At Cyber Threats And Defences) (forbes.com)

• Russia’s DoppelGänger Campaign Manipulates Social Media - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising (bleepingcomputer.com)

• The mystery of the targeted ad and the library patron • The Register

• Windows admins targeted with clever malvertising scam | TechRadar

Training, Education and Awareness

• Three Psychological Theories to Ensure Cyber Security Training Sticks - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• PSNI Faces £750,000 Data Breach Fine After Spreadsheet Leak - Infosecurity Magazine (infosecurity-magazine.com)

• NYSE parent fined $10M for breach reporting failure • The Register

• Intercontinental Exchange Will Pay $10 Million to Resolve SEC Cyber Probe (wsj.com)

• UK considering mandatory reporting for ransomware attacks (computing.co.uk)

• How to stay on top of evolving cyber security legislation | RSM UK

• SEC requires financial institutions to notify customers of breaches within 30 days - Help Net Security

• Security Compliance 101: What It Is and How to Master It - Security Boulevard

• Singapore updates cyber security law to expand regulatory oversight | ZDNET

• Avoiding Cyber Security Incident Overdisclosure:  Helpful Guidance | Mayer Brown Free Writings + Perspectives - JDSupra

• Counting Down to the EU NIS2 Directive - Security Boulevard

• The Dawn of DORA: Building a Resilient Financial Infrastructure (finextra.com)

• What American Enterprises Can Learn From Europe's GDPR Mistakes (darkreading.com)

• Preparing Your Organisation for Upcoming Cyber Security Deadlines (darkreading.com)

Backup and Recovery

• Are Your SaaS Backups as Secure as Your Production Data? (thehackernews.com)

Data Protection

• 87% of medical practice data is digital | Security Magazine

Careers, Working in Cyber and Information Security

• The IT skills shortage situation is not expected to get any better - Help Net Security

• UK Government ramps up efforts to bridge cyber security skills gap (holyrood.com)

• IT Essentials: Sun, stress and security (computing.co.uk)

• Persistent Burnout Is Still a Crisis in Cyber Security (darkreading.com)

• 5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast

Law Enforcement Action and Take Downs

• Dutch police tracked a crypto theft to one of world’s worst botnets (thenextweb.com)

• Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam (thehackernews.com)

• Police caught circumventing city bans on face recognition • The Register

• 10 Years in Prison for $4.5 million BEC Scammer Who Bought Ferrari to Launder Money | Tripwire

• LockBit takedown taking toll as gang plummets down rankings • The Register

• He Trained Cops to Fight Crypto Crime—and Allegedly Ran a $100M Dark-Web Drug Market | WIRED

• Casino cyber attacks put a bullseye on Scattered Spider • The Register

• First LockBit, now BreachForums: Are cops winning the war? • The Register

• No time to take eye of the ball despite recent cyber success – report (emergingrisks.co.uk)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• World War War III May Already Have Started—in the Shadows (reason.com)

• Britons should have three days' worth of tinned food and water, government says | Politics News | Sky News

• The Balance of Power in Cyber Space – What it Means for UK Business - British Foreign Policy Group (bfpg.co.uk)

• The state of cyber security: AI and geopolitics mean a bigger threat than ever - Verdict

Nation State Actors

China

• The Security Interviews: What is the real cyber threat from China? | Computer Weekly

• UK not heeding warning over China threat, says ex-cyber security chief (yahoo.com)

• Newly Detected Chinese Group Targeting Military, Government Entities - Security Week

• Escalating Chinese cyber threats drive US efforts to secure critical infrastructure | SC Media (scmagazine.com)

• Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed (thehackernews.com)

• Spies, trade and tech: China’s relationship with Britain (economist.com)

• Chinese, Iranian, and Russian gangs are attacking the U.S's drinking water and officials are alarmed | Fortune

• Google, Meta warned that undersea internet cables at risk for Chinese espionage: report (nypost.com)

• UK military in data breach - and other cyber security news | World Economic Forum (weforum.org)

• Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries (thehackernews.com)

• Active Chinese Cyberespionage Campaign Rifling Email Servers (inforisktoday.com)

• State hackers turn to massive ORB proxy networks to evade detection (bleepingcomputer.com)

• New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts (thehackernews.com)

• Stronger critical infrastructure defence aimed by Army Cyber Command | SC Media (scmagazine.com)

• Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam (thehackernews.com)

• Former Royal Marine charged with spying for China found dead (thetimes.co.uk)

Russia

• Ukraine blackouts caused by malware attacks warn against evolving cyber security threats to the physical world (techxplore.com)

• Chinese, Iranian, and Russian gangs are attacking the U.S's drinking water and officials are alarmed | Fortune

• Russia’s DoppelGänger Campaign Manipulates Social Media - Infosecurity Magazine (infosecurity-magazine.com)

• US says Russia likely launched space weapon - BBC News

• New Star Wars Plan: Pentagon Rushes to Counter Threats in Orbit - The New York Times

• British man, 64, charged with assisting Russian intelligence service | The Independent

Iran

• Chinese, Iranian, and Russian gangs are attacking the U.S's drinking water and officials are alarmed | Fortune

• Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel (thehackernews.com)

North Korea

• North Korea-linked Kimsuky APT attack targets victims via Messenger (securityaffairs.com)

• US Official Warns a Cell Network Flaw Is Being Exploited for Spying | WIRED

• North Korea-linked IT workers infiltrated hundreds of US firms (securityaffairs.com)

• High-ranking military officials' e-mail hacked, possibly by N. Korea (koreaherald.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• The state of cyber security: AI and geopolitics mean a bigger threat than ever - Verdict

• Government tells Britons to stockpile as part of emergency planning

• Spyware found on US hotel check-in computers | TechCrunch

Vulnerability Management

• New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs (thehackernews.com)

• Unpatched vulnerabilities making bad ransomware outcomes worse: What you need to know | SC Media (scmagazine.com)

• Over 60% of Network Security Appliance Flaws Exploited as Zero Days - Infosecurity Magazine (infosecurity-magazine.com)

• 93% of vulnerabilities unanalysed by NVD since February | TechTarget

• Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report - Security Week

• How AI-driven patching could transform cyber security | TechTarget

Vulnerabilities

• Microsoft Edge gets fixes for five more security vulnerabilities - Neowin

• Over 60% of Network Security Appliance Flaws Exploited as Zero Days - Infosecurity Magazine (infosecurity-magazine.com)

• Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms (darkreading.com)

• Veeam warns of critical Backup Enterprise Manager auth bypass bug (bleepingcomputer.com)

• Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days (darkreading.com)

• Critical Flaw in AI Python Package Can Lead to System and Data Compromise - Security Week

• This devious Wi-Fi security flaw could let hackers eavesdrop on your network with ease | TechRadar

• Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (thehackernews.com)

• Intel's Max Severity Flaw Affects AI Model Compressor Users (govinfosecurity.com)

• 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) - Help Net Security

• Keylogger Embedded Microsoft Exchange Server Steals Login Credentials (cybersecuritynews.com)

• Chrome 125 Update Patches High-Severity Vulnerabilities - Security Week

• Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager - Security Week

• Unauthenticated RCE Vulnerability in Fortinet FortiSIEM: PoC Published (cybersecuritynews.com)

• Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern (thehackernews.com)

• VMware Abused in Recent MITRE Hack for Persistence, Evasion - Security Week

• High-severity GitLab flaw lets attackers take over accounts (bleepingcomputer.com)

• CISA Warns of Actively Exploited Apache Flink Security Vulnerability (thehackernews.com)

Tools and Controls

• Network Outages Hit 59% of Multi-Site Businesses Monthly - Infosecurity Magazine (infosecurity-magazine.com)

• New rules prompt 93% of organisations to rethink cyber security plans | Security Magazine

• Ransomware and AI-Powered Hacks Drive Cyber Investment - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft to Mandate Multi-Factor Authentication for All Azure Users (cybersecuritynews.com)

• What is a Third-Party Risk Assessment in Cyber Security? | UpGuard

• Should You Buy Cyber Insurance in 2024? Pros & Cons (techopedia.com)

• The Critical Role Of Web Filtering To Secure A Modern Workplace (forbes.com)

• We put too much faith in our web browsers, here's why we shouldn't (xda-developers.com)

• Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defences (thehackernews.com)

• Google says Microsoft can’t be trusted after email security blunders | ITPro

• CISOs pursuing AI readiness should start by updating the org’s email security policy - Help Net Security

• Fighting identity fraud? Here's why we need better tech - Help Net Security

• Report: Organisations Are Scrambling to Overhaul Their Identity Security Frameworks Amidst Surge in Recent Attacks (globenewswire.com)

• 77 percent of organisations suffer cyber attacks due to identity issues (betanews.com)

• Researchers spot cryptojacking attack that disables endpoint protections | Ars Technica

• Microsoft's latest Windows 11 security features aim to make it 'more secure out of the box' | ZDNET

• Are Your SaaS Backups as Secure as Your Production Data? (thehackernews.com)

• Cyber insurance trends: reshaping the industry - SiliconANGLE

• The Evolution of Security Operations Centres in the Past Decade | Information Security Buzz

• Incident response: a useful guide - Tech Monitor

• Here's why you should get a YubiKey (xda-developers.com)

• Mastercard Doubles Speed of Fraud Detection with Generative AI - Infosecurity Magazine (infosecurity-magazine.com)

• When to Automate and When Not to Automate Security - Security Boulevard

• Critical Capabilities of Cyber Security Risk Assessment Tools (cybersaint.io)

• How AI-driven patching could transform cyber security | TechTarget

Reports Published in the Last Week

• 2024 Cloud Protection Trends (veeam.com)

• Arctic Wolf Labs 2024 Threat Report | Arctic Wolf

• Q1 2024 Global Phishing Report (knowbe4.com)

• 2024 Cyber Threat Report | Huntress

• 2024 Q1 Mobile Landscape Threat Report (lookout.com)

• State of Cyber Security Trends Report 2024 | Ivanti

Other News

• Aon reveals cyber attack/data breach as top risk for financial institutions - Reinsurance News

• 15 companies account for 62% of global attack surface | Security Magazine

• Google Deletes $125 Billion UniSuper Pension Fund Account; Impacts Over Half a Million Australians - Goodreturns

• Cyber attacks are soaring—treat them as an 'act of war', health care exec warns | Fortune Well

• If the Lights Went Out: Exploring a Power Grid Failure (greydynamics.com)

• Wars in Ukraine and Gaza raise UK infrastructure cyber threat level | New Civil Engineer

• Malware power threat real and growing – researchers (emergingrisks.co.uk)

• Microsoft’s President to Testify to House Panel on Cyber Security (bloomberglaw.com)

• Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search (bleepingcomputer.com)

• 5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast

• Why cyber security is front and centre for rail - Railway Technology (railway-technology.com)

• Mitigating cyber security risks in the technology sector | TechRadar

• New EU tool to counter hybrid threats - Ministry of Foreign Affairs Republic of Poland - Gov.pl website (www.gov.pl)

• Cyber attacks on construction firms jump, new report finds | News | Building

• FUD: How Fear, Uncertainty, and Doubt can ruin your security program - Security Boulevard

• Cyber Security in the legal sector | Law Gazette

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

An active campaign has been identified in which a flaw in Foxit, a popular PDF reader, is being exploited by attackers to deploy a variety of malware. Check Point, who have identified the campaign have said that it has been used by multiple threat actors in campaigns ranging “from e-crime to espionage”. The campaign takes advantage of a flaw in which the PDF reader is set to accept a document as trusted by default.  Once a user clicks OK on this, a second display pops up which has the default option of allowing the PDF to open additional programs and execute commands.

What’s the risk to me or my business?

There is a risk that organisations using Foxit PDF reader are vulnerable to this exploitation, which has a low detection rate. Additionally, this risk extends to employees who have access to corporate data on their personal device and are using Foxit. In both cases, the confidentiality, integrity and availability of information is at risk.

Reports indicate that the malicious PDF’s are being distributed in traditional manners including email, as well as social media such as Facebook, capitalising on the low-level of detection of this exploit.

What can I do?

Black Arrow recommends organisations evaluate the most suitable risk treatment approach for their environment. This may involve exploring alternative software solutions or uninstalling the affected software altogether. Additionally, disabling non-essential features, such as command prompt and PowerShell execution, for standard users is recommended. Cyber awareness training should also emphasise the importance of not opening unexpected files or granting permissions via pop-up windows to mitigate risks.

#threatadvisory #threatintelligence #cybersecurity

Further information from Check Point can be found here:

https://research.checkpoint.com/2024/foxit-pdf-flawed-design-exploitation/

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Social Engineering is the Biggest Cyber Threat, as Study Finds Most Workers Have Clicked on a Suspicious Email Link

According to a recent report, half of office workers have clicked on a link or attachment within a suspicious email sent to their work address within the last 12 months, and of those that interacted with the email, half of them claimed to be confident in their ability to identify phishing emails.

With 68% of breaches involving the human element, your organisation must be cognisant of its employees. Hackers know that no matter what your tech stack is, you will always have employees and where there is an employee, there is a way into your organisation. It is far cheaper to exploit an employee who already has the access you require, than to develop a new exploit. It only takes one human to make a mistake by granting access to an attacker.  

When it came to training, only 41% of respondents said their employer had provided formal cyber security awareness training and 79% said their previous training is not sufficient to keep pace with modern cyber threats.

Source: [HackerNoon] [BusinessPlus]

Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor

A recent report commissioned by BT reveals that 86% of UK business leaders suffer from 'tech-related stress,' particularly concerning AI and cyber security, a phenomenon they have termed as 'Bytmares.' The report found that 59% of business leaders worry about the rapid and relentless pace of tech advancement, and whether appropriate controls are in place to protect it.

According to a different survey, 74% of business leaders view cyber security incidents as the main disruptive threat to their organisations either currently or over the next twelve months. This was followed by cloud computing, internet of things and artificial intelligence.

These findings highlight the critical importance of robust cyber security measures in today’s interconnected world. As organisations increasingly rely on digital infrastructure, safeguarding sensitive data and systems becomes paramount. Cyber threats can disrupt operations, compromise customer trust, and result in financial losses. Remember, cyber security is not just an IT concern; it is a strategic imperative for every organisation.

Sources: [Beta News] [Telecoms] [Verdict]

ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before

A recent update from the UK’s Information Commissioner’s Office (ICO) has revealed that ransomware attacks in the UK have surpassed all previous years, up 52% from the previous year. The report found that finance, retail and education sectors are suffering the most incidents.

The leading causes of breaches include phishing, brute force attacks, errors and supply chain attacks. The ICO noted that many organisations still neglect basic cyber security measures and has called for enhanced efforts to combat the escalating threat, emphasising the importance of foundational controls.

Sources: [Tech Monitor] [Government Business] [The Record Media] [Tech Monitor]

Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks

The latest Verizon Business Data Breach Investigations Report (DBIR) highlights that employee error is the leading cause of cyber security incidents in the EMEA region, accounting for 49% of cases. The top reasons for these incidents are “miscellaneous errors, system intrusion, and social engineering,” making up 87% of all breaches. Hackers primarily target personal information (64%), internal data (33%), and login credentials (20%). Despite zero-day vulnerabilities being a significant threat, with exploitation rising to 14% of breaches, the report emphasises the critical need for ongoing employee training and awareness to mitigate these risks.

Source: [TechRadar]

Why Cyber Insurance isn’t a Substitute for Cyber Risk Management

While cyber insurance can be beneficial in mitigating financial loss from cyber attacks, it is not a substitute for comprehensive cyber risk management. Many firms with cyber insurance have still fallen victim to attacks, highlighting that cyber insurance primarily transfers residual risk. Effective cyber risk management includes conducting proper risk assessments and implementing robust cyber security controls. Cyber insurance cannot resolve issues like business disruption, breach of client confidentiality, and compliance with legal obligations; this stresses the need for proactive measures and independent assurance to protect against cyber threats.

Source: [ Law Society of Scotland]

China Presents Defining Challenge to Global Cyber Security, Says GCHQ

A recent speech by the new director of the UK’s GCHQ highlighted China's growing cyber threat, describing it as an "epoch-defining challenge." She warned that China's destabilising actions undermine global internet security. The current head of the UKs’ NCSC echoed these concerns, pointing to the Chinese state-sponsored hacking group Volt Typhoon which has infiltrated critical sectors like energy and transportation. The National Cyber Director at the White House added that China’s cyber capabilities pose a significant threat to global infrastructure, particularly in crisis scenarios, as Chinese hackers increasingly use sophisticated techniques to pre-position within networks.

Source: [Infosecurity Magazine]

Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign

Since April, millions of phishing emails have been sent through a botnet known as “Phorpiex” to conduct a large-scale LockBit Black ransomware campaign. In a warning from New Jersey’s Cybersecurity and Communications Integration Cell, it was explained that the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The emails are sent from 1,500 unique IP addresses worldwide.

Sources: [Bleeping Computer]

Global Financial Stability at Risk Due to Cyber Threats, IMF warns

A new International Monetary Fund (IMF) report highlights the severe threat cyber attacks pose to global financial stability, revealing that nearly 20% of reported cyber incidents in the past two decades targeted the financial sector, causing $12 billion in direct losses. Since 2020, these attacks have led to an estimated $2.5 billion in direct losses. The report underscores that cyber incidents threaten financial institutions' operational resilience, potentially leading to funding challenges and reputational damage. The IMF calls for bolstered cyber security measures, including stress testing, information-sharing arrangements, and enhanced national cyber security strategies to mitigate these growing risks.

Source: [World Economic Forum]

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

An ongoing social engineering campaign that is bombarding enterprises with spam calls and emails has been uncovered. The campaign involves a threat actor overwhelming a user’s email with junk, followed by a call offering to assist in removing the junk. From here, the threat actor aims to convince the victim to download remote monitoring and management software such as AnyDesk or Microsoft’s built in Quick Assist feature to allow the attacker remote access to the victim’s machine.

Source: [The Hacker News]

Santander Data Breach via Third-Party Provider Impacted Customers and Employees

A recent disclosure by the Spanish bank Santander revealed a data breach at a third-party provider affecting customers in Chile, Spain, and Uruguay. Unauthorised access to a database hosted by the provider compromised information on all current and some former employees, but did not include transactional data, online banking details, or passwords. Santander said they swiftly implemented measures to contain the incident, blocking access to the compromised database and enhancing fraud prevention controls. The bank assured that its operations and systems remain unaffected, allowing customers to continue transacting securely. The number of impacted individuals remains unspecified.

There is a continued trend in third party providers being used as the soft underbelly to attack larger and better defended organisations, requiring all organisations to consider the security controls of their third parties.

Source: [securityaffairs.com]

40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs

Recent research has revealed that 40% of cyber teams have not reported a cyber attack due to the fear of losing their job. Unfortunately, this leaves businesses at risk of being non-compliant, without even knowing so. When it came to challenges faced by organisations, it was found that nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyber attacks and 32% did not have the resources to hire new staff. This is not to say however, they are unable to outsource some of their cyber function to cyber specialists. This lack of allocated resources prevents the organisation from being confident that any incidents have been appropriately remediated.

Source: [Business Wire]

Digital Resilience – a Step Up from Cyber Security

In an increasingly digital world, many organisations are unaware of how truly reliant they are on digital technology, and the accompanying risks. As we move toward an even more digitally dependent future, the need for digital resilience is more critical than ever. Digital resilience refers to the ability to maintain, change, or recover technology-dependent operations. Organisations should begin with an internal audit to assess their digital resilience, involving all departments and ensuring senior management oversight, as board involvement is essential for effective cyber security programmes.

Digital resilience goes beyond cyber security to encompass change management, business resilience, and operational risk. Implementing digital resilience strategies requires continuous adaptation, cross-functional collaboration, and embedding resilience thinking throughout the organisation. Businesses must integrate digital resilience into their strategic planning to ensure ongoing competitiveness and adaptability in an ever-evolving digital landscape.

Sources: [CSO Online] [CSO Online]

UK Lags Europe on Exploited Vulnerability Remediation

A new report by Bitsight reveals that UK organisations lag behind their European counterparts in remediating software flaws listed in the US ‘Known Exploited Vulnerability’ (KEV) catalogue. UK organisations take an average of 225 days to address KEVs, compared to 220 days for European entities and just 21 days for German organisations. Non-KEV vulnerabilities are patched at an even slower rate, with UK entities taking over two years (736 days) to patch. Globally, the average time to resolve KEVs is around six months (180 days). Despite fewer KEVs detected in UK environments (30% versus 43% in Europe), the slow remediation poses significant risks, emphasising the need for faster and more proactive cyber security measures, specifically robust vulnerability scanning and patching.

Source: [Infosecurity Magazine]

Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments

A recent discussion at the British Insurance Brokers' Association (BIBA) conference highlighted the increasing importance of cyber security for businesses, driven by the surge in cyber attacks and the use of AI by criminal gangs. Zurich Resilience Solutions UK noted that businesses face greater scrutiny from underwriters over their cyber exposures.

BIBA, together with the Association of British Insurers (ABI), and the International Underwriting Association (IUA), have united with the UK’s National Cyber Security Centre (NCSC) in a joint effort to tackle ransom payments. As a result of their collaboration, they have published new best practice guidance, which aims to reduce the number of payments being made by UK victims as well as the disruption businesses face.

Source: [Emerging Risks] [NCSC] [Infosecurity Magazine]

Governance, Risk and Compliance

• ICO calls on all organisations to boost their cyber security amid growing threat of cyber attacks | Practical Law (thomsonreuters.com)

• Firms neglecting cyber security basics - ICO - CIR Magazine

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Business leaders consider cyber security main disruptor – Q1 2024 survey - Verdict

• 40% of Cyber Teams Have Not Reported Cyber Attacks Over Fear of Losing Jobs, According to New VikingCloud Research | Business Wire

• The Growing Cyber Security Disconnect Leaves Enterprises Exposed (forbes.com)

• Cyber Security Is a Top Investor Concern | HackerNoon

• Cyber threats demand more focus – Zurich (emergingrisks.co.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Keep it secret, keep it safe: the essential role of cyber security in document management | CSO Online

• Cyber anxiety on the rise in the UK (betanews.com)

• UK business leaders are stressing out over pace of technological change (telecoms.com)

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• 44% of Cyber Security Professionals Struggle with Regulatory Compliance - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attacks threaten global financial stability, IMF warns | World Economic Forum (weforum.org)

• BISO: Enhancing cyber security in modern enterprises - SiliconANGLE

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• What Is Cyber Risk Quantification? | HackerNoon

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• A Third of CISOs Have Been Dismissed “Out of Hand” By the Board - Infosecurity Magazine (infosecurity-magazine.com)

• Maximizing cyber security ROI: A strategic approach | TechRadar

• Many CISOs don't feel they get the right respect from their board | TechRadar

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Lloyd’s updates cyber war wordings - Reinsurance News

• Are you meeting your cyber insurance requirements? - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• UK hit by more ransomware and cyber attacks last year than ever before (therecord.media)

• The ups and downs (and ups again) of the ransomware risk - Digital Journal

• Hackers Target Children of Corporate Executives in Ransomware Attacks (businessinsider.com)

• CISA: Black Basta ransomware breached over 500 orgs worldwide (bleepingcomputer.com)

• Cyber attacks leave significant financial impact on hacked organisations (kwch.com)

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• The UK may not have a choice on a ransomware payment ban | Computer Weekly

• 64% Jump in Ransomware Claims on Remote Access Tools, Report Shows (claimsjournal.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Organisations struggle to defend against ransomware - Help Net Security

• Ransomware statistics that reveal alarming rate of cyber extortion - Help Net Security

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Ransomware negotiator weighs in on the payment debate • The Register

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

• INC ransomware source code selling on hacking forums for $300,000 (bleepingcomputer.com)

• What is ransomware recovery? | Definition from TechTarget

• Ransomware Defence Strategies: Never Trust a Criminal (inforisktoday.com)

Ransomware Victims

• More than 470 legal actions against HSE over cyber attack (rte.ie)

• It's been a bad week for public cyber security | TechRadar

• Christie's Just Postponed the Rare Watches Auction Due to Cyber Attack (robbreport.com)

• Singing River Health System: Data of 895,000 stolen in ransomware attack (bleepingcomputer.com)

• Repeat Offenders: Black Basta’s Latest Healthcare Cyber Attack (informationweek.com)

• E-prescription provider MediSecure impacted by a ransomware attack (securityaffairs.com)

Phishing & Email Based Attacks

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Most Workers Have Clicked on a Suspicious Email Link (businessplus.ie)

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• Stay In The Loop On Emerging And Evolving Email Threat Trends (informationsecuritybuzz.com)

• Collaboration tools are now at the frontline in the battle against phishing (securitybrief.co.nz)

• 5 Common Phishing Vectors and Examples - 2024 (cybersecuritynews.com)

BEC

• Visualizing Global Losses from Financial Scams (visualcapitalist.com)

Other Social Engineering

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Low-tech tactics still top the IT security risk chart | CSO Online

• Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls (thehackernews.com)

• What is vishing and quishing, and how do you protect yourself? | PCWorld

• Beware of fake calls, ward off cyber criminals: Govt - The Statesman

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

Artificial Intelligence

• UK Government Unveils New AI Cyber Security Measures as ICO Details Importance of Data Protection | The Fintech Times

• UK agency releases tools to test AI model safety | TechCrunch

• Security industry struggles to consolidate against AI threats - SiliconANGLE

• Cyber Security Races to Unmask New Wave of AI Deepfakes (darkreading.com)

• Only one-third of firms deploy safeguards against generative AI threats, report finds | CIO Dive

• CISOs Reconsider Their Roles in Response to GenAI Integration - Security Boulevard

• AI's rapid growth puts pressure on CISOs to adapt to new security risks - Help Net Security

• Insider Risk in the Generative AI Era - InfoRiskToday

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Concern over AI cyber threats among UK infrastructure organisations | Security News (sourcesecurity.com)

• The Cyber Security Survival Guide For Generative AI (forbes.com)

2FA/MFA

• How to Prevent Attacks that Bypass MFA - InfoRiskToday

Malware

• Malware was almost 50% of threat detections in Q1 2024 | Security Magazine

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Man destroys his laptop after downloading 1,000 viruses to see which anti-virus software works the best (unilad.com)

Mobile

• Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials (thehackernews.com)

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com)

• Apple warns of increased iPhone security risks – Computerworld

• Apple and Google agree on standard to alert people when unknown Bluetooth devices may be tracking them | TechCrunch

• Protect against iPhone trojan GoldPickaxe: How-to - 9to5Mac

• Unwanted Tracking Alerts Rolling Out to iOS, Android - Security Week

• Apple blocked $7 billion in fraudulent App Store purchases in 4 years (bleepingcomputer.com)

• Android boosting security with Theft Detection Lock, factory reset protection  (9to5google.com)

• Data Privacy: All the Ways Your Cellphone Carrier Tracks You and How to Stop It

• Your Android phone could have stalkerware — here’s how to remove it | TechCrunch

Internet of Things – IoT

• Attack makes autonomous vehicle tech ignore road signs • The Register

• Millions of IoT Devices at Risk From Integrated Modem (darkreading.com)

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• IoT Vulnerabilities and BotNet Infections: A Risk for Executives - Security Boulevard

Data Breaches/Leaks

• Over 5.3 billion data records exposed in April 2024 | Computer Weekly

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Notorious threat actor IntelBroker claims the hack of the Europol (securityaffairs.com)

• Hacker claims another breach into Dell systems | SC Media (scmagazine.com)

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• Hacker claims to have stolen Dell customer data, twice. Here's how to protect yourself | ZDNET

• Santander Data Breach Impacts Customers, Employees - Security Week

• Employee data breaches up 41% - Personnel Today

• The legal sector's data breach conundrum: insights from ICO's latest report - Solicitors Journal

• JPMorgan Chase Suffers Data Breach Affecting Personal Information of 451,809 Customers - The Daily Hodl

• JPMorgan Fixes Security Flaw, Affects 450K Retirement Plans | Entrepreneur

• Europol confirms incident after data break-in claims • The Register

• Largest non-bank lender in Australia warns of a data breach (bleepingcomputer.com)

• Guernsey data breaches: More than 1,000 people affected - BBC News

• Up to 120,000 affected by data breach at City of Helsinki (helsinkitimes.fi)

• Billion-Dollar Bank Sued After Revealing Massive Data Breach Affecting Thousands of Customers, Exposing Account Details, Social Security Numbers and Medical Information: Report - The Daily Hodl

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

• Camden Council cyber attack warning after NRS Healthcare cyber attack | Ham & High (hamhigh.co.uk)

• Lessons learned from high-profile data breaches | TechTarget

• Zscaler Confirms Only Isolated Test Server Was Hacked - Security Week

• Nissan North America data breach impacts over 53,000 employees (bleepingcomputer.com)

Organised Crime & Criminal Actors

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• FBI working towards nabbing Scattered Spider hackers, official says | Reuters

• Low-tech tactics still top the IT security risk chart | CSO Online

• The Growing Cyber Threat Landscape: Insights into State-Sponsored and Criminal Cyber Activities | HackerNoon

• Top 5 Most Dangerous Cyber Threats in 2024 (darkreading.com)

• Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Insider Risk and Insider Threats

• Low-tech tactics still top the IT security risk chart | CSO Online

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Insider Risk in the Generative AI Era - InfoRiskToday

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• CISOs call to ditch the 'stigma of blame' in cyber security (computing.co.uk)

Insurance

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• NCSC guide to help businesses facing ransomware demands (biba.org.uk)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• Lloyd’s provides tighter guidance on cyber war wordings | Insurance Insider

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Are you meeting your cyber insurance requirements? - Help Net Security

Supply Chain and Third Parties

• Most Companies Affected by Software Supply Chain Attacks in the Last Year, Struggling to Detect and React Effectively - IT Security Guru

• Santander: a data breach at a third-party provider impacted customers and employees (securityaffairs.com)

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

Cloud/SaaS

• How to create a cloud security policy, step by step | TechTarget

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Secrecy Concerns Mount Over Spy Powers Targeting US Data Centres | WIRED

Encryption

• You want us to think of the children? Couldn't agree more • The Register

Linux and Open Source

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Establishing a security baseline for open source projects - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• The 10 most common 4-digit PIN numbers — are you at risk of a cyber attack? (nypost.com)

Social Media

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

Training, Education and Awareness

• The Future of Security Awareness - GovInfoSecurity

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

Regulations, Fines and Legislation

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

• Nigeria Halts Cyber Security Tax After Public Outrage (darkreading.com)

Models, Frameworks and Standards

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

Careers, Working in Cyber and Information Security

• The cyber security skills shortage: A CISO perspective | CSO Online

• Why cyber security staff burn out, and what to do about it (computing.co.uk)

Law Enforcement Action and Take Downs

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Lloyd’s updates cyber war wordings - Reinsurance News

• Civil society under increasing threats from ‘malicious’ state cyber actors, US (therecord.media)

Nation State Actors

China

• Cyber threat landscape permanently altered by Chinese operations, US officials say (therecord.media)

• GCHQ boss says China's 'genuine' cyber threat 'weakens security of internet for all' | Science & Tech News | Sky News

• Tracking the Progression of Earth Hundun's Cyber espionage Campaign in 2024 | Trend Micro (US)

• When Chinese Nationalist Hackers Go Rogue (globelynews.com)

• Can't blame all Chinese cyber attacks on the government - Asia Times

• How the West has struggled to keep up with China’s spy threat - BBC News

• Stifling Beijing in cyber space big focus for UK operatives • The Register

• China focuses on non-military ways to take Taiwan, reports warn - Washington Times

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• Chinese Crime Ring Uses Franchise Model to Grow Fake Online Shops (businessinsider.com)

• Three men charged with aiding Hong Kong intelligence service, says Met | UK news | The Guardian

Russia

• Russia is ramping up sabotage across Europe (economist.com)

• File Not Found: Russia Is Hacking Evidence of Its War Crimes - War on the Rocks

• NATO Draws a Cyber Red Line in Tensions With Russia - Security Week

• Pro-Russia hackers targeted Kosovo government websites (securityaffairs.com)

• Russian Actors Weaponize Legitimate Services in Multi-Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK 'increasingly concerned' about Russian intelligence links to hacktivists (therecord.media)

• To the Moon and back(doors): Lunar landing in diplomatic missions (welivesecurity.com)

• New backdoors on a European government's network appear to be Russian (therecord.media)

• 'Russian' hackers deface potentially hundreds of local British news sites (therecord.media)

• Investigation: How Russia's Warplanes Get Their 'Brain Power' From The West, Despite Sanctions

• The Three Seas Initiative: A Vanguard in Digitization and Cyber Security | Warsaw Institute

Iran

• Iran most likely to launch destructive cyber attack on US • The Register

North Korea

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

Vulnerability Management

• Not Just MOVEit: 2023 Was a Banner Year for Zero-Days (inforisktoday.com)

• (Cyber) Risk = Probability of Occurrence x Damage (thehackernews.com)

• Critical vulnerabilities take 4.5 months on average to remediate - Help Net Security

• The Fall of the National Vulnerability Database (darkreading.com)

• Backlogs at National Vulnerability Database prompt action from NIST and CISA | CSO Online

• UK Lags Europe on Exploited Vulnerability Remediation - Infosecurity Magazine (infosecurity-magazine.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped - Infosecurity Magazine (infosecurity-magazine.com)

• Heartbleed: When Is It Good to Name a Vulnerability? (darkreading.com)

Vulnerabilities

• Google Chrome emergency update fixes 6th zero-day exploited in 2024 (bleepingcomputer.com)

• Google patches third exploited Chrome zero-day in a week (bleepingcomputer.com)

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com) 

• Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days (thehackernews.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day (darkreading.com)

• New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (thehackernews.com)

• Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  - Security Week

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• CISA and FBI Issue Alert on Path Traversal Vulnerabilities - Security Boulevard

• VMware Patches Severe Security Flaws in Workstation and Fusion Products (thehackernews.com)

• Firefox 126: Telemetry, privacy feature, and security fixes - gHacks Tech News

• SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Security Week

• Adobe Patches Critical Flaws in Reader, Acrobat - Security Week

• Cisco Releases Security Updates for Multiple Products | CISA

• Microsoft shares temp fix for Outlook encrypted email reply issues (bleepingcomputer.com)

Tools and Controls

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• How To Implement Threat Modeling To Protect Your Business - Minutehack

• How to create a cloud security policy, step by step | TechTarget

• Hackers use DNS tunneling for network scanning, tracking victims (bleepingcomputer.com)

• AWS CISO: In AI gold rush, folks forget application security • The Register

• What Is Cyber Risk Quantification? | HackerNoon

• Best Practices for Preparing for a Cyber Breach | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Ridding your network of NTLM | CSO Online

• Maximizing cyber security ROI: A strategic approach | TechRadar

• What is ransomware recovery? | Definition from TechTarget

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• Addressing the Cyber Security Vendor Ecosystem Disconnect (darkreading.com)

• The Future of Security Awareness - GovInfoSecurity

• Microsoft Deploys Generative AI for US Spies | WIRED

• How to Think About Foundation Models for Cyber Security | Andreessen Horowitz (a16z.com)

Reports Published in the Last Week

• Learning from the mistakes of others – A retrospective review | ICO

• 2024 Browser Security Report (layerxsecurity.com)

• At-Bay's 2024 InsurSec Report [Download Now]

• Kaspersky’s Incident Response Analyst report 2023 (kasperskycontenthub.com)

Other News

• Microsoft president summoned to House over security blunders • The Register

• National Cyber Security Centre: Tech market not working - The Business Magazine

• Critical infrastructure security needs everyone's help • The Register

• Your Hospital Is Under Cyber Attack. Now What? (newsweek.com)

• BT, TalkTalk, Virgin Media and Vodafone on UK Router Security and Upgrades - ISPreview UK

• Hackers use DNS tunnelling for network scanning, tracking victims (bleepingcomputer.com)

• NCSC CTO: Broken market must be fixed to usher in new tech • The Register

• Public Sector IT is Broken: Turning the System Back On - IT Security Guru

• The Cyber Security Implications Of Gen Z’s Tech-Savvy Lifestyle (forbes.com)

• Fortify Your Digital Defences: Top Home Cyber Security Strategies for Personal Protection | HackerNoon

• Classes cancelled as 'sinister' school cyber attacks rise - BBC News

• Irony abounds as UK NCSC’s simple door codes revealed • The Register

• Candidates to get cyber security support amid general election interference fears (nation.cymru)

• NCSC launches Share and Defend capability | UKAuthority

• Too many ICS assets are exposed to the public internet - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

Microsoft’s May Patch Tuesday provides updates to address 61 security issues across its product range. Notably, the update tackles two actively exploited zero-day vulnerabilities. The zero-days include a security feature bypass and an elevation of privilege vulnerability. Among the updates provided by Microsoft were 1 critical vulnerability, allowing an attacker remote code execution.

In addition to the Microsoft updates this week also saw Adobe, Apple, Firefox, Google Chrome, SAP and VMware all provide updates for vulnerabilities in a variety of their products, including multiple zero-days and critical vulnerabilities.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an unauthenticated attacker to gain code execution as well as elevating to system privileges, the highest available. Both of which compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have an available patch should be updated as soon as possible.

Technical Summary

Microsoft

CVE-2024-30040 – A security feature bypass, in which an unauthenticated attacker can gain code execution through convincing a user to open a malicious document. It is now known how this flaw was abused in attacks.

CVE-2024-30051- A flaw in Windows DWM Core Library which upon exploitation, allows an attacker to elevate to system privileges, the highest available.

Apple

Apple have addressed multiple vulnerabilities in its products, including 16 vulnerabilities on iPhone and iPads. This includes include one vulnerability which the company say “may have been exploited”.

Adobe

Adobe have addressed 37 vulnerabilities in its products, including 9 critical vulnerabilities in Adobe Acrobat and Reader, ,  2 critical vulnerabilities in Adobe Commerce, Adobe InDesign, Adobe Experience manager, 1 critical vulnerability in Adobe Media Encoder and Adobe Bridge, 3 critical vulnerabilities in Adobe Illustrator and 2 critical vulnerabilities in Adobe Animate. The company said it was not aware of any exploits in the wild for any of the documented issues.

Firefox

Firefox has upgraded to version 126. The new version addresses 16 unique security issues. None of the vulnerabilities are currently under active exploitation. The release also comes with some quality-of-life changes such as search telemetry changes and copy link without site tracking.

Google Chrome

Google Chrome released an emergency update to fix their 6th zero-day exploited this year, just one week after a previous one. Google are aware that an exploit for the vulnerability exists in the wild. Users are recommended to update as soon as possible.

SAP

This month, SAP has released 17 patches, which include 14 new fixes and 3 updates from previous releases. Two patches and one update have been given the “hot news” priority in SAP, the highest severity. The vulnerabilities encompass a range of issues, including CSS Injection, Remote Code Execution, File Upload flaws, and Cross-Site Scripting (XSS).

VMWare

Multiple security flaws, including one critical vulnerability, have been addressed by VMware after their exploitation was demonstrated at a security event. Some of the vulnerabilities do not have a fix yet and as such, users are advised to disable Bluetooth support and 3D acceleration as temporary workarounds until patches are applied.

More info:

Microsoft

Further details on other specific updates within Microsoft’s May patch Tuesday can be found here:

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/

https://www.ghacks.net/2024/05/14/microsoft-releases-the-may-2024-security-updates-for-windows/

Apple

Further details of the vulnerabilities in Apple can be found here:

https://support.apple.com/en-gb/HT201222

Adobe

Further details of the vulnerabilities in Adobe Acrobat and Reader can be found here:

https://helpx.adobe.com/security/products/acrobat/apsb24-29.html

Further details of the vulnerabilities in Adobe Photoshop can be found here:

https://helpx.adobe.com/security/products/photoshop/apsb24-16.html

Further details of the vulnerabilities in Adobe Commerce can be found here:

https://helpx.adobe.com/uk/security/products/magento/apsb24-18.html

Further details of the vulnerabilities in Adobe InDesign can be found here:

https://helpx.adobe.com/uk/security/products/indesign/apsb24-20.html

Further details of the vulnerabilities in Adobe Experience Manager can be found here:

https://helpx.adobe.com/uk/security/products/experience-manager/apsb24-21.html

Further details of the vulnerabilities in Adobe Media Encoder can be found here:

https://helpx.adobe.com/uk/security/products/media-encoder/apsb24-23.html

Further details of the vulnerabilities in Adobe Bridge can be found here:

https://helpx.adobe.com/uk/security/products/bridge/apsb24-24.html

Further details of the vulnerabilities in Adobe Illustrator can be found here:

https://helpx.adobe.com/uk/security/products/illustrator/apsb24-25.html

Further details of the vulnerabilities in Adobe Animate can be found here:

https://helpx.adobe.com/uk/security/products/animate/apsb24-26.html

Firefox

Further details on the vulnerabilities addressed in the Firefox release can be found here:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/

Google Chrome

Further details on the vulnerabilities addressed in the Google Chrome update can be found here:

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html

SAP

Further details on the vulnerabilities addressed in SAP can be found here:

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2024.html

VMware

Further details on the vulnerabilities addressed by VMware can be found here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

China Suspected of Hacking UK Ministry of Defence, Through Its Payroll Provider

UK Defence Secretary Grant Shapps has confirmed that over 270,000 personal details have been leaked after the MoD was hacked through its third-party payroll provider, SSCL. The affected systems have been pulled offline since the attack. SSCL’s website describes that it manages HR for the armed forces, the Metropolitan Police and other areas of British government. The commercial supply chain, and in particular HR and payroll providers, is increasing being used as the soft underbelly to attack larger and better protected organisations.

Sources: [LBC] [The Register] [Sky News]

Security Tools Fail to Translate Risks for Executives

Organisations are struggling with internal communication barriers, hindering their ability to address and mitigate cyber security threats, according to a report which found that seven out of 10 C-suite executives said their security teams talk in technical terms without providing business context. However, in contrast, 75% of CISO’s highlight the issue is rooted in security tools that cannot generate the insights C-level executives and boards can use to understand business implications. The role of a good CISO should be to take the output of these tools and turn that data into metrics the Boards can understand.

The issues highlight the necessity for organisations to have someone in their organisation, whether an employee or a third-party, who is able to ingest technical results and translate them into a style that the C-suite can understand for business risk management.

Source: [Help Net Security]

Gang Accused of MGM Hack Shifts Attacks to Finance Sector

The hacking group responsible for the infamous hack on MGM and Caesar’s Palace resorts is engaged in a new campaign targeting the financial sector. The group known as Scattered Spider has targeted 29 companies since 20 April this year, compromising at least 2 insurance companies so far. The research has stated that the attackers are purchasing lookalike domains that match the name of target companies, hosting fake log-in pages. Links to these are sent to employees, in an attempt to direct them there. The most recent attack took place just days ago, with more expected.

Sources: [Bloomberg Law] [Claims Journal]

Are SMEs Paving the Way for Cyber Attacks on Larger Companies?

A recent study highlights the escalating cyber threats facing businesses, particularly SMEs and supply chains. The study found that 32% of UK businesses, including 69% of large and 59% of mid-sized organisations, suffered a cyber attack last year. The situation is worse for SMEs, with weaker security systems and 77% lacking in-house cyber security. SMEs can become entry points for hackers targeting larger partners through interconnected supply chains. Meanwhile, Verizon’s latest data breaches report revealed a 68% increase in supply chain breaches, accounting for 15% of all breaches in 2023, up from 9% in 2022. These breaches are primarily driven by third-party software vulnerabilities exploited in ransomware and extortion attacks. Experts emphasise proactive cyber policies, vulnerability scans, and employee education for SMEs to bolster defences. They also urge organisations to consider third-party bugs as both vulnerability and vendor management problems, make better vendor choices, and use external signals like SEC disclosures in the United States to guide decisions. These measures can help prevent SMEs from becoming gateways for larger attacks and manage the rising threat of supply chain breaches.

Sources: [Insurance Times] [Dark Reading]

Misconfigurations Drive 80% of Security Exposure, Report Finds

A recent report has found that 80% of security exposures are caused by identity and credential misconfigurations, with a third of these putting critical assets at risk of a breach. According to the report, the majority of this is within an organisation’s network user management (Active Directory) and 56% of breaches that impact critical assets are within cloud platforms. There is often the misconception that cloud-based environments are secure by default, but misconfigurations can undo any security benefits and still leave you exposed. Just because someone else built and maintains your house, it is still your responsibility to lock the doors and windows.

Sources: [Security Magazine]

Only 45% of Organisations Employ MFA Protections

A recent report of IT decision-makers has found that 97% are facing challenges with identity verification and 52% are very concerned about credential compromise, followed by account takeover (50%). When it comes to reinforcing identity verification, only 45% used multi-factor authentication (MFA). By using MFA, organisations are forcing two identification verifications: simply knowing a username and password is not enough, especially given the speeds with which attackers can crack passwords, with average 8 character passwords able to be cracked in less than a minute. Whilst no control is 100% impenetrable, enabling MFA will aid in increasing your organisation's cyber resilience.

Source: [Help Net Security]

You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever

For many organisations, visibility of their information assets can be incredibly hard to obtain and maintain, with different tools, under-reporting and shadow IT contributing to the problem. Unfortunately, cyber criminals are getting faster at exploiting vulnerabilities, and if you do not know you have the vulnerability in your estate then you cannot patch against it. In their recent report, Fortinet found that attacks started on average 4.76 days after new exploits were publicly disclosed.

Interestingly though, while zero-day threats garner much attention (these are ‘new’ vulnerabilities that are being exploited by attackers but for which there are no security patches yet available), one third of all exploits are for older vulnerabilities. This highlights the need for a comprehensive and robust approach to network security and vulnerability management, beyond simply patching what Microsoft puts out once a month. To have effective patch management, organisations must know what they need to patch and therefore must have visibility of the corporate environment. A good starting block is the creation of a robust information asset register.

Sources: [Security Brief] [Help Net Security] [IT Security Guru]

The Rise and Stealth of The Socially Engineered Insider

Social engineering has become increasingly prevalent as the preferred tactic for foreign adversaries. Insiders are prime targets due to their privileged access to sensitive data. This is particularly affecting the technology, pharma, and critical infrastructure sectors. Advances in AI and social platforms have made it easier to exploit these vulnerabilities. These advances allow threat actors to tailor attacks with unprecedented speed and realism. Using methods like coercion or deception, these actors exploit employees to gain high-value data that can be weaponised. As a result, the threat landscape has become more complex, blurring the lines between internal and external risks. To bolster their defences, organisations are now investing in insider risk management and AI. They are also emphasising employee education and cross-sector collaboration.

Source: [Forbes]

Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training

An ISACA study and the AI Security & Governance Report reveal a complex landscape of AI adoption and security. 73% of European organisations and 54% of global organisations use AI, with 79% increasing their AI budgets, however training and policy development lag behind. Only 30% offer limited training, 40% provide none, and a mere 17% have a comprehensive AI policy. Despite AI’s potential, 80% of data experts find it complicates security, with concerns high around generative AI exploitation (61% of respondents) and AI-powered attacks (over 50% of business leaders). Data poisoning and privacy issues persist, yet 85% of leaders express confidence in their data security strategies, with 83% revising privacy and governance guidelines. With 86% recognising a need for AI training within two years, the call for dynamic governance strategies and formal education is clear to manage evolving threats.

Sources: [Help Net Security] [IT Security Guru]

Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security

Cyber security success depends on more than just technology. Bad actors are always looking for the easiest entry point, meaning that employees’ everyday actions are crucial, when even one careless click or a weak password can be an open door for hackers. However, empowered with the right knowledge and tools, staff can become a robust defence. Nearly 80% of organisations have reported an increase in phishing attacks, but training programs like role-playing exercises and phishing simulations significantly reduce these risks. Effective cyber security also hinges on C-suite leaders promoting a security-first culture, ensuring all employees understand the risks and follow strict protocols like MFA and strong password policies. Consistent training and open communication are vital in fostering a resilient, security-aware workforce.

Source: [JDSupra]

Ransomware Activity Thrives, Despite Law enforcement Efforts

Despite the recent law enforcement takedowns on ransomware groups, ransomware remains rife. Whilst the takedown of a group can come as an initial relief in that the group has gone, it simply forces ransomware affiliates to diversify. This is reflected in ransomware continuing its growth in the first quarter of 2024, with 18 new leak sites, the largest number in a single quarter, emerging over this period. When comes to those at risk, both financial services and healthcare remain a prominent target.

Sources: [Help Net Security ] [Infosecurity Magazine] [Help Net Security]

NATO Warns of Russian Hybrid Warfare

NATO has issued a statement in which it describes it is “deeply concerned about Russia's hybrid actions and the threat that they constitute to NATO security”.  The actions are described to include sabotage, acts of violence, cyber and electronic interference, and disinformation campaigns. This comes as many countries including the UK and US are due to have elections this year.

Sources: [EU Reporter] [Financial Times]

Governance, Risk and Compliance

• You cannot protect what you do not understand (securitybrief.co.nz)

• Why 2024 will be the year of the CISO | CSO Online

• Security tools fail to translate risks for executives - Help Net Security

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs (thehackernews.com)

• Now More Than Ever, it's Crucial for Companies to Get Cyber Security Right (newsweek.com)

• Why SMBs are facing significant security, business risks - Help Net Security

• Are SMEs paving the way for cyber attacks on larger companies? | Insurance Times

• Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra

• The Art Of Cyber Security Governance: Safeguarding Beyond Code (forbes.com)

• CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes (darkreading.com)

• 92% of CISOs Question the Future of Their Role Amidst Growing AI Pressures | Business Wire

• What's the Future Path for CISOs? (darkreading.com)

• RSAC: How CISOs Should Protect Themselves Against Indictments - Infosecurity Magazine (infosecurity-magazine.com)

• Three strategies for winning the cyber security arms race | Fintech Nexus

• Why Cyber Security Is More Important Than Ever | Inc.com

• Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)

• CIOs and CFOs, two parts of the same whole - IT Security Guru

Threats

Ransomware, Extortion and Destructive Attacks

• Gang Accused of MGM Hack Turns Its Sights on Finance Sector (bloomberglaw.com)

• The State of Ransomware 2024 - InfoRiskToday

• Cybercrime Unicorns: What Everyone Needs to Know About Ransomware Gangs (pcmag.com)

• Why Paying Should Be A Last Resort In Ransomware Attacks (forbes.com)

• Ransomware activity is back on track despite law enforcement efforts - Help Net Security

• Ransomware evolves from extortion to 'psychological attacks' • The Register

• Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (thehackernews.com)

• Ransomware attacks impact 20% of sensitive data in healthcare orgs - Help Net Security

• An overwhelming majority of organisations paid ransomware last year - eCampus News

• Global ransomware crisis worsens - Help Net Security

• The Growing Threat of Advanced Ransomware Attacks (inforisktoday.com)

• Law enforcement seized Lockbit group's website again (securityaffairs.com)

• Consultant charged with $1.5M extortion of IT giant • The Register

• IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar

• Alleged Russian hacker unmasked as Bermuda joins sanctions effort - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

• Ransomware crooks SIM swap kids to pressure parents • The Register

• Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)

• 97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)

• Tips for Protecting Active Directory From Ransomware Attacks | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• CISA boss: Secure software needed to stop ransomware • The Register

• Shields Up: How to Minimize Ransomware Exposure - Security Week

• How financial services organisations can protect valuable data in the age of ransomware (finextra.com)

• Defenders assemble: Time to get in the game – Sophos News

Ransomware Victims

• UnitedHealth’s 'egregious negligence' led to that ransomware • The Register

• Ascension healthcare takes systems offline after cyber attack (bleepingcomputer.com)

• London Drugs president tight-lipped over recent cyber attack | CBC News

• Boeing confirms attempted $200 million ransomware extortion attempt | CyberScoop

• Cyber attack disrupts operations at major US health care network | CNN Business

• City of Wichita Shuts Down Network Following Ransomware Attack - Security Week

• Patient appointments imperilled by cyber attack on French radiologist (therecord.media)

• Ransomware attack hits Brandywine Realty Trust | SC Media (scmagazine.com)

Phishing & Email Based Attacks

• NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Social Engineering

• The Rise And Stealth Of The Socially Engineered Insider (forbes.com)

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

• What is social engineering penetration testing? | Definition from TechTarget

Artificial Intelligence

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

• Organisations go ahead with AI despite security risks - Help Net Security

• Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)

• Strategies for preventing AI misuse in cyber security - Help Net Security

• AI is changing the game when it comes to cyber security | ITPro

• Why the Cyber Security Industry Is Obsessed With AI Right Now - CNET

• LLMs & Malicious Code Injections: 'We Have to Assume It's Coming' (darkreading.com)

• Cyber Security, Deepfakes and the Human Risk of AI Fraud (govtech.com)

• How to detect deepfakes manually and using AI | TechTarget

• Report Shows AI Fraud, Deepfakes Are Top Challenges For Banks - Infosecurity Magazine (infosecurity-magazine.com)

• Criminal Use of AI Growing, But Lags Behind Defenders - Security Week

2FA/MFA

• Only 45% of organisations use MFA to protect against fraud - Help Net Security

• UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert

Malware

• Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (thehackernews.com)

• ZLoader Malware adds Zeus's anti-analysis feature (securityaffairs.com)

• Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)

• Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)

• New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)

• Hackers are using fake apps to distribute this dangerous Mac malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (thehackernews.com)

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)

Mobile

• Mobile Banking Malware Surges 32% - Infosecurity Magazine (infosecurity-magazine.com)

• Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)

• European Threat To End-To-End Encryption Would Invade Phones (forbes.com)

• Ransomware crooks SIM swap kids to pressure parents • The Register

Denial of Service/DoS/DDOS

• 87% of DDoS Attacks Targeted Windows OS Devices in 2023 (darkreading.com)

Data Breaches/Leaks

• How does a data breach affect you and why should you care? | TechRadar

• Defence secretary Grant Shapps confirms name of contractor running MoD system hacked by China | Politics News | Sky News

• Dell customer order database stolen, for sale on dark web • The Register

• IT Consulting Firm Blames MSP for Data Breach | MSSP Alert

• 10,000 Customers’ Data Exposed in UK Government Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED

• Cyber attack: Large volume of data stolen in attack on Scottish health board (scotsman.com)

• Security breach affects 6,000 German military VC meetings (avinteractive.com)

• Security company exposes 1.2M guard and suspect records • The Register

• Children's mental health records published after cyber attack - BBC News

• Georgia education agency's MOVEit data theft impacted 800K • The Register

• Data Brokers: What They Are and How to Safeguard Your Privacy - IT Security Guru

• Zscaler Investigates Hacking Claims After Data Offered for Sale - Security Week

• UK government departments reveal rise in data breaches & lost devices (datacentrenews.uk)

• 'Sophisticated' cyber attacks involving British Colombia government networks found | CBC News

• Cancer patients' sensitive information accessed by "unidentified parties" after being left exposed by screening lab for years (bitdefender.com)

• Over 380K more NYC students had info leaked, bringing total to over 1M (nypost.com)

• Dating apps kiss'n'tell all sorts of sensitive user info • The Register

Organised Crime & Criminal Actors

• Hackers of all kinds are attacking routers across the world | TechRadar

• Cyber crime stats you can't ignore - Help Net Security

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

• Threat Actors Weaponize Hacktivism for Financial Gain - Infosecurity Magazine (infosecurity-magazine.com)

• Massive webshop fraud ring steals credit cards from 850,000 people (bleepingcomputer.com)

• Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Insider Risk and Insider Threats

• The Rise And Stealth Of The Socially Engineered Insider (forbes.com)

• Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra

Supply Chain and Third Parties

• UK Military Data Breach a Reminder of Third-Party Risk (darkreading.com)

• Details of UK military personnel exposed in huge payroll data breach | AP News

• Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)

• DBIR: Supply Chain Breaches Up 68% Year Over Year (darkreading.com)

• IT Consulting Firm Blames MSP for Data Breach | MSSP Alert

• The complexities of third-party risk management - Help Net Security

Cloud/SaaS

• What is Cloud Security in Banking? | HackerNoon

• Does cloud security have a bad reputation? | InfoWorld

Encryption

• Cop complaints won't stop E2EE, says encryption advocate • The Register

• European Threat To End-To-End Encryption Would Invade Phones (forbes.com)

Linux and Open Source

• Open-Source Cyber Security Is a Ticking Time Bomb (gizmodo.com)

• Spies Among Us: Insider Threats in Open Source Environments (darkreading.com)

• A Guide to Open Source Software Security - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

• Microsoft introduces Passkeys support for consumer accounts - gHacks Tech News

• Google Announces Passkeys Adopted by Over 400 Million Accounts (thehackernews.com)

• UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert

• Hackers can crack average 8-character passwords in under a minute (newsbytesapp.com)

• What is credential stuffing? | Kaspersky official blog

• How secure is the “Password Protection” on your files and drives? - Help Net Security

Social Media

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

Training, Education and Awareness

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

Regulations, Fines and Legislation

• The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard

• EU plan to force messaging apps to scan for CSAM risks millions of false positives, experts warn | TechCrunch

• The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

• Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)

Models, Frameworks and Standards

• The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

Data Protection

• Privacy requests increased 246% in two years - Help Net Security

Careers, Working in Cyber and Information Security

• How workforce reductions affect cyber security postures - Help Net Security

• One in Four Tech CISOs Unhappy with Compensation - Security Boulevard

Law Enforcement Action and Take Downs

• Ransomware activity is back on track despite law enforcement efforts - Help Net Security

• Law Enforcement Takedowns Force Ransomware Affiliates to Diversify - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit's seized darknet site resurrected by police, teasing new revelations (therecord.media)

• LockBit leader unmasked and sanctioned - National Crime Agency

• Israeli private investigator wanted for hacking in US is arrested in London | The Independent

• German police bust Europe's 'largest' scam call centre – DW – 05/02/2024

• Consultant charged with $1.5M extortion of IT giant • The Register

• 97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Israeli private investigator wanted for hacking in US is arrested in London | The Independent

• Cyber Attacks on US Utilities: New Trends in Cyber Warfare - ClearanceJobs

• 'The Mask' Espionage Group Resurfaces After 10-Year Hiatus (darkreading.com)

Nation State Actors

China

• Defence secretary Grant Shapps confirms name of contractor running MoD system hacked by China | Politics News | Sky News

• Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)

• Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)

• Geopolitical tensions rise with China. (thecyberwire.com)

• China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (thehackernews.com)

Russia

• Malice from Moscow: NATO warns of Russian hybrid warfare - EU Reporter

• Russia plotting sabotage across Europe, intelligence agencies warn (ft.com)

• How Nato could respond after wave of Russian spy arrests across Europe (inews.co.uk)

• EU, NATO denounce Russia's cyber attacks on Germany, Czechia (kyivindependent.com)

• Russia Cyber Attack Germany's Ruling Party, Defence | Silicon UK

• Foreign Ministry:  Czech institutions targeted by GRU cyber attacks | Radio Prague International

• Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (thehackernews.com)

• Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)

• Russia slammed for cyber attacks (emergingrisks.co.uk)

• Ukraine records increase in financially motivated attacks by Russian hackers (therecord.media)

• UK joins partners in condemnation of malicious cyber activity by Russian Intelligence Services: UK government statement - GOV.UK (www.gov.uk)

• Russian cyber attacks on Germany spur intensified cyber recruitment and training   - Freelance Informer

• Cyber War? EU rages over alleged Russian cyber attack on German’s ruling SPD (brusselssignal.eu)

• Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)

• A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED

• Russia says Germany using baseless 'hacker myths' to destroy ties | Reuters

• Highlights of international and Ukrainian cyber security news in April 2024 - National Security and Defence Council of Ukraine (rnbo.gov.ua)

• Poland says it too was targeted by Russian hackers – POLITICO

• Kaspersky denies claims it helped Russia with drones • The Register

Iran

• Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

North Korea

• NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Far-right websites hacked and defaced  | CyberScoop

• Threat Actors Weaponise Hacktivism for Financial Gain - Infosecurity Magazine (infosecurity-magazine.com)

• Amnesty International Cites Indonesia as a Spyware Hub (darkreading.com)

• New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)

• Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know | WIRED

Vulnerability Management

• Cyber criminals are getting faster at exploiting vulnerabilities - Help Net Security

• Misconfigurations drive 80% of security exposures | Security Magazine

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises - IT Security Guru

• Patch management vs. vulnerability management: Key differences | TechTarget

• How remote work is changing patch management | TechTarget

• What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)

• CISA’s KEV list improving private and public-sector patching • The Register

• CISA Announces CVE Enrichment Project 'Vulnrichment' - Security Week

Vulnerabilities

• Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (thehackernews.com)

• Citrix Addresses High-Severity NetScaler Servers Flaw (darkreading.com)

• Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (bleepingcomputer.com)

• Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) - Help Net Security

• LiteSpeed Cache WordPress plugin actively exploited in the wild (securityaffairs.com)

• New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (thehackernews.com)

• New BIG-IP Next Central Manager bugs allow device takeover (bleepingcomputer.com)

• Microsoft: April Windows Server updates also cause crashes, reboots (bleepingcomputer.com)

• Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)

• Apple just fixed an iTunes security flaw for Windows users, but they probably have bigger issues to worry about anyway | iMore

• Citrix warns customers to update PuTTY version installed on their XenCenter system manually (securityaffairs.com)

Tools and Controls

• Behind Closed Doors: The Rise of Hidden Malicious Remote Access (cybereason.com)

• Security tools fail to translate risks for executives - Help Net Security

• Misconfigurations drive 80% of security exposures | Security Magazine

• A Guide to Cyber Threat Intelligence (greydynamics.com)

• NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

• Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica

• Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises - IT Security Guru

• Strategies for preventing AI misuse in cyber security - Help Net Security

• Shadow APIs: An Overlooked Cyber Risk for Orgs (darkreading.com)

• How to detect deepfakes manually and using AI | TechTarget

• What is social engineering penetration testing? | Definition from TechTarget

• How workforce reductions affect cyber security postures - Help Net Security

• What is biometrics? 10 physical and behavioural identifiers that can be used for authentication | CSO Online

• What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)

• Top 10 physical security considerations for CISOs | CSO Online

• Three Battle-Tested Tips for Surviving a Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar

• A SaaS Security Challenge: Getting Permissions All in One Place  (thehackernews.com)

• Tips for Protecting Active Directory From Ransomware Attacks | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Tips for Controlling the Costs of Security Tools - The New Stack

• Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)

• Microsoft confirms Windows 11 24H2 turns on Device Encryption by default (windowslatest.com)

Reports Published in the Last Week

• The State of Ransomware 2024 - Sophos

Other News

• Microsoft overhaul treats security as ‘top priority’ after a series of failures - The Verge

• Microsoft will base part of senior exec comp on security, add deputy CISOs to product groups – GeekWire

• The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard

• Complexity leads to trade-off between risk and innovation (betanews.com)

• When has the UK faced cyber attacks in the past? | The Independent

• Man-in-the-middle attack: The new cyber security threat | YourStory

• Paris 2024 gearing up to face unprecedented cyber security threat | Reuters

• From Warnings to Action: Preparing America’s Infrastructure for Imminent Cyber Threats - Security Week

• 38% of riskiest cyber physical systems neglected, warns Claroty report (securitybrief.co.nz)

• Why undersea cables need high-priority protection • The Register

• GAO: NASA Faces 'Inconsistent' Cyber Security Across Spacecraft (darkreading.com)

• Cyber security regulations: Are non-compliant cars more vulnerable? | Autocar

• Fujitsu sets aside £200m as calls mount for Post Office scandal payout

• eGates across UK airports go down (thelondoneconomic.com)

• FE News | Why the education sector needs to do the homework on cyber security as attacks soar

• Caught with our pants down - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities

Attackers continue to aggressively target small and mid-size businesses using specific high-profile vulnerabilities dating back a decade or more, network telemetry shows. Findings have shown that this is due to these vulnerabilities featuring in a wide range of products. Due to their prevalence, they can often become missed by organisations conducting patch management and therefore leave the organisation open.

For this reason it is critical that all organisations, including smaller organisations, have internal as well as external vulnerability scanning. You might believe your systems are patched up to date but there is no way to confirm without scanning , or to know which patches might have been missed.

Sources: [Infosecurity Magazine]

91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit

Ransomware attacks saw a significant surge in 2023, following a dip in 2022. The number of victims increased by 66% from 2022 to 2023, with 91% of those affected paying at least one ransom. 58% of organisations have been targeted six times or more.

The Sophos State of Ransomware 2023 report highlighted ransom payments rose by 500%; nearly two-thirds exceeded $1m or more, with an average payment of $2m. Furthermore, 30% of the demands were for over $5m.

In the US, 18% of incidents led to litigation, with 123 lawsuits filed in 2023 and 355 over five years. Data breaches, affecting 283.3 million records, primarily triggered these lawsuits, especially in healthcare and finance sectors. The resolution rate is 59%, with the highest settlement at $8.7m. Regulatory fines added nearly $10m to the financial impact. These figures underscore the significant financial implications of ransomware attacks and the urgent need for robust cyber security measures.

Sources: [ZD Net] [Infosecurity Magazine] [Security Magazine] [PrNewsWire] [Infosecurity Magazine]

BEC and Fund Transfer Fraud Top Insurance Claims

Cyber Insurer Coalition's 2024 Cyber Claims Report highlights a significant trend in cyber security threats, identifying email-based fraud as the predominant cause of insurance claims in 2023, accounting for 53% of all claims. Business email compromise (BEC) and funds transfer fraud (FTF) topped the list, contributing to 28% of claims and increasing claim amounts by 24% to an average loss exceeding $278,000. In contrast, ransomware, while less frequent at 19% of claims, also saw a rise in both frequency and severity, with average losses climbing to over $263,000. The report also notes a 13% year-on-year surge in overall claims, with substantial losses tied to compromised network security devices and a notable vulnerability in organisations using exposed remote desktop protocols.

Source: [Infosecurity Magazine]

Correlating Cyber Investments with Business Outcomes

The US Securities and Exchange Commission (SEC) has implemented stringent new rules compelling organisations to report significant cyber incidents within four days and to annually disclose details concerning their cyber security risk management, strategy, and governance. These mandates are seen as giving “more teeth to the idea that cyber security is a business problem” and “bringing an element of cyber security to the boardroom” according to cyber security solutions provider SecurityGate. Highlighted in the "Cybersecurity Insights" podcast, experts argue for simplifying cyber security strategies, advocating sustained resource allocation over reactive measures, and emphasising the importance of training over expensive solutions. These steps are deemed crucial for enhancing organisational resilience and security in a landscape where cyber threats are increasingly sophisticated and pervasive.

Source: [InfoRisk Today] 

Verizon: Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link

Verizon has released the findings of its 17th Annual Data Breach Investigations Report, which showed security incidents doubled year over year in 2023 to a record high 30,458 security events and 10,626 confirmed breaches. Some of the key takeaways from the 100-page report include zero-day attacks on unpatched systems and devices rising 180% in 2023, most breaches (68%) involving a non-malicious human element and the median time for users to fall for phishing emails falling just south of 60 seconds. In its first inclusion as a separate metric, supply chain attacks were found to contribute to 15% of all attacks.

Sources: [MSSP Alert] [Verizon]

MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer

Verisk’s Property Claim Services (PCS) has recently identified the MOVEit and Change Healthcare cyber attacks as significant Cyber Catastrophe Loss Events. These designations are part of PCS’s Global Cyber solution, which tracks cyber incidents and their potential impact on the insurance market. The designation indicates that each attack is anticipated to result in insurance industry losses exceeding USD 250 million.

The MOVEit attack, linked to the Russian-affiliated group Cl0p, compromised over 2,700 organisations globally, affecting up to 90 million individuals. The Change Healthcare attack, attributed to the ALPHV/Blackcat gang, notably disrupted UnitedHealth Group’s operations, with projected costs and lost revenue totalling up to USD 1.6 billion. These designations highlight the escalating scale and financial impact of cyber incidents on global markets.

Source: [Reinsurance News]

Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties

Nearly every organisation is part of a supply chain, where a significant amount of data is transferred. When data leaves your infrastructure, its security depends on the third party. The risks of a cyber incident increases as the supply chain increases.

Organisations need to mitigate the risks that their third party brings. This requires an understanding of the supply chain actors, and performing cyber security assessments of the most critical ones. The objective is to ensure that your organisation is satisfied with the third party’s security controls, or to work together to remediate any gaps.

Source: [Help Net Security]

Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats

In the era of hybrid work, remote desktop tools have become crucial yet vulnerable points within corporate networks, attracting significant cyber criminal attention. A study by Barracuda Networks underscores the challenges of securing these tools. Virtual Network Computing (VNC) is particularly susceptible; it is targeted in 98% of these types of attacks due to its use of multiple, sometimes unsecured ports. VNC attacks predominantly exploit weak password practices, notably through brute force methods. Conversely, Remote Desktop Protocol (RDP) accounts for about 1.6% of these attacks but is favoured for more extensive network breaches, often involving ransomware or crypto mining. The study highlights a pressing need for robust endpoint management and heightened security measures to mitigate these threats.

Source: [ITPro]

95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right

A recent report found that 95% of companies have altered their cyber security strategies in the last twelve months. This was driven by keeping pace with the shifting regulatory landscape (98%), the need to meet customer expectations for data protection and privacy (89%), and the rise of AI-driven threats and solutions (65%). Almost half (44%) of non-security executives do not understand the regulatory requirements their organisation must adhere to.

When it came to reporting, the study found that security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact. It is evident that there is a disconnect between security and non-security professionals when it comes to the business strategy.

Sources: [Business Wire] [Security Magazine]

Human Factor a Significant Risk for Small and Medium-Sized Businesses.

A survey of business and IT security in small and medium-sized businesses (SMBs) conducted by LastPass found that roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. The survey found that password management is critically important to cyber security, with nearly half (47%) reporting recent breaches due to compromised passwords.

Sources: [Beta News] [Business Wire]

Microsoft CEO Says it is Putting Security Above All Else in Major Refocus

Following a series of high-profile attacks in recent months and a report by the US Cyber Safety Review Board (CSRB), Microsoft’s CEO has revealed it will now focus its efforts on an increase in the commitment to security. Investigating a summer 2023 attack, Microsoft was deemed to have made a series of “avoidable errors”, including the failure to detect several compromises, the CSRB said.

Sources: [TechRadar]

Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams

A recent discussion on workplace errors highlights the significant repercussions of cyber breaches compared to typical office mistakes. In the UK, nearly a third of businesses face cyber attacks weekly, with each breach costing approximately £4,000. However, a concerning trend is that 41% of these breaches are not reported to internal leadership, often due to fears among staff about the consequences of admitting faults. A three-pronged approach has been suggested to foster a blame-free culture: providing tailored and evolving cyber training, establishing safe zones for admitting mistakes, and implementing robust recovery plans. This approach not only prepares employees to handle potential breaches more effectively but also encourages them to report incidents promptly, reducing the overall impact and aiding quicker recovery. Such strategies are essential for maintaining resilience against increasingly sophisticated cyber threats.

Source: [Minute Hack]

Governance, Risk and Compliance

• Verizon 2024 Data Breach Investigations Report: 5 Takeaways | MSSP Alert

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Verizon DBIR: Vulnerability exploitation in breaches up 180% | TechTarget

• Verizon DBIR: Basic Security Gaffes Cause Breach Surge (darkreading.com)

• 95% of Organisations Revamped Their Cyber Security Strategies in the Last Year | Business Wire

• 95% of organisations adjusted cyber security strategies this past year | Security Magazine

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerability Exploits Triple as Initial Access Point for Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Are Enterprises Overconfident About Cyber Security Readiness? (govinfosecurity.com)

• How CISOs Can Contend with Increasing Scrutiny from Regulators (informationweek.com)

• Correlating Cyber Investments with Business Outcomes (inforisktoday.com)

• Ending The Culture of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Should Cyber Security Leadership Finally be Professionalized? - SecurityWeek

• What needs to change to overcome nonchalant security approaches | TechRadar

• Agile by Design: Cyber Security at the Heart of Transformation (noeticcyber.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Ransomware Rising Despite Takedowns, Says Corvus Report - Infosecurity Magazine (infosecurity-magazine.com)

• Impact of organisational structure on ransomware outcomes: Where does your org fit in? | SC Media (scmagazine.com)

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• 91% of ransomware victims paid at least one ransom in the past year, survey finds | ZDNET

• Ransom Payments Surge by 500% to an Average of $2m - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• There was an 81% year-over-year increase in ransomware attacks | Security Magazine

• Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings 2024 Global Threat Intelligence Report (prnewswire.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• LockBit, Black Basta, Play Dominate Ransomware in Q1 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Ransom recovery costs reach $2.73 million - Help Net Security

• Cactus Ransomware Group Targets Qlik Sense Servers | Decipher (duo.com)

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• How Businesses Should Grapple With Ransomware Threats (eetimes.eu)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

Ransomware Victims

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Almost all US hospitals took financial hit from Change hack, AHA says | Reuters

• Another major pharmacy chain shuts following possible cyber attack | TechRadar

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Cyber attack to cost Western Isles Council half a million pounds (holyrood.com)

• LockBit publishes confidential data stolen from Cannes hospital in France (therecord.media)

• French hospital CHC-SV refuses to pay LockBit extortion demand (bleepingcomputer.com)

• 'Cybersecurity incident' closes London Drugs' pharmacies • The Register

Phishing & Email Based Attacks

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• US Post Office phishing sites get as much traffic as the real one (bleepingcomputer.com)

• If you receive a Shein mystery box, do not open it | TechRadar

• Why the automotive sector is a target for email-based cyber attacks - Help Net Security

BEC

• BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• FBI warns of fake verification schemes targeting dating app users (bleepingcomputer.com)

• A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts | PCMag

Artificial Intelligence

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• State of Security 2024 Report Reveals Growing Impact of Generative AI on Cyber Security Landscape | Business Wire

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Understanding emerging AI and data privacy regulations - Help Net Security

• To understand the risks posed by AI, follow the money – O’Reilly (oreilly.com)

• From Risk to Resilience: Managing Data Security in AI-Driven Enterprises | Inc.com

• Security in the AI Sector: Understanding Infostealer Exposures and Corporate Risks - Security Boulevard

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• US Government Releases New AI Security Guidelines for Critical Infrastructure (thehackernews.com)

• Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues - SecurityWeek

• Why the Military Can’t Trust AI | Foreign Affairs

2FA/MFA

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

Malware

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

• Bogus npm Packages Used to Trick Software Developers into Installing Malware (thehackernews.com)

• Stealthy malware: The threats hiding in plain sight | ITPro

• Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (thehackernews.com)

• ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (thehackernews.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

Mobile

• Powerful 'Brokewell' Android Trojan Allows Attackers to Takeover Devices - SecurityWeek

• Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (thehackernews.com)

• New Wpeeper Android malware hides behind hacked WordPress sites (bleepingcomputer.com)

• NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Android Flaw Affected Apps With 4 Billion Installs - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft warns of "Dirty Stream" attack impacting Android apps (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Target New NATO Member Sweden with Surge of DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• A glaring Android TV security flaw might put your Gmail at risk | Android Central

Data Breaches/Leaks

• PSNI data breach: Almost 5,000 officers and staff in legal action - BBC News

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Kaiser Permanente data breach may have impacted 13.4 million patients (securityaffairs.com)

• Social exclusion charity Extern “urgently reviewing” impact of data breach following ransomware attack – The Irish News

• FBCS data breach impacted 2M individuals (securityaffairs.com)

• States shares health debt data of 5,000 in an email | Guernsey Press

• Qantas app exposed sensitive traveller details to random users (bleepingcomputer.com)

• DropBox says hackers stole customer data, auth secrets from eSignature service (bleepingcomputer.com)

• Mitre Shares Lessons Learned from Breach | MSSP Alert

• Hull City Council pays £30K in data breach claims and suffers nine cyber attacks in three years - Hull Live (hulldailymail.co.uk)

• Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach (bleepingcomputer.com)

• Australian pubgoers' personal info posted to leak site • The Register

• Monash Health data breach exposes sexual assault and family violence claims (smh.com.au)

• Panda Restaurant Group disclosed a data breach (securityaffairs.com)

Organised Crime & Criminal Actors

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

Insider Risk and Insider Threats

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element - Help Net Security

• Survey: Human Factors Create Significant Cyber Security Risks for Small and Medium-Sized Businesses, Despite Increased Technology Investment | Business Wire

• How insider threats can cause serious security breaches - Help Net Security

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

Insurance

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Cyber facility in capacity raise as risk severity grows (emergingrisks.co.uk)

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Alarming Insurance Gaps and Soaring Breach Rates Call for a United Front in Cyber Security | HaystackID - JDSupra

Supply Chain and Third Parties

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• Securing your organisation's supply chain: Reducing the risks of third parties - Help Net Security

Cloud/SaaS

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• 97% of security leaders have increased SaaS security budgets - Help Net Security

Encryption

• UK's Investigatory Powers Bill approved to become law • The Register

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• White Swan, Black Swan and QuantumBleed (forbes.com)

Linux and Open Source

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

Passwords, Credential Stuffing & Brute Force Attacks

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• Nvidia's flagship gaming GPU can crack complex passwords in under an hour | Tom's Hardware (tomshardware.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

• Five Ways to Dramatically Reduce the Risk of Password Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Google Online Security Blog: Your Google Account allows you to create passkeys on your phone, computer and security keys (googleblog.com)

• How to use a YubiKey to log into Windows and macOS (xda-developers.com)

Social Media

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook at 20: Contemplating the Cost of Privacy (darkreading.com)

Training, Education and Awareness

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Everyone's an Expert: How to Empower Your Employees for Cyber Security Success (thehackernews.com)

Regulations, Fines and Legislation

• UK's Investigatory Powers Bill approved to become law • The Register

• UK rolls out new consumer safeguards for smart devices (betanews.com)

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• FCC fines major wireless carriers over illegal location data sharing - Help Net Security

• Understanding emerging AI and data privacy regulations - Help Net Security

• CISA's incident reporting requirements go too far, trade groups and lawmakers say | CyberScoop

Data Protection

• How AI and data protection intersect in today's threat era - SiliconANGLE

Careers, Working in Cyber and Information Security

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says | CyberScoop

• Cyber Security Degrees, Are They Really Worth It? | HackerNoon

• Beyond the Buzz: Rethinking Alcohol as a Cyber Security Bonding Ritual - SecurityWeek

Law Enforcement Action and Take Downs

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• Police shuts down 12 fraud call centres, arrests 21 suspects (bleepingcomputer.com)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

• CEO who sold fake Cisco devices to US military gets 6 years in prison (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Think tank: Tech companies spread China's propaganda • The Register

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

• Why China Is So Bad at Disinformation | WIRED

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 'DuneQuixote' Shows Stealth Cyber Attack Methods Are Evolving (darkreading.com)

Nation State Actors

China

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Philippines Pummelled by Cyber Attacks & Misinformation Tied to China (darkreading.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Think tank: Tech companies spread China's propaganda • The Register

• China's attacks on critical infrastructure ‘tip of the iceberg' | SC Media (scmagazine.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why China Is So Bad at Disinformation | WIRED

• Chinese government website security has big problems • The Register

• Espionage breaches account for 25% in APAC, report reveals (securitybrief.co.nz)

Russia

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

• Russian Hackers Target Industrial Systems in North America, Europe - SecurityWeek

• Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say | CyberScoop

• Critical infrastructure operators urged to harden systems against pro-Russia hackers (therecord.media)

• Ukraine's military intelligence launches cyber attack against United Russia party (kyivindependent.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• The Dangerous Rise of GPS Attacks | WIRED

• Russia’s Pawprints on Aircraft Jamming Outbreak - CEPA

• Germany Warns Of Consequences For Alleged Russian Cyber Attack (rferl.org)

• Hackers Claim to Have Infiltrated Belarus’ Main Security Service - SecurityWeek

• Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyber Attack (darkreading.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

• Two British men charged with helping Russian intelligence - BBC News

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

Iran

• Israel winning cyber war against Iran, says former officer of elite IDF intelligence unit | All Israel News

North Korea

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

Vulnerability Management

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Vulnerability exploitation nearly tripled in 2023 (telecoms.com)

Vulnerabilities

• Cisco devices again targeted by state-linked threat campaign - TechCentral.ie

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• 1,200+ Vulnerabilities Detected In Microsoft Products In 2023 (gbhackers.com)

• Most attacks affecting SMBs target five older vulnerabilities | CSO Online

• Severe Flaws Disclosed in Brocade SANnav SAN Management Software (thehackernews.com)

• UnitedHealth hackers took advantage of Citrix vulnerability to break in, CEO says (yahoo.com)

• Palo Alto Updates Remediation for Max-Critical Firewall Bug (darkreading.com)

• Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades - Help Net Security

• WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (thehackernews.com)

• Grafana Tool Vulnerability Let Attackers Inject SQL Queries (gbhackers.com)

• Microsoft says April Windows updates break VPN connections (bleepingcomputer.com)

• NTLM auth traffic spikes after Windows Server patch • The Register

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (thehackernews.com)

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• 1,400 GitLab Servers Impacted by Exploited Vulnerability - SecurityWeek

Tools and Controls

• Why remote desktop tools are facing an onslaught of cyber threats | ITPro

• Correlating Cyber Investments With Business Outcomes (inforisktoday.com)

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• Can automating security relieve CISO pressure? (techinformed.com)

• 10 Critical Endpoint Security Tips You Should Know (thehackernews.com)

• 7 antivirus myths that are dead wrong | PCWorld

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• EDR vs. EPP: What's the difference? | TechTarget

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Organisations Struggle with Zero Trust: Gartner | MSSP Alert

• Tech Tip: Why Haven't You Set Up DMARC Yet? (darkreading.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• Communication gaps between IT departments and senior corporate leadership worsening application security risks - Tech Monitor

• Continuous threat exposure management (CTEM): What it is and how to achieve it | SC Media (scmagazine.com)

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

• Fortifying Cyber Defence With the Power of Linux Intrusion Detection and Prevention Systems | Linux Journal

• How to Red Team GenAI: Challenges, Best Practices, and Learnings (darkreading.com)

• What is API Security? - Security Boulevard

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why LLMs are predicting the future of compliance and risk management | VentureBeat

• Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM (thehackernews.com)

Reports Published in the Last Week

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Global Threat Intelligence Report 2024 by NTT Security Holdings

• 2024 Data Breach Investigations Report | Verizon

• The State of Security 2024 | Splunk

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

Other News

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• 3 Key Business Areas Cyber Security Falls Short | Inc.com

• 7 antivirus myths that are dead wrong | PCWorld

• A Season Of Health Breaches, A Season Of Changes (forbes.com)

• Bank of England tells payment firms to step up disruption mitigation plans (yahoo.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• NCSC updates warning over hacktivist threat to CNI | Computer Weekly

• Cyber Space: EU and partners discuss ways to strengthen cooperation in promoting international security and stability | EEAS (europa.eu)

• The EU's Strategy for a Cyber Secure Digital Single Market | UpGuard

• Cyber attack at Irish telecoms firm? – The Irish Times

• To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware (darkreading.com)

• During National Small Business Week, Take Steps to Secure Your Business | CISA

• At Microsoft, years of security debt come crashing down | Cybersecurity Dive

• National Small Business Week: IRS warns entrepreneurs to take precautions on data security; protect their businesses, employees, customers | Internal Revenue Service

• Zelenskyy fires security service chief accused of "weaponized draft" against journalist - Euromaidan Press

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• The ultimate cyber spring-cleaning checklist (avast.com)

• European New Space Companies Prepare to Counter Growing Security Threat - Via Satellite (satellitetoday.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Passwords are one of the basic ways that we confirm our identity when we access systems on our company network, or our own person email account for example. Although many organisations have a policy that requires users to create passwords of a certain length and complexity, the challenge is that the user can fulfil those criteria even if they create a weak password that can be easily guessed or cracked by an attacker. This is yet another intersection of technology and human behaviours that can make or break cyber security.

Did you know that attackers exchange lists of passwords from previous attacks, which they use at high speed in combination with a user’s email address for example, to try to break into a system?

If you are told that you need to create a password that uses upper and lower case letters, with numbers and special characters, the chances are you will use a word that starts with a capital letter, then add a number and use an exclamation point or similar at the end. The attackers know this, and they have millions of examples of them in their password listing. Equally, passwords like querty12345 are, sadly, still frequently used.

The trick is for us all to avoid using ‘weak’ passwords that are likely to feature on the password listing, which means we need to avoid falling into predictable human behaviour patterns. Equally, users need to avoid obvious passwords, like the name of their town or their pet dog, which can be guessed or cracked by a dedicated attacker.

As a solution consider using a passphrase such as “BananaHippoCyclist” and if you want it even more complex, trying adding a few numbers and special characters. And make sure every access you have uses a different password. We all live in the real world, and it can be hard to manage multiple passwords, so you could consider a password manager application to store your passwords, providing you use a very strong master password to access it.

Even strong passwords need extra security, which is why they should be used in conjunction with other multi-factor authentication methods such as facial recognition or biometrics (something you are) or verification codes received on your mobile phone (something you have). Utilising multiple methods of authentication makes it significantly harder for attackers to compromise your accounts.

If you are wondering how to implement this in your organisation, then reach out to us for a free 30-minute consultation to discuss your specific needs and proportionate options. We love discussing this and other aspects of cyber security, so contact us through our website page www.blackarrowcyber.com/contact, and we will get back to you shortly.

In the meantime, Happy World Password Day!

Executive summary

The UK Government has released new legislation to protect consumers from cyber criminals. 

The regime comprises of two pieces of legislation: 

• Part 1 of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022; and 

• The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.

Now that this new legislation is in force, the UK’s consumer connectable product security regime will be enforced, aiming to protect consumers against hacking and cyber attacks. This regulation sets out the minimum-security standards that all IoT (Internet of Things) devices are now legally obliged to meet.

What are the security requirements?

The regulations set out specific requirements that the relevant people, manufacturer, importer and distributor of the products have to follow:

1.      Passwords must be unique per the product. This includes banning common and easily guessable passwords for example admin or 12345 to prevent vulnerabilities and hacking.

2.      The manufacturer must provide clear and transparent information on how to report security issues about their product.  Manufacturers are also obligated to provide information on timescales of acknowledging, reporting and updating the status of security issues to the consumer until they have been resolved.

3.      The manufacturers and retailers must publish to consumers in a clear and accessible way, the minimum time they can expect to receive important security updates. This information should be available without prior request in English and free of charge.

While these security requirements demonstrate the seriousness in which the Government regards cyber security, they should not be relied upon alone and organisations ensure they are employing their own controls such as changing default passwords, performing vulnerability scanning and conducting timely patch management. Effective cyber security requires multiple layers of defence

The official UK Government legislation can be found below:

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Executive summary

A new strain of Android mobile malware dubbed “Brokewell” is being used to spread fake browser updates to steal user data. The malware has the ability to overlay banking application screens, capturing credentials without the users knowledge, as well as allowing remote access by an attacker. The malware has also been recorded as using popular ‘buy now, pay later’ service “Klarna” in addition to the fake Google Chrome update. Research indicates that the malware is in active development.

What’s the risk?

Due to the sensitive nature of the information sought by the malware, there is a genuine risk to the confidentiality and integrity of data. Features of the malware include the ability to overlay applications to steal user credentials and allow an attacker remote access, including the commands which record audio, take screenshots, access locations, and send communications from the victim phone.

The list of potential targets is extensive, especially so with many employees using personal devices for corporate purposes, including the storage of corporate credentials. A recent report from Google owned Mandiant found that 10% of intrusions began with evidence of stolen credentials.

What can I do?

It is recommended to employ a multi-layer defence to mitigate the risk of such malware succeeding. This should include only downloading updates from the official application in the Google Play store and enabling Google Play Protect will help to prevent malware. To further bolster defence, it is recommended that anti-virus applications are run in parallel.

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Further information can be found below:

https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox

The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.

Sources: [IT Security Guru] [Emerging Risks]

Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery

The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.

According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.

Sources: [The Hacker News] [Huntress] [SC Media]

Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy

Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.

Source: [Forbes]

Ransomware Double-Dip: Re-Victimisation in Cyber Extortion

A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.

Sources: [Security Magazine] [The Hacker News] [SC Media]

AI is a Major Threat and Many Financial Organisations Are Not Doing Enough

Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.

Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.

Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]

[Biometric Update]

6 out of 10 Businesses Struggle to Manage Cyber Risk

A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.

Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.

Sources: [PR Newswire] [Beta News]

'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs

Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.

Source: [Security Brief] [Tripwire]

Penetration Testing Infrequency Leaves Security Gaps

Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.

The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.

Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.

Source: [MSSP Alert]

Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance

A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.

Source: [The Register]

The Psychological Impact of Phishing Attacks on Your Employees

Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.

Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.

Source: [Beta News]

Where Hackers Find Your Weak Spots

A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.

Source: [Dark Reading]

The Role of Threat Intelligence in Financial Data Protection

The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.

Source: [Security Boulevard]

Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say

According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.

Source: [TechRadar] [Security Magazine]

Governance, Risk and Compliance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• Six out of 10 businesses struggle to manage cyber risk (betanews.com)

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress

• Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)

• Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar

• Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur

• Bank banned from opening new accounts over IT risks • The Register

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com

• 73% of SME security pros missed or ignored critical alerts - Help Net Security

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• 4 steps CISOs can take to raise trust in their business | TechTarget

• NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)

• Uncertainty is the most common driver of noncompliance - Help Net Security

• More and more businesses now have CISOs - but they're increasingly taking the blame for attacks | TechRadar

• Cyber metrics journey | Professional Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine

• Risks to ransomware attack payment | Professional Security

• Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)

• 'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)

• Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget

• Behavioural patterns of ransomware groups are changing - Help Net Security

• Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)

• Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)

• Hackers use developing countries as testing ground for new ransomware attacks (ft.com)

• Ransomware Still On Rise Despite Better Defences, Firm Says - Law360

• Hackers are using developing countries for ransomware practice | Ars Technica

• Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! - Help Net Security

• CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra

• Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)

• Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

• DragonForce Ransomware Group Uses LockBit’s Leaked Builder - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities  | CISA

• Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)

• Preventing Ransomware Attacks at Scale (hbr.org)

Ransomware Victims

• Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)

• UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert

• UnitedHealth admits breach could affect large chunk of US • The Register

• Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)

• UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert

• Will the Change Healthcare case finally make providers do a business impact analysis? | SC Media (scmagazine.com)

• UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)

• Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week

• Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)

• Authentication failure blamed for Change Healthcare ransomware attack | CSO Online

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Carpetright unable to trade after cyber attack - Retail Gazette

• Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)

Phishing & Email Based Attacks

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• The psychological impact of phishing attacks on your employees (betanews.com)

• Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike (thehackernews.com)

• LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)

BEC

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

Other Social Engineering

• LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Artificial Intelligence

• AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra

• AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)

• Security Leaders Braced for Daily AI-Driven Attacks by Year-End - Infosecurity Magazine (infosecurity-magazine.com)

• CSOs say AI is 'biggest cyber threat' to organisations | TechRadar

• Man arrested for 'framing colleague' with AI-generated voice • The Register

• Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)

• People doubt their own ability to spot AI-generated deepfakes - Help Net Security

• A National Security Insider Does the Math on the Dangers of AI | WIRED

• 40% of organisations have AI policies for critical infrastructure | Security Magazine

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• 25 cyber security AI stats you should know - Help Net Security

• Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard

• The Dark Side of Deepfakes: How Malicious Actors Use Synthetic Media to Manipulate and Deceive | Metaverse Post (mpost.io)

• 6 security items that should be in every AI acceptable use policy | CSO Online

• 'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence

• The use of AI in war games could change military strategy (theconversation.com)

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

Malware

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)

• Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Antivirus updates hijacked to drop dangerous malware | TechRadar

• Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica

• Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)

• Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Mobile

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• iPhone password reset attacks are real – how to protect yourself | Mashable

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)

• Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users (thehackernews.com)

• Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET

• A Briefing on SIM Hijacking | Intel471

Data Breaches/Leaks

• 5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)

• Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News

• AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)

• AT&T faces class action lawsuit over massive data breach exposing 70 million customers’ personal information (click2houston.com)

• App bug exposes 1M neighbourhood watchers to data harvesters • The Register

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)

Insider Risk and Insider Threats

• Most people still rely on memory or pen and paper for password management - Help Net Security

• The rise of the outsmarted insider (betanews.com)

• CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch

Insurance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget

• Munich Re on the impact of cyber rate changes | Insurance Business America (insurancebusinessmag.com)

Supply Chain and Third Parties

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

Cloud/SaaS

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

Identity and Access Management

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• Identity-based security threats are growing rapidly: report | CSO Online

Encryption

• Europol asks tech firms, governments to get rid of E2EE • The Register

• How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)

• Australian authorities call for Big Tech help with decryption • The Register

Linux and Open Source

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Passwords, Credential Stuffing & Brute Force Attacks

• Most people still rely on memory or pen and paper for password management - Help Net Security

• Apple @ Work: Over 52% of workers try to memorize and reuse the same password across multiple apps at work - 9to5Mac

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)

Social Media

• Dutch govt body: Don't use Facebook if unsure about privacy • The Register

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Malvertising

• Windows 11 now comes with its own adware (engadget.com)

Training, Education and Awareness

• 10 colleges and universities shaping the future of cyber security education - Help Net Security

Regulations, Fines and Legislation

• What is the EU Cyber Solidarity Act? | UpGuard

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra

• Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)

• Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)

• A view from Brussels: To be sovereign, or not to be (iapp.org)

• Cyber Security | UK Regulatory Outlook April 2024 - Lexology

• Net neutrality has been restored in the US - Help Net Security

Models, Frameworks and Standards

• Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard

Data Protection

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• A view from Brussels: To be sovereign, or not to be (iapp.org)

Careers, Working in Cyber and Information Security

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• Pluralsight Study Finds the Biggest Technical Skills Gaps are in Cyber Security, Cloud, and Software Development (prnewswire.com)

• Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard

• Addressing the cyber skills shortage: 5 key steps to take | CSO Online

• Five Essential Steps To Land Your First Cyber Security Job (forbes.com)

• Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru

Law Enforcement Action and Take Downs

• Exploring Law Enforcement Hacking as a Tool Against Transnational Cyber Crime - Carnegie Endowment for International Peace

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan | Trend Micro (US)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

• Man arrested for 'framing colleague' with AI-generated voice • The Register

Misinformation, Disinformation and Propaganda

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)

China

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)

• FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)

• Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters

• New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ads on .gov.uk websites raise eyebrows over privacy • The Register

• China's Vision for Global Security: Implications for Southeast Asia | United States Institute of Peace (usip.org)

Russia

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• Who Are APT29? - Security Boulevard

• Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)

• Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)

• Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)

• Rare Computer Virus Detected in Ukrainian Network, Confidential Document Potentially Compromised (kyivpost.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)

• Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)

Iran

• $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defence Contractors - Security Week

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop

• The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)

North Korea

• Over 10 Defence Industry Firms Targeted in Concentrated Cyber Attacks by N. Korean Hackers l KBS WORLD

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)

• North Korean Hackers Target Dozens of Defence Companies - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

Vulnerability Management

• Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert

• Automated patch management: 9 best practices for success | TechTarget

• Vulnerability Exploitation on the Rise as Attacker Ditch Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Vulnerabilities

• 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)

• Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)

• Nation-state actors exploited two zero-days in Cisco ASA and FTD firewalls to breach government networks - Security Affairs

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• 'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Google Patches Critical Chrome Vulnerability - Security Week

• Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)

• PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)

• Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)

• Dependency Confusion Vulnerability Found in Apache Project - Infosecurity Magazine (infosecurity-magazine.com)

• Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)

• Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)

• GitHub vulnerability leaks sensitive security reports | TechTarget

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)

Tools and Controls

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert

• The Role of Threat Intelligence in Financial Data Protection - Security Boulevard

• Automated patch management: 9 best practices for success | TechTarget

• Rethinking How You Work with Detection and Response Metrics (darkreading.com)

• Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard

• Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

• Explore CASB use cases before you decide to buy | TechTarget

• SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek

• Identity-based security threats are growing rapidly: report | CSO Online

• Microsoft criticized for charging for security add-ons • The Register

• 5 insights from new Microsoft CNAPP guide | Microsoft Security Blog

• The Peril of Badly Secured Network Edge Devices (inforisktoday.com)

• VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)

• The first steps of establishing your cloud security strategy - Help Net Security

• 40% of organizations have AI policies for critical infrastructure | Security Magazine

• Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Reports Published in the Last Week

• M-Trends 2024 | Google Cloud

• Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)

• Coalition's 2024 Cyber Claims Report (coalitioninc.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• 2024 Cisco Cyber Security Readiness Index

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Cyber Security in the UK - House of Commons Library (parliament.uk)

Other News

• These sectors are top targets for cyber crime, and other cyber security news to know this month | World Economic Forum (weforum.org)

• Online Banking Security Still Not Up to Par, Says Which? - Infosecurity Magazine (infosecurity-magazine.com)

• Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)

• Where Hackers Find Your Weak Spots (darkreading.com)

• Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)

• Microsoft is reportedly making security improvements its current top priority at the company - Neowin

• UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)

• Internet cable at Cali airport cut in apparent sabotage • The Register

• DOD establishes Office of the Assistant Secretary of Defence for Cyber Policy (securityintelligence.com)

• EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)

• US: The European Union and the United States hold the 9th Cyber Dialogue in Brussels | EEAS (europa.eu)

• Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)

• Microsoft needs to win back trust - The Verge

• AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga

• Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Why Cyber Security Is Key To Solving Global Crises (forbes.com)

• Cyber Security is Relentless! | Gray Reed - JDSupra

• Colleges spending more than ever on cyber security efforts (insidehighered.com)

• Foreign states targeting UK universities, MI5 warns - BBC News

• Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)

• Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

A recent report conducted by Kaspersky found that nearly 10 million devices fell victim to data-stealing malware, also known as  “InfoStealers” in 2023. Put simply, an InfoStealer is malware that is built to collect and transmit sensitive information to unauthorised parties. Once stolen and transmitted, this information can be used or sold. Unlike ransomware, which often announces its presence with dramatic demands, infostealers operate in the shadows, harvesting your information.

What’s the risk?

Due to the sensitive nature of the information sought by InfoStealers, there is a genuine risk to the confidentiality of data. The data sought by an InfoStealer can include credentials, financial information, cookies, MFA tokens, text files, and machine information. The list of potential targets is extensive, especially so with many employees storing their credentials on personal devices. In a recent report, Mandiant, which is owned by Google, found that 10% of intrusions began with evidence of stolen credentials.

Infostealers can be delivered in a variety of ways, including through malicious attachments, unofficial software downloads and compromised websites. InfoStealers often try to disguise themselves as legitimate, in some cases tricking a victim in to running them and keeping them on their device. Anti-virus is not enough to stop them.

What can I do?

Mitigating the threat of InfoStealers requires practicing robust cyber hygiene. Organisations should adhere to leading practices, including downloading software exclusively from official sources, exercising caution with email links and attachments and maintaining visibility of the software ecosystem within their corporate environment.

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity