Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 16 August 2024
Black Arrow Cyber Threat Intelligence Briefing 16 August 2024:
-Business and Tech Consolidation Opens Doors for Cyber Criminals
-High-Risk Cloud Exposures Surge Due to Rapid Service Growth
-69% of UK Small Businesses Currently Use Weak Passwords to Access Important Documents
-DDoS Attacks Surge 46% in First Half of 2024
-Six Ransomware Gangs Behind Over 50% of 2024 Attacks
-Why Attacks Against Critical National Infrastructure are Such a Threat and How Governments are Responding
-Social Engineering Attacks Continue to Evolve, Here’s How to Keep Up
-How Phishing Attacks Adapt Quickly to Capitalise on Current Events
-MacOS is Increasingly Targeted by Threat Actors
-There’s a New Ransomware Gang on the Block, and it’s Exploiting the Human Element
-What is Threat Intelligence?
-New Cyber Security Laws ‘Could Double’ Number of Reported Breaches
-Why MFA Alone is not Enough: The Crucial Role of Security Awareness Training
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business and Tech Consolidation Opens Doors for Cyber Criminals
A recent analysis highlights the rising cyber risks associated with increasing M&A activity, which grew by 36% in Q1 2024, and the consolidation of technology services where industries rely on single suppliers for critical platforms. These trends have significantly expanded potential points of failure for cyber attacks. High-profile incidents, such as the BlackCat group's attack on Change Healthcare, demonstrate the severe downstream impacts of breaches, including significant business interruptions and revenue loss. The report urges businesses to reassess their approach to cyber risk, emphasising the importance of resilience across interconnected systems and their extended supply chains.
High-Risk Cloud Exposures Surge Due to Rapid Service Growth
A recent report by Palo Alto Networks' Unit 42 reveals that organisations are introducing over 300 new digital services each month, contributing to nearly 32% of high or critical cloud exposures. The report highlights the complexity of the cyber security landscape, with 73% of high-risk exposures stemming from IT and networking infrastructure, business operations applications, and remote access services. Over 23% of these exposures involve critical IT and security infrastructure, leaving essential systems vulnerable to attacks. This rapid expansion of services makes it increasingly difficult for organisations to maintain a secure IT asset inventory, heightening the risk of exploitation.
69% of UK Small Businesses Currently Use Weak Passwords to Access Important Documents
A recent study by highlights concerning cyber security practices among UK small businesses, revealing that 69% use weak passwords for accessing crucial documents and internal platforms. The research, which analysed hundreds of small to mid-sized organisations, found that 47% lacked up-to-date anti-virus software, and 15% had no firewall protection against cyber attacks. Additionally, nearly half (48%) of these businesses do not offer cyber security awareness training to their employees, leaving them vulnerable to potential risks when using technology. These findings underscore significant gaps in basic cyber security measures within the sector.
DDoS Attacks Surge 46% in First Half of 2024
The first half of 2024 has seen a significant rise in Distributed Denial of Service (DDoS) attacks, with a 46% increase compared to the same period last year, reaching 445,000 attacks in Q2 2024.
A DDoS attack is like a digital traffic jam that blocks access to a website or online service. Imagine if thousands of people tried to enter a shop all at once, overwhelming the doors so no one could get in. In a DDoS attack, many computers, often controlled by hackers, flood a website with so much fake traffic that it can't handle the load. This makes the website slow down or even crash, preventing real users from accessing it. The goal of these attacks is usually to disrupt services, cause financial loss, or damage a company's reputation.
The increase in attack volumes and power underscores the growing threat posed by DDoS attacks, where even comparatively mild 300 Gbps attack can render an unprotected server unavailable, leading to reputational damage and loss of customers.
Six Ransomware Gangs Behind Over 50% of 2024 Attacks
A recent report by Palo Alto Networks' Unit 42 reveals that the ransomware landscape for 2024 is dominated by just six gangs. LockBit 3.0 remains the most active ransomware group in 2024, despite a law enforcement takedown six months ago. LockBit 3.0 accounted for 325 victims in the first half of 2024, leading the list of 53 ransomware groups tracked. The Play gang follows in second place with 155 victims, up from fourth place last year. Newcomer 8base ranked third with 119 victims, followed by Akira, BlackBasta and Medusa. Overall, Unit 42 observed a 4.3% year-over-year increase in ransomware activity, with 1,762 posts on leak sites in H1 2024.
Why Attacks Against Critical National Infrastructure are Such a Threat and How Governments are Responding
A recent analysis underscores the escalating threat posed by state-sponsored cyber attacks against critical national infrastructure (CNI), which includes vital systems such as energy grids, telecommunications networks, and water infrastructure. Notably, UK and US authorities have identified pro-Russian hacktivists targeting small-scale industrial control systems (ICS) in North America and Europe, leveraging techniques that pose physical risks to vulnerable and misconfigured operational technology (OT) environments. Historical precedents, such as the 2021 Colonial Pipeline ransomware attack and the breach of a Florida water treatment plant, illustrate the severe consequences of such incursions, which can cause physical damage and impact lives on a significant scale. The inherent vulnerabilities of outdated legacy systems, particularly in sectors like energy, exacerbate these risks, highlighting the urgent need for enhanced defence strategies and international cooperation.
Social Engineering Attacks Continue to Evolve, Here’s How to Keep Up
Social engineering attacks continue to evolve, having advanced significantly since the early days of phishing. Traditional tactics have been replaced by more sophisticated methods, such as Business Email Compromise (BEC), which surged by over 100% last year, causing losses exceeding $2.9 billion. Additionally, the rise of AI-generated attacks has further complicated detection, with 80% of organisations reporting exposure to such threats. Add to the list QR code phishing, vishing (voice phishing), baiting, pretexting, romance scams, deepfakes, etc., there is a clear need for adaptive security strategies focused on human behaviour, alongside more personalised and timely cyber security awareness training to combat these increasingly complex attacks.
How Phishing Attacks Adapt Quickly to Capitalise on Current Events
Egress reveals that 94% of businesses were impacted by phishing attacks in 2023, marking a 40% increase from the previous year. The surge in phishing is largely attributed to the rise of generative AI, which has simplified the creation of convincing malicious content, including deepfake videos. Additionally, Phishing as a Service (PhaaS) has enabled even unskilled attackers to launch sophisticated phishing campaigns with ease. These developments have made phishing more agile, allowing threat actors to quickly exploit unexpected events for high-impact attacks, significantly heightening the threat landscape.
MacOS is Increasingly Targeted by Threat Actors
A recent analysis highlights the growing interest of cyber threat actors in targeting macOS devices, challenging the long-held perception of Apple computers as more secure than Windows. While Windows holds a dominant market share of about 72%, with Apple at 15%, the increasing use of macOS in organisations, particularly in the SME sector, where Apple's share is 22.4%, has made it a more attractive target. From January 2023 to July 2024, over 40 threat actors were observed focusing on macOS, with 21 active in 2024 alone, indicating a rising trend in macOS-targeted malware. Despite Apple’s robust security measures, vulnerabilities continue to be exploited as macOS usage grows.
There’s a New Ransomware Gang on the Block, and it’s Exploiting the Human Element
A recent analysis by the Sophos X-Ops Incident Response team has identified a new ransomware threat actor, "Mad Liberator". The group only emerged in mid-July and is becoming known for targeting users of the remote-access application Anydesk. Unlike traditional ransomware gangs, Mad Liberator primarily focuses on data exfiltration, occasionally using encryption and double extortion tactics. The group has already targeted at least eight victims across various sectors and countries, pressuring them by posting stolen data on a leak site when ransoms are not paid. The methods used by Mad Liberator to gain initial access remain unclear, adding to the mystery surrounding this emerging threat.
What is Threat Intelligence?
A recent analysis highlights the growing importance of threat intelligence in cyber security strategies, as organisations face increasingly sophisticated and large-scale cyber threats. Threat intelligence involves collecting, analysing, and disseminating information on past, current, and potential future threats, drawing from sources like the dark web and industry-specific data. This intelligence enables proactive defence by allowing organisations to anticipate and mitigate attacks, optimise resources, and make informed decisions. It also supports compliance with cyber security regulations. The report categorises threat intelligence into strategic, tactical, operational, and technical types, each providing unique insights crucial for developing effective defence mechanisms.
New Cyber Security Laws ‘Could Double’ Number of Reported Breaches
A recent analysis by the Compliance Institute predicts a significant increase in reported data breaches and cyber crime incidents when the EU Digital Operational Resilience Act (DORA) takes effect in January. The new regulations will impose stricter standards on financial institutions across Europe, focusing on their ability to protect, detect, contain, and recover from ICT-related incidents. With DORA’s enhanced reporting obligations and detection requirements, the volume of reported incidents is expected to at least double, highlighting the urgent need for organisations to enhance their resilience and compliance efforts.
Why MFA Alone is not Enough: The Crucial Role of Security Awareness Training
A recent analysis highlights the increasing sophistication of phishing campaigns, with credential phishing accounting for 91% of active threats in 2023, a 67% rise from 2022. The effectiveness of these attacks is exacerbated in environments lacking Multi-Factor Authentication (MFA), as seen in the Change Healthcare breach, where stolen credentials compromised sensitive health data. While MFA and unique passwords are vital, they alone are insufficient; kits that enable attackers to bypass MFA, like Tycoon 2FA, illustrate that even these measures can be circumvented. The report underscores the importance of comprehensive cyber security strategies, including robust password management and ongoing security awareness training to empower employees as the first line of defence.
Sources:
https://www.helpnetsecurity.com/2024/08/16/technology-consolidation-risks/
https://www.infosecurity-magazine.com/news/high-risk-cloud-exposures-palo/
https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html
https://www.theregister.com/2024/08/13/lockbit_ransomware_stats/
https://thehackernews.com/2024/08/how-phishing-attacks-adapt-quickly-to.html
https://intel471.com/blog/macos-is-increasingly-targeted-by-threat-actors
https://cybernews.com/security/mad-liberator-new-ransomware-gang-exploiting-human-element/
https://securityboulevard.com/2024/08/what-is-threat-intelligence-3/
Governance, Risk and Compliance
What is Threat Intelligence? - Security Boulevard
Cyber Security's Real Challenge Is Communication, Not Just Technology (darkreading.com)
Effective Communication Is Key to Successful Cyber Security (govinfosecurity.com)
Flashpoint CEO: Cyber, physical security threats converging | TechTarget
How CIOs, CTOs, and CISOs view cyber risks differently - Help Net Security
AI governance and clear roadmap lacking across enterprise adoption | ZDNET
How leading CISOs build business-critical cyber cultures | CIO
It’s time to bring cyber into the boardroom - Anthony Quinn (scotsman.com)
How Outdated Security Measures Can Devastate Your Organisation - Security Boulevard
Threats
Ransomware, Extortion and Destructive Attacks
74% of ransomware victims were attacked multiple times in a year - Help Net Security
Six ransomware gangs behind over 50% of 2024 attacks • The Register
There’s a new ransomware gang on the block, and it’s exploiting the human element | Cybernews
STAC6451 Hackers Attacking Microsoft SQL Servers to Compromise Organisations (cybersecuritynews.com)
Infiltrating ransomware gangs on the dark web - CBS News
Ransomware Group BlackSuit Upgrades Capabilities | Silicon UK
FBI claims success in taking down another major ransomware group | TechRadar
‘Elite’ ransomware pioneer suspect charged after 9-year hunt • The Register
Black Basta-Linked Attackers Target Users with SystemBC Malware (thehackernews.com)
Unlearning the RaaS Model: How ransomware attacks are evolving | TechRadar
Ransomware Attacks on Industrial Firms Surged in Q2 2024 - SecurityWeek
Cyber crime group disables EDR software to launch RansomHub ransomware | SC Media (scmagazine.com)
July ransomware attacks slam public sector organisations | TechTarget
New Double-Extortion Ransomware Attacking Linux Machines (cybersecuritynews.com)
'Radar' ransomware group taken down by FBI - Tech Monitor
Suspected head of Reveton, Ransom Cartel RaaS groups arrested - Help Net Security
Ransomware Victims
Enzo Biochem penalized $4.5M over 2023 ransomware theft • The Register
The Washington Times newspaper claimed by Rhysida ransomware cartel | Cybernews
Swiss-based Schlatter says IT network affected by cyberattack - CNA (channelnewsasia.com)
Phishing & Email Based Attacks
Email Security Risk Remains Alarmingly High (informationsecuritybuzz.com)
Russia launching more sophisticated phishing attacks, new report finds | Russia | The Guardian
How Phishing Attacks Adapt Quickly to Capitalize on Current Events (thehackernews.com)
Why Business Email Compromise Scams Target B2B Relationships (pymnts.com)
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA - SecurityWeek
How to spot phishing in the age of AI - IT Security Guru
Russians team up with young, English-speaking hackers for cyberattacks | 60 Minutes - CBS News
Scammers dupe chemical company into wiring $60 million - Help Net Security
Email Breach Report 2024: Vulnerable Names And Providers Exposed (informationsecuritybuzz.com)
Social engineering attacks continue to evolve – here’s how to keep up | SC Media (scmagazine.com)
Russia FSB cyber snoops linked to massive phishing campaign • The Register
Phishing via file-sharing services jumps 350%, warns Abnormal Security (techmonitor.ai)
Google raps APT42 for high-profile spear-phishing attacks • The Register
There's more than 25 ways to bypass a Secure Web Gateway • The Register
Russian hacking campaign targets rights groups, media, former US ambassador | CyberScoop
Beware of Phishing Campaign that Impersonates Google Safety Centre (cybersecuritynews.com)
Apple Intelligence is “a boomer dad” that reportedly prioritizes phishing emails | Cybernews
BEC
Why Business Email Compromise Scams Target B2B Relationships (pymnts.com)
Scammers dupe chemical company into wiring $60 million - Help Net Security
Chemical company Orion loses $60 million in business email compromise scam (therecord.media)
Other Social Engineering
There’s a new ransomware gang on the block, and it’s exploiting the human element | Cybernews
A new extortion crew, Mad Liberator, emerges on the scene • The Register
USPS Text Scammers Duped His Wife, So He Hacked Their Operation | WIRED
Social engineering attacks continue to evolve – here’s how to keep up | SC Media (scmagazine.com)
Artificial Intelligence
How to spot phishing in the age of AI - IT Security Guru
Why a 'Swiss cheese' approach is needed to combat deepfakes [Q&A] (betanews.com)
Microsoft Copilot Flaws Could Lead to Targeted Cyber Attacks (petri.com)
Cyber Security: The Impact Of AI On Today’s Businesses - Minutehack
Rogue AI is the Future of Cyber Threats | Trend Micro (US)
AI governance and clear roadmap lacking across enterprise adoption | ZDNET
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Apple Intelligence is “a boomer dad” that reportedly prioritizes phishing emails | Cybernews
A world-first law in Europe is targeting artificial intelligence. Other countries can learn from it
Grok gets an impressive upgrade - and unchecked AI image generation apparently | ZDNET
74% of IT professionals worry AI tools will replace them - Help Net Security
Grammarly's new tool aims to detect AI-generated text. Here's how it works | ZDNET
2FA/MFA
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA - SecurityWeek
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
Malware
Flaw in AMD Chips Can Be Exploited to Plant Malware That Survives OS Reinstalls | PCMag
Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs (bleepingcomputer.com)
Black Basta-Linked Attackers Target Users with SystemBC Malware (thehackernews.com)
Malware Loaders Dominate Cyber Security Threats In 2024 (informationsecuritybuzz.com)
Mobile
How to Remove an Android Virus - Tech Advisor
Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App | WIRED
Denial of Service/DoS/DDOS
DDoS attack volume rises, peak power reaches 1.7 Tbps - Help Net Security
DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals (thehackernews.com)
Internet of Things – IoT
Are Brain-Computer Interfaces at Risk of Mass Cyberattacks? | HackerNoon
Your Gym Locker May Be Hackable | WIRED
How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards | WIRED
Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users (thehackernews.com)
Ecovacs home robots can be hacked to spy on their owners, researchers say | TechCrunch
Data Breaches/Leaks
One of the worst data breaches in history just got worse | Digital Trends
Cyber attacks 2024: The biggest attacks of the first half of 2024 - Security Boulevard
Trump Campaign Blames Iranian Hack on Docs Leaked to Media (databreachtoday.co.uk)
Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All | WIRED
Almost 50 PII categories impacted in data breach at East Valley Institute of Technology | Cybernews
Hackers leak 2.7 billion data records with Social Security numbers (bleepingcomputer.com)
Kakao Pay shared over 40M users' data with China’s Alipay • The Register
Organised Crime & Criminal Actors
Cyber criminal Duo Attracts FBI Notice by Spending Big & Living Large (darkreading.com)
Russian Sentenced To 40 Months For Selling Stolen Data On Dark Web (informationsecuritybuzz.com)
Cyber threat actors evolve tactics - CIR Magazine
Megaupload Founder Kim Dotcom Gets Extradition to US, Claims 'I'm Not Leaving' | PCMag
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
43% of Meta ads based on UK prime minister are crypto scams (protos.com)
Insurance
Cyber insurance costs ease, but for how much longer? - Raconteur
Evolving threat landscape influencing cyber insurance market | TechTarget
Federal Cyber Insurance Policy for Cataclysmic Cyber Events Imminent | MSSP Alert
Supply Chain and Third Parties
Delta And Frontier Airlines Want Tech Companies To Pay Up For Losses (forbes.com)
The role of employee awareness in preventing supply chain attacks | TechRadar
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Cloud/SaaS
Phishing via file-sharing services jumps 350%, warns Abnormal Security (techmonitor.ai)
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs (darkreading.com)
Major GitHub repos leak access tokens putting code and clouds at risk | CSO Online
Outages
Delta And Frontier Airlines Want Tech Companies To Pay Up For Losses (forbes.com)
Encryption
NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum
Linux and Open Source
18-year-old browser bug still allows access to internal networks – Computerworld
Zero trust: How the ‘Jia Tan’ hack complicated open-source software | CyberScoop
New Double-Extortion Ransomware Attacking Linux Machines (cybersecuritynews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
Social Media
Fake X content warnings on Ukraine war, earthquakes used as clickbait (bleepingcomputer.com)
43% of Meta ads based on UK prime minister are crypto scams (protos.com)
Labour MPs begin quitting X over ‘hate and disinformation’ | X | The Guardian
Grok gets an impressive upgrade - and unchecked AI image generation apparently | ZDNET
Malvertising
43% of Meta ads based on UK prime minister are crypto scams (protos.com)
Training, Education and Awareness
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
The role of employee awareness in preventing supply chain attacks | TechRadar
Regulations, Fines and Legislation
New cyber security laws ‘could double’ number of reported breaches – The Irish Times
UN Approves Cyber Crime Treaty Despite Major Tech, Privacy Concerns (darkreading.com)
How Can Organisations Navigate SEC's Cyber Materiality Disclosures? (darkreading.com)
How to implement NIS2, Christoph Werkmeister, Hanna Hoffmann, Julia Utzerath (freshfields.com)
Enzo Biochem penalized $4.5M over 2023 ransomware theft • The Register
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
A world-first law in Europe is targeting artificial intelligence. Other countries can learn from it
Cyber Security In Healthcare: Regulation, Incentives Patient Safety (informationsecuritybuzz.com)
Models, Frameworks and Standards
NIST Releases First 3 Finalized Post-Quantum Encryption Standards | NIST
How to implement NIS2, Christoph Werkmeister, Hanna Hoffmann, Julia Utzerath (freshfields.com)
How UK firms can get ready for the implementation of NIS2 | Computer Weekly
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Data Protection
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Careers, Working in Cyber and Information Security
It's Time to Promote Security Talent From Within (darkreading.com)
Calls for lighter visa restrictions mount as UK tech faces talent shortfall | ITPro
Law Enforcement Action and Take Downs
FBI claims success in taking down another major ransomware group | TechRadar
‘Elite’ ransomware pioneer suspect charged after 9-year hunt • The Register
Cyber Criminal Duo Attracts FBI Notice by Spending Big & Living Large (darkreading.com)
Russian Sentenced To 40 Months For Selling Stolen Data On Dark Web (informationsecuritybuzz.com)
'Radar' ransomware group taken down by FBI - Tech Monitor
Suspected head of Reveton, Ransom Cartel RaaS groups arrested - Help Net Security
Misinformation, Disinformation and Propaganda
Multiple Iran groups step up US election influence efforts • The Register
Microsoft Report Exposes Iranian Cyber Warfare Targeting U.S. Election (fdd.org)
Tackling Disinformation Online With The Use Of Proper Tools (informationsecuritybuzz.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Japan will launch DARPA-esque research institute for cyber warfare | Cybernews
Nation State Actors
Trump Leak Likely a Harbinger of More Interference to Come (databreachtoday.co.uk)
China
China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa (thehackernews.com)
APT41 Spinoff Expands Chinese Actor's Scope Beyond Asia (darkreading.com)
Chinese hacking groups target Russian government, IT firms (bleepingcomputer.com)
Expanded attacks by Earth Baku detailed | SC Media (scmagazine.com)
China-linked cyber-spies infect Russian govt, IT sector • The Register
Russia
Russia launching more sophisticated phishing attacks, new report finds | Russia | The Guardian
Russians team up with young, English-speaking hackers for cyberattacks | 60 Minutes - CBS News
Russian cyber spies stole data and emails from UK government systems (securityaffairs.com)
Chinese hacking groups target Russian government, IT firms (bleepingcomputer.com)
Russia FSB cyber snoops linked to massive phishing campaign • The Register
Russian hacking campaign targets rights groups, media, former US ambassador | CyberScoop
Russian-Linked Hackers Target Eastern European NGOs and Media (thehackernews.com)
How the Kaspersky ban affects you and how to protect your data | Proton
Russia blocks Signal for 'violating' anti-terrorism laws (bleepingcomputer.com)
Russian Sentenced To 40 Months For Selling Stolen Data On Dark Web (informationsecuritybuzz.com)
Iran
Multiple Iran groups step up US election influence efforts • The Register
Microsoft Report Exposes Iranian Cyber Warfare Targeting U.S. Election (fdd.org)
Trump campaign said senior staffer hacked by Iran-backed APT | SC Media (scmagazine.com)
Google raps APT42 for high-profile spear-phishing attacks • The Register
Iran increases phishing attempts on U.S., Israeli targets | CyberScoop
North Korea
Beyond espionage – how the Lazarus Group is reshaping cyber security threats (securitybrief.co.nz)
North Korea stole technical data about key ROK military spy planes: Ruling party | NK News
South Korea says DPRK hackers stole spy plane technical data (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Greece leaves spy services unchecked on Predator hacks – POLITICO
Tools and Controls
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA - SecurityWeek
What is Threat Intelligence? - Security Boulevard
The role of employee awareness in preventing supply chain attacks | TechRadar
The Importance Of APIs/API Security In Financial Services (informationsecuritybuzz.com)
35% of exposed API keys still active, posing major security risks - Help Net Security
EDR testing: How to validate EDR tools | TechTarget
Cyber crime group disables EDR software to launch RansomHub ransomware | SC Media (scmagazine.com)
Taming Identity Sprawl With A Least Privilege Approach (informationsecuritybuzz.com)
Effective Communication Is Key to Successful Cyber Security (govinfosecurity.com)
A deep dive into multi-stage attacks and the need for complete visibility | TechRadar
Three ways a cyber-resilient approach can keep your data safe | TechRadar
Flashpoint CEO: Cyber, physical security threats converging | TechTarget
The 5 Different Types of Firewalls Explained (techtarget.com)
Evolving threat landscape influencing cyber insurance market | TechTarget
There's more than 25 ways to bypass a Secure Web Gateway • The Register
AI In Cyber Security: Can We Trust It? | MSSP Alert
How to select an MDR security service | TechTarget
Student raised security concerns in Mobile Guardian MDM weeks before cyberattack | TechCrunch
Federal Cyber Insurance Policy for Cataclysmic Cyber Events Imminent | MSSP Alert
Cyber Security: The Impact Of AI On Today’s Businesses - Minutehack
Apple Intelligence is “a boomer dad” that reportedly prioritizes phishing emails | Cybernews
AI/ML's Role in Cyber Security: Balancing Innovation, Safety (inforisktoday.com)
Other News
We are gradually becoming inured to technological messes – The Irish Times
Aware of what tech debt costs them, CIOs still can’t make it an IT priority | CIO
Why attacks against critical national infrastructure (CNI) are such a threat | ITPro
Three ways a cyber-resilient approach can keep your data safe | TechRadar
Flashpoint CEO: Cyber, physical security threats converging | TechTarget
Britain moves to tamper down cyber security row | SC Media (scmagazine.com)
The impact of cyber crime on modern businesses in Europe - Emerging Europe (emerging-europe.com)
Global Aviation Cyber Risk Landscape 2024 (airtrafficmanagement.net)
Media and entertainment firms are being hit with more cyberattacks than ever | TechRadar
What the Delta-Crowdstrike lawsuit may mean for IT contracts | TechTarget
Delta vs. CrowdStrike: The duties vendors owe to customers - or do they? - Help Net Security
How the Kaspersky ban affects you and how to protect your data | Proton
Cyber Security In Healthcare: Regulation, Incentives Patient Safety (informationsecuritybuzz.com)
US considers breaking up Google after illegal monopoly ruling, reports say | Google | The Guardian
Vulnerability Management
Tackling Vulnerabilities & Errors Head-on for Proactive Security (darkreading.com)
Easterly: Cyber security is a software quality problem | CyberScoop
A Lesson From the CrowdStrike Incident (darkreading.com)
Zero trust: How the ‘Jia Tan’ hack complicated open-source software | CyberScoop
Lessons learned from CrowdStrike's automation errors | TechTarget
Vulnerabilities
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (bleepingcomputer.com)
Microsoft discloses Office zero-day, still working on a patch (bleepingcomputer.com)
Microsoft Office Apps Provide a New Path for Hackers (howtogeek.com)
0-Click Outlook Vulnerability Triggred RCE When Email is Opened (cybersecuritynews.com)
Fortinet, Zoom Patch Multiple Vulnerabilities - SecurityWeek
18-year-old browser bug still allows access to internal networks – Computerworld
Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share (thehackernews.com)
Open Source Firewall pfsense Vulnerable to Remote Code Execution Attacks (cybersecuritynews.com)
Microsoft Copilot Flaws Could Lead to Targeted Cyberattacks (petri.com)
Worried about the Windows BitLocker recovery bug? 6 things you need to know | ZDNET
Former Microsoft security architect showcases 15 different ways to break Copilot | Windows Central
Adobe Calls Attention to Massive Batch of Code Execution Flaws - SecurityWeek
Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities - SecurityWeek
SolarWinds addressed a critical RCE in all Web Help Desk versions (securityaffairs.com)
Attacks Leveraging Windows SmartScreen Bypass Flaw Deployed Since March | MSSP Alert
Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR - SecurityWeek
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability (thehackernews.com)
Ivanti warns of critical vTM auth bypass with public exploit (bleepingcomputer.com)
SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps - SecurityWeek
Post-Exploitation Technique After Hacking Ivanti, Fortigate VPN Servers (cybersecuritynews.com)
GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover (thehackernews.com)
Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 14 August 2024 – Microsoft, Adobe, Ivanti, SAP, Fortinet, Zoom, Intel and AMD Security Updates
Black Arrow Cyber Advisory 14 August 2024 – Microsoft, Adobe, Ivanti, SAP, Fortinet, Zoom, Intel and AMD Security Updates
Executive summary
Microsoft’s August Patch Tuesday provides updates to address 89 security issues across its product range, including six actively exploited zero-day vulnerabilities and three publicly disclosed zero-days. In addition to the Microsoft updates this week also saw Adobe fix 72 vulnerabilities across various products, Ivanti addressing a critical vulnerability in their Virtual Traffic Manager product and SAP releasing 25 patches for a variety of products, including 2 for critical vulnerabilities. Also, Fortinet released patches for a number of their different products, Zoom addressed 15 vulnerabilities across their product range, including two high-severity issues, and Intel and AMD patched 110 vulnerabilities between them.
Microsoft
Within the 89 addressed security issues, the actively exploited zero-day vulnerabilities include privilege elevations, memory corruption, web security feature bypass and remote code execution. All of which have been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog”. Also, among the updates provided by Microsoft were 8 critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution and information disclosure.
Adobe
This month, Adobe released fixes for 72 vulnerabilities, of which 35 were rated critical, across several of their products. The affected products and their respective vulnerabilities are as follows: Adobe Illustrator (1 critical), Adobe Dimension (3 critical), Adobe Photoshop (1 critical), InDesign (9 critical), Adobe Acrobat Reader (8 critical), Adobe Bridge (2 critical), Adobe Commerce (7 critical), Adobe InCopy (1 critical), Adobe Substance 3D Stager (1 critical), Adobe Substance 3D Sampler (1 critical), Adobe 3D Designer (1 critical). Adobe have specifically warned that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks. At current, Adobe is not aware of any of these vulnerabilities being actively exploited.
Fortinet
Fortinet have released patches for three vulnerabilities impacting FortiOS, FortiAnalyser, FortiManager, FortiProxy, FortiPAM and FortiSwitchManager. At current, Fortinet makes no mention of any of these vulnerabilities being actively exploited. Further details on the vulnerabilities and the patches can be found in the details below.
Ivanti
Ivanti have released a security update to address a critical vulnerability (CVE-2024-7593) in Virtual Traffic Manager (vTM) which could allow an unauthenticated attacker to bypass authentication of the admin panel and create admin users. The issue affects vTM versions 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, and 22.7R1, with fixes available in versions 22.2R1, 22.7R2, and 22.3R3, 22.5R2, and 22.6R2 (all available the week of August 19, 2024). Currently Ivanti is not aware of any of these vulnerabilities being actively exploited however there is a public proof of concept that has been released so it is advised to apply the patches as soon as possible.
SAP
This month, SAP has released 25 patches, which include 17 new releases and 8 updates from previous releases. 2 patches have been given the “hot news” priority in SAP, the highest severity. The vulnerabilities encompass a range of issues, including missing authentication checks, server-side request forgery (SSRF), XML injection and Prototype pollution.
Intel and AMD
Intel has published 43 new advisories covering roughly 70 vulnerabilities, including 9 high-severity issues affecting products like Intel NUC and Ethernet Controllers. Exploitation of these vulnerabilities can lead to privilege escalation, information disclosure, and denial of service. Meanwhile, AMD has released patches for 46 vulnerabilities across 8 advisories. Further information on the different vulnerabilities can be found below.
Zoom
This month, Zoom addressed 15 vulnerabilities across their product range, including two high-severity issues. CVE-2024-39825 affects Zoom Workplace apps and Rooms clients, allowing authenticated attackers to escalate privileges. CVE-2024-39818 impacts Zoom Workplace apps and Meeting SDKs, enabling authenticated users to access restricted information. Currently Zoom is not aware of any active exploitation but users are advised to update the affected applications.
What’s the risk to me or my business?
There are a large number of actively exploited vulnerabilities which could affect the confidentiality, integrity and availability of the systems. There is also a large quantity of critical and non-critical vulnerabilities that have been addressed in various vendor patches.
What can I do?
The updates should be applied as soon as possible for all the actively exploited vulnerabilities and all other vulnerabilities that have a critical severity rating. Each vulnerability should be internally assessed and patched following vulnerability management and software/firmware update practices, in line with the risk that the vulnerabilities pose to the underlying systems.
More information:
Microsoft
Further details on other specific updates within this Microsoft patch Tuesday can be found here:
Adobe
Further details of the vulnerabilities in Adobe Illustrator can be found here:
https://helpx.adobe.com/security/products/illustrator/apsb24-45.html
Further details of the vulnerabilities in Adobe Dimension can be found here:
https://helpx.adobe.com/security/products/dimension/apsb24-47.html
Further details of the vulnerabilities in Adobe Photoshop can be found here:
https://helpx.adobe.com/security/products/photoshop/apsb24-49.html
Further details of the vulnerabilities in Adobe InDesign can be found here:
https://helpx.adobe.com/security/products/indesign/apsb24-56.html
Further details of the vulnerabilities in Adobe Acrobat Reader can be found here:
https://helpx.adobe.com/security/products/acrobat/apsb24-57.html
Further details of the vulnerabilities in Adobe Bridge can be found here:
https://helpx.adobe.com/security/products/bridge/apsb24-59.html
Further details of the vulnerabilities in Adobe Commerce can be found here:
https://helpx.adobe.com/security/products/magento/apsb24-61.html
Further details of the vulnerabilities in Adobe InCopy can be found here:
https://helpx.adobe.com/security/products/incopy/apsb24-64.html
Further details of the vulnerabilities in Adobe Substance 3D Stager can be found here:
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-60.html
Further details of the vulnerabilities in Adobe Substance 3D Sampler can be found here:
https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-65.html
Further details of the vulnerabilities in Adobe Substance 3D Designer can be found here:
https://helpx.adobe.com/security/products/substance3d_designer/apsb24-67.html
Fortinet
https://www.fortiguard.com/psirt?page=1&date=&severity=&product=FortiExtender,FortiAP-U,FortiAP-W2,FortiAP-S,FortiOS-6K7K,FortiSwitchManager,FortiSandbox,FortiAP-C,FortiAnalyzer,FortiSwitch,FortiManager,FortiAP,FortiOS,FortiAnalyzer-BigData&component=&version= [ND1]
Ivanti
Further details of the vulnerabilities on Ivanti Virtual Traffic Manager can be found here:
SAP
Further details of the vulnerabilities addressed by SAP can be found here:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2024.html
Intel
https://www.intel.com/content/www/us/en/security-center/default.html
AMD
https://www.amd.com/en/resources/product-security.html
Zoom
Known Exploited Vulnerabilities Catalog:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 09 August 2024
Black Arrow Cyber Threat Intelligence Briefing 09 August 2024:
-UK Business Struggling to Prioritise Cyber Security Needs
-The C-Suite Conundrum: Are Senior Executives the Achilles’ Heel of Cyber Security?
-Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication
-Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cyber Criminals
-How the Theft of 40M UK Voter Register Records was Entirely Preventable
-18-Year-Old Security Flaw in Firefox and Chrome Exploited in Attacks
-99% of Global 2000 Companies Directly Connected to a Supply Chain Breach
-Email Attacks Skyrocket 293%
-Police Recover Over $40m Headed to BEC Scammers
-Russia's Priorities in Prisoner Swap Suggest Cyber Focus
-Point of Entry: Why Hackers Target Stolen Credentials for Initial Access
-FBI: BlackSuit Ransomware Behind Over $500 Million in Ransom Demands
-Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes
-Finance Should Pay Much More Attention to Undersea Cables Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Business Struggling to Prioritise Cyber Security Needs
UK businesses are increasingly struggling to meet cyber security demands due to insufficient technology, expertise, and funding. Over 80% of organisations report a significant cyber skills gap, with six in 10 CISOs citing underfunded security budgets. Insider threats, particularly those involving AI tools like ChatGPT, are identified as the biggest risk, yet nearly two-thirds of organisations lack the technology to combat these threats. While 85% have turned to automation to bolster defences, experts caution against overreliance on AI, stressing the need for skilled personnel. Simultaneously, 86% of cyber security professionals now rank unknown threats as their top concern, driving nearly 99% of organisations to plan outsourcing segments of their cyber risk management to third-party providers within the next two years. This trend underscores the importance of improved network visibility and the critical role of managed detection and response (MDR) services, which depend heavily on accurate data and human analysis.
The C-Suite Conundrum: Are Senior Executives the Achilles’ Heel of Cyber Security?
A recent analysis highlights the heightened risk facing C-suite executives, who are increasingly targeted by sophisticated spear phishing and whaling attacks due to their access to valuable corporate data and decision-making authority. CEOs are the primary targets, receiving 23% of phishing emails, followed closely by chief people officers (21%) and chief finance officers (19%). The human element remains a significant vulnerability, with 74% of breaches linked to human error, including misdirected emails. To mitigate these risks, organisations should provide tailored security training for executives and enhance their email security with integrated cloud solutions to prevent advanced threats and outbound data loss.
Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication
Ransomware attacks are escalating in 2024, with over 2,500 incidents recorded in the first half of the year, averaging more than 14 attacks daily. The rise in double extortion tactics is evident, with postings on leak sites increasing from 24 per month in early 2023 to 40 per month in 2024. Despite this growing sophistication, many organisations still neglect basic cyber hygiene, leaving vulnerabilities in RDP, VPNs, and the absence of multi-factor authentication as key entry points for attackers. A separate report by Sophos X-Ops highlights the increasing psychological tactics of ransomware gangs, who now aim to inflict emotional and reputational harm on victims. The Monti gang, for example, threatened to expose an employee's falsely accused browser history, while other groups have doxed (leaked personal information online) business owners, revealing personal and financial details. Ransomware operators also leverage media pressure and new regulations, threatening to report breaches to regulatory bodies if victims fail to comply. This shift underscores the intensified psychological warfare being waged by ransomware groups against targeted organisations.
Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cyber Criminals
A recent report highlights the increasing sophistication of cyber threats, with cyber crime-as-a-service models such as Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) lowering the barrier to entry for attackers. Notably, information-stealing malware accounted for 29% of early investigations, while phishing remains a significant concern, with 17.8 million phishing emails detected between December 2023 and July 2024. The report underscores the need for more proactive or anticipatory security measures as traditional reactive defences struggle to keep pace with evolving tactics, techniques, and procedures (TTPs) used by cyber criminals.
How the Theft of 40M UK Voter Register Records was Entirely Preventable
The UK’s Information Commissioner’s Office (ICO) has revealed that the massive data breach affecting 40 million UK voters was entirely preventable. The breach, which went undetected for over a year, was attributed to the Electoral Commission's failure to patch known vulnerabilities in its self-hosted Microsoft Exchange server. The ICO criticised the Commission for inadequate security measures, including poor password management, and noted that these basic lapses allowed hackers to steal voter information. Despite the severity of the breach, the ICO did not impose a fine, citing the absence of evidence that the stolen data was misused.
18-Year-Old Security Flaw in Firefox and Chrome Exploited in Attacks
A recently highlighted vulnerability, known as "0.0.0.0 Day", has persisted for 18 years and affects Linux and macOS devices, allowing malicious websites to bypass security in Chrome, Firefox, and Safari. This flaw enables attackers to interact with local network services, potentially changing settings or accessing protected information, and in some cases, executing remote code. Despite being reported in 2008, the vulnerability remains unresolved, with browsers acknowledging the issue and working towards a fix. The flaw exploits inconsistencies in browser security mechanisms like Cross-Origin Resource Sharing (CORS) and Private Network Access (PNA), making it a significant ongoing risk.
99% of Global 2000 Companies Directly Connected to a Supply Chain Breach
SecurityScorecard and The Cyentia Institute has revealed that 99% of Global 2000 companies are directly connected to vendors that have experienced recent breaches, underscoring the escalating risk of supply chain cyber attacks. These interconnected businesses face severe cyber risks, with supply chain incidents costing 17 times more to manage than first-party breaches. The report estimates that losses from Global 2000 breaches over 15 months ranged between $20 billion and $80 billion, with 90% of these companies acting as vendors to each other.
Email Attacks Skyrocket 293%
Acronis reveals a 293% surge in email attacks during the first half of 2024 compared to the same period in 2023, with ransomware detections also rising by 32% from Q4 2023 to Q1 2024. The report highlights that SMBs in government and healthcare are particularly vulnerable, with new ransomware groups accounting for 84 global attacks. The growing use of AI in cyber attacks, including social engineering and automation, is emphasised as a significant emerging threat. It is recommended that MSPs adopt a comprehensive security strategies, including advanced endpoint protection and security awareness training, to combat these evolving risks.
Police Recover Over $40m Headed to BEC Scammers
A Singaporean commodity firm narrowly avoided a significant loss after falling victim to a business email compromise (BEC) scam, transferring $42.3m to fraudsters in Timor Leste. Fortunately, the Singapore Police Force, utilising Interpol's Global Rapid Intervention of Payments (I-GRIP) mechanism, managed to recover $41m within ten days of the incident. This case underscores the effectiveness of rapid international cooperation in combating financial cyber crime. BEC scams continue to be a major threat, with the FBI reporting over $2.9bn lost to such attacks in 2023 alone.
Russia's Priorities in Prisoner Swap Suggest Cyber Focus
A recent prisoner exchange between the United States and Russia involved the release of eight convicted Russian nationals, including cyber criminals Vladislav Klyushin and Roman Seleznev, in return for 16 imprisoned Americans and Europeans. Klyushin, involved in a $93 million "hack-to-trade" scheme, and Seleznev, who ran a large-scale credit card fraud operation, highlight Russia's emphasis on cyber activities. Despite concerns about the implications of such exchanges, experts suggest that this historic swap, supported by five allied nations, is unlikely to alter how law enforcement approaches cyber crime prosecution.
Point of Entry: Why Hackers Target Stolen Credentials for Initial Access
ENISA, the European Union Agency for Cybersecurity, has highlighted the growing threat posed by stolen credentials, now the leading cause of data breaches, accounting for 24% of incidents. The Initial Access Broker (IAB) market has seen significant growth, with cyber criminals using malware such as Redline and Raccoon Stealer to harvest and sell credentials. Despite advancements in security measures, including multi-factor authentication (MFA), attackers continue to find ways to bypass defences. The report underscores the critical need for organisations to enforce strong password policies and continuously monitor for compromised credentials to mitigate this evolving threat.
FBI: BlackSuit Ransomware Behind Over $500 Million in Ransom Demands
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI has confirmed that the ransomware group previously known as Royal has rebranded as BlackSuit, demanding over $500 million in ransoms since its emergence. Active since September 2022, BlackSuit is believed to be the direct successor of the Conti syndicate, responsible for attacks on over 350 organisations and linked to major incidents like the CDK Global IT outage. Ransom demands typically range from $1 million to $10 million, with a peak demand of $60 million. The rebranding follows the deployment of a new encryptor, marking an evolution in the group's tactics and capabilities.
Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes
According to a recent survey conducted among nearly 1,000 IT and security professionals, it was found that 74% of respondents had experienced multiple ransomware attacks within the past year. Among those targeted, 78% ended up paying the ransom. Even more concerning is that out of those who paid, 72% did so on more than one occasion. Notably, 33% reported paying the ransom as many as four times or more. Despite these payments, 87% of attacks led to significant business disruption, including data loss, and 35% of victims did not receive functional decryption keys. Recovery was slow, with nearly half taking up to seven days to restore minimal IT functionality. This comes as another report highlights the rising threat, with security leaders facing an average of eight attacks per year, leading to nearly $2.5 million in ransom payments.
Finance Should Pay Much More Attention to Undersea Cables Risk
A recent analysis has highlighted the critical yet overlooked risk posed by undersea cables, which carry over 99% of global internet traffic, including $10 trillion in daily financial transactions. A new Rogucci report warns that while previous threats were mainly local sabotage, the current danger stems from state-sponsored hostile acts, with nations like Russia posing significant risks. The report calls for a $5 billion investment to triple the repair fleet and establish a centralised command to ensure network resilience. Without immediate action, the world’s financial infrastructure remains highly vulnerable to catastrophic disruption.
Sources:
https://www.scmagazine.com/news/most-companies-are-afraid-of-unseen-cybersecurity-threats
https://www.scmagazine.com/news/ransomware-gangs-leverage-new-tactics-to-pressure-victims-to-pay-up
https://www.helpnetsecurity.com/2024/08/09/maas-threat-landscape/
https://www.helpnetsecurity.com/2024/08/06/email-attacks-h1-2024/
https://www.infosecurity-magazine.com/news/police-recover-40m-bec-scammers/
https://www.darkreading.com/cyber-risk/russias-priorities-in-prisoner-swap-suggest-cyber-focus
https://www.insurancejournal.com/news/national/2024/08/08/787480.htm
https://www.ft.com/content/ab0e00b3-ce0a-4b44-a694-d398d67f64cc
Governance, Risk and Compliance
How C-Suite Leaders Can Set The Cyber Security Tone (forbes.com)
UK business struggling to prioritise cyber security needs, report reveals (holyrood.com)
CISOs don't feel supported at board level (betanews.com)
Boardroom Defence: Questions About Cyber Security (forbes.com)
Microsoft on CISOs: Thriving Community Means Stronger Security (darkreading.com)
Cyber resilience and the C-Suite navigating innovation and risk | SC Media (scmagazine.com)
Executives Beware: Understanding the Risk of Targeted Cyber Attacks - Security Boulevard
Effective Board Communication: Lessons from CrowdStrike for CISOs | UpGuard
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware groups develop more sophisticated business models (betanews.com)
Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses - Security Week
Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes (insurancejournal.com)
Ransomware gangs leverage new tactics to pressure victims to pay up | SC Media (scmagazine.com)
Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication - Security Week
Ransomware attacks expected to worsen this year | SC Media (scmagazine.com)
Organisations face an average of 8 ransomware incidents per year | Security Magazine
FBI: BlackSuit ransomware made over $500 million in ransom demands (bleepingcomputer.com)
Soft ransomware targets, a new top emerging risk for enterprises: Gartner - Reinsurance News
Intelligence bill would elevate ransomware to a terrorist threat | CyberScoop
Should Organisations Pay Ransom Demands? (securityaffairs.com)
Royal ransomware crew puts on a BlackSuit in rebrand | Computer Weekly
Proton ransomware continues evolution with latest Zola variant | SC Media (scmagazine.com)
Ransomware gang targets IT workers with new RAT masquerading as IP scanner - Help Net Security
Ransomware Victims
UK IT provider faces $7.7 million fine for 2022 ransomware breach (bleepingcomputer.com)
French Museums Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
Surge in Magniber ransomware attacks impact home users worldwide (bleepingcomputer.com)
Watchdog set to fine NHS IT firm after medical records hack - BBC News
Ransomware attack paralyzes milking robots — cow dead | CSO Online
Ransomware Attack Cost Keytronic Over $17 Million - Security Week
Phishing & Email Based Attacks
The Alarming Surge Of Lateral Phishing – Are We All Just Sitting Ducks? | HackerNoon
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
62 percent of phishing emails pass DMARC checks (betanews.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Email attacks skyrocket 293% - Help Net Security
Microsoft 365 anti-phishing alert "erased" with one simple trick - Help Net Security
Darktrace report: 56% of phishing emails bypass security checks (securitybrief.co.nz)
KnowBe4 Releases Q2 Quarterly Phishing Test Results | Business Wire
HR emails top phishing tactics in KnowBe4's Q2 2024 report (securitybrief.co.nz)
Phishers have figured out that everyone is afraid of HR | CSO Online
BEC
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
Email attacks skyrocket 293% - Help Net Security
Other Social Engineering
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Artificial Intelligence
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
Auditors fear AI will ‘turbocharge’ cyber crime - CIR Magazine
AI in the Enterprise: Cutting Through the Hype and Assessing Real Risks - Security Week
Do you know what's in the new AI Cyber Code? - Accountancy Age
ACCA welcomes gov’s proposed AI cyber security code | Accountancy Today
Tech giants reveal plans to combat AI-fueled election antics | CyberScoop
Security industry braces for Democracy’s biggest test yet | SC Media (scmagazine.com)
Disinformation may 'go nuclear' rather than 'go viral,' researchers say | TechCrunch
Securing against GenAI weaponization - Help Net Security
AI-obsessed company leaders can't ignore cyber security, says Palo Alto's CEO | Fortune
UK cyber spies plan AI lab to counter hostile state threats (cryptopolitan.com)
The dangers of voice deepfakes in the November election | TechTarget
AI PCs bring new security protections and risks. Here's what users need to know | ZDNET
What Does the EU AI Act Mean for Cyber Security? - Silicon UK Expert Advice
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
2FA/MFA
Implement MFA or Risk Non-Compliance With GDPR - Security Week
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
Malware
Hackers breach ISP to poison software updates with malware (bleepingcomputer.com)
Google Ads used to spread Mac malware disguised as 'Loom' (appleinsider.com)
Malware goes undetected by hiding malicious code in uncommon MS Access format - VMRay
Sneaky SnakeKeylogger slithers into Windows email inboxes • The Register
North Korean hackers exploit VPN update flaw to install malware (bleepingcomputer.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Chameleon Banking Trojan Makes a Comeback Cloaked as CRM App (darkreading.com)
New CMoon USB worm targets Russians in data theft attacks (bleepingcomputer.com)
Bad apps bypass Windows alerts for six years using LNK files • The Register
Ransomware gang targets IT workers with new RAT masquerading as IP scanner - Help Net Security
Mobile
Cyber Security is Not Complete Without EDR for Mobile | MSSP Alert
New LianSpy malware hides by blocking Android security feature (bleepingcomputer.com)
Extensive capabilities of new BlankBot Android trojan detailed | SC Media (scmagazine.com)
Google Patches New Android Kernel Vulnerability Exploited in the Wild (thehackernews.com)
Flaw in 5G phones exposes millions of users to spying (newsbytesapp.com)
Denial of Service/DoS/DDOS
Gaming Industry Faces 94% Surge in DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft Azure Attack Shows Persistence of Blunt Hacking Tool (claimsjournal.com)
How to recover from a DDoS attack – and what they can teach businesses | ITPro
Port of Tyne website hit by cyber attack - BBC News
Internet of Things – IoT
20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers (darkreading.com)
As use of IoT devices grows, so do the associated security risks | ZDNET
Next-Gen Vehicle Technologies Poses Challenges For Cyber Security Pros (informationsecuritybuzz.com)
With Most Modern Cars Locked Down, Hackers Turn to EV Chargers (pcmag.com)
Data Breaches/Leaks
How the theft of 40M UK voter register records was entirely preventable | TechCrunch
Personal Data of 3 Billion People Stolen in Hack, Suit Says (bloomberglaw.com)
Florida firm sued over theft of 2.9B personal records • The Register
ADT confirms data breach after customer info leaked on hacking forum (bleepingcomputer.com)
Tech Contractor Exposes Data Of 4.6 Million US Voters (informationsecuritybuzz.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Billion-dollar bust as cops op shutters Cryptonator wallet • The Register
Airbnb host adds ‘no crypto mining’ rule after tenant installs 10 rigs
How blockchain can support third-party risk management | TechTarget
Insider Risk and Insider Threats
Suspicious Minds: Insider Threats in The SaaS World (thehackernews.com)
Stopping cyber attackers from targeting the weakest links in security | ITPro
Insurance
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
Supply Chain and Third Parties
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
99% of Global 2000 Companies Directly Connected to a Supply Chain Breach | Business Wire
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
CrowdStrike: Delta Rejected Our Help in Wake of Windows Crash (pcmag.com)
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Lessons unlearned -- the cyber security industry is stuck in the past (betanews.com)
Tech Contractor Exposes Data Of 4.6 Million US Voters (informationsecuritybuzz.com)
Sports venues must vet their vendors to maintain security - Help Net Security
Cloud/SaaS
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins (darkreading.com)
Suspicious Minds: Insider Threats in The SaaS World (thehackernews.com)
Inherent disadvantage: Why attackers have the upper hand in the cloud | SC Media (scmagazine.com)
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds - Security Week
Outages
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Delta: CrowdStrike’s offer for help too little, too late • The Register
Lessons unlearned -- the cyber security industry is stuck in the past (betanews.com)
Encryption
The looming threat of Q-day and how CFOs should prepare | Fortune
Preparing for the Future of Post-Quantum Cryptography (darkreading.com)
US nears milestone in race to prevent quantum hacking (ft.com)
Linux and Open Source
Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com)
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Point of entry: Why hackers target stolen credentials for initial access (bleepingcomputer.com)
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds - Security Week
Social Media
US sued TikTok and ByteDance for violating children’s privacy laws - Security Affairs
Many dating apps a matchmaker for cyber criminals, study finds | Premium | Compliance Week
Online platforms told they risk stirring up hate and violence - BBC News
Malvertising
Google Ads used to spread Mac malware disguised as 'Loom' (appleinsider.com)
You’re telling me that ad was fake? Malvertising is sneakier than ever (securitybrief.co.nz)
Training, Education and Awareness
Stopping cyber attackers from targeting the weakest links in security | ITPro
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
Regulations, Fines and Legislation
UK IT provider faces $7.7 million fine for 2022 ransomware breach (bleepingcomputer.com)
US sued TikTok and ByteDance for violating children’s privacy laws - Security Affairs
Implement MFA or Risk Non-Compliance With GDPR - Security Week
Florida firm sued over theft of 2.9B personal records • The Register
Watchdog set to fine NHS IT firm after medical records hack - BBC News
Do you know what's in the new AI Cyber Code? - Accountancy Age
ACCA welcomes gov’s proposed AI cyber security code | Accountancy Today
SEC ends probe into MOVEit attacks impacting 95 million people (bleepingcomputer.com)
Intelligence bill would elevate ransomware to a terrorist threat | CyberScoop
Unraveling the ‘Materiality’ Mystery of SEC Compliance (informationweek.com)
NIS2 Directive in the EU: An imminent deadline, insufficient preparation - IT Security Guru
What Does the EU AI Act Mean for Cyber Security? - Silicon UK Expert Advice
Cyber Security and Resilience Bill good news for business and insurers (emergingrisks.co.uk)
Models, Frameworks and Standards
Download: CIS Critical Security Controls v8.1 - Help Net Security
NIS2 Directive in the EU: An imminent deadline, insufficient preparation - IT Security Guru
Backup and Recovery
What's the best way to protect against HDD failure? | TechTarget
Careers, Working in Cyber and Information Security
How to start your cyber security career: Expert tips and guidance - Help Net Security
What cyber security pros can learn from first responders (securityintelligence.com)
Law Enforcement Action and Take Downs
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Billion-dollar bust as cops op shutters Cryptonator wallet • The Register
Nashville man arrested for aiding North Korean remote IT worker fraud | CyberScoop
US dismantles laptop farm used by undercover North Korean IT workers (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Tech giants reveal plans to combat AI-fueled election antics | CyberScoop
Security industry braces for Democracy’s biggest test yet | SC Media (scmagazine.com)
Disinformation may 'go nuclear' rather than 'go viral,' researchers say | TechCrunch
The dangers of voice deepfakes in the November election | TechTarget
Microsoft: Iran makes late play to meddle in US elections | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK cyber spies plan AI lab to counter hostile state threats (cryptopolitan.com)
How Africa became the testing ground for cyber warfare | ITPro
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Nation State Actors
China
How the theft of 40M UK voter register records was entirely preventable | TechCrunch
Easterly: Potential Chinese cyber attack could unfold like CrowdStrike error | CyberScoop
Hackers breach ISP to poison software updates with malware (bleepingcomputer.com)
Chinese cyber attack sparks alert over six year old MS vuln | Computer Weekly
Fears of war with China grow but Labour is intent on a relationship with Beijing (inews.co.uk)
China's APT41 Targets Taiwan Research Institute for Cyber Espionage (darkreading.com)
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Russia
Russia's Priorities in Prisoner Swap Suggest Cyber Focus (darkreading.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
New CMoon USB worm targets Russians in data theft attacks (bleepingcomputer.com)
Iran
Microsoft: Iran makes late play to meddle in US elections | CyberScoop
Israeli hacktivist group claims it took down Iran's internet • The Register
North Korea
North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry (thehackernews.com)
North Korean hackers exploit VPN update flaw to install malware (bleepingcomputer.com)
Nashville man arrested for aiding North Korean remote IT worker fraud | CyberScoop
US dismantles laptop farm used by undercover North Korean IT workers (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Israeli hacktivist group claims it took down Iran's internet • The Register
Tools and Controls
62 percent of phishing emails pass DMARC checks (betanews.com)
Cyber Security is Not Complete Without EDR for Mobile | MSSP Alert
Security teams failing to manage Apple devices effectively (betanews.com)
Why every modern SOC needs a dedicated Vulnerability Operations Center (VOC) | TechRadar
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
AI in the Enterprise: Cutting Through the Hype and Assessing Real Risks - Security Week
The Potential Pitfalls Of Cyber Security Platformisation (forbes.com)
Securing from Active Directory Attacks - Security Boulevard
Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released - Help Net Security
The API Security Crisis: Why Your Company Could Be Next (darkreading.com)
How to recover from a DDoS attack – and what they can teach businesses | ITPro
12 types of endpoint security | TechTarget
Building an Effective Strategy to Manage AI Risks (darkreading.com)
Microsoft 365 anti-phishing alert "erased" with one simple trick - Help Net Security
After the Dust Settles: Post-Incident Actions - Security Week
Cyber Security and Resilience Bill good news for business and insurers (emergingrisks.co.uk)
Stopping cyber attackers from targeting the weakest links in security | ITPro
How Situational Awareness Enhances the Security of Your Facility - Security Boulevard
Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year - Security Week
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
AI PCs bring new security protections and risks. Here's what users need to know | ZDNET
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Where internal audit teams are spending most of their time - Help Net Security
Effective Board Communication: Lessons from CrowdStrike for CISOs | UpGuard
Other News
Most companies are afraid of unseen cyber security threats | SC Media (scmagazine.com)
Finance should pay much more attention to undersea cables risk (ft.com)
Mobile device management vendor Mobile Guardian attacked • The Register
Every Microsoft employee is now being judged on their security work - The Verge
How Cyber Criminals Are Weaponizing Sound Waves | HackerNoon
Report: Myths about tech still plaguing the IT world • The Register
UK under threat from exposed industrial systems – Censys (datacentrenews.uk)
How I got ‘hacked’ and what that says about the banking system (ft.com)
Attackers Use Multiple Techniques to Bypass Reputation-Based Security (darkreading.com)
Is the US Federal Government Increasing Cyber Risk Through Monoculture? (darkreading.com)
Over 40,000 Internet-Exposed ICS Devices Found in US: Censys - Security Week
Vulnerability Management
CVEs Surge 30% in 2024, Only 0.91% Weaponized - Infosecurity Magazine (infosecurity-magazine.com)
Why every modern SOC needs a dedicated Vulnerability Operations Center (VOC) | TechRadar
Best Practices for Effective Vulnerability Management | MSSP Alert
Monitoring KEV List for Changes Can Guide Security Teams (darkreading.com)
Vulnerabilities
Windows Update downgrade attack "unpatches" fully-updated systems (bleepingcomputer.com)
18-year-old security flaw in Firefox and Chrome exploited in attacks (bleepingcomputer.com)
Bitdefender Vulnerability Let Attackers Trigger SSRF Attacks (cybersecuritynews.com)
Microsoft Edge Vulnerability Let Attackers Execute Arbitrary Code (cybersecuritynews.com)
12 wide-impact firmware vulnerabilities and threats | CSO Online
Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com)
Google Patches New Android Kernel Vulnerability Exploited in the Wild (thehackernews.com)
20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers (darkreading.com)
Windows Smart App Control has a worrying security bug that hackers exploited for years | TechRadar
Microsoft Update Warning—70% Of All Windows Users Now At Risk (forbes.com)
Chrome, Firefox Updates Patch Serious Vulnerabilities - Security Week
Apple to Address '0.0.0.0' Security Vulnerability in Safari 18 - MacRumors
Critical Progress WhatsUp RCE flaw now under active exploitation (bleepingcomputer.com)
Windows Update Flaws Allow Undetectable Downgrade Attacks - Security Week
Hackers Exploited An 18-Year-Old Loophole In Safari, Chrome And Firefox (forbes.com)
Download iOS 17.6.1 Now to Ensure This Feature Is Working Correctly - CNET
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins (darkreading.com)
GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU - Security Week
Chinese cyber attack sparks alert over six year old MS vuln | Computer Weekly
BIND Vulnerabilities: Urgent Security Updates Released - Security Boulevard
AWS Patches Vulnerabilities Potentially Allowing Account Takeovers - Security Week
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (thehackernews.com)
Cisco warns of critical RCE zero-days in end of life IP phones (bleepingcomputer.com)
Exploit released for Cisco SSM bug allowing admin password changes (bleepingcomputer.com)
CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature (thehackernews.com)
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
Flaw in 5G phones exposes millions of users to spying (newsbytesapp.com)
Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year - Security Week
1Password vulnerability lets attackers steal Vault items • The Register
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
Microsoft: Exchange 2016 reaches extended end of support in October (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 08 August 2024 – Critical WhatsUp Gold RCE Vulnerability
Black Arrow Cyber Advisory 08 August 2024 – Critical WhatsUp Gold RCE Vulnerability
Executive summary
Progress Software has released patches for WhatsUp Gold, a network monitoring application. The patches fix three critical vulnerabilities including one which is seeing active exploitation attempts. The actively exploited critical vulnerability (CVE-2024-4885) allows an unauthenticated malicious attacker to perform remote code execution with elevated privileges. The other two critical vulnerabilities (CVE-2024-4883 and CVE-2024-4884) allow an unauthenticated attacker to perform remote code execution with elevated privileges.
What’s the risk to me or my business?
The vulnerability CVE-2024-4885 allows unauthenticated remote code execution, enabling attackers to execute arbitrary commands with elevated privileges (service account). Exploitation of this flaw can lead to severe consequences, including unauthorised access to sensitive data, disruption of network monitoring services and potential lateral movement within the network.
Increased risk of further exploitation through other vulnerabilities
Active exploitation attempts have been observed since August 1, 2024, highlighting the urgency for businesses to address this vulnerability. Failure to mitigate this risk could result in significant financial and reputational damage.
What can I do?
Security researchers have uncovered active exploitation attempts of CVE-2024-4885 in the wild, dating back to the 1st of August. Given the severity of this vulnerability, which impacts all versions released prior to 2023.1.3, immediate action is advised. Black Arrow strongly recommends the prompt application of the available patches to mitigate the risk.
Technical Summary
CVE-2024-4885 – If successfully exploited this vulnerability, in the WhatsUp.ExportUtilities.Export.GetFileWithoutZip function, allows an unauthenticated attacker to execute of commands as a service account through NmApi.exe.
CVE-2024-4884 - If successfully exploited, this vulnerability allows an unauthenticated attacker to execute commands with iisapppool\nmconsole privileges. The vulnerability specifically exists in Apm.UI.Areas.APM.Controllers.CommunityController.
CVE-2024-4883 - If successfully exploited, this vulnerability allows an unauthenticated attacker to execute commands with iisapppool\nmconsole privileges. The vulnerability specifically exists in Apm.UI.Areas.APM.Controllers.CommunityController.
Further information on WhatsUp Gold can be found here:
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 02 August 2024
Black Arrow Cyber Threat Intelligence Briefing 02 August 2024:
-UK IT Leaders Feeling Less Secure Despite Cyber Security Investments
-Average Data Breach Cost Jumps to $4.88 Million, Collateral Damage Increased
-Cyber Attacks Are Inevitable, Stop Preparing for If One Happens and Start Preparing for When One Will
-How AI is Shaping Fraud as BEC Attacks Surge 20% Annually Thanks to AI Tooling
-Organisations Fail to Log 44% of Cyber Attacks. Just One in 10 Attacks Flagged by Security Tools, 40% of Environments are Vulnerable to Full Takeover
-One in Five Employees Have No Cyber Security Training
-Ferrari Exec Foils Deepfake Attempt by Asking the Scammer a Question Only CEO Benedetto Vigna Could Answer
-Half of Businesses Report an Increase in State-Sponsored Cyber Threats Amid Rising Geopolitical Tension
-New Android Malware Wipes your Device After Draining Bank Accounts
-Report Reveals how Cyber Attacks Target Organisations Depending on Size
-An 18% Increase in Ransomware Attacks Includes $75M Payment
-UK ‘Desperately Exposed’ to Cyber Threats - Is It Time for the UK to Refresh Its Cyber Strategy?
-People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK IT Leaders Feeling Less Secure Despite Cyber Security Investments
A recent report indicates that despite increased investment in cyber security, over 87% of UK IT leaders feel less secure than a year ago. In a survey of 150 decision-makers, 90% noted a rise in the risk and severity of cyber attacks, with 61% finding the attack surface uncontrollable. Concerns include ransomware, lack of visibility, identity misuse, misconfiguration, and emerging technologies like Generative AI. Despite 97% increasing their cyber security budgets, 61% doubt its sufficiency, and 71% believe complete security is unattainable. Additionally, 53% have adopted some Zero Trust controls, but face challenges in comprehensive implementation due to costs and resource limitations.
Average Data Breach Cost Jumps to $4.88 Million, Collateral Damage Increased
IBM's annual Cost of a Data Breach Report for 2024 reveals the global average cost of a data breach has reached $4.88 million, marking a 10% increase from the previous year. A significant 70% of breached organisations reported severe disruption, with recovery taking over 100 days for most. AI and automation in security can reduce breach costs by $2.2 million, with organisations using these technologies detecting incidents 98 days faster. The report notes that 40% of breaches involved data stored across multiple environments, costing over $5 million on average. Staffing shortages also led to higher breach costs, averaging $5.74 million for those with severe shortages.
Cyber Attacks Are Inevitable, Stop Preparing for If One Happens and Start Preparing for When One Will
Cyber resilience is crucial for businesses, going far beyond the traditional approach to cyber security measures. In Q1 2024, organisations faced an average of 1,308 cyber attacks per week, marking a 28% increase from the previous quarter. Cyber crime losses hit $12.8 billion in 2023 and are projected to reach $23.84 trillion by 2027. A robust incident response plan and regular security audits are key to help mitigate long-term costs and ensure business continuity. Training employees and engaging third-party experts are also recommended to fortify defences against sophisticated cyber threats. Embracing cyber resilience is not merely a trend but a vital strategy for maintaining operational integrity in the digital landscape.
How AI is Shaping Fraud as BEC Attacks Surge 20% Annually Thanks to AI Tooling
A recent study by Vipre Security Group reveals a significant rise in business email compromise (BEC) attacks, driven by AI tools generating scam messages. The Email Threat Trends Report: Q2 2024, based on 1.8 billion processed emails, detected 226 million spam messages and nearly 17 million malicious URLs. Almost half (49%) of blocked spam emails were BEC attacks, with a 20% increase in BEC incidents compared to Q2 2023, and 40% of these attacks were AI-generated. Additionally, the report highlighted a doubling of evasive malicious attachments and a 74% rise in malicious URLs, with phishing being a dominant threat as 86% of malspam emails used malicious links.
Organisations Fail to Log 44% of Cyber Attacks. Just One in 10 Attacks Flagged by Security Tools, 40% of Environments are Vulnerable to Full Takeover
A recent study by Picus Security highlights significant gaps in cyber defence, revealing that only 12% of simulated cyber attacks triggered an alert and just 56% were logged by detection tools. Organisations manage to prevent 70% of attacks on average, but 40% of tested environments had vulnerabilities allowing attackers to gain domain admin privileges. Despite their reputation macOS endpoints were found to be particularly vulnerable, preventing just 23% of simulated attacks compared to 62% for Windows and 65% for Linux. Furthermore, only 9% of data exfiltration techniques were thwarted, with BlackByte ransomware being notably difficult to defend against, stopped by just 17% of organisations. These findings underscore the need for improved threat exposure management and the adoption of an "assume breach" mindset to enhance detection and response capabilities.
One in Five Employees Have No Cyber Security Training
A recent report by reveals significant gaps in workplace cyber security training among UK employees. The survey found that 18% of employees have never received any cyber security training, with 83% lacking training on deepfakes and AI, 60% on secure remote working, and 51% on avoiding phishing scams. Additionally, 48% have never been trained on creating strong passwords. Despite nearly three-quarters claiming to follow cyber security advice, 29% admit they forget to adhere to practices, and 22% find the advice too complicated. Furthermore, 14% do not consider it their responsibility to secure work systems. Organisations need to provide clear, relevant training, integrating it into daily roles and workflows to mitigate cyber risks effectively.
Ferrari Exec Foils Deepfake Attempt by Asking the Scammer a Question Only CEO Benedetto Vigna Could Answer
A Ferrari NV executive was recently targeted as part of a deepfake scam, where a fraudster impersonated CEO Benedetto Vigna in a convincing live phone call. The executive’s suspicion was aroused by mechanical intonations, leading to the scam's exposure when the impersonator failed to answer a personal question. Such incidents are on the rise, with AI tools increasingly used for voice cloning. In a similar case, an unnamed multinational lost $26 million to a deepfake scam. Experts warn that these AI-based tools will become increasingly accurate, necessitating robust training and vigilance for executives.
Half of Businesses Report an Increase in State-Sponsored Cyber Threats Amid Rising Geopolitical Tension
A recent report by Absolute Security reveals a significant rise in state-sponsored cyber threats, amid escalating geopolitical tensions, with 47% of businesses noting increased attacks over the past year. The UK faced a Chinese-backed cyber attack exposing the personal information of 270,000 Defence Ministry personnel, servicemen and veterans. The report, surveying 250 UK CISOs, reveals that 69% fear the financial impact of ransomware could cripple their organisation, with 62% worried about job security following a major attack. Ransomware remains the top concern, with four out of five CISOs identifying it as their most significant cyber threat.
New Android Malware Wipes your Device After Draining Bank Accounts
A recent report reveals a new Android malware, BingoMod, which can wipe devices after stealing up to €15,000 per transaction from victims' bank accounts. Disguised as legitimate security apps, BingoMod is distributed through smishing (SMS based phishing) campaigns and exploits Android's Accessibility Services for extensive control. It uses on-device fraud techniques to bypass standard anti-fraud systems by initiating transactions directly from the victim's device. The malware includes features like remote command execution and screen-casting, and can disable security apps and goes on to wipe external storage. Currently in early development, BingoMod employs advanced evasion mechanisms, complicating detection efforts.
Report Reveals how Cyber Attacks Target Organisations Depending on Size
A recent report by Barracuda highlights distinct differences in email attack types based on company size. Large organisations with over 2,000 employees face a higher risk of lateral phishing (a kind of cyber attack where the phishing email purportedly comes from a corporate email address), accounting for 42% of targeted attacks, compared to just 2% for companies with up to 100 employees. Smaller companies, however, are predominantly targeted by external phishing, which comprises 71% of email threats against them. Additionally, smaller firms experience three times more extortion attacks than larger ones. The report emphasises the need for regular security awareness training and multi-layered defences to mitigate these threats, with smaller businesses potentially benefiting from managed service providers.
An 18% Increase in Ransomware Attacks Includes $75M Payment
A recent report reveals an 18% increase in ransomware attacks, with a record $75 million payment made to the Dark Angels group. The US experienced a 93% year-over-year rise, followed by Italy at 78% and Mexico at 58%. Despite law enforcement efforts, ransomware syndicates like Lockbit 2.0 reconstitute operations using standby IT infrastructure. Similarly, a report by Cisco Talos Incident Response reveals that ransomware and business email compromise (BEC) attacks now constitute 60% of cyber engagements. Ransomware alone accounted for nearly 30% of these incidents, marking a 22% increase from the previous quarter. Although BEC engagements have slightly decreased, they remain a significant threat for the second consecutive quarter. Additionally, 80% of ransomware victims lacked proper multi-factor authentication (MFA) on critical systems, with misconfigured systems contributing to a 46% increase in vulnerabilities.
UK ‘Desperately Exposed’ to Cyber Threats - Is It Time for the UK to Refresh Its Cyber Strategy?
A recent warning from the UK Science Secretary highlights Britain's dire vulnerability to cyber and other potentially catastrophic threats such as another pandemic, attributing this exposure to severe public spending cuts under the previous government. Peter Kyle, appointed Science Secretary three weeks ago, criticised the lack of action on rising cyber security risks and inadequate preparedness for cyber and other threats, exacerbated by internal conflicts within the Tory ranks. He emphasised that "national resilience suffered terribly, catastrophically," leaving the NHS and other services weakened and the country ill-prepared for future threats. This comes as a report by the Chartered Institute for IT (BCS) has listed a series of recommendations after the last month saw more concerns about Russian cyber attacks on the UK linked to misinformation about the Southport attack and a major outage taking down aeroplanes, trains, hospitals, broadcasters and scores of companies.
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
A recent report by Keeper Security, Fortifying Cyber Resilience: Insights Into Global Cybersecurity Practices, highlights concerning trends in password management. Despite 85% of respondents believing their passwords are secure, over half admit to sharing them, and 2 in 5 reuse passwords. The survey of over 6,000 individuals globally found that 62% are overwhelmed by managing multiple passwords, with 24% writing them down and 19% storing them in browsers or phone apps. Notably, 34% share passwords for streaming sites. Organisations and employees should consider the need for adopting password managers, creating strong, unique passwords, and enabling Multi-Factor Authentication (MFA) to help mitigate cyber risks. A recent study highlights the alarming speed at which modern systems can crack passwords. An eight-character password of same-case English letters and digits can be guessed in just 17 seconds. The study found that 59% of passwords can be cracked in under an hour, revealing a significant vulnerability.
Sources:
https://www.helpnetsecurity.com/2024/07/30/ibm-cost-data-breach-report-2024/
https://www.infosecurity-magazine.com/news/bec-attacks-surge-20-annually-ai/
https://informationsecuritybuzz.com/bec-emails-are-now-ai-generated/
https://www.infosecurity-magazine.com/news/one-10-attacks-detected-security/
https://www.helpnetsecurity.com/2024/08/02/threat-exposure-management/
https://pcr-online.biz/2024/07/26/report-exposes-lack-of-cybersecurity-training-in-uk-workplaces/
https://www.hrmagazine.co.uk/content/news/one-in-five-employees-have-no-cybersecurity-training
https://www.computerweekly.com/opinion/Is-it-time-to-refresh-the-UKs-cyber-strategy
Governance, Risk and Compliance
UK IT leaders feeling less secure despite cybersecurity investments (securitybrief.co.nz)
SMEs spending thousands on outsourced cyber security costs | Insurance Times
What CISOs need to keep CEOs (and themselves) out of jail - Help Net Security
Average data breach cost jumps to $4.88 million, collateral damage increased - Help Net Security
Cyber Threat Worries Hit HR | The Global Recruiter
Recent Incidents Have CISOs — and Everyone Else — Talking (recordedfuture.com)
The Cybersecurity Leadership Crisis Dooming America’s Companies (forbes.com)
Cyber warning amid regulatory countdown (emergingrisks.co.uk)
Why CISOs face greater personal liability - Help Net Security
Report exposes lack of Cybersecurity training in UK workplaces – PCR (pcr-online.biz)
Executive Cybersecurity Accountability: A Rising Trend? - Security Boulevard
The three cybersecurity blind spots affecting today’s CISOs | TechRadar
Is it time to refresh the UK's cyber strategy? | Computer Weekly
Emerging Issues Shaping The Future Of Cyber GRC (realbusiness.co.uk)
Addressing communication roadblocks to overcome cybersecurity threats - IT Security Guru
Crucial Lessons Learned For Cybersecurity Resilience (forbes.com)
Business focus: Instilling best cybersecurity practices at work - Digital Journal
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware and email attacks are hitting businesses more than ever before | TechRadar
Report: An 18% Increase in Ransomware Attacks Includes $75M Payment - Security Boulevard
Ransomware: What Every Business Needs To Know (informationsecuritybuzz.com)
Email Attacks Surge, Ransomware Threat Remains Elevated - Security Boulevard
Organisations urged to take a proactive approach to ransomware threats (securitybrief.co.nz)
Law firms facing "astronomical ransom demands" from cyber attackers - Legal Futures
Russian ransomware generates over $500m in crypto proceeds, TRM Labs says
Russian ransomware gangs account for 69% of all ransom proceeds (bleepingcomputer.com)
Utility firms hit by huge leap in cyber threats – insurer (emergingrisks.co.uk)
How the Change Healthcare attack may affect cyber insurance | TechTarget
Ransomware Dominated by Russian Threat Operations | MSSP Alert
Black Basta ransomware switches to more evasive custom malware (bleepingcomputer.com)
LockBit ransomware titan now hangs by a thread • The Register
Would Making Ransom Payments Illegal Result in Fewer Attacks? (darkreading.com)
Black Basta Develops Custom Malware in Wake of Qakbot Takedown (darkreading.com)
Australian Companies Will Soon Need to Report Ransom Payments (darkreading.com)
Ransomware Victims
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment (pcmag.com)
Law firms facing "astronomical ransom demands" from cyber attackers - Legal Futures
How the Change Healthcare attack may affect cyber insurance | TechTarget
World leading silver producer Fresnillo discloses cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
13% of phishing scams analysed likely to be AI-generated: CSA | The Straits Times
Ransomware and email attacks are hitting businesses more than ever before | TechRadar
Proofpoint settings exploited to send millions of phishing emails daily (bleepingcomputer.com)
Hackers Use Microsoft Forms for Two-Step Phishing Attacks (cybersecuritynews.com)
IBM, Nike, Disney, others caught in Proofpoint phish palaver • The Register
Email Attacks Surge, Ransomware Threat Remains Elevated - Security Boulevard
'LockBit of phishing' EvilProxy used in 1M+ attacks monthly • The Register
Watch out — that Microsoft OneDrive security warning could actually be a malware scam | TechRadar
Nation-state actors exploit political tension to launch phishing campaigns (betanews.com)
Acronis reports 293% increase in email cyber attacks in H1 2024 (securitybrief.co.nz)
Microsoft is the most commonly imitated company in phishing scams | TechRadar
Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains - Security Week
Phishing campaigns target SMBs in Poland, Romania and Italy (securityaffairs.com)
SideWinder phishing campaign targets maritime facilities in multiple countries (securityaffairs.com)
Business Email Compromise (BEC), Email Account Compromise (EAC)
13% of phishing scams analysed likely to be AI-generated: CSA | The Straits Times
Ransomware and email attacks are hitting businesses more than ever before | TechRadar
Email Attacks Surge, Ransomware Threat Remains Elevated - Security Boulevard
Other Social Engineering
Watch out — that Microsoft OneDrive security warning could actually be a malware scam | TechRadar
Massive SMS stealer campaign infects Android devices in 113 countries (bleepingcomputer.com)
Dynamically Evolving SMS Stealer Threatens Global Android Users (darkreading.com)
New Android malware wipes your device after draining bank accounts (bleepingcomputer.com)
9 Social Engineering Attack Examples to Watch Out For | MSSP Alert
Threat actor impersonates Google via fake ad for Authenticator | Malwarebytes
A field guide on how to spot fake pictures - The Washington Post
North Koreans Target Devs Worldwide With Spyware, Job Offers (darkreading.com)
Artificial Intelligence
13% of phishing scams analysed likely to be AI-generated: CSA | The Straits Times
Ferrari exec foils deepfake plot by asking a question only the CEO could answer | Fortune
Most people worry about deepfakes - and overestimate their ability to spot them | ZDNET
AI-Powered Deepfake Tools Used by Cyber Criminals | Trend Micro (US)
How AI Is Assisting Cyber Criminals - TechRound
FraudGPT helps cyber criminals hack (mybroadband.co.za)
CISOs face AI risks while managing innovation & security (securitybrief.co.nz)
IT leaders worry the rush to adopt Gen AI may have tech infrastructure repercussions | ZDNET
Growing underground market for rogue AI sparks cyber security concerns | The Straits Times
A field guide on how to spot fake pictures - The Washington Post
Malware
Watch out — that Microsoft OneDrive security warning could actually be a malware scam | TechRadar
How Infostealers Pillaged the World’s Passwords | WIRED
WhatsApp for Windows lets Python, PHP scripts execute with no warning (bleepingcomputer.com)
New Specula tool uses Outlook for remote code execution in Windows (bleepingcomputer.com)
Black Basta ransomware switches to more evasive custom malware (bleepingcomputer.com)
Updated TgRat trojan sets sights on Linux servers | SC Media (scmagazine.com)
OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script (thehackernews.com)
macOS Malware Disguise As Unarchiver App Steals User Data (cybersecuritynews.com)
Black Basta Develops Custom Malware in Wake of Qakbot Takedown (darkreading.com)
Hackers abuse free TryCloudflare to deliver remote access malware (bleepingcomputer.com)
Mobile
New Android malware wipes your device after draining bank accounts (bleepingcomputer.com)
WhatsApp for Windows lets Python, PHP scripts execute with no warning (bleepingcomputer.com)
Massive SMS stealer campaign infects Android devices in 113 countries (bleepingcomputer.com)
Dynamically Evolving SMS Stealer Threatens Global Android Users (darkreading.com)
Google on why you should disable 2G on your Android phone (9to5google.com)
CBP needs warrant to search phones, says yet another judge • The Register
Denial of Service/DoS/DDOS
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
Microsoft apologises after thousands report new outage - BBC News
Microsoft: DDoS defence error amplified attack on Azure, leading to outage - Help Net Security
Internet of Things – IoT
Global Smart Buildings Cyber Security Market Responds to (globenewswire.com)
Data Breaches/Leaks
Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly
More Legal Records Stolen in 2023 Than Previous 5 Years Combined (darkreading.com)
Unauthorized access at HealthEquity affects 4.3M people • The Register
UK govt links 2021 Electoral Commission breach to Exchange server (bleepingcomputer.com)
FBCS data breach impact now reaches 4.2 million people (bleepingcomputer.com)
Researcher says deleted GitHub data can be accessed 'forever' | TechTarget
South Korea probes data leak of agents spying on the North | South China Morning Post (scmp.com)
CrowdStrike Denies Claims that IoC list Exposed by USDoD | MSSP Alert
Cognizant denies data breach claims, says hacker group stole fake test data
France's cyber crime unit called in on Israeli athletes data leak (insidethegames.biz)
Organised Crime & Criminal Actors
Russian cyber criminals head home in US prisoner swap deal • The Register
Hacker USDoD: “I don't pick sides. I play both sides and always win” – interview | Cybernews
Cyber Crime and the Dark Web | MSSP Alert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Russian ransomware generates over $500m in crypto proceeds, TRM Labs says
Blockchain Security: Vulnerabilities and Protective Measures | MSSP Alert
Russian-Speaking Groups Dominate Crypto-Related Cyber Crime: TRM Labs (cryptopotato.com)
WazirX increases bounty to $23 million for recovery of stolen assets
Wave of Cyber Attacks Rocks the Crypto World: Key Incidents from the Past Week (coinpedia.org)
Insurance
How the Change Healthcare attack may affect cyber insurance | TechTarget
Supply Chain and Third Parties
Microsoft charts plans for a future without CrowdStrike-like outages | Windows Central
Top Ways To Assess And Address Third-Party Cyber Security Risk (forbes.com)
Here's what the CrowdStrike outage exposed about our connected world. It's not good. (yahoo.com)
CrowdStrike Outage Losses Estimated at a Staggering $5.4B (darkreading.com)
Microsoft admits 8.5 million CrowdStruck machines was low • The Register
Microsoft 365 and Azure outage takes down multiple services (bleepingcomputer.com)
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
CrowdStrike Faces Lawsuits From Customers, Investors - Security Week
The CrowdStrike Meltdown: A Wake-up Call for Cyber Security (darkreading.com)
IT Outage Cost Delta Air Lines $500 million - AVweb
Cloud/SaaS
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
Microsoft: DDoS defence error amplified attack on Azure, leading to outage - Help Net Security
The three cyber security blind spots affecting today’s CISOs | TechRadar
The gap between business confidence and cyber resiliency - Help Net Security
Outages
Microsoft Suggests Windows Changes After CrowdStrike Outage (petri.com)
Here's what the CrowdStrike outage exposed about our connected world. It's not good. (yahoo.com)
CrowdStrike Outage Losses Estimated at a Staggering $5.4B (darkreading.com)
Companies Struggle to Recover From CrowdStrike's Crippling Falcon Update (darkreading.com)
Microsoft admits 8.5 million CrowdStruck machines was low • The Register
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
CrowdStrike Faces Lawsuits From Customers, Investors - Security Week
The CrowdStrike Meltdown: A Wake-up Call for Cyber Security (darkreading.com)
IT Outage Cost Delta Air Lines $500 million - AVweb
Linux and Open Source
Updated TgRat trojan sets sights on Linux servers | SC Media (scmagazine.com)
Passwords, Credential Stuffing & Brute Force Attacks
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords - IT Security Guru
Acronis warns of Cyber Infrastructure default password abused in attacks (bleepingcomputer.com)
How quickly can attackers guess your password? | Securelist
Russia-linked brute-force attacks trying to compromise European networks, report (computing.co.uk)
How Infostealers Pillaged the World’s Passwords | WIRED
Social Media
Elon Musk's X now trains Grok on your data by default - here's how to opt out | ZDNET
Meta agrees to pay record $1.4B in Texas facial recognition suit - The Washington Post
Training, Education and Awareness
HR Magazine - One in five employees have no cyber security training
Report exposes lack of Cyber Security training in UK workplaces – PCR (pcr-online.biz)
SANS Institute Unveils Highly Anticipated Annual Security Awareness Report for 2024 (prweb.com)
Regulations, Fines and Legislation
Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly
NIS2 Directive: German government adopts draft NIS2 Implementation Act | Hogan Lovells - JDSupra
One Year Post-SEC Cyber Security Disclosure Updates: What has Changed? | Law.com
The Cyber Security Leadership Crisis Dooming America’s Companies (forbes.com)
The NIS2 Directive: Implications for Your Organisation - Security Boulevard
Cyber warning amid regulatory countdown (emergingrisks.co.uk)
Meta agrees to pay record $1.4B in Texas facial recognition suit - The Washington Post
'Essential' cyber protection law comes closer - Jersey Evening Post
Models, Frameworks and Standards
NIS2 Directive: German government adopts draft NIS2 Implementation Act | Hogan Lovells - JDSupra
The NIS2 Directive: Implications for Your Organisation - Security Boulevard
Cyber warning amid regulatory countdown (emergingrisks.co.uk)
Careers, Working in Cyber and Information Security
The cost of cyber security burnout: Impact on performance and well-being - Help Net Security
Contributing to Your Cyber Security Team as an Informal Leader (govinfosecurity.com)
Law Enforcement Action and Take Downs
UK cops shut down global call-spoofing service • The Register
FBI Flies 65-Strong Cyber Action Team Across Globe To Fight Hackers (forbes.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Half of Businesses Report Rise in State-Sponsored Cyber Threats (itsecuritywire.com)
SideWinder Launches New Espionage Campaign on Ports (inforisktoday.com)
Nation State Actors
Half of Businesses Report Rise in State-Sponsored Cyber Threats (itsecuritywire.com)
Nation-state actors exploit political tension to launch phishing campaigns (betanews.com)
China
Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly
Germany summons Chinese envoy over 2021 cyber attack – DW – 07/31/2024
Russia
Russian ransomware gangs account for 69% of all ransom proceeds (bleepingcomputer.com)
Russia-linked brute-force attacks trying to compromise European networks, report (computing.co.uk)
US Trades Cyber Criminals to Russia in Prisoner Swap – Krebs on Security
Russian ransomware generates over $500m in crypto proceeds, TRM Labs says
Russia’s war against Ukraine: Lessons on infrastructure security an (epc.eu)
Ukraine's IT Army Is a 'World First' in Cyberwarfare, but It's a Gamble - Business Insider
Ransomware Dominated by Russian Threat Operations | MSSP Alert
Domains with delegated name service may be Sitting Ducks • The Register
Russian-Speaking Groups Dominate Crypto-Related Cyber Crime: TRM Labs (cryptopotato.com)
From Geopolitics to Boardrooms: The Impact of the Kaspersky Ban - Security Boulevard
Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova (thehackernews.com)
Ukraine's cyber op shut down ATM services of major Russian banks (securityaffairs.com)
North Korea
UK and allies expose North Korean cyber campaign (ukdefencejournal.org.uk)
North Koreans Target Devs Worldwide With Spyware, Job Offers (darkreading.com)
South Korea probes data leak of agents spying on the North | South China Morning Post (scmp.com)
Tools and Controls
Just One in 10 Attacks Flagged By Security Tools - Infosecurity Magazine (infosecurity-magazine.com)
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords - IT Security Guru
SMEs spending thousands on outsourced cyber security costs | Insurance Times
HR Magazine - One in five employees have no cyber security training
Report exposes lack of Cyber Security training in UK workplaces – PCR (pcr-online.biz)
SANS Institute Unveils Highly Anticipated Annual Security Awareness Report for 2024 (prweb.com)
Threat intelligence: A blessing and a curse? - Help Net Security
Crucial Lessons Learned For Cyber Security Resilience (forbes.com)
Top Ways To Assess And Address Third-Party Cyber Security Risk (forbes.com)
The Critical Role Of Response Time In Cyber Security (informationsecuritybuzz.com)
Cheshire East Council ready to 'wargame' potential cyber attacks - BBC News
What is cyber attribution? | Definition from TechTarget
PR vs cyber security teams: Handling disagreements in a crisis (securityintelligence.com)
The Power and Peril of RMM Tools (thehackernews.com)
The three cyber security blind spots affecting today’s CISOs | TechRadar
Building Resilience: Key Cyber Security Solutions for Enterprises (itprotoday.com)
Sitting Ducks attack exposes over a million domains to hijacking (securityaffairs.com)
Why monitoring dark web traffic is crucial for cyber security teams | TechRadar
ECB cyber resilience stress test reveals banks' strengths and gaps - ThePaypers
6 types of DNS attacks and how to prevent them | TechTarget
DigiCert Revoking 83,000 Certificates of 6,800 Customers - Security Week
Cyber crisis? How good PR can save your brand | Computer Weekly
Reports Published in the Last Week
SANS Institute Unveils Highly Anticipated Annual Security Awareness Report for 2024 (prweb.com)
Cost of a Data Breach Report 2024.pdf (ibm.com)
Vipre Q2 2024 Email Threat Report
Fortifying Cyber Resilience: Insights Into Global Cyber Security Practices (keepersecurity.com)
Other News
Nearly 7% of Internet Traffic Is Malicious - Schneier on Security
Starmer told to ‘wake up’ and protect UK from cyber attacks before it is too late | The Independent
Organisations fail to log 44% of cyber attacks, major exposure gaps remain - Help Net Security
Report reveals how cyber attacks target organisations depending on size (securitybrief.co.nz)
Cyber attacks against UK utility companies up 586% in 2023: Chaucer - Reinsurance News
Cyber attacks on utilities increased seven-fold in 2023 - Utility Week
Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw - Security Week
Utility firms hit by huge leap in cyber threats – insurer (emergingrisks.co.uk)
Is it time to refresh the UK's cyber strategy? | Computer Weekly
French Internet Lines Cut in Latest Attack During Olympics – BNN Bloomberg
The Top Challenges Of Managed Security (forbes.com)
ECB cyber resilience stress test reveals banks' strengths and gaps - ThePaypers
Cyber Attacks Present Shipping's Biggest Threat Since WWII (pymnts.com)
Cyber Security: A key focus for North American Banks | Global Finance Magazine (gfmag.com)
From Geopolitics to Boardrooms: The Impact of the Kaspersky Ban - Security Boulevard
8 in 10 Large Merchants Have Faced Cyber Attacks in Past Year (pymnts.com)
Telecoms are prime targets for cyber attacks in 2024, Kaspersky report - Africa Business Communities
Vulnerability Management
6% of All Published CVEs Have Been Exploited in the Wild, Report Finds - IT Security Guru
NIST may not resolve vulnerability database backlog until early 2025, analysis shows - Nextgov/FCW
Why a strong patch management strategy is essential for reducing business risk - Help Net Security
NVD Backlog Continues to Grow (darkreading.com)
Navigating the Evolving Landscape of Cyber Security - Security Boulevard
Vulnerabilities
VMware ESXi hypervisor vulnerability grants full admin privileges | CSO Online
PatchNow: ServiceNow Critical RCE Bugs Under Active Exploit (darkreading.com)
Proofpoint settings exploited to send millions of phishing emails daily (bleepingcomputer.com)
Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw - Security Week
Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances - Security Week
Veeam Backup Software Being Exploited By New Ransomware Group - Security Boulevard
July Windows Server updates break Remote Desktop connections (bleepingcomputer.com)
Update your Chrome browser to add critical security feature | Digital Trends
Could Intel Have Fixed Spectre & Meltdown Bugs Earlier? (darkreading.com)
Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue (darkreading.com)
Microsoft Confirms It Broke Windows As 30-Minute Crashes Hit After Update (forbes.com)
RADIUS Protocol Vulnerability Impacted Multiple Cisco Products (cybersecuritynews.com)
Acronis Cyber Infrastructure bug actively exploited in the wild (securityaffairs.com)
Apple Rolls Out Security Updates for iOS, macOS - Security Week
Researcher says deleted GitHub data can be accessed 'forever' | TechTarget
New Specula tool uses Outlook for remote code execution in Windows (bleepingcomputer.com)
Got a PC with a 13th or 14th gen Intel Core CPU? You need to read this | ZDNET
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 30 July 2024 – Proofpoint “EchoSpoofing” Phishing Campaign
Black Arrow Cyber Advisory 30 July 2024 – Proofpoint “EchoSpoofing” Phishing Campaign
Executive summary
A recent phishing incident involved scammers spoofing emails from well-known companies like Disney, IBM, Nike, Best Buy, and Coca-Cola. These emails, which appeared to be legitimate emails sent from the companies’ domains due to authenticated SPF and DKIM signatures, aimed to deceive recipients into providing their credit card details by offering fake subscription renewals. The campaign, dubbed “EchoSpoofing,” ran from January to June 2024, peaking at 14 million emails in a single day. The campaign was successful due to a misconfiguration on the client’s side Proofpoint Server. Proofpoint has since made the misconfiguration less likely by introducing a streamlined administrative interface that allows customers to specify which Microsoft 365 tenants are permitted to relay emails for their domain, through Proofpoint’s servers.
Technical Summary
The phishing campaign exploited a configuration oversight by customers of Proofpoint’s email filtering systems. Attackers took advantage of an insecure-by-default email routing feature, which allowed outbound messages to be relayed from any Microsoft 365 tenant, including those that were not a part of the organisations that were being spoofed. This enabled them to send spoofed emails with valid Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) signatures, making the emails appear legitimate to recipients. Proofpoint has since updated its configuration processes to prevent unauthorised relay abuse by default and confirmed that no customer data was compromised. Additionally, Proofpoint has launched an outreach program to notify affected customers and mitigate the risk.
What is the takeaway from this?
While all of the controls, such as SPF, DKIM, and the tool itself, worked individually, this campaign highlights several important lessons:
Awareness and Vigilance: Even if tools are designed to verify users and originate from large organisations like Disney, IBM, and Coca-Cola, employees and users must always be vigilant. They should look out for signs of malicious intent, such as a sense of urgency as in the case of the fake subscription renewals included in these malicious emails.
Constant Evolution of Threats: Attackers are continuously seeking new ways to exploit and bypass the tools and controls we put in place to protect our organisations.
Configuration Matters: In this case, the root cause of the issue was an overlooked default configuration setting not limiting email relay to only trusted tenants. This allowed billions of phishing emails to be sent. Proper configuration and regular reviews of security settings are crucial to prevent such vulnerabilities.
Further information on the research can be found here:
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Advisory 30 July 2024 – Critical Updates for ServiceNow, VMware ESXi and Apple Devices
Black Arrow Cyber Advisory 30 July 2024 – Critical Updates for ServiceNow, VMware ESXi and Apple Devices
Executive summary
ServiceNow, VMware, and Apple have addressed multiple vulnerabilities across their product ranges. ServiceNow patched two actively exploited critical vulnerabilities that allow unauthenticated remote code execution, with threat actors claiming to have harvested data from over 105 databases. VMware ESXi’s recent patch addresses a flaw exploited by ransomware groups to gain administrative access via Active Directory group manipulation. Apple released iOS/iPadOS 17.6 and MacOS 14.6, fixing 35 significant security issues in the Kernel and WebKit, urging users to update immediately to ensure maximum security. Despite the availability of patches, many systems remain vulnerable.
ServiceNow
ServiceNow, a cloud-based platform that helps manage digital workflows for enterprise operations, has recently patched two critical vulnerabilities that are being actively exploited in the wild and have been added to the Known Exploited Vulnerabilities (KEV) Catalog. The two critical vulnerabilities, CVE-2024-4879 and CVE-2024-5217, allow unauthenticated attackers to execute arbitrary code and perform remote code execution without requiring any user interaction or special conditions. Threat actors on breach forums are claiming to have harvested data from more than 105 ServiceNow databases and are selling them online. ServiceNow released the patches back on 10 July, further details on the patches can be found below.
VMware ESXi
A recently patched security flaw (CVE-2024-37085) in VMware ESXi hypervisors has been actively exploited by several ransomware groups. This vulnerability allows attackers, who have sufficient Active Directory permissions, to bypass Active Directory integration authentication to gain administrative access to vulnerable ESXi hosts. The flaw can be exploited by creating or renaming an Active Directory group named “ESX Admins” and adding users to it, even if the group did not originally exist within Active Directory. Once attackers have gained admin rights through this vulnerability, they are able to carry out data exfiltration and encryption to demand ransom.
Apple
Apple has released iOS 17.6, urging users to update immediately due to 35 significant security fixes. These fixes address serious vulnerabilities in the Kernel and WebKit, the engine behind Safari. Notably, CVE-2024-27863 and CVE-2024-40788 in the Kernel could allow attackers to determine memory layout or cause system shutdowns, requiring physical access to the device. Additionally, eight WebKit issues, including CVE-2024-40785, could lead to cross-site scripting attacks. Despite no current real-life attacks, the severity of these flaws makes updating crucial.
Apple also released iOS 16.7.9 for older devices. The iOS 17.6 update is available for iPhone XS and later, various iPad models, and iPad mini 5th generation and later. MacOS Sonoma was also updated to 14.6 and included big fixes and security improvements. Users are advised to update to ensure maximum security.
Further information on ServiceNow vulnerabilities can be found here:
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
Kev Catalog - https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Further information on VMware ESXi vulnerability can be found here:
Further information on Apple update can be found here:
https://support.apple.com/en-ca/HT214117
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Advisory 30 July 2024 – Secure Boot Bypass identified, 200+ models from various vendors affected by PKFail Vulnerability
Black Arrow Cyber Advisory 30 July 2024 – Secure Boot Bypass identified, 200+ models from various vendors affected by PKFail Vulnerability
Executive summary
A major supply chain vulnerability known as PKFail has been discovered in hundreds of devices from numerous vendors. The flaw, which has been around for the past 12 years, revolves around a test Secure Boot master key. If exploited, it allows an attacker to bypass ‘Secure Boot’, take complete control of affected devices and install malware. Major brands like Acer, Dell, HP, Intel and Lenovo are impacted, with over 200 device models sold by Acer, Dell, Gigabyte, intel and Supermicro specifically affected.
What’s the risk to me or my business?
If successfully exploited attackers can manipulate key databases to bypass secure boot. This could potentially allow attackers to install malware at a BIOS level before booting into Windows or another operating system, steal data or cause operational disruption. This could compromise the confidentiality, integrity, and availability of your organisation’s data. An attacker would need either remote or physical access to a vulnerable device to perform the attack.
What can I do?
To address this, organisations should ensure firmware and BIOS updates are installed which address the weakness, and rekey any affected devices, assume all affected devices are compromised and thoroughly inspect the Key Exchange Key (KEK), Signature Database (db), and Forbidden Signature Database (dbx). The security researchers who first identified the vulnerability have provided a free scanning tool to help identify vulnerable devices.
Technical Summary
The PKFail vulnerability stems from a test Secure Boot "master key" created by American Megatrends International (AMI), intended to be replaced by vendors with secure keys. Many vendors did not replace this key, leaving devices vulnerable. Attackers exploiting this flaw can tamper with the Key Exchange Key (KEK) database, the Signature Database (db), and the Forbidden Signature Database (dbx), bypassing Secure Boot. This allows them to sign and execute malicious code, leading to the deployment of UEFI malware and compromising the device at a fundamental level.
Further information on PKFail vulnerability research and details can be found here:
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem (binarly.io)
https://github.com/binarly-io/Vulnerability-REsearch/blob/main/PKfail/BRLY-2024-005.md
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 26 July 2024
Black Arrow Cyber Threat Intelligence Briefing 26 July 2024:
-CrowdStrike Insured Losses May Top $1.5B, MSP Insurance Expert Advises “Read the Fine Print” on Your Policy
-Fragmented and Multiplied Cyber Criminal Landscape, Warns New Europol Report
-Ransomware and BEC Make Up 60% of Cyber Incidents
-Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams
-Cyber Threat Landscape is ‘The Worst it has Been in the Past Five Years
-In Cyber Security, Mitigating Human Risk Goes Far Beyond Training
-Malware Attacks Surge 30% in First Half of 2024
-AI-generated Deepfake Attacks Force Companies to Reassess Cyber Security, as Deepfakes Demean, Defraud and Disinform
-KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware
-Low Level Cyber Criminals are Pouncing on CrowdStrike Connected Outage
-The Importance of Cyber Resilience in the Face of Global IT Failures
-Russia’s Shadow War Against Europe has Begun as Cyber Attacks Abusing Microsoft Infrastructure Increase
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
CrowdStrike Insured Losses May Top $1.5B, MSP Insurance Expert Advises “Read the Fine Print” on Your Policy
A recent analysis by CyberCube estimates that the 19 July CrowdStrike outage will result in insured losses between $400 million and $1.5 billion, the largest single insured loss event in cyber insurance history. It should be noted that many insurance policies exclude coverage for software design flaws, likely surprising many affected organisations. The incident highlights the importance of reading policy fine print and may lead to higher premiums. The outage's non-malicious nature means contingent business interruption coverage will be the primary trigger, affecting policies differently based on their specifics. Other estimates place global financial losses from the outage potentially reaching $15 billion, with the banking and healthcare sectors likely incurring over $3 billion in losses. Airlines are expected to suffer the most per company, losing in the region of $143 million each, followed by the tech industry at around $113 million per company.
Fragmented and Multiplied Cyber Criminal Landscape, Warns New Europol Report
A recent report published by Europol, the 10th edition of the Internet Organised Crime Threat Assessment (IOCTA), highlights significant developments in cyber crime over the past year. The report notes the fragmentation of ransomware groups and the rise in attacks on small and medium-sized businesses due to their lower defences. E-merchants and banks are frequently targeted by digital skimming, while phishing, BEC, and online frauds remain prevalent. The use of AI and cryptocurrencies in cyber crime is increasing, with AI-assisted child sexual abuse material (CSAM) posing a growing challenge. Europol emphasises the need for enhanced tools, training, and legislation to combat these evolving threats effectively.
Ransomware and BEC Make Up 60% of Cyber Incidents
A recent report by Cisco Talos reveals that ransomware and business email compromise (BEC) attacks constituted 60% of all incidents in Q2 2024. The technology sector was the most targeted, accounting for 24% of incidents, a 30% rise from the previous quarter. Compromised credentials were the primary initial access method, comprising 60% of attacks, a 25% increase. Vulnerable or misconfigured systems and inadequate MFA implementation were notable weaknesses, both rising by 46%. Ransomware made up 30% of incidents, with 80% of ransomware engagements lacking proper MFA on critical systems. BEC attacks also represented 30% of incidents, a decline from 50% in Q1 2024.
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams
A recent report reveals significant gaps in cyber security training among UK employees, with 51% untrained in avoiding phishing scams and 18% never receiving any cyber security training. The study highlights that 60% of employees lack training on remote work best practices, despite the shift to remote/hybrid working. Additionally, critical areas such as breach response (66%), social engineering (82%), deepfakes and AI (83%), and BYOD policies (84%) are largely neglected. Only 42% of workers have signed their organisation's cyber security policy, and a third admit to bypassing policies for convenience. The report stresses the urgent need for updated and comprehensive training to mitigate evolving cyber threats.
Cyber Threat Landscape is ‘The Worst it has Been in the Past Five Years’
The recent CrowdStrike outage, affecting millions of computers and critical services, highlights our reliance on technology and its vulnerabilities. Any attacks on it can have far reaching consequences. Research found 52% of European organisations faced successful cyber attacks last year, with the UK at 55%. In response, the UK will introduce the Cyber Security and Resilience Bill for quick incident reporting and resilience plans. Cybernews reported an average of 1,636 weekly cyber attacks globally between April and June, a 25% increase from the first quarter. Check Point attributes this to sophisticated threat actors and AI advancements targeting education, research, government, military, and healthcare sectors.
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training
As cyber attack stakes rise, organisations invest heavily in new services and equipment. However, many still use a one-size-fits-all approach to securing the most critical threat vector: the human element. Human error is projected to play a role in 68% to 90% of breaches in 2024. Traditional security awareness training is insufficient, as it fails to address individual risk levels. Studies indicate that 8% of employees cause 80% of incidents, with managers receiving 2.5 times more phishing emails than non-managers. Organisations should analyse security data to create personalised risk profiles, leading to adaptive training and targeted interventions. Such measures can enhance security while effectively utilising resources, improving overall organisational resilience against cyber threats.
Malware Attacks Surge 30% in First Half of 2024
A recent report by SonicWall reveals a 30% surge in malware-based threats in the first half of 2024 compared to the same period in 2023, with May witnessing a 92% year-on-year increase. The report identified 78,923 new malware variants, averaging 526 per day, and noted that 15% of malware utilised software packing techniques. PowerShell is exploited by over 90% of malware families to bypass security measures. IoT device attacks rose by 107%, with the TP-Link command injection flaw (CVE-2023-1389) being the most targeted vulnerability. Additionally, ransomware attacks increased by 15% in North America and 51% in Latin America, while decreasing by 49% in EMEA.
AI-generated Deepfake Attacks Force Companies to Reassess Cyber Security, as Deepfakes Demean, Defraud and Disinform
A recent report highlights the increasing threat of AI-generated deepfake attacks, with 73% of US organisations developing response plans to combat this menace. Deepfakes convincingly mimic human appearances and voices, spreading misinformation and enabling financial fraud. From 2022 to 2023, detected deepfakes increased tenfold, with 72% of consumers worried about deception. Separately, research by the UK’s telecommunications regulator Ofcom reveals 43% of people over 15 and 50% of children aged 8-15 have encountered deepfakes online recently. Non-consensual intimate deepfakes have been viewed over 4.2 billion times, primarily targeting women and causing psychological harm. Ofcom recommends a multi-faceted defence strategy involving prevention, embedding, detection, and enforcement. Companies must enhance cyber security training to counter this growing threat and to raise awareness of deepfake usage in attacks.
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware
A recent incident at KnowBe4 highlights a sophisticated infiltration attempt by a North Korean operative posing as a software engineer. The deception was uncovered when the employee's company-provided Mac began loading malware immediately after the subject received it. The operative manipulated session history files and attempted unauthorised actions but was detected within 25 minutes. Although the fake IT worker was hired after passing routine background checks and video interviews, it was later identified that they were using AI-modified photos and stolen IDs.
This incident should be a cautionary tale for HR departments that further evidences the need to be mindful and wary of deepfakes and potential employees not being who they claim to be. Once on the inside a deliberately malicious employee can cause a lot of damage.
Low Level Cyber Criminals are Pouncing on CrowdStrike Connected Outage
A recent report reveals that cyber criminals are exploiting the CrowdStrike Falcon software outage, which affected millions of Windows computers globally. Threat actors have registered over 2,000 CrowdStrike-themed domains and are distributing malware via phishing emails and malicious documents. Documented attacks include malicious payloads including information stealers and loaders. Additionally sophisticated phishing emails have delivered wiper malware under the guise of remediation instructions for the Falcon issue.
The Importance of Cyber Resilience in the Face of Global IT Failures
A recent study highlights the crucial need to shift more focus from merely a prevention mindset to more of a resilience mindset in cyber security. While traditional defences focus on keeping threats out, experts now emphasise the importance of preparing for inevitable breaches. Findings reveal that new attack vectors are emerging frequently, with AI and quantum computing being weaponised by malicious actors. Notably, many organisations still neglect basic fixes, such as updating passwords and applying patches.
A separate survey of cyber executives underscored the need for comprehensive recovery plans, defining resilience as the ability to minimise harm and maximise recovery efficacy post-incident. Although many view cyber security as a purely technical issue within IT departments, it has far-reaching implications across all facets of society and has long been a much wider issue than just IT. Understanding the necessity for cyber resilience and the connection between cyber safety and IT infrastructure is vital for businesses and communities alike.
Russia’s Shadow War Against Europe has Begun as Cyber Attacks Abusing Microsoft Infrastructure Increase
A recent report highlights a significant increase in brute force attacks targeting corporate and institutional networks across Europe, with the majority originating from Russia. These attacks, exploiting weak passwords through trial and error, have been active since at least May 2024. Russian threat actors are specifically targeting Microsoft infrastructure to evade detection, posing a substantial risk to organisational security. Over half of these attacks are traced back to IP addresses in Moscow, targeting cities in the UK, Lithuania, Denmark, and Hungary. Additionally, 60% of the IPs used are new, with 65% recently compromised. Motivations include data exfiltration, service disruption, and financial gain, with evidence pointing to ties with Chinese and Indian infrastructure.
Sources:
https://www.msspalert.com/news/crowdstrike-outage-could-cost-cyber-insurers-1-5-billion-cybercube
https://www.theregister.com/2024/07/26/crowdstrike_insurance_money/
https://www.infosecurity-magazine.com/news/ransomware-bec-cyber-incidents/
https://www.scmagazine.com/brief/unprecedented-global-cyberattack-prevalence-reported-in-q2
https://www.infosecurity-magazine.com/news/malware-attacks-surge-30-per-cent/
https://www.helpnetsecurity.com/2024/07/26/deepfake-response-plans/
https://securityboulevard.com/2024/07/how-to-prepare-your-workforce-for-the-deepfake-era/
https://cyberscoop.com/low-level-cybercriminals-are-pouncing-on-crowdstrike-connected-outage/
https://techround.co.uk/tech/importance-cyber-resilience-global-it-failures/
https://hbr.org/2024/07/when-cyberattacks-are-inevitable-focus-on-cyber-resilience
Governance, Risk and Compliance
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
Mitigating cyber risks in mergers and acquisitions | ITPro
Cyber threat landscape is ‘the worst it has been in the past five years’ (managementtoday.co.uk)
Unprecedented global cyber attack prevalence reported in Q2 | SC Media (scmagazine.com)
Risky security behaviours rife in the workplace | Retail Technology Review
Cyber Security ROI: Top metrics and KPIs - Help Net Security
CIOs and CISOs Battle Cyber Threats, Climate, Compliance - Compare the Cloud
CISOs are burned out – now they face personal liability too - Raconteur
Most CISOs feel unprepared for new compliance regulations - Help Net Security
How to Measure the Effectiveness of Your IT Security Solutions - DevX
Navigating Cyber Security Legal Liabilities - Security Boulevard
Risk Mitigation Beyond Remediation (forbes.com)
End-user cyber security errors that can cost you millions (bleepingcomputer.com)
SEC’s Lawsuit Against SolarWinds and CISO Dismissed | MSSP Alert
Are you a CISO who doesn’t know jack? Here’s how to bridge your own skills gap | CSO Online
Why C-Suite Executives Won’t Cut it Without Data Skills Anymore | HackerNoon
Threats
Ransomware, Extortion and Destructive Attacks
Why businesses must reckon with the human cost of ransomware - Raconteur
Ransomware Remains a ‘Brutal’ Threat in 2024 (govtech.com)
Experts Expect Ransomware Surge After Police Disruption (silicon.co.uk)
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (thehackernews.com)
Government Agencies Are Paying the Most for Ransomware Attacks - Business Insider
Stop following the herd to start fighting ransomware | TechRadar
New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US)
17-Year-Old Linked to Scattered Spider Cyber Crime Syndicate Arrested in UK (thehackernews.com)
Russians plead guilty to involvement in LockBit ransomware attacks (bleepingcomputer.com)
The cost of dealing with a ransomware attack is skyrocketing for some industries | TechRadar
US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks (bleepingcomputer.com)
North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
Emulating the Prickly Cactus Ransomware - Security Boulevard
Secrets of a ransomware negotiator (economist.com)
Ransomware Victims
Less than two days left of Type O blood after Russian cyber attack, NHS warns as health... - LBC
NHS hack prompts tougher UK cyber security rules for private providers (ft.com)
Ransomware attack shuts down three dozen Los Angeles courts | SC Media (scmagazine.com)
Largest US trial court forced to shut down following ransomware attack | TechRadar
North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
Phishing & Email Based Attacks
CrowdStrike outage: Phishing jumps as scam artists exploit event | Fortune
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams - IT Security Guru
New phishing kit on dark web bypasses security, targets logins (newsbytesapp.com)
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (thehackernews.com)
Three ways to mitigate digital impersonation attacks | SC Media (scmagazine.com)
Real estate wire fraud: Silicon Valley exec had $400,000 stolen (cnbc.com)
Warning after spike in cyber attacks in Guernsey - BBC News
CrowdStrike Warns of New Phishing Scam Targeting German Customers (thehackernews.com)
BEC
Real estate wire fraud: Silicon Valley exec had $400,000 stolen (cnbc.com)
Other Social Engineering
Meta takes down 63,000 accounts linked to sextortion scams targeting US men (yahoo.com)
Smishing Texts: What To Look Out For & How To Stop Them (slashgear.com)
QR Codes: Convenience or Cyber Threat? | Trend Micro (US)
Artificial Intelligence
The Urgent Need To Protect AI (forbes.com)
Europol fears increasing use of AI tools by cyber criminals (belganewsagency.eu)
AI-generated deepfake attacks force companies to reassess cyber security - Help Net Security
Top Tech Agree to Standardize AI Security (darkreading.com)
How to Prepare Your Workforce for the Deepfake Era - Security Boulevard
The CISO’s approach to AI: Balancing transformation with trust - Help Net Security
A Deep Dive into Deepfakes | Law Society of Scotland (lawscot.org.uk)
The most urgent security risks for GenAI users are all data-related - Help Net Security
Corporate Data Security at Risk From ‘Shadow AI’ Accounts (technewsworld.com)
UK faces down threat of deepfakes that demean, defraud, disinform | Biometric Update
16% of organisations experience disruptions due to insufficient AI maturity - Help Net Security
2FA/MFA
Warning after spike in cyber attacks in Guernsey - BBC News
Starlink Quietly Adds Two-Factor Authentication to Stop Account Hijackings (pcmag.com)
Malware
Fake CrowdStrike fixes target companies with malware, data wipers (bleepingcomputer.com)
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware - Security Week
Malware Attacks Surge 30% in First Half of 2024 - Infosecurity Magazine (infosecurity-magazine.com)
Logic bombs explained: Definition, examples, prevention | CSO Online
SocGholish malware used to spread AsyncRAT malware (securityaffairs.com)
Chinese Hackers Target Taiwan and US NGO with MgBot Malware (thehackernews.com)
FrostyGoop malware used to shut down heat in Ukraine attack • The Register
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers (thehackernews.com)
Chinese hackers deploy new Macma macOS backdoor version (bleepingcomputer.com)
Updated malware arsenal leveraged in Chinese Daggerfly attacks | SC Media (scmagazine.com)
'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware (darkreading.com)
Chrome Browser to Better Explain Why It Blocked a File Download (pcmag.com)
This new Google Chrome security warning is very important | Digital Trends
PHP Vulnerability Used For Malware And DDOS Attacks - Security Boulevard
French police push PlugX malware self-destruct payload to clean PCs (bleepingcomputer.com)
China's 'Evasive Panda' APT Spies on Taiwan Targets Across Platforms (darkreading.com)
Hamster Kombat’s 250 million players targeted in malware attacks (bleepingcomputer.com)
Mobile
Why mobile security audits are important in the enterprise | TechTarget
Google Confirms Play Store App Deletion—Now Just 6 Weeks Away (forbes.com)
Now-patched Telegram for Android vulnerability exposed users to malicious videos - SiliconANGLE
Swipe Right for Data Leaks: Dating Apps Expose Location, More (darkreading.com)
Growth in nude image sharing heightens cyber abuse risk | Computer Weekly
Smishing Texts: What To Look Out For & How To Stop Them (slashgear.com)
Denial of Service/DoS/DDOS
DDoS attacks have doubled so far in 2024 | ITPro
Three 'pro-Russian' hackers arrested in Spain over cyber attacks | Reuters
NCA cracks digitalstress DDoS-for-hire operation | Computer Weekly
Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank (darkreading.com)
PHP Vulnerability Used For Malware And DDOS Attacks - Security Boulevard
DDoS: The tool of Hacktivism | TechRadar
Internet of Things – IoT
Burglars are jamming Wi-Fi security cameras — here's what you can do | PCWorld
Hacking EVs and level 3 chargers through 1920's technology (newatlas.com)
Can Hackers Remotely Steal Your Cars? (analyticsindiamag.com)
Cyber Attacks Shift Gears: The Growing Threat to Automotive Technology | NADA
Data Breaches/Leaks
Hackney Council failure to change password led to cyber attack | Times Series (times-series.co.uk)
Verizon to pay $16 million in TracFone data breach settlement (bleepingcomputer.com)
Hackers leak documents stolen from Pentagon contractor Leidos | CSO Online
CrowdStrike gets hit with some more bad news | Digital Trends
Greece’s Land Registry agency breached in wave of 400 cyber attacks (bleepingcomputer.com)
BreachForums v1 hacking forum data leak exposes members’ info (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cyber crooks are typosquatting to exploit CrowdStrike fallout • The Register
Low-level cyber criminals are pouncing on CrowdStrike-connected outage | CyberScoop
Fragmented and multiplied cyber criminal landscape, warns new Europol report | Europol (europa.eu)
Tech firms top list of most targeted industry in Q2 by cyber criminals | SC Media (scmagazine.com)
Microsoft confirms CrowdStrike update also hit Windows 365 PCs (bleepingcomputer.com)
Chinese Crime Ring Hides Behind Stealth Tech and Soccer (darkreading.com)
Insurers must prepare for a rise in cyber crime :: Insurance Day
BreachForums v1 hacking forum data leak exposes members’ info (bleepingcomputer.com)
Philippines to end online casinos, maybe scams too • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ongoing Cyber Attack Targets Exposed Selenium Grid Services for Crypto Mining (thehackernews.com)
Insider Risk and Insider Threats
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware - Security Week
Risky security behaviours rife in the workplace | Retail Technology Review
Uncle Sam accuses telco IT pro of decade of spying for China • The Register
Insurance
Cyber insurance 2.0: The systemic changes required for future security - Help Net Security
Insurers’ losses from global IT outage could reach billions (ft.com)
Cyber Insurance Market Evolves as Threat Landscape Changes - Security Boulevard
Insurers must prepare for a rise in cyber crime :: Insurance Day
Supply Chain and Third Parties
CrowdStrike global tech outage and Microsoft Azure bugs: Everything to know (qz.com)
CrowdStrike outage: Phishing jumps as scam artists exploit event | Fortune
Outage Shows All Our Eggs Are in One Cyber Security Basket: Szabo | NTD
IT outage exposes fragility of tech infrastructure - BBC News
What Can We Learn From Payment System Failures and Global IT Outage? | The Fintech Times
Are We Really Ready for a Fully Digital Financial System? (financemagnates.com)
The Critical Role of Supply Chain Resilience in Today's Digital Landscape - Zimperium
Cyber crooks are typosquatting to exploit CrowdStrike fallout • The Register
EU gave CrowdStrike keys to Windows kernel, Microsoft claims • The Register
CrowdStrike Microsoft Outage Demands More Resilient Cloud Computing - Bloomberg
NHS hack prompts tougher UK cyber security rules for private providers (ft.com)
When Cyber Attacks Are Inevitable, Focus on Cyber Resilience (hbr.org)
Tech firms top list of most targeted industry in Q2 by cyber criminals | SC Media (scmagazine.com)
CEO at cyber security firm that caused a global outage forgot to apologize | Fortune
Is the UK resilient enough to withstand a major cyber attack? | Microsoft IT outage | The Guardian
CrowdStrike’s Falcon Sensor linked to Linux crashes, too • The Register
Delta cancels another 600 flights on Monday in wake of cyber outage | Reuters
CrowdStrike incident has CIOs rethinking their cloud strategies | CIO
Data pilfered from Pentagon IT supplier Leidos • The Register
Fighting Third-Party Risk With Threat Intelligence (darkreading.com)
Learning from CrowdStrike’s quality assurance failures - Help Net Security
CrowdStrike faces backlash over 10 dollar apology vouchers for IT outage | Evening Standard
Cloud/SaaS
Cyber Pros Spot Spike in Malicious Activity Over CrowdStrike Outage | MSSP Alert
Cyber crooks are typosquatting to exploit CrowdStrike fallout • The Register
CrowdStrike Microsoft Outage Demands More Resilient Cloud Computing - Bloomberg
Tech firms top list of most targeted industry in Q2 by cyber criminals | SC Media (scmagazine.com)
Fortune 500 stands to lose $5bn plus from CrowdStrike incident | Computer Weekly
Warning after spike in cyber attacks in Guernsey - BBC News
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (thehackernews.com)
CrowdStrike could have an EU-sized data problem on its hands - Fast Company
Learning from CrowdStrike’s quality assurance failures - Help Net Security
Microsoft confirms CrowdStrike update also hit Windows 365 PCs (bleepingcomputer.com)
US opens probe into Delta Air Lines' handling of CrowdStrike • The Register
CrowdStrike faces backlash over 10 dollar apology vouchers for IT outage | Evening Standard
Outages
Cyber Pros Spot Spike in Malicious Activity Over CrowdStrike Outage | MSSP Alert
CrowdStrike Says Logic Error Caused Windows BSOD Chaos - SecurityWeek
One faulty CrowdStrike update caused a global outage | AP News
IT outage exposes fragility of tech infrastructure - BBC News
CrowdStrike Microsoft Outage Demands More Resilient Cloud Computing - Bloomberg
The CrowdStrike Failure Was a Warning - The Atlantic
Mass global IT outage a wake-up call for resilient cyber security - SHINE News
Without Backup Plans, Global IT Outages Will Happen Again (claimsjournal.com)
Is the UK resilient enough to withstand a major cyber-attack? | Microsoft IT outage | The Guardian
Are global IT outages becoming more frequent? What the experts say (yahoo.com)
Microsoft blames EU rules for allowing world's biggest IT outage to happen (telegraph.co.uk)
TechScape: Why CrowdStrike-style chaos is here to stay | Technology | The Guardian
CrowdStrike Outage Is Another Sharp Warning for Banks - Bloomberg
Microsoft: CrowdStrike's outage affected 8.5 million Windows PCs worldwide - Neowin
Identity and Access Management
Time to Rethink Identity: What Security Leaders Need to Know (govinfosecurity.com)
Linux and Open Source
Focusing open source on security, not ideology | InfoWorld
CrowdStrike’s Falcon Sensor linked to Linux crashes, too • The Register
New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US)
Switzerland now requires all government software to be open source | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
Hackney Council failure to change password led to cyber attack | Times Series (times-series.co.uk)
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (thehackernews.com)
Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication (darkreading.com)
Mitigating the growing threats of account takeover attacks in 2024 | TechRadar
Social Media
Social Media and Travel: Be Careful of What You Share - Security Boulevard
Study: TikTok Lite is a 'safety hazard' for millions of users around the world | ZDNET
Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model (thehackernews.com)
10 social media scams and how to avoid them (techtarget.com)
Training, Education and Awareness
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams - IT Security Guru
Regulations, Fines and Legislation
Hackney Council failure to change password led to cyber attack | Times Series (times-series.co.uk)
NHS hack prompts tougher UK cyber security rules for private providers (ft.com)
Verizon to pay $16 million in TracFone data breach settlement (bleepingcomputer.com)
White House mandates stricter cyber security for R&D institutions (securityintelligence.com)
Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model (thehackernews.com)
CrowdStrike could have an EU-sized data problem on its hands - Fast Company
New legislation will help counter the cyber threat to our... - NCSC.GOV.UK
UK school reprimanded by ICO for using facial recognition without DPIA | Biometric Update
CISOs are burned out – now they face personal liability too - Raconteur
Most CISOs feel unprepared for new compliance regulations - Help Net Security
Judge Dismisses Major SEC Charges Against SolarWinds and CISO - Security Week
Preparing for Cyber Security Audits: Insights from US Regulations | UpGuard
Backup and Recovery
Without Backup Plans, Global IT Outages Will Happen Again (claimsjournal.com)
Data Protection
CrowdStrike could have an EU-sized data problem on its hands - Fast Company
Careers, Working in Cyber and Information Security
Closing cyber skills gap needs public-private collaboration | World Economic Forum (weforum.org)
Enhancing the cyber security talent pool is key to securing our digital future - IT Security Guru
Shocked, Devastated, Stuck: Cyber Security Pros Open Up About Their Layoffs (darkreading.com)
9 ways CSOs lose their jobs | CSO Online
Are you a CISO who doesn’t know jack? Here’s how to bridge your own skills gap | CSO Online
How dark data and scarcity of cyber experts are threatening organisations | Ctech (calcalistech.com)
Critical sectors short on cyber security pros | Canada's National Observer: Climate News
Law Enforcement Action and Take Downs
Three 'pro-Russian' hackers arrested in Spain over cyber attacks | Reuters
17-Year-Old Linked to Scattered Spider Cyber Crime Syndicate Arrested in UK (thehackernews.com)
Russians plead guilty to involvement in LockBit ransomware attacks (bleepingcomputer.com)
NCA cracks digitalstress DDoS-for-hire operation | Computer Weekly
Ransomware takedowns leave crims scrambling for stability • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Don’t sanction cyberweapons — sanction how they’re used | Euronews
Global cyberespionage campaign launched by novel TAG-100 operation | SC Media (scmagazine.com)
Nation State Actors
China
Chinese Hacker Gang GhostEmperor Re-Emerges After Two Years (darkreading.com)
Threat Hunting Case Study: Looking for Volt Typhoon | Intel471
Study: TikTok Lite is a 'safety hazard' for millions of users around the world | ZDNET
Chinese Hackers Target Taiwan and US NGO with MgBot Malware (thehackernews.com)
Chinese hackers deploy new Macma macOS backdoor version (bleepingcomputer.com)
Updated malware arsenal leveraged in Chinese Daggerfly attacks | SC Media (scmagazine.com)
China's 'Evasive Panda' APT Spies on Taiwan Targets Across Platforms (darkreading.com)
Uncle Sam accuses telco IT pro of decade of spying for China • The Register
Microsoft: CrowdStrike's outage affected 8.5 million Windows PCs worldwide - Neowin
Chinese Crime Ring Hides Behind Stealth Tech and Soccer (darkreading.com)
Russia
NATO, Others Targeted by Novel Hacktivist Collective | MSSP Alert
Less than two days left of Type O blood after Russian cyber attack, NHS warns as health... - LBC
Russian Cyber Army members face US sanctions | SC Media (scmagazine.com)
Kaspersky Is an Unacceptable Risk Threatening the US's Cyber Defence (darkreading.com)
FrostyGoop malware used to shut down heat in Ukraine attack • The Register
Russia Adjusts Cyber Strategy for the Long Haul in Ukraine War (darkreading.com)
Three 'pro-Russian' hackers arrested in Spain over cyber attacks | Reuters
Russians plead guilty to involvement in LockBit ransomware attacks (bleepingcomputer.com)
North Korea
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (thehackernews.com)
North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop
North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
NATO, Others Targeted by Novel Hacktivist Collective | MSSP Alert
Tools and Controls
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
Without Backup Plans, Global IT Outages Will Happen Again (claimsjournal.com)
Stop following the herd to start fighting ransomware | TechRadar
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams - IT Security Guru
Why mobile security audits are important in the enterprise | TechTarget
Cyber insurance 2.0: The systemic changes required for future security - Help Net Security
Large US banks are failing on operational risk, secret OCC report finds | Fortune
The Importance of Red Teaming - DevX
Fighting Third-Party Risk With Threat Intelligence (darkreading.com)
Cyber Security ROI: Top metrics and KPIs - Help Net Security
Don't Leave The Door Open: The API Model To Defend Against Intruders (forbes.com)
Chrome Browser to Better Explain Why It Blocked a File Download (pcmag.com)
This new Google Chrome security warning is very important | Digital Trends
Types of MDR security services: MEDR vs. MNDR vs. MXDR | TechTarget
Small Businesses Need Default Security in Products Now (darkreading.com)
How CISOs enable ITDR approach through the principle of least privilege - Help Net Security
The Imperative of Threat Hunting for a Mature Security Posture | Binary Defence
Understanding Threat Intelligence: Exploring The Cyber Realm (informationsecuritybuzz.com)
How to Measure the Effectiveness of Your IT Security Solutions - DevX
The Future Of Cyber Security In A Net-Zero World (forbes.com)
Microsoft's licensing practices harm cyber security, coalition says - Global Competition Review
Preparing for Cyber Security Audits: Insights from US Regulations | UpGuard
Reports Published in the Last Week
Internet Organised Crime Threat Assessment (IOCTA) 2024 | Europol (europa.eu)
Other News
Google abandons plan to drop third-party cookies in Chrome • The Register
Risky security behaviours rife in the workplace | Retail Technology Review
Privilege escalation: unravelling a novel cyber attack technique - IT Security Guru
Cyber security measures 'cost SMEs £60,000 a year' - CIR Magazine
End-user cyber security errors that can cost you millions (bleepingcomputer.com)
Study reveals cyber attack response times in UK CNI - CIR Magazine
Is Our Water Safe to Drink? Securing Our Critical Infrastructure (darkreading.com)
Vulnerability Management
The complexities of cyber security update processes (welivesecurity.com)
CrowdStrike Explains Why Bad Update Was Not Properly Tested - Security Week
Poor patch posture isn't just a problem in your office • The Register
Microsoft's new way of updating Windows will hopefully be a hit (xda-developers.com)
Are You Configured for Failure? - Security Boulevard
Vulnerabilities
One faulty CrowdStrike update caused a global outage | AP News
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers (thehackernews.com)
Secure Boot is completely broken on 200+ models from 5 big device makers | Ars Technica
Cisco patches critical flaw in Secure Email Gateway appliances (computing.co.uk)
SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software (thehackernews.com)
Juniper Networks Critical Security Update Released - Security Boulevard
Now-patched Telegram for Android vulnerability exposed users to malicious videos - SiliconANGLE
Chrome 127 Patches 24 Vulnerabilities - Security Week
Organisations Warned of Exploited Twilio Authy Vulnerability - Security Week
PHP Vulnerability Used For Malware And DDOS Attacks - Security Boulevard
CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software (thehackernews.com)
Windows: latest security update is causing huge issues for some users - gHacks Tech News
Progress warns of critical RCE bug in Telerik Report Server (bleepingcomputer.com)
Critical ServiceNow RCE flaws actively exploited to steal credentials (bleepingcomputer.com)
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins (thehackernews.com)
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 - Security Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 25 July 2024 - Guernsey Businesses Experiencing a Spike in Cyber Attacks
Black Arrow Cyber Advisory 25 July 2024 - Guernsey Businesses Experiencing a Spike in Cyber Attacks
We are aware of Guernsey businesses experiencing a spike in cyber attacks. We know from helping firms respond to incidents how devastating the impact can be financially as well as at a human level. At the end of the day, it is people who are affected through loss and stress, and the experience can be traumatic.
We work with many organisations on their cyber security journey. Our advice to everyone remains unchanged: all businesses should first focus on three things to help prevent and be resilient to an attack.
Firstly, ensure your leadership team truly understands your cyber risks and how to manage them. Understand what you are up against, how attackers are operating today, and the most proportionate way to address the risks. This means a boardroom level conversation with cyber security experts.
Secondly, ensure you have an objective assessment of how good your security controls are in protecting you against those risks. Make sure the person doing the assessment is independent enough to tell you where they are gaps that you need to address.
Finally, recognising that we live in the real world and that you can never be 100% bullet proof, prepare to respond to a cyber incident. Make sure you know who will do what, and that you have the resources available to help including out of hours. Rehearse this annually in a boardroom setting; a well-designed rehearsal is also a great way of upskilling the Board.
We are happy to share the benefits of our experience and qualifications in cyber security. Stay vigilant and reach out to us if we can help.
More info: Warning after spike in cyber-attacks in Guernsey - BBC News
Black Arrow Cyber Advisory 23 July 2024 – Splunk Path Traversal Vulnerability
Black Arrow Cyber Advisory 23 July 2024 – Splunk Path Traversal Vulnerability
Executive summary
Organisations using Splunk Enterprise on Windows are advised to apply patches for a high severity vulnerability (CVE-2024-36991) as more than 230,000 internet exposed servers have been identified with this flaw. The vulnerability, which has had a proof of concept released, allows an attacker to performing a directory listing on the Splunk endpoint, which will allow the threat actor to gain unauthorised access to sensitive files in the system.
What’s the risk to me or my business?
While there are currently no reports of this vulnerability being exploited in the wild, there have been several proof of concept (PoC) exploits including one that performs bulk scanning for vulnerable internet-facing endpoints. If the Splunk instance has Splunk Web turned on, an attacker successfully exploiting the vulnerability can gain unauthorised access to sensitive files in the system.
What can I do?
Splunk has released a patch for the affected products which should be applied as soon as possible. The affected products are; Splunk Enterprise versions 9.2, 9.1, and 9.0 on Windows. It is advised to upgrade to 9.2.2, 9.1.5, and 9.0.10, or higher.
Technical Summary
CVE-2024-36991 – This exploit uses a crafted GET request which takes advantage of a vulnerability associated with Path traversal on the “/modules/messaging/” endpoint on Splunk Enterprise for Windows. The vulnerability exists because the Python “os.path.join” function removes the drive letter from path tokens if the drive in the token matches the drive in the built path.
Further information on the Splunk vulnerability can be found here:
https://advisory.splunk.com/advisories/SVD-2024-0711
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Advisory 22 July 2024 – Critical Cisco Secure Email Gateway File Write Vulnerability
Black Arrow Cyber Advisory 22 July 2024 - Critical Cisco Secure Email Gateway File Write Vulnerability
Executive summary
Cisco has released a patch for a critical vulnerability in their Secure Email Gateway (SEG) which could allow attackers to replace any file on the underlying system, add users with root privileges, modify the device configuration or cause permanent denial of service (DoS) conditions on the affected device by sending an email with crafted malicious attachments when file and content analysis is enabled.
What’s the risk to me or my business?
While this vulnerability has not yet been exploited in the wild, the ingress point through emails is of concern since the product is designed to receive and scan emails for malicious content, meaning that an attacker simply has to send a specially crafted email to compromise the device, potentially exposing any emails that are sent/received through the device.
What can I do?
Cisco has released a patch which should be applied as soon as possible, following the organisations software and firmware update procedures, including testing as necessary. Devices which are in the permanently DoS condition will need support from Cisco’s Technical Assistance Center to recover the device to a working state.
Technical Summary
CVE-2024-20401 – This vulnerability, caused by incorrect handling of email attachments with enabled file analysis and content filters, could allow an attacker to replace system files. This could lead to adding root users, altering device settings, running arbitrary code, or causing a permanent DoS condition on the device.
Further information on the Cisco vulnerability can be found here:
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 19 July 2024
Black Arrow Cyber Threat Intelligence Briefing 19 July 2024:
-Crowdstrike: Software Update Triggered Worldwide Microsoft IT Outages
-Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months
-Cyber Criminals Exploit AI for Near-Perfect Phishing Emails
-Hotel Wi-Fi: a Hotspot for Cyber Threats
-Cyber Security Can Be a Businesses Enabler
-Navigating Insider Risks: Are your Employees Enabling External Threats?
-How Tabletop Exercises Can Sharpen Incident Response from Chaos to Calm
-Gap Found Between Data Security Perceptions and Breach Reality
-Why Top Leadership Must Foster a Security-Conscious Culture
-Hackers Use PoC Exploits in Attacks 22 Minutes After Release
-There's No Margin for Error in Cyber Security
-UK to Introduce Watered-Down Version of Mandatory Reporting for Ransomware Attacks
-CISOs Must Shift from Tactical Defence to Strategic Leadership
-One-Third of Dev Professionals Unfamiliar with Secure Coding Practices
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Crowdstrike: Software Update Triggered Worldwide Microsoft IT Outages
A recent report by cyber security firm Crowdstrike reveals that a "defect" in its software update caused major IT outages globally, affecting industries such as airlines, banking, and healthcare. The issue, which impacted Windows operating systems, was identified, isolated, and resolved, but not until a huge amount of disruption had been experienced around the world. American Airlines and other affected services have since restored operations. This incident, the worst since the 2017 WannaCry attack, resulted in a fall of over 20% ($16 billion) in Crowdstrike's value before markets opened. The event raises questions about the resilience of economic infrastructure reliant on concentrated cloud security services.
Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months
A recent report by JumpCloud reveals that 49% of SME IT teams believe they lack the resources to defend against cyber threats. The survey, which included 612 IT decision-makers in the UK and US, found that nearly half (45%) of SMEs experienced a cyber attack in the first half of 2024. Of these, 28% faced two attacks and 17% encountered three. Phishing was the most common attack source (43%), followed by shadow IT (37%) and stolen credentials (33%). The report also highlights that 60% of respondents identified security as their biggest IT challenge, with 84% expressing concern about shadow IT (referring to any software, hardware, or other IT resource that is used within an organisation without the explicit approval, knowledge, or oversight of the IT department). Furthermore, 71% of respondents believe budget cuts would increase organisational risk, underscoring the high threat level SMEs face.
Cyber Criminals Exploit AI for Near-Perfect Phishing Emails
A new report by ReliaQuest reveals cyber criminals exploiting AI tools like ChatGPT for operations, notably creating near-perfect phishing emails with a 2.8% success rate. Although seemingly small, this rate is significant given the vast number of phishing emails sent daily. Criminals bypass AI security filters to generate harmful content, sharing and refining their techniques in cyber criminal forums.
Hotel Wi-Fi: A Hotspot for Cyber Threats
A recent report highlights significant cyber threats associated with hotel Wi-Fi networks, which prioritise guest access over robust security. Hotels had the third-least secure public Wi-Fi as of February 2023. In 2019, none of the 45 hotels across five countries that were tested passed a Wi-Fi hacking test, reflecting widespread vulnerabilities. Hotels are the third most common target for cyber attacks, accounting for 13% of all cyber compromises in 2020. Nearly 31% of hospitality organisations have experienced a data breach, with 89% facing multiple breaches annually. These breaches, averaging $3.4 million in costs, pose severe reputational risks in the competitive hospitality industry, and bigger risks for the hotel guests using them.
Cyber Security Can Be a Business Enabler
Many cyber security leaders tout the notion that cyber security is a business enabler as a way to elevate their personal brand, but the idea is backed up by knowledge and real-world examples. By reducing unnecessary controls and ensuring secure yet functional operations, organisations can enhance productivity and innovation. Effective cyber security can reduce legal fees and financial losses from breaches, while also boosting customer and partner confidence. Furthermore, compliance with regulations enhances business value, and strong security practices can differentiate an organisation from its competitors, fostering growth and trust.
Navigating Insider Risks: Are your Employees Enabling External Threats?
A recent report highlights the growing threat of accidental insiders in network security breaches. These insiders, through negligence or lack of awareness, expose internal weaknesses. Common issues include weak password practices and falling victim to phishing. Such lapses can lead to significant financial losses, reputational damage, and operational disruption. The report highlights the importance of security awareness training and fostering a culture of security to mitigate these risks effectively.
How Tabletop Exercises Can Sharpen Incident Response from Chaos to Calm
Every 39 seconds some company is hit by a cyber attack. Security incidents are a constant threat, an inevitability rather than a possibility. Incident response plans can help organisations with the aftermath of a cyber attack. Effective execution of these plans requires regular practice through tabletop exercises. These hypothetical, scenario-based activities involve key stakeholders and help clarify roles, enhance communication, and build team resilience. By conducting these exercises at least annually, organisations can identify gaps, refine their response plans, and improve overall cyber security awareness. Furthermore, involving internal and/or external stakeholders like legal counsel and law enforcement can enhance coordination during real incidents, ultimately strengthening the organisation's preparedness and response capabilities.
Gap Found Between Data Security Perceptions and Breach Reality
A recent report reveals a significant disparity between organisations' perceptions of data security and the actual frequency of breaches. Despite 63% of organisations believing their security measures are effective, 2023 saw a record-breaking number of data breaches. The report highlights major concerns of data breaches, ransomware, insider threats, and misconfigurations. It found that 72% of organisations use audits and compliance tools to meet regulatory requirements, and 60% employ role-based access control systems. However, ongoing challenges persist, with only 27% adopting data cataloguing tools and many relying on manual processes. The report recommends comprehensive data discovery, automated monitoring, and a zero-trust security model to bridge the gap between perceived and actual data security.
Why Top Leadership Must Foster a Security-Conscious Culture
A recent report highlights the crucial role of organisational culture in building cyber resilience. Despite technical defences, organisations remain vulnerable to cyber attacks due to a vast attack surface. Emphasising collective responsibility, a robust cyber security culture involves all employees, from executives to frontline staff, in protecting digital assets. Leadership is pivotal, requiring a genuine commitment to security, clear communication, and active participation in cyber security initiatives. Transparency and psychological safety are essential, encouraging employees to report suspicious activity without fear. Continuous learning and improvement, beyond mere compliance, are vital to adapting to evolving threats and fostering a security-conscious environment for long-term success.
Hackers Use PoC Exploits in Attacks 22 Minutes After Release
A recent report by Cloudflare reveals that threat actors can weaponise proof-of-concept (PoC) exploits as quickly as 22 minutes after they are made public. Covering activity from May 2023 to March 2024, the report highlights significant threats, including heightened scanning for CVEs (known vulnerabilities) and rapid exploitation attempts. This emphasises the need for robust vulnerability management and timely patching of vulnerable systems.
There's No Margin for Error in Cyber Security
A recent report reveals that human error is responsible for 74% of cyber attacks, with employees using an average of 2.5 devices for work, creating numerous potential breach points. Notable incidents include the 2020 Marriott breach affecting 5.2 million guests, caused by stolen employee credentials, and Sequoia Capital’s 2021 phishing attack. Verizon's report highlights that 49% of breaches begin with compromised credentials. Effective cyber security measures include using unique, complex passwords, enabling multi-factor authentication, updating software regularly, and cautious email practices. Organisations should implement Unified Endpoint Management (UEM) and Identity and Access Management (IAM) solutions, alongside continuous employee training, to mitigate these risks.
UK to Introduce Watered-Down Version of Mandatory Reporting for Ransomware Attacks
A recent announcement from the UK Government reveals plans to introduce the Cyber Security and Resilience Bill, updating the country's cyber security regulations. This new legislation will mandate ransomware attack reporting for regulated entities, addressing record levels of ransomware incidents in British businesses. This measure, part of the King’s Speech, responds to increasing cyber threats impacting public services and infrastructure, such as the recent Russian attack on Synnovis, which is still having repercussions for the NHS weeks later. The bill expands regulatory oversight to include supply chains and demands incident reporting to improve understanding of the cyber crime landscape. Experts highlight the bill’s alignment with the EU’s NIS2 Directive, emphasising the importance of robust security governance and mandatory notification obligations for effective policy design.
CISOs Must Shift from Tactical Defence to Strategic Leadership
A recent report highlights the evolving role of the CISO, demanding a blend of technical expertise and strong diplomatic skills. Despite increased cyber security budgets in 2024, nearly one-third of IT professionals lack documented strategies to address AI risks. The report shows a confidence gap: while 60% of non-IT leaders are confident in their cyber security, only 46% of IT professionals share this view. Moreover, 55% of IT leaders believe non-IT executives do not fully understand vulnerability management , potentially undermining security efforts. Cyber security is now a board-level discussion, CISOs must align technical risks with business priorities, effectively communicating the financial and reputational impacts of cyber threats.
One-Third of Dev Professionals Unfamiliar with Secure Coding Practices
A recent report by OpenSSF and the Linux Foundation underscores the critical need for robust software security as attackers continue to exploit software vulnerabilities. Nearly one-third of development professionals feel unfamiliar with secure software practices, with 69% relying on on-the-job experience, which takes at least five years for basic security familiarity. Lack of time (58%) and inadequate training (50%) are the main barriers to implementing secure development practices. Furthermore, 44% cite a lack of knowledge about good courses as a reason for not pursuing secure software development education. The report advocates for industry-wide efforts and language-agnostic courses to address these educational gaps.
Sources:
https://www.bbc.co.uk/news/live/cnk4jdwp49et
https://securitybrief.co.nz/story/cybercriminals-exploit-chatgpt-for-near-perfect-phishing-emails
https://securityboulevard.com/2024/07/hotel-wi-fi-a-hotspot-for-cyber-threats/
https://www.inforisktoday.com/blogs/cybersecurity-be-businesses-enabler-p-3668
https://thehackernews.com/2024/07/navigating-insider-risks-are-your.html
https://securitybrief.co.nz/story/gap-found-between-data-security-perceptions-breach-reality
https://www.scmagazine.com/perspective/why-top-leadership-must-foster-a-security-conscious-culture
https://therecord.media/uk-cyber-security-resilience-bill-labour-government
https://www.helpnetsecurity.com/2024/07/19/cyber-threats-size-sophistication/
https://www.helpnetsecurity.com/2024/07/19/devs-secure-coding-practices/
Governance, Risk and Compliance
Cyber Security Can Be a Businesses Enabler - InfoRiskToday
Half of SMEs Unprepared for Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)
How Tabletop Exercises Can Sharpen Incident Response From Chaos To Calm (forbes.com)
Gap found between data security perceptions & breach reality (securitybrief.co.nz)
Why top leadership must foster a security-conscious culture | SC Media (scmagazine.com)
Survey: Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months - Security Boulevard
CISOs must shift from tactical defence to strategic leadership - Help Net Security
What savvy hiring execs look for in a CISO today | CSO Online
SMEs vulnerable to cyber security breaches, report reveals - NZ Herald
What business leaders need to know about the Cyber Security and Resilience Bill - Raconteur
Why CISOs should report to the CEO—and not the CIO | Fortune
7 Tips for Navigating Cyber Security Risks in M&As (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks (thehackernews.com)
UK to introduce watered-down version of mandatory reporting for ransomware attacks (therecord.media)
Year-Old Veeam Vulnerability Exploited in Fresh Ransomware Attacks - Security Week
RansomHub Ransomware - What You Need To Know | Tripwire
New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection (thehackernews.com)
BianLian Ransomware Leveraging RDP Credentials To Gain Initial Access (cybersecuritynews.com)
SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks (bleepingcomputer.com)
HardBit Ransomware - What You Need to Know | Tripwire
Digging Into FIN7's Latest Tools and Tactics | Decipher (duo.com)
Using Threat Intelligence to Predict Potential Ransomware Attacks - Security Week
This new ransomware tries to stop victims recovery by using passphrases | TechRadar
Ransomware costs at critical infrastructure orgs soar • The Register
Ransomware Victims
NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack | Computer Weekly
Costs From UnitedHealth's Ransomware Attack Soar to at Least $2.3 Billion (pcmag.com)
CDK Global said to have paid $25M ransom after cyber attack • The Register
AT&T reportedly pays $370K to hackers to delete stolen customer data - SiliconANGLE
'NHS cyber attack delayed my baby son’s life-saving kidney transplant' (inews.co.uk)
AT&T Breach Linked to American Hacker, Telecom Giant Paid $370k Ransom: Reports - Security Week
CDK Global car dealership cyber attack could cost industry $1 billion (qz.com)
London Borough of Hackney reprimanded over cyber attack | Cybernews
A Negligence Case Has Been Filed Against CDK Over Cyber Attack (jalopnik.com)
UK national blood stocks in 'very fragile' state following ransomware attack (therecord.media)
Rite Aid confirms data breach after June ransomware attack (bleepingcomputer.com)
Furniture giant shuts down manufacturing facilities after ransomware attack (therecord.media)
Phishing & Email Based Attacks
Cyber criminals exploit ChatGPT for near-perfect phishing emails (securitybrief.co.nz)
New phishing tactic hijacks email protections to mask links | SC Media (scmagazine.com)
URL protection services used to mask phishing attacks (betanews.com)
Beware of the Latest Phishing Tactic Targeting Employees - Security Boulevard
How to protect your startup from email scams | TechCrunch
Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands - Security Boulevard
Shadowroot Ransomware Lures Turkish Victims via Phishing Attacks (darkreading.com)
Other Social Engineering
Social Engineering Defence - An Emerging Career (govinfosecurity.com)
Artificial Intelligence
Cyber criminals exploit ChatGPT for near-perfect phishing emails (securitybrief.co.nz)
Weaponized AI: The Malicious Mind of Hackers (financemagnates.com)
US Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (thehackernews.com)
Why deepfakes are set to be one of 2024’s biggest cyber security dangers | TechRadar
SAP security holes raise questions about the rush to AI | CSO Online
ChatGPTriage: How can CISOs see and control employees’ AI use? - Help Net Security
White House urged to probe $1.5B G42-Microsoft AI deal • The Register
Mark Cuban: Social media algorithms' influence in 2024 election
Protect AI warns of increasing security risks in open-source AI and ML tools - SiliconANGLE
Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands - Security Boulevard
SMEs looking to MSPs to help with AI and security challenges | Microscope (computerweekly.com)
Mixed reaction from the AI community on King's Speech (datacentrenews.uk)
Malware
Zeus Banking Malware Player Gets 9-Year Prison Term (inforisktoday.com)
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign (thehackernews.com)
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit (thehackernews.com)
Facebook ads for Windows desktop themes push info-stealing malware (bleepingcomputer.com)
DarkGate malware sees boom after the Feds crush Qbot • The Register
Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice | Ars Technica
'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins (thehackernews.com)
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts - Help Net Security
DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls (darkreading.com)
This New "Cluster Bomb" Malware Sounds Deadly, but You Can Avoid It (makeuseof.com)
Iraq-based cyber criminals deploy malicious Python packages to steal data (therecord.media)
Weaponized AWS Packages That Deliver Malware Via JPEG Files (cybersecuritynews.com)
Malware scammers gearing up for 2024 summer Olympics in Paris | SC Media (scmagazine.com)
Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges (darkreading.com)
Revolver Rabbit gang registers 500,000 domains for malware campaigns (bleepingcomputer.com)
Mobile
What is juice jacking? Why you shouldn't use public USB chargers (androidauthority.com)
'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins (thehackernews.com)
Denial of Service/DoS/DDOS
DDoS attacks see a huge rise as criminals get braver and more ambitious | TechRadar
Telecom sees fastest increase in DDoS attacks: Report - RCR Wireless News
Data Breaches/Leaks
AT&T says criminals stole phone records of 'nearly all' customers in new data breach | TechCrunch
AT&T cyber security breach potentially posed 'risk to national security' (lexch.com)
Major data breaches that have rocked organisations in 2024 - Help Net Security
US Data Breach Victim Numbers Increase by 1,000%, Literally (darkreading.com)
Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages | WIRED
Snowflake Account Attacks Driven by Exposed Legitimate Credentials (darkreading.com)
Over 400,000 Life360 user phone numbers leaked via unsecured API (bleepingcomputer.com)
Rite Aid confirms data breach after June ransomware attack (bleepingcomputer.com)
Stalkerware vendor mSpy breached for a third time • The Register
Organised Crime & Criminal Actors
Weaponized AI: The Malicious Mind of Hackers (financemagnates.com)
Well-Established Cyber Criminal Ecosystem Blooms in Iraq (darkreading.com)
Digging Into FIN7's Latest Tools and Tactics | Decipher (duo.com)
Iraq-based cyber criminals deploy malicious Python packages to steal data (therecord.media)
Why OT has become a hot target for cyber criminals | SC Media (scmagazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
DNS hijacks target crypto platforms registered with Squarespace (bleepingcomputer.com)
Dough Finance loses $1.8M in flash loan attack (cointelegraph.com)
North Korean Cyber Threats Escalate with Crypto Job Posting Hacks, Report Reveals (bitcoinist.com)
WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach (thehackernews.com)
North Korea may have attacked Indian crypto exchange WazirX • The Register
Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands - Security Boulevard
Insider Risk and Insider Threats
How to Protect Your Business From Insider Threats | HackerNoon
Navigating Insider Risks: Are your Employees Enabling External Threats? (thehackernews.com)
Australian Defence Force Private and Husband Charged with Espionage for Russia (thehackernews.com)
Australian Spycatchers Snatch Pair of Married Russian Operatives (darkreading.com)
Pentagon Leaker Jack Teixeira to Face Military Court-Martial, Air Force Says - Security Week
Insurance
Cyber insurance: How to achieve the right coverage | SC Media (scmagazine.com)
Supply Chain and Third Parties
NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack | Computer Weekly
AT&T cyber security breach potentially posed 'risk to national security' (lexch.com)
Cloud/SaaS
Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice | Ars Technica
Weaponized AWS Packages That Deliver Malware Via JPEG Files (cybersecuritynews.com)
Encryption
Encrypted traffic: A double-edged sword for network defenders - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Snowflake Account Attacks Driven by Exposed Legitimate Credentials (darkreading.com)
Social Media
Facebook ads for Windows desktop themes push info-stealing malware (bleepingcomputer.com)
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts - Help Net Security
My LinkedIn account was hacked: I don't use it but I fixed it fast. Here's why and how | ZDNET
Is Musk’s X Using Dark Patterns To Trick Users? EU Says ‘Yes’
Mark Cuban: Social media algorithms' influence in 2024 election
Malvertising
'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins (thehackernews.com)
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts - Help Net Security
What is malvertising? And how to protect yourself against it | PCWorld
Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges (darkreading.com)
Regulations, Fines and Legislation
The Impact of SEC Cyber Rules on Corporate Risk Management - Security Boulevard
What business leaders need to know about the Cyber Security and Resilience Bill - Raconteur
UK to introduce watered-down version of mandatory reporting for ransomware attacks (therecord.media)
Will Smaller Companies Buckle Under the SEC's New Requirements? (darkreading.com)
CDK hack shows SEC disclosure standards are unsettled | CyberScoop
Labour unveils AI, cyber security goals in King’s Speech (techmonitor.ai)
The Strategic Defence Review must maintain a cyber focus - LBC
London Borough of Hackney reprimanded over cyber attack | Cybernews
Judge dismisses much of SEC suit against SolarWinds over cyber security disclosures | CyberScoop
Preparing for the EU Cyber Resilience Act (techuk.org)
Models, Frameworks and Standards
What is NIST Compliance? A Guide to NIST Standards, Framework & Controls - Security Boulevard
Decoding NIS2 to Secure Your Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)
5 Things We've Learned From 10 Years Of Cyber Essentials (forbes.com)
Careers, Working in Cyber and Information Security
What savvy hiring execs look for in a CISO today | CSO Online
Managing exam pressure: Tips for certification preparation - Help Net Security
Social Engineering Defence - An Emerging Career (govinfosecurity.com)
The Need to Recruit Cyber Talent in the Government (darkreading.com)
3 Free Online Cyber Security Courses With Certificates (forbes.com)
Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills (darkreading.com)
What a cyber security analyst does and how to become one | TechTarget
Teams facing 'alert fatigue' need certainty | Professional Security
The cyber security skills gap and breaches | SC Media (scmagazine.com)
Law Enforcement Action and Take Downs
Zeus Banking Malware Player Gets 9-Year Prison Term (inforisktoday.com)
DarkGate malware sees boom after the Feds crush Qbot • The Register
Pentagon Leaker Jack Teixeira to Face Military Court-Martial, Air Force Says - Security Week
Misinformation, Disinformation and Propaganda
US Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (thehackernews.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Weaponised AI: The Malicious Mind of Hackers (financemagnates.com)
NATO to Establish Integrated Cyber Security Centre in Europe (thedefensepost.com)
IDF Has Rebuffed 3B Cloud Cyber Attacks Since Oct. 7, Colonel Claims (darkreading.com)
TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks (thehackernews.com)
Nation State Actors
China
Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges (darkreading.com)
China-linked APT17 Targets Italian Companies with 9002 RAT Malware (thehackernews.com)
Russia
APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer - Security Week
For MSPs, Kaspersky’s US exit is a reminder to not ignore geopolitics - Security - CRN Australia
US Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (thehackernews.com)
Kaspersky Exits US Market Following Commerce Department Ban (thehackernews.com)
Surge in cyber attacks after Romania donates Patriot to Ukraine - Verdict
Void Banshee APT exploited "lingering Windows relic" in zero-day attacks - Help Net Security
Putin's Spies Are a Threat to Paris Olympics, Google Warns - Newsweek
Australian Spycatchers Snatch Pair of Married Russian Operatives (darkreading.com)
Kaspersky offers free security software for six months in US goodbye (bleepingcomputer.com)
Iran
Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks (thehackernews.com)
New BugSleep malware implant deployed in MuddyWater attacks (bleepingcomputer.com)
IDF Has Rebuffed 3B Cloud Cyber Attacks Since Oct. 7, Colonel Claims (darkreading.com)
North Korea
DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls (darkreading.com)
Defending against APTs: A learning exercise with Kimsuky (securitybrief.co.nz)
North Korean Cyber Threats Escalate with Crypto Job Posting Hacks, Report Reveals (bitcoinist.com)
WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
For MSPs, Kaspersky’s US exit is a reminder to not ignore geopolitics - Security - CRN Australia
Damaged Internet Subsea Cables Repaired in Red Sea Amid Militant Attacks on Ships – BNN Bloomberg
Disney faces potential data breach, hacker group claims massive leak (computing.co.uk)
Stalkerware vendor mSpy breached for a third time • The Register
Tools and Controls
How Tabletop Exercises Can Sharpen Incident Response From Chaos To Calm (forbes.com)
The Impact of SEC Cyber Rules on Corporate Risk Management - Security Boulevard
Decoding NIS2 to Secure Your Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)
Encrypted traffic: A double-edged sword for network defenders - Help Net Security
BianLian Ransomware Leveraging RDP Credentials To Gain Initial Access (cybersecuritynews.com)
API Transformation Cyber Risks and Survival Tactics - Security Boulevard
Threat Prevention & Detection in SaaS Environments - 101 (thehackernews.com)
Overlooked essentials: API security best practices - Help Net Security
FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums (thehackernews.com)
Risk related to non-human identities: Believe the hype, reject the FUD - Help Net Security
Cloudflare reports almost 7% of internet traffic is malicious | ZDNET
Using Threat Intelligence to Predict Potential Ransomware Attacks - Security Week
Teams facing 'alert fatigue' need certainty | Professional Security
One-third of dev professionals unfamiliar with secure coding practices - Help Net Security
20 Million Trusted Domains Vulnerable to Email Hosting Exploits (darkreading.com)
6 Steps to Build an Incident Response Workflow for Your Business - Security Boulevard
DNS hijacks target crypto platforms registered with Squarespace (bleepingcomputer.com)
Cyber insurance: How to achieve the right coverage | SC Media (scmagazine.com)
Firms skip security reviews of updates about half the time • The Register
Securing datacenters may soon need sniffer dogs • The Register
Other News
SMEs vulnerable to cyber security breaches, report reveals - NZ Herald
IT providers must navigate AI, cyber security, efficiency and economic fluctuations – Channel EYE
Hotel Wi-Fi: A Hotspot for Cyber Threats - Security Boulevard
How Startups Can Bolster Defences as Cyber Threats Loom in Cloud Era | HackerNoon
Staying Safe on the Go: Insider Risk and Travel Security Tips - Security Boulevard
CISA broke into US federal agency, wasn't spotted for months • The Register
UK Retailers Most Concerned About Cyber, Data Security Risks, Study Finds | ESM Magazine
Improving cyber resilience of frontline forces in Europe - GOV.UK (www.gov.uk)
Defending OT Requires Agility, Proactive Controls (darkreading.com)
MSP security confidence remains high despite facing a torrent of cyber threats | ITPro
Paris 2024 Olympics to face complex cyber threats - Help Net Security
Automated Threats Pose Increasing Risk to the Travel Industry (thehackernews.com)
Vulnerability Management
Hackers use PoC exploits in attacks 22 minutes after release (bleepingcomputer.com)
ZDI shames Microsoft for coordinated vuln disclosure snafu • The Register
Microsoft is changing how it delivers Windows updates: 4 things you need to know | ZDNET
Firms skip security reviews of updates about half the time • The Register
Vulnerabilities
CrowdStrike code update bricking PCs around the world • The Register
Critical Exim bug bypasses security filters on 1.5 million mail servers (bleepingcomputer.com)
Year-Old Veeam Vulnerability Exploited in Fresh Ransomware Attacks - Security Week
GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln (darkreading.com)
APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer - Security Week
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (thehackernews.com)
Attacks Exploiting Internet Explorer Persist | MSSP Alert
Chrome 126 Updates Patch High-Severity Vulnerabilities - Security Week
Oracle Patches 240 Vulnerabilities With July 2024 CPU - Security Week
Recent Adobe Commerce Vulnerability Exploited in Wild - Security Week
Cyber Security teams advised to look out for critical Adobe, Cisco bugs | SC Media (scmagazine.com)
20 Million Trusted Domains Vulnerable to Email Hosting Exploits (darkreading.com)
Cisco Releases Security Updates for Multiple Products | CISA
Netgear warns users to patch auth bypass, XSS router flaws (bleepingcomputer.com)
Void Banshee APT exploited "lingering Windows relic" in zero-day attacks - Help Net Security
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (bleepingcomputer.com)
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Updated: Black Arrow Cyber Alert 19 July 2024 – IT outages causing chaos worldwide, airports, airlines, hospitals, emergency services, shipping, media, banks affected - CrowdStrike blamed
Black Arrow Cyber Alert 19 July 2024 – IT outages causing chaos worldwide, airports, airlines, hospitals, emergency services, shipping, media, banks affected - CrowdStrike and Microsoft Azure blamed
Update: We can now confirm from statements provided by both Microsoft and CrowdStrike that a Crowdstrike content update was the cause of the outage
Executive summary
Black Arrow is aware of ongoing outages affecting airlines, media outlets, stock exchanges, shipping, hospitals, emergency services, banks globally.
This is an ongoing and unfolding situation which we will continue to monitor and update.
These disruptions appear to have occurred due to recent updates from both CrowdStrike and Microsoft, resulting in device access issues and Blue Screen errors. CrowdStrike has identified the problematic update and taken corrective action. For affected users,the advice is to boot into Safe Mode or the Windows Recovery Environment, navigating to the C:\Windows\System32\drivers\CrowdStrike directory, and deleting the file corresponding to C-0000029*.sys.
For the latest updates on this story further information can be found on the BBC:
https://www.bbc.co.uk/news/live/cnk4jdwp49et?post=asset%3Aaaba3e5c-a8b0-4d60-bcde-32c1e3a6c2a3#post
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 12 July 2024
Black Arrow Cyber Threat Intelligence Briefing 12 July 2024:
-New Study Reveals UK Businesses at Risk from Imminent Cyber Attacks
-The Escalating War Against Email-Based Espionage and Fraud
-Trade the Comfort of Security Theatre for True Security
-Traditional Cyber Security Measures are No Longer Enough
-Threats to NATO Countries Escalate, as NATO Outlines Internet Doomsday Plan
-In Ransomware Attacks, Expect to Lose 43 Percent of Affected Data Even if You Pay
-New Ransomware Scam Will Hassle You with Phone Calls Until You Pay Up
-China's APT40 Gang is Attacking Vulnerabilities Within Hours of Public Release
-New Survey: Generative AI and Phishing Concerns, Employees Put Corporate Data at Risk
-The Urgent Need for Digital Executive Protection: A CEO’s Perspective
-Businesses Must do Better to Understand Complexity of Business Email Compromise
-Ransomware Surges Annually Despite Law Enforcement Takedowns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
New Study Reveals UK Businesses at Risk from Imminent Cyber Attacks
A recent report by Cloudflare reveals that 70% of UK business leaders anticipate a cyber security incident within the next year, yet only 35% feel adequately prepared. The survey, involving over 4,000 business and technology leaders across Europe, highlights that 48% of UK organisations have faced a cyber security incident in the past 12 months, the highest in Europe. 80% of UK leaders report an increase in cyber incidents, with 60% expecting this trend to continue.
The Escalating War Against Email-Based Espionage and Fraud
A recent report highlights the rapid rise in email-based cyber crime, with cyber criminals sending an estimated 3.4 billion malicious emails daily, contributing to over $43 billion in business email compromise losses since 2016. Traditional email security measures are proving inadequate, prompting the need for proactive solutions like DMARC (Domain-based Message Authentication, Reporting & Conformance). Acting as an identity check for emails, DMARC can reduce email impersonation threats by over 90% when enforced correctly. However, global adoption remains slow at 30%, hindered by perceived complexity. New zero-trust email authentication tools are simplifying deployment, promising faster and more effective domain protection.
Trade the Comfort of Security Theatre for True Security
A recent article highlights the prevalence of "security theatre," where companies focus on creating an illusion of robust cyber security rather than implementing substantial defensive measures. Despite these superficial efforts, organisations continue to face lawsuits, fines, and regulatory scrutiny over their inadequate data protection practices. The article underscores the need for genuine cyber security programmes, driven by actual risk mitigation to protect against the rising tide of cyber threats rather than marketing tactics and checklist compliance. Regulatory bodies in the EU and the US are intensifying their focus, with fines reaching up to 7% of global revenue for breaches.
Traditional Cyber Security Measures are No Longer Enough
A recent report by LogRhythm highlights that traditional cyber security measures are insufficient against sophisticated AI-powered attacks, necessitating agile and adaptive strategies. According to the 'State of the Security Team’ report, 95% of companies adjusted their security strategies in the past year due to evolving threats, regulatory changes, and AI adoption. Additionally, 78% of professionals now hold cyber security leaders and CEOs accountable for breaches. The widespread adoption of cloud computing and remote work has expanded the attack surface, underscoring the need for robust cloud security practices, comprehensive security training, and advanced threat detection technologies.
Threats to NATO Countries Escalate, as NATO Outlines Internet Doomsday Plan
A Mandiant report reveals increasing cyber attack risks for NATO countries from state-sponsored actors, hacktivists, and criminals. Russia’s invasion of Ukraine drives many attacks, while China's espionage targets NATO intel and trade secrets. Cyber threats extend beyond military targets, impacting hospitals and civil infrastructure, with ransomware attacks on healthcare and government services escalating due to lax cyber crime enforcement.
NATO has recently outlined plans to safeguard subsea internet cables, a favoured target of nation state actors, and the data carried by these cables by rerouting to satellites in case of disruptions. This system, part of the HEIST project, involves researchers from the US, Iceland, Sweden, and Switzerland, supported by NATO's Science for Peace and Security Programme. By detecting disturbances in undersea cables and ensuring uninterrupted communication, the project addresses heightened concerns over global instability and threats to critical infrastructure.
In Ransomware Attacks, Expect to Lose 43 Percent of Affected Data Even if You Pay
A recent report by Veeam highlights the pervasive threat of ransomware, with the endemic impacting 3 out of 4 organisations in 2023. In many cases only 57% of compromised data was recoverable, leaving 43% lost. The report indicates that 81% of affected organisations paid ransoms, yet one-third failed to recover their data even after paying. Additionally, 63% of organisations risk reintroducing infections during recovery due to pressure to restore quickly. Despite increased focus on cyber preparedness, 63% of organisations find their backup and cyber teams misaligned.
New Ransomware Scam Will Hassle You with Phone Calls Until You Pay Up
A recent report reveals that a new ransomware group, Volcano Demon, has emerged, harassing its victims via phone until payment is made. The group has targeted several organisations in the past weeks, deploying an encryptor named LukaLocker. This ransomware maps and exfiltrates sensitive files before encrypting them, adding a .nba extension, which works on both Windows and Linux systems. Notably, Volcano Demon does not operate a data leak site but instead directly contacts company leadership to negotiate payments, often using threatening tones. Additionally, LukaLocker can disable most antivirus processes and clear logs, complicating forensic investigations. Limited logging and monitoring solutions among victims exacerbate the issue.
China's APT40 Gang is Attacking Vulnerabilities Within Hours of Public Release
A recent advisory led by Australia, with contributions from seven other nations, details the sophisticated methods of the China-aligned threat actor APT40, also known as Kryptonite Panda and Gingham Typhoon. This state-sponsored group is adept at exploiting new vulnerabilities within hours, as well as targeting unpatched systems dating back to 2017 such as Log4J and Microsoft Exchange. APT40 employs compromised devices, including small-office/home-office equipment, to launch attacks, masking their activities as legitimate traffic. The advisory recommends basic cyber security practices like logging, patch management, and network segmentation to defend against APT40's persistent threats.
New Survey: Generative AI and Phishing Concerns, Employees Put Corporate Data at Risk
A study by Censuswide reveals that 74% of security professionals express confidence in their IT departments, yet over half have experienced a data breach recently. The misuse of generative AI, particularly deepfake phishing attacks, is cited as a significant threat. All types of phishing, along with poor software design, ransomware, and zero-day threats are top concerns, with 55% of experts admitting to not conducting regular security audits. Cloud security issues, especially incorrectly set identity and access management policies, are also highlighted. Additionally, trust in employees is dwindling, with 63% of IT security decision-makers in the UK and US expecting remote workers to put corporate data at risk. Notably, 55% reported these workers have knowingly jeopardised data security, and 73% lack the necessary skills and technology to keep data safe. This underscores the urgent need for improved training and robust security measures.
The Urgent Need for Digital Executive Protection: A CEO’s Perspective
A recent article highlights the urgent need for Digital Executive Protection amidst increasing cyber threats. Cyber criminals are now targeting executives personally, endangering both their personal integrity and their companies' credibility and market perception. A cyber attack on a CEO can lead to severe consequences, including data breaches and financial losses. The sophistication of phishing attempts, ransomware, and social engineering tactics demands advanced security measures tailored for high-value targets. By prioritising their own digital security, executives can ensure business continuity, safeguard confidential information, and set a precedent for a robust corporate security posture, thereby protecting both their personal and professional integrity.
Businesses Must do Better to Understand Complexity of Business Email Compromise
A recent report highlights Business Email Compromise (BEC) as one of the most financially damaging cyber threats. BEC attacks, involving impersonation schemes where cyber criminals masquerade as trusted entities, are increasing in frequency and sophistication. The FBI’s Internet Crime Complaint Center reports annual economic losses from BEC attacks in the billions of dollars. Organisations must enhance their understanding and defences against BEC to protect their assets, reputation, and operations from severe financial losses and regulatory penalties.
Ransomware Surges Annually Despite Law Enforcement Takedowns
A recent report by Symantec reveals a 9% year-on-year increase in ransomware attacks advertised on leak sites in Q1 2024, with 962 claimed attacks. Despite law enforcement actions against major groups like ALPHV/BlackCat and LockBit, the latter remains the top threat, responsible for over 20% of all claimed attacks. Known vulnerabilities continue to be the primary vector for these attacks.
Sources:
https://www.afcea.org/signal-media/cyber-edge/escalating-war-against-email-based-espionage-and-fraud
https://www.darkreading.com/cyber-risk/trade-the-comfort-of-security-theater-for-true-security
https://www.techradar.com/pro/traditional-cybersecurity-measures-are-no-longer-enough
https://www.msspalert.com/brief/escalating-cyber-threats-faced-by-nato-countries
https://www.tomshardware.com/tech-industry/nato-outlines-internet-doomsday-plan
https://www.theregister.com/2024/07/09/apt_40_tradecraft_advisory/
https://www.infosecurity-magazine.com/news/ransomware-surges-2024-law/
Governance, Risk and Compliance
Traditional cyber security measures are no longer enough | TechRadar
Cloudflare Study: UK Businesses are at Risk of Cyber Attacks (itsecuritywire.com)
The Escalating War Against Email-Based Espionage and Fraud | AFCEA International
5 Key Questions CISOs Must Ask Themselves About Their Cyber Security Strategy (thehackernews.com)
Cyber security pros don't like being ignored (betanews.com)
Trade the Comfort of Security Theater for True Security (darkreading.com)
The Urgent Need for Digital Executive Protection: A CEO's Perspective - Security Boulevard
More than a CISO: the rise of the dual-titled IT leader | CSO Online
Survey Sees Modern CISOs Becoming More Comfortable With Risk - Security Boulevard
A CISO's Guide to Avoiding Jail After a Breach (darkreading.com)
5 Steps CISOs Can Take to Ensure Resilience (informationweek.com)
It’s Time to Reassess Your Cyber Security Priorities - Security Week
Three pillars of cyber | Professional Security
The Future Of Cyber Security: Emerging Threats And How To Combat Them (forbes.com)
Top priorities for compliance leaders this year - Help Net Security
Deconstructing Security Assumptions to Ensure Future Resilience (darkreading.com)
Managing cyber attack fallout: Financial and operational damage - Help Net Security
Applying Bloch’s Philosophy to Cyber Security - Security Boulevard
Cyber Security Success Hinges on Leadership, Not Just Tech (inforisktoday.com)
Threats
Ransomware, Extortion and Destructive Attacks
This new ransomware scam will hassle you with phone calls until you pay up | TechRadar
Victims of cyber extortion and ransomware increase in 2024 | SC Media (scmagazine.com)
LockBit 3.0: The Rising Costs of Ransomware Attacks - Security Boulevard
Ransomware gangs invest in custom data stealing malware • The Register
New Ransomware Group Exploiting Veeam Backup Software Vulnerability (thehackernews.com)
Ransomware gangs increasingly exploiting vulnerabilities | TechTarget
Akira Ransomware: Lightning-Fast Data Exfiltration in 2-Ish Hours (darkreading.com)
In ransomware attacks, expect to lose 43 percent of affected data - eCampus News
NHS cyber security: Ex security chief warns of future attacks - BBC News
New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems (thehackernews.com)
Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi (darkreading.com)
CISA Advises Against Paying Ransom, But Rules Out a Ban | MSSP Alert
Risk & Repeat: Hacks, lies and LockBit | TechTarget
An In-Depth Look at Crypto-Crime in 2023 Part 1 | Trend Micro (US)
Evolving ransomware attack techniques examined | SC Media (scmagazine.com)
Fujitsu Suffers Worm-Like Attack From Something That Wasn't Ransomware (darkreading.com)
Envisioning cyber resilience beyond ransom payments - SiliconANGLE
Avast releases DoNex ransomware decryptor • The Register
CISA director says banning ransomware payments is off the table (securityintelligence.com)
Cisco Talos: Top Ransomware TTPs Exposed (techrepublic.com)
Emulating the Long-Term Extortionist Nefilim Ransomware - Security Boulevard
Ransomware Victims
Evolve Bank says ransomware gang stole personal data on millions of customers | TechCrunch
The untold impact of Qilin's attack on London hospitals • The Register
Nearly 800,000 affected by children’s hospital ransomware attack | Security Magazine
Patelco faces multiple lawsuits over ransomware attack | American Banker
Hackers leak 170k Taylor Swift ’s ERAS Tour Barcodes (securityaffairs.com)
Indonesian National Data Center Breach Traced to Weak Password: 'Admin#1234' (jakartaglobe.id)
STORMOUS Ransomware Group Claiming Breach of HITC Telecom (cybersecuritynews.com)
‘Serious hacker attack’ forces Frankfurt university to shut down IT systems (therecord.media)
Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events (bleepingcomputer.com)
Ransomware attack on blood-testing service puts lives in danger in South Africa (bitdefender.com)
NTT Data Romania, hacked (romaniajournal.ro)
Phishing & Email Based Attacks
The Escalating War Against Email-Based Espionage and Fraud | AFCEA International
New 'FishXProxy' phishing kit lowers entry bar for cyber attacks - SiliconANGLE
Spear phishing techniques in mass phishing: a new trend | Securelist
Why You Might Be Getting Spam Emails From Yourself (slashgear.com)
How do cryptocurrency drainer phishing scams work? (talosintelligence.com)
The New Battlefield in Banking: Defending Against Phishing Scams (financemagnates.com)
The 9 most common phishing scam types, explained | PCWorld
State, local governments facing deluge of phishing attacks | SC Media (scmagazine.com)
The FIA has been hacked after workers fell for a phishing attack | TechRadar
BEC
The 9 most common phishing scam types, explained | PCWorld
Other Social Engineering
This new ransomware scam will hassle you with phone calls until you pay up | TechRadar
Euro Vishing Fraudsters Add Physical Intimidation to Arsenal (darkreading.com)
Google Fi's 'Number Lock' adds protection against SIM swaps - here's how to enable it | ZDNET
Revealed the cyber security risks of working in public places | theHRD (thehrdirector.com)
The 9 most common phishing scam types, explained | PCWorld
Artificial Intelligence
OpenAI breach is a reminder that AI companies are treasure troves for hackers | TechCrunch
Bring Your Own AI to Work Creates a Haven for Cyber Attackers (technewsworld.com)
Human Vigilance is Required Amid AI-Generated Cyber Security Threats - Security Boulevard
Top 10 AI Security Risks for 2024 | Trend Micro (US)
Security, privacy, and generative AI | InfoWorld
Winner takes Al | Professional Security
ChatGPT for Mac app flaw left users' chat history exposed (bitdefender.com)
Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge? - Security Week
ChatGPT 4 exploits 87% of vulnerabilities (devx.com)
When implementing AI, first train your managers | ZDNET
Privacy & Security Concerns With AI Meeting Tools (darkreading.com)
Cyber Security Success Hinges on Leadership, Not Just Tech (inforisktoday.com)
Most Security Pros Admit Shadow SaaS and AI Use - Infosecurity Magazine (infosecurity-magazine.com)
2FA/MFA
Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers - MacRumors
Hackers abused API to verify millions of Authy MFA phone numbers (bleepingcomputer.com)
Multifactor Authentication Shouldn't Be Optional (govinfosecurity.com)
Gmail Users Offered Free Top Tier Security Upgrade—Say Goodbye To 2FA (forbes.com)
Malware
Botnets are being sold on the dark web for as little as $99 | ITPro
GootLoader is still active and efficient (securityaffairs.com)
Security Bite: Mac Malware wreaking the most havoc in 2024 - 9to5Mac
Ransomware gangs invest in custom data stealing malware • The Register
GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel (thehackernews.com)
ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks (thehackernews.com)
Fujitsu Suffers Worm-Like Attack From Something That Wasn't Ransomware (darkreading.com)
Hackers Resurrect Internet Explorer to Attack Windows PCs (pcmag.com)
Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk (thehackernews.com)
350 million people downloaded insecure browser extensions over two years | Cybernews
Hackers Weaponizing Shortcut Files With Zero-day Tricks (cybersecuritynews.com)
Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison | WIRED
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack (thehackernews.com)
Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware (securityaffairs.com)
GuardZoo spyware used by Houthis to target military personnel - Help Net Security
Mac Security: How secure is a Mac, is macOS more secure than Windows? | Macworld
Mobile
New Google Play Store Warning As Dangerous Threat Returns (forbes.com)
Europol says mobile roaming tech is hampering crimefighters • The Register
Hackers abused API to verify millions of Authy MFA phone numbers (bleepingcomputer.com)
Examining the impact of cyber crime and online fraud | TechRadar
A simple firmware update completely hides a device's Bluetooth fingerprint (techxplore.com)
Apple warns iPhone users in 98 countries of spyware attacks | TechCrunch
Every Phone Can ID Your Router—Here's How to Stop It | PCMag
Google is opening its dark web reports to all users free of charge | TechSpot
How to protect Apple ID and avoid scams - 9to5Mac
How to clear your Google search cache on Android (and why you should) | ZDNET
Denial of Service/DoS/DDOS
OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers (thehackernews.com)
Internet of Things – IoT
How to clear the cache on your TV (and why you should do it) | ZDNET
Data Breaches/Leaks
OpenAI breach is a reminder that AI companies are treasure troves for hackers | TechCrunch
Hacker Stole Secrets From OpenAI - Security Week
Hackers stole OpenAI secrets in a 2023 security breach (securityaffairs.com)
Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers - MacRumors
OpenAI hit by two big security issues this week (engadget.com)
Shopify denies it was hacked, links stolen data to third-party app (bleepingcomputer.com)
Fujitsu Suffers Worm-Like Attack From Something That Wasn't Ransomware (darkreading.com)
The FIA has been hacked after workers fell for a phishing attack | TechRadar
Cyber Confidence at MSPs high, despite falling victim to data breaches - IT Security Guru
General Motors reports “suspicious activity” within certain GM accounts | Cybernews
Ticketmaster hack: Customers told to sign up to security service - BBC News
Hackers leak 170k Taylor Swift ’s ERAS Tour Barcodes (securityaffairs.com)
NTT Data Romania, hacked (romaniajournal.ro)
Top cyber agency still unsure of fallout months after hack - Washington Times
Computer maker Zotac exposed customers' RMA info on Google Search (bleepingcomputer.com)
Fujitsu confirms customer data exposed in March cyber attack (bleepingcomputer.com)
Neiman Marcus data breach: 31 million email addresses found exposed (bleepingcomputer.com)
Philhealth: Victims of data leak not yet notified of hacking’s extent (inquirer.net)
ChatGPT for Mac app flaw left users' chat history exposed (bitdefender.com)
Heritage Foundation Exec Threatens 'Gay Furry Hackers' in Unhinged Texts (rollingstone.com)
Mastodon: Security flaw allows unauthorized access to posts (stackdiary.com)
Advance Auto Parts data breach impacts 2.3 million people (bleepingcomputer.com)
Organised Crime & Criminal Actors
New 'FishXProxy' phishing kit lowers entry bar for cyber attacks - SiliconANGLE
An In-Depth Look at Crypto-Crime in 2023 Part 1 | Trend Micro (US)
Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison | WIRED
How AI helps decode cyber criminal strategies - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers Have Stolen $1.38 Billion in Crypto So Far This Year (pcmag.com)
How do cryptocurrency drainer phishing scams work? (talosintelligence.com)
An In-Depth Look at Crypto-Crime in 2023 Part 1 | Trend Micro (US)
Insider Risk and Insider Threats
Fears escalate that employees will put corporate data at risk | theHRD (thehrdirector.com)
Insurance
Cyber Insurance Prices Plummet as Market Competition Grows (darkreading.com)
Supply Chain and Third Parties
Shopify denies it was hacked, links stolen data to third-party app (bleepingcomputer.com)
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack (thehackernews.com)
Are SOC 2 Reports Sufficient for Vendor Risk Management? (darkreading.com)
Addressing third-party security risks - FreightWaves
Cloud/SaaS
OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers (thehackernews.com)
SaaS Security in Europe: A Report Card - Infosecurity Magazine (infosecurity-magazine.com)
Multifactor Authentication Shouldn't Be Optional (govinfosecurity.com)
The Crucial Role Of Browser Context In Modern Cyber Security (forbes.com)
Most Security Pros Admit Shadow SaaS and AI Use - Infosecurity Magazine (infosecurity-magazine.com)
Security pros use unauthorized SaaS apps despite the risk (betanews.com)
73% of security pros use unauthorized SaaS applications - Help Net Security
Encryption
Linux and Open Source
New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems (thehackernews.com)
OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable • The Register
Do you need antivirus on Linux? | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
Indonesian National Data Center Breach Traced to Weak Password: 'Admin#1234' (jakartaglobe.id)
General Motors reports “suspicious activity” within certain GM accounts | Cybernews
Back to Basics of Automated Attacks: Account Takeover | Fastly
Time to see past the blind spots of account takeover | SC Media (scmagazine.com)
Self-service password reset: How the cure could introduce more security ills (betanews.com)
Training, Education and Awareness
Human Vigilance is Required Amid AI-Generated Cyber Security Threats - Security Boulevard
When implementing AI, first train your managers | ZDNET
Training, awareness key to preventing cyber attacks | Country 94
Regulations, Fines and Legislation
Vinted Fined €2.3m Over Data Protection Failure - Infosecurity Magazine (infosecurity-magazine.com)
What You Need to Know About the EU Cyber Resilience Act - Security Boulevard
How to Prepare for the EU’s NIS2 Directive - Security Boulevard
CISA Advises Against Paying Ransom, But Rules Out a Ban | MSSP Alert
The New Battlefield in Banking: Defending Against Phishing Scams (financemagnates.com)
A CISO's Guide to Avoiding Jail After a Breach (darkreading.com)
A Comprehensive Guide to the Digital Operational Resilience Act (DORA) - Security Boulevard
CISA director says banning ransomware payments is off the table (securityintelligence.com)
Supreme Court Ruling Threatens the Framework of Cyber Security Regulation - Security Week
Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge? - Security Week
A CISO's Summary Of The Cyber Resilience Act (forbes.com)
Models, Frameworks and Standards
OWASP Penetration Testing: Methodology, Kit, Checklist (Downloadable) - Security Boulevard
A Comprehensive Guide to the Digital Operational Resilience Act (DORA) - Security Boulevard
Are SOC 2 Reports Sufficient for Vendor Risk Management? (darkreading.com)
Data Protection
Vinted Fined €2.3m Over Data Protection Failure - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
What Kind of People Do Cyber Security for a Living? (databreachtoday.co.uk)
5 Ways to Run Security as a Meritocracy (darkreading.com)
Diversifying cyber teams to tackle complex threats - Help Net Security
Three critical steps to close the cyber security talent gap, once and for all | VentureBeat
Organisations change recruitment strategies to find cyber talent - Help Net Security
Exploring the root causes of the cyber security skills gap - Help Net Security
Most Security Pros Admit Shadow SaaS and AI Use - Infosecurity Magazine (infosecurity-magazine.com)
Security pros use unauthorized SaaS apps despite the risk (betanews.com)
73% of security pros use unauthorized SaaS applications - Help Net Security
Law Enforcement Action and Take Downs
Europol says mobile roaming tech is hampering crimefighters • The Register
Risk & Repeat: Hacks, lies and LockBit | TechTarget
Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison | WIRED
Cyber stalking expert jailed after 'grotesque' online threats • The Register
FBI, cyber cops zap 968 'Russian AI disinfo' Twitter bots • The Register
Misinformation, Disinformation and Propaganda
How Disinformation From a Russian AI Spam Farm Ended up on Top of Google Search Results | WIRED
US intel officials: Kremlin once again prefers Trump | CyberScoop
Feds Uncover Sprawling, GenAI-Enabled Russian Troll Farm (darkreading.com)
FBI, cyber cops zap 968 'Russian AI disinfo' Twitter bots • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The Escalating War Against Email-Based Espionage and Fraud | AFCEA International
Escalating Cyber Threats Faced by NATO Countries | MSSP Alert
NATO members increasingly targeted by state-sponsored cyber attacks | SC Media (scmagazine.com)
Allies Agree New NATO Integrated Cyber Defence Center – Eurasia Review
Allies Agree New NATO Integrated Cyber Defence Center – Eurasia Review
Nation State Actors
China
China’s APT40 gang can attack new vulns within hours • The Register
Eight Nations Issue Warning About Speed Of Chinese Hackers’ Operations (forbes.com)
Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk (thehackernews.com)
Australia accuses China-backed hackers of breaching government networks (ft.com)
Global Coalition Blames China’s APT40 for Hacking Government Networks - Security Week
China-Made Tech Discovered at Taiwanese Army Base (thedefensepost.com)
Germany finally gets round to banning Huawei, sort of (telecoms.com)
Russia
A recent Microsoft data breach also let Russian hackers compromise US federal agencies | TechRadar
Teamviewer Discloses Investigation Update Following Cyber Attack (cybersecuritynews.com)
How Disinformation From a Russian AI Spam Farm Ended up on Top of Google Search Results | WIRED
The Stark Truth Behind the Resurgence of Russia’s Fin7 – Krebs on Security
Feds Uncover Sprawling, GenAI-Enabled Russian Troll Farm (darkreading.com)
CloudSorcerer hackers abuse cloud services to steal Russian govt data (bleepingcomputer.com)
New APT Group "CloudSorcerer" Targets Russian Government Entities (thehackernews.com)
French political turmoil, cyber attacks and protests threaten to disrupt Olympics (inews.co.uk)
US intel officials: Kremlin once again prefers Trump | CyberScoop
Alert Level Raised at US Bases in Europe Over Russian Threats - The New York Times
North Korea
Japan warns of attacks linked to North Korean Kimsuky hackers (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Heritage Foundation Exec Threatens 'Gay Furry Hackers' in Unhinged Texts (rollingstone.com)
'Gay furry hackers' take credit for Project 2025 cyber attack (thepinknews.com)
Furry Hackers SiegedSec Suspended from X Amid Leak Spree (dailydot.com)
Tools and Controls
Why Firewalls Are Not Enough in Today’s Cyber Security Landscape | MSSP Alert
5 Key Questions CISOs Must Ask Themselves About Their Cyber Security Strategy (thehackernews.com)
Cloudflare blames recent outage on BGP hijacking incident (bleepingcomputer.com)
Cyber Security 101: MDR vs. XDR | MSSP Alert
Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers - MacRumors
Blueprint for Success: Implementing a CTEM Operation (thehackernews.com)
Human Vigilance is Required Amid AI-Generated Cyber Security Threats - Security Boulevard
How API attacks work, plus 5 common types | TechTarget
Selfie-based authentication is on the rise, alarming security experts | TechSpot
The Crucial Role Of Browser Context In Modern Cyber Security (forbes.com)
Training, awareness key to preventing cyber attacks | Country 94
Survey Sees Modern CISOs Becoming More Comfortable With Risk - Security Boulevard
5 Steps CISOs Can Take to Ensure Resilience (informationweek.com)
How Observability Leads to Better Cyber Security | eWEEK
Deconstructing Security Assumptions to Ensure Future Resilience (darkreading.com)
Cyber Insurance Prices Plummet as Market Competition Grows (darkreading.com)
2024 SANS SOC Survey Reveals Critical Trends and Technologies in Cyber Defence (darkreading.com)
ChatGPT 4 exploits 87% of vulnerabilities (devx.com)
When implementing AI, first train your managers | ZDNET
Fake network traffic is on the rise — here's how to counter it | CSO Online
Self-service password reset: How the cure could introduce more security ills (betanews.com)
Strengthening cyber security preparedness with defence in depth - Help Net Security
Navigating Europe’s digital identity crossroads • The Register
Other News
Euro 2024 Becomes Latest Sporting Event to Attract Cyber Attacks (darkreading.com)
Cyber Security Checklist: Preparing Your Devices for Summer Travel - Security Boulevard
Halton Council 'at mercy of criminal hacker gangs' - report - BBC News
The Future Of Cyber Security: Emerging Threats And How To Combat Them (forbes.com)
Labour’s next steps: Cyber security, AI, & Open-Source industry leaders weigh in (techinformed.com)
Microsoft’s cyber security dilemma: An open letter to Satya Nadella - Help Net Security
Checking in on the state of cyber security and the Olympics (talosintelligence.com)
MSPs confident they can fend off cyber threat | Microscope (computerweekly.com)
From Iron Dome To Cyber Dome: Defending Israel’s Cyber Space – Analysis – Eurasia Review
'Gay furry hackers' take credit for Project 2025 cyber attack (thepinknews.com)
Why 'change' for the UK must include cyber security (computing.co.uk)
Is Your Gaming Setup Safe? Gaming Security Musts (cgmagonline.com)
Protecting against cyber attacks in space (mybroadband.co.za)
Vulnerability Management
China’s APT40 gang can attack new vulns within hours • The Register
Ransomware gangs increasingly exploiting vulnerabilities | TechTarget
Blueprint for Success: Implementing a CTEM Operation (thehackernews.com)
ChatGPT 4 exploits 87% of vulnerabilities (devx.com)
Introducing a New Vulnerability Class: False File Immutability — Elastic Security Labs
What's Bugging the NSA? A Vuln in Its 'SkillTree' Training Platform (darkreading.com)
Vulnerabilities
Attackers Already Exploiting Flaws in Microsoft's July Security Update (darkreading.com)
‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans - Security Boulevard
The Windows Security Updates of July 2024 are now available - gHacks Tech News
Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited (thehackernews.com)
Microsoft Warns of Windows Hyper-V Zero-Day Being Exploited - Security Week
Blast RADIUS attack can bypass authentication for clients • The Register
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk (thehackernews.com)
Citrix Patches Critical NetScaler Console Vulnerability - Security Week
Veeam flaw becomes malware target a year after patching • The Register
Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it | Ars Technica
Bust this Ghostscript bug or risk a big breach, say experts • The Register
Apache fixed a source code disclosure flaw in Apache HTTP Server (securityaffairs.com)
MongoDB Compass Code Injection Flaw Exposes Systems to Hacking (cybersecuritynews.com)
New Ransomware Group Exploiting Veeam Backup Software Vulnerability (thehackernews.com)
Adobe Issues Critical Patches for Multiple Products, Warns of Code Execution Risks - Security Week
Cisco Warns of regreSSHion RCE Impacting Multiple Products (cybersecuritynews.com)
Hackers Resurrect Internet Explorer to Attack Windows PCs (pcmag.com)
SAP Patches High-Severity Vulnerabilities in PDCE, Commerce - Security Week
CISA Takedown of Ivanti Systems Is a Wake-up Call (darkreading.com)
Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware (securityaffairs.com)
Hackers target WordPress calendar plugin used by 150,000 sites (bleepingcomputer.com)
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs (thehackernews.com)
VMware Patches Critical SQL-Injection Flaw in Aria Automation - Security Week
Introducing a New Vulnerability Class: False File Immutability — Elastic Security Labs
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 11 July 2024 – BlastRADIUS Authentication Bypass Vulnerability
Black Arrow Cyber Advisory 11 July 2024 – Blast-RADIUS Authentication Bypass Vulnerability
Executive summary
A vulnerability, known as BlastRADIUS, affecting the RADIUS networking protocol, a networking protocol used across various applications, including VPNs, Wi-Fi and home connections from ISPs, has recently been disclosed by researchers. The vulnerability (CVE-2024-3596) potentially allows a malicious actor to bypass authentication via man-in-the-middle (MITM) attacks.
What’s the risk to me or my business?
If an attacker successfully exploits this vulnerability, they can escalate privileges from partial network access to be able to log into any device that uses RADIUS for authentication, or to assign itself arbitrary network privileges. To exploit this vulnerability an attacker would require network access to a network that is utilising RADIUS.
What can I do?
In the short term, implementers and vendors are advised to mandate that both clients and servers consistently send and require Message-Authenticator attributes for all requests and responses, with the Message-Authenticator being the first attribute included in Access-Accept or Access-Reject responses. Researchers have noted that this mitigation strategy has been adopted by all known RADIUS patches. This recommendation is set to be included in an upcoming RADIUS RFC. For long-term mitigations, the implementation of RADIUS over TLS (RadSec) is suggested, as it provides a stronger encrypted stream to protect RADIUS packets.
Technical Summary
CVE-2024-3569 – This vulnerability is in the RADIUS protocol and allows a malicious local actor to perform forgery attacks, modifying any valid response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against an MD5 Response authenticator signature.
Further information on the Blast-RADIUS vulnerability can be found here:
https://www.theregister.com/2024/07/10/radius_critical_vulnerability/
Further information on the technical breakdown on this vulnerability can be found here:
https://www.blastradius.fail/pdf/radius.pdf
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Advisory 10 July 2024 – Microsoft Patch Tuesday, Adobe and Citrix Updates
Black Arrow Cyber Advisory 10 July 2024 – Microsoft Patch Tuesday, Adobe and Citrix Updates
Executive summary
Microsoft’s July Patch Tuesday provides updates to address 143 security issues across its product range, including two actively exploited zero-day vulnerabilities (CVE-2024-38080 and CVE-2024-38112). The exploited zero-day vulnerabilities are a privilege escalation vulnerability in Hypervisor (CVE-2024-38080) and a spoofing vulnerability (CVE-2024-38112), both of which have been added the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog. Also, among the updates provided by Microsoft were 5 critical vulnerabilities.
In addition to the Microsoft updates this week also saw Adobe fix 7 vulnerabilities across various products, Citrix have also addressed multiple vulnerabilities including a critical in NetScaler Console.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker with access, to gain SYSTEM privileges or use malicious sites and spoof them to appear trusted. Both vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of Windows and Adobe products impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.
Technical Summary
Microsoft
CVE-2024-38080 – This vulnerability is an integer overflow affecting Hyper-V. If successfully exploited it allows an attacker to gain SYSTEM privileges on the host machine, however initial access to the local machine is required to exploit the flaw.
CVE-2024-38112 – This vulnerability is a spoofing vulnerability which affects Windows MSHTML Platform and can be exploited with a specially crafted HTML file. If successfully exploited it will allow an attacker to render malicious content as trusted, misleading users to divulge sensitive information like login credentials or to install malware.
Adobe
This month, Adobe released fixes for a total of 7 vulnerabilities across several of its products. Out of these, 6 were rated as critical. The affected products and their respective vulnerabilities are as follows: Adobe Premier Pro had 1 critical vulnerability, Adobe Bridge also had 1 critical vulnerability, and Adobe InDesign had 4 critical vulnerabilities. Currently, Adobe is not aware of any active exploitation of these vulnerabilities. The types of vulnerabilities addressed include arbitrary code execution and memory leaks.
Citrix
Citrix have released patches to fix multiple security vulnerabilities including a critical and high vulnerability in the NetScaler Console and Agent product. The critical vulnerability (CVE-2024-6235) if successfully exploited is an improper authorisation bug that could allow attackers to access sensitive information.
While Citrix has not stated that any of these vulnerabilities are being exploited in the wild, Black Arrow advises that organisations update the affected appliances as soon as possible. The affected products can be found below in the further information section.
Further details on Windows specific updates within this patch Tuesday can be found here:
https://www.securityweek.com/microsoft-warns-of-windows-hyper-v-zero-day-being-exploited/
Further details of the vulnerabilities addressed in Adobe Premiere Pro can be found here: https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html
Further details of the vulnerabilities addressed in Adobe Bridge can be found here:
https://helpx.adobe.com/security/products/bridge/apsb24-51.html
Further details of the vulnerabilities addressed in Adobe InDesign can be found here:
https://helpx.adobe.com/security/products/indesign/apsb24-48.html
Further details of the vulnerabilities addressed in Citrix NetScaler can be found here:
Further information on US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog can be found here:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 05 June 2024
Black Arrow Cyber Threat Intelligence Briefing 05 July 2024:
-Nearly 10 billion Passwords Leaked in the Largest Compilation of All-time
-Half of Employees Fear Punishment for Reporting Security Mistakes
-New RUSI Report Exposes Psychological Toll of Ransomware
-Cyber Extortion Soars: SMBs Hit Four Times Harder
-2024 Is Already the Year of the Cyber Attack
-Survey Reveals Growing Lack of Cyber Security Confidence
-Cyber Security is Worth the Spend
-Only 13% of Organisations are Cyber Mature
-Full-Blown Cyber War: a Hollywood Worthy Scenario
-Rising Risks Set to Drive Huge Investment in Cyber Security
-Authorised Push Payment Fraud Singled Out as Biggest Financial Crime Threat
-Setting the Tone at the Top to Manage Enterprise Risk
-Cyber Criminals are Free to Exploit Vulnerabilities Without Fear
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Nearly 10 billion Passwords Leaked in the Largest Compilation of All-time
A recent discovery by Cybernews researchers has revealed the largest password compilation to date, containing 9.9 billion unique plaintext passwords in a file named rockyou2024.txt, posted by forum user ObamaCare. This dataset, sourced from both old and new breaches, poses a significant threat by heightening the risk of credential stuffing attacks. Previous incidents have shown such attacks can severely impact organisations, as seen with recent breaches at Santander and Ticketmaster. To mitigate risks, users should avoid using the same passwords across different sites and services, immediately reset exposed passwords, enable multi-factor authentication, and use password managers to generate and store complex passwords securely.
Half of Employees Fear Punishment for Reporting Security Mistakes
A recent report by ThinkCyber, based on a survey conducted at Infosecurity Europe 2024, reveals that half of employees fear repercussions if they report a security mistake. Only 51% believe that most colleagues are focused on security, with 39% feeling this concern is limited to executives and security teams. Key risky behaviours include clicking on phishing links (53%), sharing corporate data (53%), and sharing credentials (51%). The report highlights the ineffectiveness of current security awareness training, with 42% unable to prove its impact on behaviour.
New RUSI Report Exposes Psychological Toll of Ransomware
A recent report by the UK’s Royal United Services Institute (RUSI) reveals the severe psychological toll that ransomware attacks inflict on victims. The study, titled 'Your Data is Stolen and Encrypted: The Ransomware Victim Experience’, highlights that beyond service disruptions, line managers should be mindful of workloads and the psychological and physical impact of ransomware attacks on the organisation and its staff.
Recommendations include prioritising psychological support in cyber resilience strategies and enhancing public funding for mental health services tailored to ransomware victims. Additionally, the report underscores the need for clearer support roles from UK agencies like the NCSC and ICO, and calls for comprehensive improvements in organisational cyber security practices.
Cyber Extortion Soars: SMBs Hit Four Times Harder
A recent report by Orange Cyberdefense has revealed a 77% year-on-year growth in cyber extortion victims, with 60 distinct ransomware groups responsible for 4,374 attacks from Q1 2023 to Q1 2024. Small and medium-sized businesses were hit 4.2 times more often than larger enterprises. The healthcare sector saw a staggering 160% increase in cyber extortion attacks, placing it among the top three most targeted industries. Additionally, the actual victim numbers are likely 50-60% higher than reported due to unaccounted ransom payments. A new trend of "re-victimisation" was also observed, where organisations faced repeated attacks.
2024 Is Already the Year of the Cyber Attack
A recent wave of cyber breaches has underscored the urgent need for robust cyber security measures, as highlighted by the CDK Global hack that disrupted auto dealership management systems for well over two weeks. Data extortion and ransomware attacks have surged, with high-profile incidents affecting UnitedHealth Group’s Change Healthcare, Dell, Microsoft, and others. Notable breaches included Evolve Bank & Trust, which had a knock on effect on a number of high profile FinTechs, and Neiman Marcus. The UK’s Synnovis attack severely impacted London hospitals, further exemplifying the critical threat. A report by PYMNTS Intelligence found 82% of eCommerce merchants experienced cyber attacks in the past year, with nearly half suffering revenue and customer losses, emphasising the growing cyber security challenge in the digital age.
Survey Reveals Growing Lack of Cyber Security Confidence
A recent survey by Ivanti highlights half of IT and security professionals lacking confidence in preventing a damaging security incident in the next 12 months. Data silos between cyber security and IT teams are a significant barrier, causing slow incident response for 40% of respondents and reduced productivity for 82%. The survey reveals it takes an average of 33.8 hours to restore services after an incident. Despite these challenges, organisations are investing in emerging technologies like identity threat detection (47%) and cyber asset management (46%). However, only 46% have identified vulnerable third-party components in their supply chains.
Cyber Security is Worth the Spend
A recent report highlights that businesses face a constant balancing act between growth and cost, particularly regarding IT and security budgets. Despite significant cyber security investments, few organisations can accurately gauge the return on these expenditures. Companies spend millions annually, with the cyber security market projected to reach $300 billion. Effective cyber security remains critical, with CISOs needing to demonstrate risk management, validate controls, and rationalise spend. As cyber threats grow, organisations must integrate cyber security into overall risk management, ensuring data visibility and compliance to safeguard assets and maintain operational integrity.
Only 13% of Organisations are Cyber Mature
A recent survey by Commvault reveals that 83% of respondents had experienced a material security incident, with over half occurring in the past year. To combat this, five key cyber recovery markers were identified: early warning tools, clean dark sites or secondary system in place, isolated immutable data storage, defined incident response plans, and specific recovery readiness measures. Organisations deploying at least four markers recover 41% faster and report fewer breaches. Only 13% of respondents were categorised as cyber mature, with 54% confident in their recovery ability, highlighting the need for comprehensive resilience strategies.
Full-Blown Cyber War: a Hollywood Worthy Scenario
A recent analysis highlights the growing threat of cyber warfare, which could destabilise critical infrastructure and disrupt daily life more covertly than other warfare. Experts warn that strategic cyber attacks could target power, water, communications, and banking systems, causing societal chaos. Recent incidents, such as attacks on Microsoft's communication systems and Denmark's power grid, demonstrate the persistent threat. Despite the potential for massive damage, mutually assured destruction in cyber space remains complex due to the diverse actors involved. Effective cyber deterrence and robust defences are essential to mitigate these emerging threats.
Rising Risks Set to Drive Huge Investment in Cyber Security
A recent report by Stocklytics.com predicts that cyber security spending will soar to $272 billion by 2029, reflecting a 50% increase as businesses combat escalating cyber threats. Despite a significant rise in cyber security budgets, cyber attacks remain a major concern, with the annual cost of cyber crime projected to reach $9.2 trillion in 2024 and $13.8 trillion by 2028. Statista's survey indicates cyber security spending has already grown by 60% from 2018 to 2024, with annual spending expected to increase by $17 billion per year. Over the next decade, global spending on cyber solutions and security measures is forecasted to exceed $2.5 trillion.
Authorised Push Payment Fraud Singled Out as Biggest Financial Crime Threat
A recent study by The Payments Association reveals that 65% of payments professionals consider fraud their most pressing financial crime threat, with authorised push payment (APP) scams being the most concerning, as identified by 27% of respondents. APP fraud, where scammers trick victims into transferring money, predominantly stems from online sources (76%) and telecoms (16%). Despite a 12% rise in APP fraud cases in 2023, losses fell by 5% to £460 million. However, new rules will soon hold payment service providers liable for these losses, prompting concerns about the financial impact on smaller fintech firms.
Setting the Tone at the Top to Manage Enterprise Risk
A recent report highlights the critical need for comprehensive risk management in today's business landscape, emphasising that cyber threats are ubiquitous and not just Black Swan events. High-profile cases like Uber, SolarWinds, and Wells Fargo demonstrate the catastrophic impact a single cyber incident can have on an organisation’s reputation, operations, and financial stability. The evolving role of CISOs, who are now facing personal liability for breaches, underscores the importance of strong corporate governance and a clear "tone at the top." Effective cyber security must be prioritised at all levels, with a proactive, enterprise-wide approach to managing operational risk.
Cyber Criminals are Free to Exploit Vulnerabilities Without Fear
A recent report highlights the infuriatingly low enforcement against cyber crime, with only 0.3% of reported incidents resulting in prosecution. This has emboldened cyber criminals, allowing them to exploit vulnerabilities with impunity, often raking in up to $2 million annually. Despite the astronomical financial and human costs, underreporting and outdated legal frameworks contribute to a pitiful conviction rate. The dark web further complicates efforts to catch these criminals, who often operate across borders, exploiting legal loopholes. Urgent reforms in cyber security laws and increased global cooperation are crucial to addressing this rampant issue effectively.
Sources:
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
https://www.infosecurity-magazine.com/news/employees-fear-punishment-reporting/
https://www.infosecurity-magazine.com/news/report-exposes-psychological-toll/
https://www.infosecurity-magazine.com/news/cyber-extortion-soars-smb-hit/
https://www.pymnts.com/cybersecurity/2024/2024-is-already-the-year-of-the-cyberattack/
https://securityboulevard.com/2024/07/survey-surfaces-growing-lack-of-cybersecurity-confidence/
https://www.techradar.com/pro/cybersecurity-is-worth-the-spend
https://www.helpnetsecurity.com/2024/07/04/organizations-cyber-recovery-plans/
https://cybernews.com/editorial/cyberwar-hollywood-worthy-scenario/
https://www.emergingrisks.co.uk/rising-risks-set-to-drive-huge-investment-in-cyber-security/
https://www.infosecurity-magazine.com/news/app-fraud-biggest-financial-crime/
https://www.infosecurity-magazine.com/opinions/tone-top-enterprise-risk/
https://hackernoon.com/cyber-scum-are-free-to-exploit-vulnerabilities-without-fear
Governance, Risk and Compliance
Survey Surfaces Growing Lack of Cyber Security Confidence - Security Boulevard
Half of employees afraid to report security errors (betanews.com)
Rising risks set to drive huge investment in cyber security (emergingrisks.co.uk)
Cyber security is worth the spend | TechRadar
Only 13% of organisations are cyber mature - Help Net Security
76% of companies enhance cyber defences to secure insurance: Sophos - Reinsurance News
Adapting cyber security strategies to the escalating threat landscape (securitybrief.co.nz)
Cyber Workforce Grows 15% at Large Organisations - Infosecurity Magazine (infosecurity-magazine.com)
Cyber crime rises putting organisations under significant stress, report reveals (holyrood.com)
Navigating the cyber security tempest in the UK organisations (thehrdirector.com)
The impossibility of “getting ahead” in cyber defence - Help Net Security
Cyber resilience - how to achieve it when most businesses – and CISOs – don’t care (diginomica.com)
Companies spend more on cyber security but struggle to track expenses - Help Net Security
Waging war on cyber criminals: should cyber strategies be active or passive? - Verdict
Cyber insurance rates fall as businesses improve security, report says By Reuters (investing.com)
Threats
Ransomware, Extortion and Destructive Attacks
New ransomware group uses phone calls to pressure victims, researchers say (therecord.media)
2024 Is Already the Year of the Cyber Attack (pymnts.com)
‘I don’t see it happening’: CISA chief dismisses ban on ransomware payments (therecord.media)
Meet Brain Cipher — The new ransomware behind Indonesia's data center attack (bleepingcomputer.com)
Never assume the end of an attack infrastructure | TechRadar
Cyber attacks on healthcare organisations are surging – here's why | ITPro
Home Office was warned about NHS cyber hacks months before Kremlin-backed attack (inews.co.uk)
How MFA Failures are Fueling a 500% Surge in Ransomware Losses (thehackernews.com)
Ransomware payouts hit all-time high, but that’s not the whole story (securityintelligence.com)
Businesses bolster defences against evolving ransomware (devx.com)
Ransomware Victims
Cyber attacks on London's hospitals continue to disrupt services - BBC News
Vladimir Putin's latest escalation has hit far too close to home (telegraph.co.uk)
Insurance Software Vendor Notifies 6.1 Million of 2023 Hack (govinfosecurity.com)
Infosys McCamish says LockBit stole data of 6 million people (bleepingcomputer.com)
Hundreds of Thousands Impacted in Children's Hospital Cyber Attack (darkreading.com)
Leading claimant firm hit in latest 'targeted cyber campaign' | Law Gazette
Evolve Bank & Trust Faces Wave of Suits Following Cyber Attack (bloomberglaw.com)
Wise confirms impact from Evolve Bank breach | SC Media (scmagazine.com)
Evolve Bank Shares Data Breach Details as Fintech Firms Report Being Hit - Security Week
Croatia’s largest hospital KBC-Zagreb claimed by LockBit | Cybernews
Meet Brain Cipher — The new ransomware behind Indonesia's data center attack (bleepingcomputer.com)
Fintech company Wise says some customers affected by Evolve Bank data breach | TechCrunch
Fintech Frenzy: Affirm & Others Emerge as Victims in Evolve Breach (darkreading.com)
Indonesia struggles to recover after cyber attack hits 282 agencies - Nikkei Asia
Lockbit Ransomware Attack Exposes Affirm Customers' Data (pcmag.com)
Home Office was warned about NHS cyber hacks months before Kremlin-backed attack (inews.co.uk)
Hackers of Indonesian government apologize and give key • The Register
US new-vehicle sales growth slows after CDK cyber attack | Reuters
A cyber attack shutdown the University Hospital Centre Zagreb in Croatia (securityaffairs.com)
Patelco shuts down banking systems following ransomware attack (bleepingcomputer.com)
“Everything’s frozen”: Ransomware locks credit union users out of bank accounts | Ars Technica
Affirm to SEC: Customer info feared stolen in Evolve breach • The Register
Cambridge University Press & Assessment hit by cyber attack (timeshighereducation.com)
Phishing & Email Based Attacks
Escalating global cyber threats require robust layered security measures | TechRadar
Formula 1 governing body discloses data breach after email hacks (bleepingcomputer.com)
Router maker's support portal hacked, replies with MetaMask phishing (bleepingcomputer.com)
Other Social Engineering
Fake SMS – many fall victim to old scam – DW – 06/28/2024
Dozens of Arrests Disrupt €2.5m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO | ZDNET
AI will ‘turbocharge’ cyber crime, auditors warn - CIR Magazine
Getting the balance right between business innovation, security and AI (securitybrief.co.nz)
Deepfakes: Distorted Reality And The Growing Threat (informationsecuritybuzz.com)
The Future Of The Cyber Security Profession With The Rise Of AI (forbes.com)
Rethinking Cyber Security in the Age of AI - Security Boulevard
Friend or Foe? AI's Complicated Role in Cyber Security (darkreading.com)
How the rush to regulate AI could bring new cyber security challenges (betanews.com)
Organisations weigh the risks and rewards of using AI - Help Net Security
Financial services shun AI over job and regulatory fears
How Enterprises Can Safely Use Unstructured Data With LLMs (forbes.com)
Photos of Australian children found in AI training dataset, create deepfake risk | Biometric Update
Infostealing malware masquerading as generative AI tools - Help Net Security
2FA/MFA
How MFA Failures are Fueling a 500% Surge in Ransomware Losses (thehackernews.com)
3 Ways to Chill Attacks on Snowflake (darkreading.com)
Twilio's Authy App Breach Exposes Millions of Phone Numbers (thehackernews.com)
Twilio urges users to update Authy apps after hack (siliconrepublic.com)
2FA hack exposes millions of phone numbers to hackers - Android Authority
Malware
This new threat infects devices with a dozen malware at once | TechRadar
Multi-Malware 'Cluster Bomb' Campaign Drops Widespread Cyber Havoc (darkreading.com)
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data (thehackernews.com)
This Malware Targets Those Looking for Work: Here's How (makeuseof.com)
Unmasking Rafel RAT: Understanding the Threat - Zimperium
CapraRAT Spyware Disguised as Popular Apps Threatens Android Users (thehackernews.com)
How cyber criminals are using free IT tools, YouTube videos to spread malware - The Hindu
Fake IT support sites push malicious PowerShell scripts as Windows fixes (bleepingcomputer.com)
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (thehackernews.com)
China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware (securityaffairs.com)
Indian Software Firm's Products Hacked to Spread Data-Stealing Malware (thehackernews.com)
FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks (thehackernews.com)
South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware (thehackernews.com)
NCA’s Operation Morpheus targets illicit Cobalt Strike use | Computer Weekly
Europol shuts down Cobalt Strike servers used by hackers (stackdiary.com)
Infostealing malware masquerading as generative AI tools - Help Net Security
Infostealer malware logs used to identify child abuse website members (bleepingcomputer.com)
Hackers attack HFS servers to drop malware and Monero miners (bleepingcomputer.com)
Software Productivity Tools Hijacked to Deliver Infostealers (darkreading.com)
Mobile
Security experts issue warning over new spyware variant targeting Android users | ITPro
Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug - Security Week
Stop Using Your Face or Thumb to Unlock Your Phone (gizmodo.com)
Denial of Service/DoS/DDOS
Why every company needs a DDoS response plan - Help Net Security
Beware DDoS attacks - the raid which flies under the radar - BusinessCloud
New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks (thehackernews.com)
Internet of Things – IoT
Are smart home security systems more of a security risk than a benefit? | TechRadar
99% of IoT exploitation attempts rely on previously known CVEs - Help Net Security
Any IoT Device Can Be Hacked, Even Grills (darkreading.com)
Data Breaches/Leaks
The biggest data breaches in 2024: 1B stolen records and rising | TechCrunch
Russia's Midnight Blizzard stole email of more Microsoft customers (securityaffairs.com)
TeamViewer links corporate cyber attack to Russian state hackers (bleepingcomputer.com)
Ticketmaster Confirms User Email Addresses, Phone Numbers Stolen in Hack (pcmag.com)
Insurance Software Vendor Notifies 6.1 Million of 2023 Hack (govinfosecurity.com)
Infosys McCamish says LockBit stole data of 6 million people (bleepingcomputer.com)
Hundreds of Thousands Impacted in Children's Hospital Cyber Attack (darkreading.com)
Network Segmentation Saved TeamViewer From APT29 Attack (darkreading.com)
Panama Papers: Court acquits all 28 charged with money laundering - BBC News
Landmark Admin Discloses Data Breach Impacting Personal, Medical Information - Security Week
‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk - Security Boulevard
3 Ways to Chill Attacks on Snowflake (darkreading.com)
Formula 1 governing body discloses data breach after email hacks (bleepingcomputer.com)
Twilio's Authy App Breach Exposes Millions of Phone Numbers (thehackernews.com)
Ethereum mailing list breach exposes 35,000 to crypto draining attack (bleepingcomputer.com)
2FA hack exposes millions of phone numbers to hackers - Android Authority
Dairy giant Agropur says data breach exposed customer info (bleepingcomputer.com)
300k Affected by Year-Old Data Breach at Florida Community Health Centers - Security Week
Healthcare fintech firm HealthEquity disclosed a data breach (securityaffairs.com)
Cambridge University Press & Assessment hit by cyber attack (timeshighereducation.com)
Organised Crime & Criminal Actors
Cyber criminals Are Free To Exploit Vulnerabilities Without Fear | HackerNoon
Cyber crime rises putting organisations under significant stress, report reveals (holyrood.com)
Waging war on cyber criminals: should cyber strategies be active or passive? - Verdict
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining (thehackernews.com)
Ethereum mailing list breach exposes 35,000 to crypto draining attack (bleepingcomputer.com)
Insider Risk and Insider Threats
A fifth of office workers have access to data from a previous employer - Business Plus
Insurance
Cyber insurance Premiums are Going Down: Here’s Why and What to Expect - Security Week
76% of companies enhance cyber defences to secure insurance: Sophos - Reinsurance News
Insurers told they need to get active in cyber risk response (emergingrisks.co.uk)
Cyber insurance Bedevils Law Firms - Above the Law
Cyber insurance rates fall as businesses improve security, report says By Reuters (investing.com)
Supply Chain and Third Parties
Cyber attacks on London's hospitals continue to disrupt services - BBC News
Ticketmaster Confirms User Email Addresses, Phone Numbers Stolen in Hack (pcmag.com)
Evolve Bank & Trust Faces Wave of Suits Following Cyber Attack (bloomberglaw.com)
Wise confirms impact from Evolve Bank breach | SC Media (scmagazine.com)
Evolve Bank Shares Data Breach Details as Fintech Firms Report Being Hit - Security Week
Fintech company Wise says some customers affected by Evolve Bank data breach | TechCrunch
Fintech Frenzy: Affirm & Others Emerge as Victims in Evolve Breach (darkreading.com)
Cloud/SaaS
Ticketmaster sends notifications about recent massive data breach (bleepingcomputer.com)
Security in the public cloud explained: A guide for IT and security admins | Computer Weekly
Man-In-The-Middle Attacks are Still a Serious Security Threat - Security Boulevard
Ensuring data security in an uncertain world | TechRadar
47% of corporate data stored in the cloud is sensitive - Help Net Security
Bare metal can come back, says Gartner, citing VMware prices • The Register
Identity and Access Management
Man-In-The-Middle Attacks are Still a Serious Security Threat - Security Boulevard
3 Ways to Chill Attacks on Snowflake (darkreading.com)
Compliance, Security and the Role of Identity - Security Boulevard
Encryption
Modern Cryptographic Attacks: A Guide for the Perplexed - Check Point Research
Linux and Open Source
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems (thehackernews.com)
PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (cybersecuritynews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Police allege ‘evil twin’ in-flight Wi-Fi used to steal info • The Register
RockYou2024: 10 billion passwords leaked in the largest compilation of all time | Cybernews
Hackers exploit critical D-Link DIR-859 router flaw to steal passwords (bleepingcomputer.com)
Social Media
Training, Education and Awareness
Cyber security training needs a human touch (betanews.com)
Fortinet annual skills gap report - more security training needed - Verdict
Regulations, Fines and Legislation
Banking groups balk at proposed cyber incident reporting rule | American Banker
Ensuring data security in an uncertain world | TechRadar
The Critical Role of Governments in EU Cyber Resilience - IDC Europe Blog (blog-idceurope.com)
How the rush to regulate AI could bring new cyber security challenges (betanews.com)
Financial services shun AI over job and regulatory fears
Models, Frameworks and Standards
Cyber Essentials at 10: Success or failure? | Computer Weekly
Backup and Recovery
Data Protection
47% of corporate data stored in the cloud is sensitive - Help Net Security
Careers, Working in Cyber and Information Security
Fortinet annual skills gap report - more security training needed - Verdict
Finance sector facing multiple skills shortages amid wider disruption - Business Plus
The Future Of The Cyber Security Profession With The Rise Of AI (forbes.com)
Cyber Workforce Grows 15% at Large Organisations - Infosecurity Magazine (infosecurity-magazine.com)
Cyber Workforce Numbers Rise for Larger Organisations (darkreading.com)
Here are 5 of the highest-paying cyber security jobs | Fortune Education
Law Enforcement Action and Take Downs
NCA’s Operation Morpheus targets illicit Cobalt Strike use | Computer Weekly
Europol shuts down Cobalt Strike servers used by hackers (stackdiary.com)
Dozens of Arrests Disrupt €2.5m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Cyber hacktivists issue “call to arms” to target elections in Europe, UK (verdict.co.uk)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Full-blown cyberwar: a Hollywood worthy scenario | Cybernews
Major bank raises alarm bell on cyber 'warfare': Claims 'entire community is at risk' - ABC News
Nation State Actors
China
China is turning to private firms for offensive cyber operations - Defense One
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (thehackernews.com)
Taiwan reports over 100 cyber security incidents in May | Taiwan News | Jun. 29, 2024 14:22
Russia
Russia's Midnight Blizzard stole email of more Microsoft customers (securityaffairs.com)
Russian hackers behind NHS attack are part of Kremlin-protected cyber army (inews.co.uk)
Microsoft reveals even more emails to customers were accessed by Russia-based hackers - Neowin
Vladimir Putin's latest escalation has hit far too close to home (telegraph.co.uk)
Network Segmentation Saved TeamViewer From APT29 Attack (darkreading.com)
Major bank raises alarm bell on cyber 'warfare': Claims 'entire community is at risk' - ABC News
Home Office was warned about NHS cyber hacks months before Kremlin-backed attack (inews.co.uk)
‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk - Security Boulevard
Poland to probe Russia-linked cyber attack on state news agency (therecord.media)
US Announces $10 Mln Bounty for Russian Hacker Behind 2022 Hack Targeting Ukraine (kyivpost.com)
Alert: French Diplomats Targeted By Russian Cyber Attacks - Security Boulevard
North Korea
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data (thehackernews.com)
Major bank raises alarm bell on cyber 'warfare': Claims 'entire community is at risk' - ABC News
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Cyber hacktivists issue “call to arms” to target elections in Europe, UK (verdict.co.uk)
Tools and Controls
Cyber security training needs a human touch (betanews.com)
Rising risks set to drive huge investment in cyber security (emergingrisks.co.uk)
Cyber security is worth the spend | TechRadar
Network Segmentation Saved TeamViewer From APT29 Attack (darkreading.com)
Half of IT pros think there are devices on their network they don't know about (betanews.com)
Fortinet annual skills gap report - more security training needed - Verdict
A fifth of office workers have access to data from a previous employer - Business Plus
Escalating global cyber threats require robust layered security measures | TechRadar
Fake IT support sites push malicious PowerShell scripts as Windows fixes (bleepingcomputer.com)
Reduce security risk with 3 edge-securing steps | CSO Online
76% of companies enhance cyber defences to secure insurance: Sophos - Reinsurance News
The Future Of The Cyber Security Profession With The Rise Of AI (forbes.com)
Adapting cyber security strategies to the escalating threat landscape (securitybrief.co.nz)
Navigating the cyber security tempest in the UK organisations (thehrdirector.com)
Insurers told they need to get active in cyber risk response (emergingrisks.co.uk)
Cyber insurance Bedevils Law Firms - Above the Law
How MFA Failures are Fueling a 500% Surge in Ransomware Losses (thehackernews.com)
Companies spend more on cyber security but struggle to track expenses - Help Net Security
Stress-Testing Security Assumptions in a World of New & Novel Risks (darkreading.com)
Organisations use outdated approaches to secure APIs - Help Net Security
Kaspersky software ban: CISOs must move quickly, experts say | CSO Online
Rethinking Cyber Security in the Age of AI - Security Boulevard
Friend or Foe? AI's Complicated Role in Cyber Security (darkreading.com)
Blurred lines: Securing the physical and digital sides of business - IT Security Guru
Understanding collective defence as a route to better cyber security | TechRadar
Waging war on cyber criminals: should cyber strategies be active or passive? - Verdict
Staying Ahead of Adversarial AI with Incident Response Automation - Security Boulevard
Embracing Automation: The Key to Proactive Security | MSSP Alert
SIEM-Apocalypse: Protecting Your Security Team in a Time of Turmoil | MSSP Alert
US folk still buying in 3rd-party antivirus, more so the old • The Register
Four Reasons Why You Should Evaluate Your Cyber Security System (forbes.com)
Cyber insurance rates fall as businesses improve security, report says By Reuters (investing.com)
Compliance, Security and the Role of Identity - Security Boulevard
Why AI is essential to securing software and data supply chains (betanews.com)
4 key steps to building an incident response plan - Help Net Security
Reports Published in the Last Week
Other News
Cyber Criminals Are Free To Exploit Vulnerabilities Without Fear | HackerNoon
Google is cracking down on internet security in this big way | Digital Trends
Water supplies remain ‘too weak’ when it comes to cyber security - Digital Journal
Man-In-The-Middle Attacks are Still a Serious Security Threat - Security Boulevard
Hackers Are Hiding in Plain Sight: Insights from Our 2024 Cyber Threat Report | Huntress
Blurred lines: Securing the physical and digital sides of business - IT Security Guru
Understanding collective defence as a route to better cyber security | TechRadar
Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys - Security Week
Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies (thehackernews.com)
Cyber attack handling ‘staggeringly incompetent’ | Guernsey Press
Paris Olympics 2024: The rising threat of cyber attacks (yahoo.com)
States of Guernsey hit by attempted cyber attack on emails - BBC News
Food Security: Mitigating the Dangers of Digital Poison | AFCEA International
CISA director: US 'not afraid' to probe holes in Big Tech • The Register
Stress-Testing Security Assumptions in a World of New & Novel Risks (darkreading.com)
Kaspersky software ban: CISOs must move quickly, experts say | CSO Online
Space: The Final Frontier for Cyber Attacks (informationweek.com)
IT Security Responsibilities for Online Start-Ups - IT Security Guru
To guard against cyber attacks in space, researchers ask ‘what if?’ (theconversation.com)
Protecting our data in a world of rising cyber attacks - IT Security Guru
States hit back at deputies’ IT security criticism | Bailiwick Express
OPINION: Why cyber security urgently needs updating in transportation | Traffic Technology Today
Vulnerability Management
Stress-Testing Security Assumptions in a World of New & Novel Risks (darkreading.com)
Embracing the Absurd: Finding Freedom in Cyber Security - Security Boulevard
The Great Overcomplication | AFCEA International
99% of IoT exploitation attempts rely on previously known CVEs - Help Net Security
Smashing Silos With a Vulnerability Operations Center (VOC) - Security Boulevard
Vulnerabilities
PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (cybersecuritynews.com)
3 million iOS and macOS apps were exposed to potent supply-chain attacks | Ars Technica
'Almost every Apple device' vulnerable to CocoaPods • The Register
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining (thehackernews.com)
Critical GitLab Bug Threatens Software Development Pipelines (darkreading.com)
Juniper releases out-of-cycle fix for max severity auth bypass flaw (bleepingcomputer.com)
This Windows 11 bug may break Windows Security (xda-developers.com)
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Security Week
New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data (thehackernews.com)
Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug - Security Week
Gogs vulnerabilities may put your source code at risk | SC Media (scmagazine.com)
Hackers exploit critical D-Link DIR-859 router flaw to steal passwords (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 02 July 2024 – Critical Vulnerabilities identified in OpenSSH, Juniper, and Apple App Development Supply Chain
Black Arrow Cyber Advisory 02 July 2024 – Critical Vulnerabilities identified in OpenSSH, Juniper, and Apple App Development Supply Chain
Executive Summary
A critical security flaw that could allow unauthenticated remote code execution with root privileges has been discovered in the OpenSSH Server component when deployed in its default configuration. Critical vulnerabilities have also been discovered in Juniper Networks' ‘Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router’ product line. Additionally, vulnerabilities have been found within the CocoaPods dependency manager, which is used to manage library dependencies for many popular iOS and macOS applications. These vulnerabilities could allow attackers to claim ownership of thousands of unclaimed ‘pods’, enabling them to modify and insert malicious code into these dependencies.
Security updates have been released for the OpenSSH and Juniper vulnerabilities. Although the CocoaPods vulnerabilities have now been patched, developers are encouraged to verify the integrity of any open-source dependencies used previously within their applications, as these vulnerabilities have been present since a migration took place in 2014.
What’s the risk to me or my business?
If exploited, these vulnerabilities could compromise the confidentiality, integrity, and availability of data stored by an organisation. Specific information on each vulnerability is provided in the technical summary below.
What can I do?
Security updates are available for OpenSSH and affected Juniper products. These updates should be applied as soon as possible, especially for actively exploited vulnerabilities. It should be noted that where OpenSSH has been deployed into products managed by a hardware vendor, such as a firewall, security updates will need to be applied once released by the vendor. Software developers who rely on the CocoaPods dependency manager should verify the integrity of any dependencies, look to remove orphaned dependencies and should also conduct scans for malicious or suspicious code as part of secure development practices.
Technical Summary
OpenSSH
CVE-2024-6387: A critical race condition vulnerability may allow remote code execution with root privileges. This has been demonstrated in lab conditions to be successful after an average of 6-8 hours of continuous connections on 32-bit Linux systems. While 64-bit systems are believed to be exploitable, this was not demonstrated during testing. As OpenSSH is an included dependency for many different products, vendors will need to release their own security patches for these dependencies. Mitigation advice includes restricting SSH services to only be accessible from trusted sources or disabling the functionality if not required until a patch is available.
Further details on the OpenSSH vulnerabilities and individual vendor responses can be found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387.
Juniper
CVE-2024-2973: An Authentication Bypass Using an Alternate Path or Channel vulnerability with a CVSS 4.0 rating of 10.0 is present in Juniper Networks' Session Smart Router or Conductor running with a redundant peer. This allows a network-based attacker to bypass authentication and take full control of the device. The vendor advises that only Routers or Conductors running in high-availability redundant configurations are affected by this vulnerability and recommends that affected products be patched as soon as possible.
Further details on the vulnerabilities addressed can be found here: https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US.
CocoaPods
E.V.A Information Security conducted research into the CocoaPods dependency manager, often used in the development of iOS and macOS applications that rely on Swift or Objective-C languages. Over 3 million applications have used the dependency manager, and thousands of packages have been left exposed in a state where they could have been maliciously taken over since a migration in 2014 left these in an orphaned state, where the original owner was not confirmed. Malicious actors could use a public API and an email address to claim ownership over these packages, allowing them to alter or replace the source code with their own malicious code. Developers are advised to review the dependency lists and package managers used within their applications, validate checksums, perform scans for malicious code, and limit the use of orphaned or unmaintained packages.
Further details on the vulnerabilities can be found here: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Black Arrow Cyber Threat Briefing 28 June 2024
Black Arrow Cyber Threat Intelligence Briefing 28 June 2024:
-Cyber Attacks on The Rise with Financial Sector a Top Target, Report Reveals
-Cloud Resources Have Become Biggest Targets for Cyber Attacks, Finds Thales
-Hackers Grow More Sinister and Brazen in Hunt for Bigger Ransoms
-1 Out of 3 Breaches Go Undetected
-Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Experience Cyber Breaches and Incidents
-Why Are Threat Actors Faking Data Breaches?
-China-Sponsored Attackers Target 40K Corporate Users in 90 Days
-Cyber Security Neglect: The Silent Killer of Businesses
-Third of Organisations Have Suffered Three or More Data Breaches in the Last 24 Months
-75% of New Vulnerabilities Exploited Within 19 Days
-It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever.
-Tackling The Role Human Error Plays in Data Breaches
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks on The Rise with Financial Sector a Top Target, Report Reveals
A recent report from BlackBerry reveals the financial sector faces significant cyber threats, with 40% of attacks on critical infrastructure targeting financial firms. In Q1 2024 alone, BlackBerry's cyber security solutions intercepted 3.1 million attacks, averaging 37,000 daily. Commercial enterprises saw a 3% rise in threats, now constituting 36% of all attacks. Unique malware is increasing, highlighting the need for updated defences. The report underscores the high motivation of threat actors, particularly in a year marked by geopolitical tensions and major global events like the Olympics.
Cloud Resources Have Become Biggest Targets for Cyber Attacks, Finds Thales
A recent report indicates that cloud security spending has surpassed all other security categories, driven by the sensitivity of nearly 47% of corporate data stored in the cloud. With 44% of participating organisations experiencing a cloud data breach, including 14% experiencing one in the past year, protecting cloud environments has become a top priority. Human error and misconfiguration are the leading causes of these breaches, accounting for 31%. Exploitation of known vulnerabilities accounts for 28% of breaches, while zero-day vulnerabilities account for 24%. The report also highlights that 66% of organisations use over 25 software as a service (SaaS) applications, yet less than 10% encrypt the majority of their sensitive cloud data. Digital sovereignty initiatives are recognised by 31% of organisations as crucial for future-proofing cloud environments.
Hackers Grow More Sinister and Brazen in Hunt for Bigger Ransoms
A recent surge in aggressive extortion tactics by cybercrime groups has led to severe disruptions, with a London hospital hack exposing hundreds of millions of health records and causing critical cancer treatment delays. In North America, attackers attempted to auction customer data of LendingTree Inc., gained by leveraging credentials from another breach. Meanwhile, car-dealership software provider CDK Global faced repeated attacks. These incidents illustrate the growing boldness of cyber criminals, who are increasingly using advanced technology to pressure major companies.
1 Out of 3 Breaches Go Undetected
A recent report by Gigamon highlights the increasing challenge organisations face in detecting breaches, with over 65% of respondents indicating that current security solutions are ineffective. Complexity in hybrid cloud environments is a significant factor, with 83% of IT leaders acknowledging it raises cyber risks. Despite a projected global information security spend of $215 billion in 2024, only 54% feel well-prepared for unauthorised access. Notably, 31% of breaches were only detected after receiving extortion threats, and 25% of organisations failed to identify the breach's root cause.
Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Experience Cyber Breaches and Incidents
A recent report by Optiv, based on a Ponemon Institute survey, reveals a 59% increase in cyber budgets year-over-year, with organisations with over 5,000 users allocating an average of $26 million to cyber security in 2024. Despite these investments, 61% of respondents experienced a data breach or cyber security incident in the past two years. The report highlights that 40% of organisations feel overwhelmed by too many security tools, suggesting a need for streamlined technology integration. Key investment areas include internal security assessments (60%) and identity and access management (58%). The adoption of security orchestration technology is on the rise, with 73% using it to automate incident responses.
Why Are Threat Actors Faking Data Breaches?
A recent incident involving Europcar revealed hackers selling fake data on its 50 million customers, likely generated using AI. This trend of faking data breaches is driven by financial gain, notoriety, and attempts to distract or harm a company's reputation. For example, a Russian hacking group falsely claimed to have breached Epic Games to gain visibility, and a ransomware group falsely claimed to have breached Sony, causing reputational damage. Companies are advised to proactively monitor the dark web, compare leaked datasets with previous breaches, and deploy canary tokens to authenticate breach claims, while adopting integrated security models to enhance threat detection.
China-Sponsored Attackers Target 40K Corporate Users in 90 Days
A recent report by Menlo Security has identified three sophisticated credential-phishing campaigns, compromising over 40,000 corporate users, including executives, in just three months. Named LegalQloud, Eqooqp, and Boomer, these state-sponsored attacks use advanced techniques to bypass security controls like MFA and URL filtering. The campaigns have targeted more than 3,000 domains across various industries, with six out of ten malicious links evading detection. Researchers link these campaigns to China-sponsored threat actors, highlighting the evolving and aggressive tactics used in cyber espionage. This underscores the need for organisations to continually adapt their cyber security strategies.
Cyber Security Neglect: The Silent Killer of Businesses
A recent report underscores the hidden dangers of cyber security neglect, highlighting that such oversight can lead to catastrophic data breaches and financial ruin. IBM's 2023 Cost of a Data Breach Report indicates an average cost of $4.45 million per breach, impacting legal fees, lost business, and increased insurance premiums. Common red flags include outdated security protocols, lack of employee training, and inadequate incident response plans. Businesses must adopt a proactive approach with regular security audits, updated security measures, and comprehensive incident response plans to mitigate these risks and safeguard their operations.
Third of Organisations Have Suffered Three or More Data Breaches in the Last 24 Months
New research reveals that 50% of IT professionals are unaware of all devices connected to their network, despite nearly 60% acknowledging these insecure devices pose a significant risk. The survey of 250 IT professionals also found that over two-thirds of organisations experienced three or more data breaches in the past 24 months, with 20% taking more than five days to detect a breach. This delay increases potential damage from attacks. The report underscores the need for robust security protocols, automated network scanning tools, and continuous investment in security solutions to mitigate cyber threats and protect critical assets.
75% of New Vulnerabilities Exploited Within 19 Days
A recent report by Skybox Security highlights the urgent need for improved vulnerability management, revealing over 30,000 new vulnerabilities were published last year, averaging one every 17 minutes. Despite this surge, the average time to patch vulnerabilities exceeds 100 days, while 75% of new vulnerabilities are exploited within just 19 days. The United States National Vulnerability Database recorded a 17% increase in vulnerabilities year-over-year, with half classified as high or critical. The report underscores the necessity for continuous exposure management and modern mitigation strategies to protect against the rapid exploitation of vulnerabilities, with 25% being exploited on the same day of discovery.
It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever.
A recent report highlights the challenging landscape for modern CISOs, exacerbated by evolving cyber threats and a global shortage of staff and skills. Heightened regulatory pressures and landmark cases, such as those involving Uber and SolarWinds, underscore the critical need for robust cyber security strategies and compliance across the c-suite and board. Stress and burnout are significant issues, with 94% of CISOs reporting work-related stress and 74% leaving their jobs in 2022 due to it. Gartner predicts up to 50% of security leaders will change jobs by 2025. To mitigate these challenges, CISOs must adopt transformational leadership to enhance organisational and personal resilience.
Tackling The Role Human Error Plays in Data Breaches
A recent report by Thales reveals that human error remains a significant cause of cloud data breaches, with 22% of IT professionals identifying it as the most concerning threat and 74% considering it a key priority. Over the past three years, human error has consistently ranked as a leading source of cyber attacks for enterprises.
Given the likelihood of cyber attacks, businesses must prioritise mitigating human-related risks. This includes comprehensive employee training, robust security protocols, and continuous monitoring to safeguard IT infrastructure and ensure organisational resilience against cyber threats.
Sources:
https://www.infosecurity-magazine.com/news/cloud-breaches-half-organizations/
https://www.helpnetsecurity.com/2024/06/24/detecting-breaches-struggle-in-organizations/
https://www.helpnetsecurity.com/2024/06/24/faking-data-breaches/
https://www.darkreading.com/threat-intelligence/china-sponsored-attackers-40k-corporate-users
https://hackernoon.com/cybersecurity-neglect-the-silent-killer-of-businesses
https://www.helpnetsecurity.com/2024/06/27/nvd-vulnerabilities/
https://www.techradar.com/pro/tackling-the-role-human-error-plays-in-data-breaches
Governance, Risk and Compliance
The NYSE's $10M Wake-up Call (darkreading.com)
Cyber Attacks on the rise with financial sector a top target, report reveals (investmentnews.com)
Cyber security Neglect: The Silent Killer of Businesses | HackerNoon
Organisations with outdated security approaches getting hammered: Cloudflare | CSO Online
Today's Most Overlooked Mergers and Acquisitions Cyber Security and Compliance Risks | Inc.com
New cyber threat research for SMB in 2024 | Securelist
Building a culture of security is everyone’s responsibility - Raconteur
Small Businesses Taking Proactive Steps to Prevent Cyber Attacks (smallbiztrends.com)
Is Defence Winning? A Look at Decades of Playing Catch Up (darkreading.com)
Working with a cyber security committee of the board | Microsoft Security Blog
CISOs becoming more comfortable with risk levels - Help Net Security
Inside the Mind of a CISO: Survey and Analysis - SecurityWeek
CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed (darkreading.com)
Some strategies for CISOs freaked out by the specter of federal indictments | CSO Online
The challenges in maintaining effective cyber security (securitybrief.co.nz)
A proactive cyber security policy is not just smart — it’s essential (securityintelligence.com)
The cyber attacks which could wipe your business out | BelfastTelegraph.co.uk
Evaluating crisis experience in CISO hiring: What to look for and look out for | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
The State of Ransomware 2024 | SC Media (scmagazine.com)
Ransomware threat landscape Jan-Apr 2024: insights and challenges (securityaffairs.com)
UK and US cops put Qilin ransomware crims in the crosshairs • The Register
Key Takeaways From the British Library Cyber Attack (darkreading.com)
Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)
Hackers Grow More Sinister and Brazen in Hunt for Bigger Ransoms - Bloomberg
Ratel RAT targets outdated Android phones in ransomware attacks (bleepingcomputer.com)
Red Tape Is Making Hospital Ransomware Attacks Worse | WIRED
Cyber Attacks: An Unseen State Of Emergency In Healthcare (forbes.com)
Chinese Cyber Spies Employ Ransomware in Attacks for Diversion (bleepingcomputer.com)
New ransomware, infostealers pose growing risk in 2024 - Help Net Security
Best practices for protection from ransomware in cloud storage | TechTarget
Meet the Ransomware Negotiators (darkreading.com)
Ransomware Victims
Hackers Publish 400GB Of Data After London Hospital Cyber Attack (forbes.com)
UK government weighs action against Russian hackers over NHS records theft | NHS | The Guardian
LockBit lied: Stolen data is from a bank, not US Federal Reserve (bleepingcomputer.com)
UK and US cops put Qilin ransomware crims in the crosshairs • The Register
Key Takeaways From the British Library Cyber Attack (darkreading.com)
Security firm Accenture breached, claim cybercriminals | Cybernews
Here's what ransomware crims stole from Change Healthcare • The Register
NHS patients affected by cyber-attack may face six-month wait for blood test (yahoo.com)
CDK Cyber Attack: What Is It, Who Is Responsible and What’s the Fallout? - Bloomberg
Hacked UK Trove Includes Data on Newborns, Cancer Patients (1) (bloomberglaw.com)
Crisis-hit firm behind vital NHS services faces uncertain future | Technology sector | The Guardian
Evolve Bank caught up in latest Russia-linked cyber attacks (paymentexpert.com)
Expert Reveals Cyber Attack ‘Paralyzed’ Over 15K US Car Dealerships (dailydot.com)
Startups scramble to assess fallout from Evolve Bank data breach | TechCrunch
NHS officials warned over patients data exposed in ‘hackers honey pot’ | The Independent
CDK cyber attacks show need for world offensive against criminals | Automotive News (autonews.com)
Shoe Zone hit by cyber attack (drapersonline.com)
Phishing & Email Based Attacks
Widespread phishing attack impacts many LA County departments | SC Media (scmagazine.com)
The Rising Threat of Mobile Phishing and How to Avoid It | MSSP Alert
Warning in Guernsey after phishing scam increase - BBC News
Expert Reveals Cyber Attack ‘Paralyzed’ Over 15K Dealerships (dailydot.com)
Malware Sandbox Any.Run Targeted in Phishing Attack - SecurityWeek
BEC
Australian gov supplier bank details altered in cyber attacks - Security - iTnews
Other Social Engineering
Mark Cuban claims his Gmail was hacked after receiving hoax call (cointelegraph.com)
What is shoulder surfing and how to prevent it? | Proton
Artificial Intelligence
Cloud security faces pressure from AI growth, multicloud use | CSO Online
How are CISOs and organisations navigating AI cyber attacks? | TechFinitive
Political Deepfakes Are the Top Use of Malicious AI (pcmag.com)
Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content (darkreading.com)
Cyber Security is a ‘team sport’ amid new gen AI–based cyber attacks | Fortune Asia
Microsoft: 'Skeleton Key' attack unlocks the worst of AI • The Register
Hackers expose deep cyber security vulnerabilities in AI | BBC News - YouTube
Security pros grade Apple Intelligence data privacy measures | TechTarget
Apple delays launch of AI-powered features in Europe, blaming EU rules | Apple | The Guardian
How to construct a cyber security policy that sits alongside AI (architecture.com)
2FA/MFA
The Snowflake breach tells us that passwords aren't enough | TechRadar
Multifactor Authentication Is Not Enough to Protect Cloud Data (darkreading.com)
Push Notification Fatigue Leads to LA County Health Department Data Breach - SecurityWeek
Malware
Use of novel malware jumps 40% in 3 months, new report finds (techmonitor.ai)
New Unfurling Hemlock threat actor floods systems with malware (bleepingcomputer.com)
Telcos Hit Hardest by Cloud Malware, Report Finds - IT Security Guru
Oyster Backdoor Spreading via Trojanized Popular Software Downloads (thehackernews.com)
Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (thehackernews.com)
Google Chrome Web Store still has security work to do • The Register
280 Million Google Chrome Users Installed Dangerous Extensions, Study Says (forbes.com)
'Mirai-like' botnet observed attacking EOL Zyxel NAS devices • The Register
New Cyber threat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks (thehackernews.com)
Experts observed approximately 120 malicious campaigns using the Rafel RAT - Security Affairs
New Medusa malware variants target Android users in seven countries (bleepingcomputer.com)
Snowblind malware abuses Android security feature to bypass security (bleepingcomputer.com)
WordPress Fights Off Malware Attack, 5 Plugins Infected | MSSP Alert
New ransomware, infostealers pose growing risk in 2024 - Help Net Security
Mac users served info-stealer malware through Google ads | Ars Technica
Cyber attackers are using more new malware, attacking critical infrastructure | CSO Online
Korean telco allegedly infected its P2P users with malware • The Register
Mobile
Forget privacy, young internet users want to be tracked (ft.com)
Here's how to keep your data private on your phone, PC, and tablet (xda-developers.com)
The Rising Threat of Mobile Phishing and How to Avoid It | MSSP Alert
Ratel RAT targets outdated Android phones in ransomware attacks (bleepingcomputer.com)
Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping (thehackernews.com)
New Medusa malware variants target Android users in seven countries (bleepingcomputer.com)
Snowblind malware abuses Android security feature to bypass security (bleepingcomputer.com)
Your Phone's 5G Connection is Vulnerable to Bypass, DoS Attacks (darkreading.com)
Denial of Service/DoS/DDOS
Don’t fall for these DDoS myths | TechFinitive
Your Phone's 5G Connection is Vulnerable to Bypass, DoS Attacks (darkreading.com)
Largest Croatian hospital under cyber attack - Help Net Security
Data Breaches/Leaks
1 out of 3 breaches go undetected - Help Net Security
Why are threat actors faking data breaches? - Help Net Security
Microsoft Tells More Clients Russian Hackers Viewed Emails (2) (bloomberglaw.com)
Santander Employee Data Breach Linked to Snowflake Attack - SecurityWeek
Post Office accidentally leaks names of sub-postmasters - BBC News
Sir Alan Bates hits out at Post Office ‘incompetence’ after data breach | Computer Weekly
First million breached Ticketmaster records released for free | Malwarebytes
The Snowflake latest: New victims, ShinyHunters takes credit • The Register
Security firm Accenture breached, claim cybercriminals | Cybernews
Push Notification Fatigue Leads to LA County Health Department Data Breach - SecurityWeek
Optus database compromised in 2022 by simple coding error - Mobile World Live
Microsoft blamed for million-record theft from Geisinger • The Register
Tackling the role human error plays in data breaches | TechRadar
NHS officials warned over patients data exposed in ‘hackers honey pot’ | The Independent
TeamViewer Detects Security Breach in Corporate IT Environment (thehackernews.com)
Authenticator for X, TikTok Exposes Personal User Info for 18 Months (darkreading.com)
Los Angeles Unified confirms student data stolen in Snowflake account hack (bleepingcomputer.com)
Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information - SecurityWeek
Designed Receivable Solutions Data Breach Impacts 585,000 People - SecurityWeek
Web scraping is not just a security or fraud problem - Help Net Security
Organised Crime & Criminal Actors
Why are threat actors faking data breaches? - Help Net Security
Why Russia Is Facing a Crime Wave When War on Ukraine Ends - Bloomberg
Russian soldiers returning home are sending crime higher | Fortune
Four FIN9 hackers indicted for cyber attacks causing $71M in losses (bleepingcomputer.com)
Organised crime and domestic violence perps buy trackers • The Register
Wikileaks' Julian Assange Released from UK Prison, Heads to Australia (thehackernews.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
50 Cent got hacked by someone shilling memecoins and it seemed to work | Mashable
Predators steal additional $10M from crypto scam victims • The Register
Feds put $5m bounty on 'CryptoQueen' Ignatova's whereabouts • The Register
Crypto-gang leader convicted of vicious kidnaps, robbery • The Register
Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets - SecurityWeek
CoinStats says North Korean hackers breached 1,590 crypto wallets (bleepingcomputer.com)
Insider Risk and Insider Threats
Tackling the role human error plays in data breaches | TechRadar
JPMorgan Hacker May Have Built New Fraud Empire While Working With FBI - Bloomberg
Insurance
Recovery costs of cyber attacks outpacing insurance – Sophos | Insurance Times
Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News
Cyber cover still seen as “nice to have” despite threats (emergingrisks.co.uk)
76% of Companies Improved Their Cyber Defences to Qualify (globenewswire.com)
UK midsize firms wary of cyber insurance: Coalition - Reinsurance News
US businesses struggle to obtain cyber insurance, lawmakers are told | CyberScoop
Supply Chain and Third Parties
Santander Employee Data Breach Linked to Snowflake Attack - SecurityWeek
The Snowflake latest: New victims, ShinyHunters takes credit • The Register
NHS patients affected by cyber-attack may face six-month wait for blood test (yahoo.com)
Microsoft blamed for million-record theft from Geisinger • The Register
Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (thehackernews.com)
Remove Polyfill.io code from your website immediately • The Register
Cloud/SaaS
Cloud security faces pressure from AI growth, multicloud use | CSO Online
The Snowflake breach tells us that passwords aren't enough | TechRadar
Multifactor Authentication Is Not Enough to Protect Cloud Data (darkreading.com)
Cloud Resources have Become Biggest Targets for Cyber Attacks, finds Thales | Thales Group
Santander Employee Data Breach Linked to Snowflake Attack - SecurityWeek
Telcos Hit Hardest by Cloud Malware, Report Finds - IT Security Guru
The Snowflake latest: New victims, ShinyHunters takes credit • The Register
Police Scotland did not consult ICO about high-risk cloud system | Computer Weekly
SAP customers warned on risks in unofficial route to cloud • The Register
Best practices for protection from ransomware in cloud storage | TechTarget
Crafting a Robust Cloud Security Strategy in 2024 | MSSP Alert
Are rainy days ahead for cloud computing? - BBC News
Encryption
Europe and Australia both back down on CSAM scanning (9to5mac.com)
Telegram says it has 'about 30 engineers'; security experts say that's a red flag | TechCrunch
Passwords, Credential Stuffing & Brute Force Attacks
The Snowflake breach tells us that passwords aren't enough | TechRadar
Levi's Data Breach: 72,000+ Customers' Data Exposed (cybersecuritynews.com)
Social Media
50 Cent got hacked by someone shilling memecoins and it seemed to work | Mashable
Authenticator for X, TikTok Exposes Personal User Info for 18 Months (darkreading.com)
Malvertising
Mac users served info-stealer malware through Google ads | Ars Technica
Regulations, Fines and Legislation
The NYSE's $10M Wake-up Call (darkreading.com)
Cyber Security | UK Regulatory Outlook June 2024 - Osborne Clarke | Osborne Clarke
Police Scotland did not consult ICO about high-risk cloud system | Computer Weekly
What qualifies as a material cyber security incident? | TechTarget
Apple delays launch of AI-powered features in Europe, blaming EU rules | Apple | The Guardian
Some strategies for CISOs freaked out by the specter of federal indictments | CSO Online
Consulting firms settle $11.3M cyber security case (devx.com)
CMM 2.0 - What UK-Based Contractors Need to Know (techuk.org)
American Privacy Rights Act is now weak sauce, critics warn • The Register
Models, Frameworks and Standards
Catching Up on Innovation With NIST CSF 2.0
Implementing CIS Controls in Small and Medium Enterprises | UpGuard
Backup and Recovery
Why immutable data storage is key to cyber security strategy | TechRadar
Data Protection
Apple delays launch of AI-powered features in Europe, blaming EU rules | Apple | The Guardian
American Privacy Rights Act is now weak sauce, critics warn • The Register
Careers, Working in Cyber and Information Security
12 hottest IT security certs for higher pay today | CSO Online
Gaining and Retaining Security Talent: A Cheat Sheet for CISOs - SecurityWeek
Fortinet report highlights global cyber security skills shortage (securitybrief.co.nz)
Employers urged to find cyber security talent differently (devx.com)
Evaluating crisis experience in CISO hiring: What to look for and look out for | CSO Online
Removal of Certain Degree Requirements To Boost Federal Cyber Workforce | AFCEA International
How to become a cyber security architect | TechTarget
Law Enforcement Action and Take Downs
Five men convicted for operating illegal streaming site Jetflicks (bleepingcomputer.com)
UK and US cops put Qilin ransomware crims in the crosshairs • The Register
Sellafield pleads guilty to criminal charges over cyber security | Computer Weekly
Four FIN9 hackers indicted for cyber attacks causing $71M in losses (bleepingcomputer.com)
Crypto-gang leader convicted of vicious kidnaps, robbery • The Register
Russian national indicted for role in cyber attacks on Ukraine | CyberScoop
Russian Charged With Ukrainian Cyber Attack Before Invasion - Law360
War Crime Prosecutions Enter a New Digital Age | WIRED
Misinformation, Disinformation and Propaganda
The inside view of spyware’s 'dirty interference,' from two recent Pegasus victims (therecord.media)
Political Deepfakes Are the Top Use of Malicious AI (pcmag.com)
Supreme Court rejects effort to limit government communication on misinformation | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyber operations create additional risks for people’s security and well-being | ICRC
Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News
Nation State Actors
China
China-Sponsored Attackers Target 40K Corporate Users in 90 Days (darkreading.com)
China-Russia alignment: a threat to Europe's security | Merics
Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News
'SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st (darkreading.com)
Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (thehackernews.com)
Protecting America’s cyber security demands showing our teeth | CyberScoop
Chinese Cyber Spies Employ Ransomware in Attacks for Diversion (bleepingcomputer.com)
Beyond TikTok: Navigating the cyber security landscape of tomorrow (federaltimes.com)
China-Linked Espionage Groups Target Asian Telecoms (darkreading.com)
Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (thehackernews.com)
Russia
Microsoft Tells More Clients Russian Hackers Viewed Emails (2) (bloomberglaw.com)
China-Russia alignment: a threat to Europe's security | Merics
Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News
US Treasury Sanctions 12 Kaspersky Executives Amid Software Ban (thehackernews.com)
Why Russia Is Facing a Crime Wave When War on Ukraine Ends - Bloomberg
Russian soldiers returning home are sending crime higher | Fortune
Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)
European Union Sanctions Russian State Hackers (govinfosecurity.com)
Protecting America’s cyber security demands showing our teeth | CyberScoop
Russian used US systems for pre-invasion attack on Ukraine, US says - Defense One
UK government weighs action against Russian hackers over NHS records theft | NHS | The Guardian
Evolve Bank & Trust Confirms Data Was Stolen in Cyber Attack (claimsjournal.com)
Russian national indicted for role in cyber attacks on Ukraine | CyberScoop
Russian Charged With Ukrainian Cyber Attack Before Invasion - Law360
Kaspersky Denies Security Risk, After US Sales Ban | Silicon UK
The US bans Kaspersky products, citing security risks - what this means for you | ZDNET
US Bans Kaspersky Over Alleged Kremlin Links - Infosecurity Magazine (infosecurity-magazine.com)
ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor (thehackernews.com)
FBI joins hunt for hackers who stole NHS records (thetimes.com)
HUR Cyber Attack Hits Russian Internet Providers in Occupied Crimea (kyivpost.com)
Evolve Bank caught up in latest Russia-linked cyber attacks (paymentexpert.com)
North Korea
Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News
Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)
Protecting America’s cyber security demands showing our teeth | CyberScoop
Cyber operations create additional risks for people’s security and well-being | ICRC
Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets - SecurityWeek
CoinStats says North Korean hackers breached 1,590 crypto wallets (bleepingcomputer.com)
Tools and Controls
Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News
Recovery costs of cyber attacks outpacing insurance – Sophos | Insurance Times
Four steps to build cyber resilience in the public sector | TechRadar
Conditional Access - The ultimate starter guide (oceanleaf.ch)
Hybrid work prompts spike in network security threats | Computer Weekly
Why immutable data storage is key to cyber security strategy | TechRadar
What Application Security Within Shadow IT Looks Like (darkreading.com)
Cyber cover still seen as “nice to have” despite threats (emergingrisks.co.uk)
76% of Companies Improved Their Cyber Defences to Qualify (globenewswire.com)
DMARC: Why It's Moving from a Best Practice to Must-Have | Proofpoint US
UK midsize firms wary of cyber insurance: Coalition - Reinsurance News
The four phases of emergency management | TechTarget
CISOs becoming more comfortable with risk levels - Help Net Security
CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed (darkreading.com)
Crafting a Robust Cloud Security Strategy in 2024 | MSSP Alert
US businesses struggle to obtain cyber insurance, lawmakers are told | CyberScoop
Cisco's enterprise firewall receives ‘caution’ rating from CyberRatings - SDxCentral
A proactive cyber security policy is not just smart — it’s essential (securityintelligence.com)
The dos and don’ts of gamified cyber security training - Security Boulevard
Benefits of dark web monitoring (techtarget.com)
A Watershed Moment for Threat Detection and Response (darkreading.com)
Creating a proactive incident response plan | Microsoft Security Blog
Building an incident response strategy in 2024 | ITPro
Conducting a Comprehensive Security Posture Assessment in 2024 (att.com)
Best practices for protection from ransomware in cloud storage | TechTarget
How to construct a cyber security policy that sits alongside AI (architecture.com)
Other News
Post Office expert IT witness Gareth Jenkins resigns BCS membership | Computer Weekly
Cyber Attacks: An Unseen State Of Emergency In Healthcare (forbes.com)
New cyber threat research for SMB in 2024 | Securelist
Is Defence Winning? A Look at Decades of Playing Catch Up (darkreading.com)
Beat the Heat and Cyber Threats this Summer | MSSP Alert
Cyber Europe 2024 tests resilience of EU Energy Sector (techmonitor.ai)
Hijacked spacecraft, hacked life support systems: the cyber risks of space | Cybernews
New Trends in Maritime Cyber Security in 2024 (maritime-executive.com)
Estimated cyber crime up almost 120 per cent in four years | The Herald (heraldscotland.com)
Windows 10 will get five years of additional support thanks to 0patch - Neowin
Cracking down on cybercrime: Who you gonna call? - Help Net Security
Why cyber attack cases against journalists are increasing | WKMS
How to navigate retail’s changing cyber threats | Retail Technology Review
Cyber Threats in Construction and Manufacturing: Securing your Organisation (att.com)
Cyber security for schools: What you need to know | Edexec
Nine ways construction companies can modernize and mitigate cyber risks | SC Media (scmagazine.com)
Vulnerability Management
75% of new vulnerabilities exploited within 19 days - Help Net Security
Vulnerabilities
MOVEit Transfer Flaws Push Security Defence Into a Race With Attackers (darkreading.com)
Phoenix UEFI bug affects long list of Intel chip families • The Register
New attack uses MSC files and Windows XSS flaw to breach networks (bleepingcomputer.com)
Fresh MOVEit Bug Under Attack Mere Hours After Disclosure (darkreading.com)
VMware ESXi Flaw Allows Attackers to Bypass Authentication (cybersecuritynews.com)
MoveIt Transfer vulnerability targeted amid disclosure drama | TechTarget
New MOVEit Transfer critical bug is actively exploited (securityaffairs.com)
ESET Security Products - Windows Vulnerable Privilege Escalation (cybersecuritynews.com)
Chrome 126 Update Patches Memory Safety Bugs - SecurityWeek
Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts (thehackernews.com)
Plugins on WordPress.org backdoored in supply chain attack (bleepingcomputer.com)
Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping (thehackernews.com)
Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released (bleepingcomputer.com)
WordPress Fights Off Malware Attack, 5 Plugins Infected | MSSP Alert
GitLab Security Updates Patch 14 Vulnerabilities - SecurityWeek
Windows 10 will get five years of additional support thanks to 0patch - Neowin
'Mirai-like' botnet observed attacking EOL Zyxel NAS devices • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.