Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 06 September 2024
Black Arrow Cyber Threat Intelligence Briefing 06 September 2024:
-Active Ransomware Groups Surge by 56% in 2024
-Authorised Push Payment (APP) Fraud Dominates as Scams Hit All-Time High
-Phishing Remains Top Cyber Threat, Credential Exposure Incidents Surging
-When Cyber Security Breaches Are Inevitable, It's Time to Call for A New Approach
-Critical infrastructure Sustained 13 Cyber Attacks per Second in 2023
-How Phishing Messages Break Through Email Filters
-Can Every Business Afford to Be a Target?
-To Beat Cyber-Crime Your Business Needs a Cyber Hygiene Review
-UK Public Growing Anxious Over Dependence on IT Systems
-Russia’s Most Notorious Special Forces Unit Tied to Assassinations and Sabotage, Now Has Its Own Cyber Warfare Team
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Active Ransomware Groups Surge by 56% in 2024
There was a 56% increase in active ransomware gangs in the first half of 2024, with 73 groups in operation compared to 46 in H1 2023. This rise highlights the growing fragmentation of the ransomware landscape, partly driven by law enforcement actions that disrupted major Ransomware-as-a-Service (RaaS) groups. Notably, ransomware gang BlackCat disappeared after an “exit scam” following a ransom from US healthcare provider Change Healthcare in March 2024. Smaller groups are now emerging rapidly, executing targeted attacks, and frequently reappearing under new identities, complicating cyber security efforts.
Authorised Push Payment (APP) Fraud Dominates as Scams Hit All-Time High
The UK’s Financial Ombudsman Service reported a record high in fraud and scam cases in Q2 2024, with authorised push payment (APP) fraud making up over half of the complaints. APP fraud, where victims are tricked into transferring money to fraudsters, is contentious as many banks argue that victims made a conscious decision, thus forfeiting reimbursement. Between April and June 2024, 8,734 complaints were lodged, marking a 43% year-on-year increase. The rise is attributed not only to increased fraud but also to more complex multi-stage fraud, card payments lacking protection, and more cases being filed by professional representatives.
Phishing Remains Top Cyber Threat, Credential Exposure Incidents Surging
ReliaQuest’s Q3 2024 Attacker Trends Analysis reveals that phishing remains the top cyber threat, accounting for 37% of incidents. However, credential exposure incidents have surged dramatically to 88% of security alerts, up from 60% in 2023, indicating a critical weakness in credential management. Malware, particularly the Remote Access Trojan (RAT) "SocGholish", affected 23% of customers, often linked to phishing campaigns. Additionally, MITRE ATT&CK techniques such as T1078 (Valid Accounts) and T1204 (User Execution) were frequently exploited, highlighting the need for stronger credential protection and phishing defences.
When Cyber Security Breaches Are Inevitable, It's Time to Call for A New Approach
At a recent TED Conference discussions highlighted how emerging technologies like AI and quantum computing are poised to both elevate and challenge cyber security. Research from Proofpoint shows that 94% of cloud customers were targeted monthly in 2023, with 62% successfully compromised, underscoring the increased risk. To counter this, businesses must adopt a cyber resilience mindset, focusing on sustaining operations during and after a cyber attack. This involves planning, regular practice, early detection, and partnerships to ensure organisations remain resilient amid growing cyber threats.
Critical infrastructure Sustained 13 Cyber Attacks per Second in 2023
Critical infrastructure faced over 420 million cyber attacks between January 2023 and January 2024, marking a 30% rise from the previous year. Power grids, transportation, and communication networks are particularly vulnerable due to the severe disruption any failures would cause. The US, UK, Germany, India, and Japan were the most frequently targeted, with threat actors predominantly originating from China, Russia, and Iran. The increasing digitisation of global infrastructure has heightened the risk of cyber attacks, particularly following the onset of the war in Ukraine.
How Phishing Messages Break Through Email Filters
The APWG’s Phishing Activity Trends Report for Q1 2024 revealed over 963,000 phishing attacks, with Business Email Compromise (BEC) fraud seeing a 50% rise in the average wire transfer request to $84,000. Cyber security researchers at LevelBlue Labs detailed sophisticated evasion techniques used by attackers, including voice phishing (vishing), exploiting compromised accounts, and leveraging social engineering. Attackers bypass email security gateways (SEGs) by using advanced tactics such as manipulating ZIP archives and reversing text in email source code, enabling them to distribute malware undetected. These developments highlight the urgent need for enhanced anti-phishing measures and user vigilance.
Can Every Business Afford to Be a Target?
Small and medium-sized businesses (SMBs) face an evolving cyber threat landscape, as cyber criminals increasingly adopt business models like Ransomware-as-a-Service (RaaS). According to recent findings, SMBs are particularly vulnerable due to limited financial and staffing resources, leaving them exposed to phishing attacks, leaked data, and common technology vulnerabilities. Ransomware groups provide tools to less skilled attackers, expanding the scope of attacks. Phishing remains a significant threat, especially as SMBs rely on SaaS applications. To protect themselves, SMBs must find cost-effective solutions, such as automated threat monitoring and leveraging AI for threat intelligence analysis.
To Beat Cyber-Crime Your Business Needs a Cyber Hygiene Review
A recent survey revealed that 58% of large businesses experienced cyber crime in the past 12 months, costing around £5,000 per incident. With human error responsible for 95% of cyber security breaches, a focus on cyber hygiene is critical. Organisations should conduct a ‘cyber-hygiene deep clean,’ which includes documenting all hardware, software, and applications, and updating or uninstalling outdated or unused systems. Regular password updates, software patches, and thorough vulnerability assessments of public-facing assets are essential to prevent breaches. Protecting customer data, especially PII, must be prioritised to avoid compliance issues and fines.
UK Public Growing Anxious Over Dependence on IT Systems
A recent survey by OnePoll for the International Cyber Expo found that 78% of UK respondents are concerned about the heavy reliance of global organisations on IT systems and software providers. This comes after the July 2024 CrowdStrike outage, where a faulty update affected around 8.5 million computers worldwide, disabling many Windows systems. The survey revealed that 44% of respondents were impacted, with 18% directly affected and 26% knowing someone who was. The incident highlights growing apprehension over cyber security vulnerabilities and the potential for widespread disruption to everyday life and business operations.
Russia’s Most Notorious Special Forces Unit Tied to Assassinations and Sabotage, Now Has Its Own Cyber Warfare Team
A new cyber threat group, identified as Cadet Blizzard and linked to Russia’s GRU Unit 29155, has been revealed by Western government agencies. Known for its physical sabotage and assassinations, Unit 29155 has now developed a cyber warfare team responsible for multiple hacking operations targeting Ukraine, the US, and other countries. Since 2022, the group has launched attacks using Whispergate malware, which destroyed data in at least two dozen Ukrainian organisations, and engaged in defacement and data theft under the guise of a fake hacktivist group, Free Civilian. This intertwining of physical and digital tactics highlights the growing threat posed by state-sponsored cyber warfare.
Sources
https://www.infosecurity-magazine.com/news/active-ransomware-groups-surge/
https://www.infosecurity-magazine.com/news/app-fraud-scams-alltime-high/
https://informationsecuritybuzz.com/phishing-top-cyber-threat-despite-drop/
https://www.techradar.com/pro/critical-infrastructure-sustained-13-cyber-attacks-per-second-in-2023
https://cybersecuritynews.com/phishing-email-filter-breakthroughs/
https://informationsecuritybuzz.com/can-every-business-afford-to-be-target/
https://itbrief.co.uk/story/uk-public-growing-anxious-over-dependence-on-it-systems
https://www.wired.com/story/russia-gru-unit-29155-hacker-team/
Governance, Risk and Compliance
To beat cyber-crime your business needs a cyber-hygiene review - Digital Journal
More than a CISO: the rise of the dual-titled IT leader | CSO Online
Quantifying Risks to Make the Right Cyber Security Investments (inforisktoday.com)
When Cyber Security Breaches Are Inevitable, It's Time To Call For A New Approach (forbes.com)
Making Enterprises Resilient In The Face Of Growing Cyber Threats (forbes.com)
Why the CFO-CISO relationship is key to mitigating cyber risk - Raconteur
Can Every Business Afford To Be A Target? (informationsecuritybuzz.com)
The true cost of cyber crime for your business - Help Net Security
Boards Need to Take a Hard Look tt Their Cyber Vulnerabilities (forbes.com)
Incident response planning vital for cyber security (devx.com)
Surge in cyber risks will create new exposures (emergingrisks.co.uk)
Security boom is over, with third of budgets flat or falling • The Register
How Should You Manage Cyber Risk in 2024? (informationweek.com)
Cost of a data breach: Cost savings with law enforcement involvement (securityintelligence.com)
Don’t Get Your Security from Your RMM Provider: The Risks You Should Know | MSSP Alert
Insurance groups urge state support for ‘uninsurable’ cyber risks (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
RansomHub claims 210 scalps in bid for ransomware supremacy • The Register
Ransomware gangs of 2024: The rise of the affiliates (techinformed.com)
Everything you need to know about RansomHub, the new force in the digital extortion industry | ITPro
New ransomware group is hitting VMware ESXi systems hard | TechRadar
Active Ransomware Groups Surge by 56% in 2024 - Infosecurity Magazine (infosecurity-magazine.com)
Global Ransomware Attacks Spiked Along with Payments and Demands in Q2: Corvus (claimsjournal.com)
Ransomware tactics 2024: why you need to protect yourself differently | TechFinitive
How ransomware tactics are shifting, and what it means for your business - Help Net Security
Why Are Organisations Losing the Ransomware Battle? | Axio
IT worker charged over $750,000 cyber extortion plot against former employer (bitdefender.com)
Qilin Ransomware Attack Used To Steal Chrome Browser Data - Security Boulevard
RansomHub Emerges in Rapidly Evolving Ransomware Landscape - Security Boulevard
Fog ransomware crew evolving into wide-ranging threat | Computer Weekly
Cicada Ransomware - What You Need To Know | Tripwire
83% of organisations experienced at least one ransomware attack in the last year - Help Net Security
Researcher sued for sharing data stolen by ransomware with media (bleepingcomputer.com)
Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems (bleepingcomputer.com)
Ransomware Gangs Pummel Southeast Asia (darkreading.com)
Linux Ransomware Threats: How Attackers Target Linux Systems (itprotoday.com)
Ransomware Victims
Housing charity latest to get hit by ransomware attack - TFN
City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack - SecurityWeek
Tewkesbury Borough Council cyber attack sparks disruption - BBC News
Halliburton confirms data was stolen in ongoing cyber attack | TechCrunch
‘Critical’ cyber attack on pension fund ‘almost certain’ - Somerset Live
Lockbit claims breach on Canada’s largest school board: Is the group back with a vengeance? | ITPro
Planned Parenthood confirms cyber attack as RansomHub claims breach (bleepingcomputer.com)
Phishing & Email Based Attacks
How Phishing Messages Break Through Email Filters - Report (cybersecuritynews.com)
Phishing Remains Top Cyber Threat (informationsecuritybuzz.com)
File-sharing phishing attacks zero-in on the financial sector | SC Media (scmagazine.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
Help friends and family avoid phishing emails (appleinsider.com)
Novel attack on Windows spotted in Chinese phishing campaign • The Register
Travelers Beware of Sophisticated Booking.com Phishing Attack (cybersecuritynews.com)
Business Email Compromise (BEC)
Nigerian man sentenced to 5 years for role in BEC operation | CyberScoop
Two Nigerians Sentenced to Prison in US for BEC Fraud - SecurityWeek
Other Social Engineering
How Phishing Messages Break Through Email Filters - Report (cybersecuritynews.com)
APP Fraud Dominates as Scams Hit All-Time High - Infosecurity Magazine (infosecurity-magazine.com)
Stop Scanning Random QR Codes (gizmodo.com)
Quishing, an insidious threat to electric car owners (securityaffairs.com)
VIEW: Deepfakes represent growing cyber threat - CIR Magazine
The attack with many names: SMS Toll Fraud - Help Net Security
FBI warns crypto firms of aggressive social engineering attacks (bleepingcomputer.com)
Travelers Beware of Sophisticated Booking.com Phishing Attack (cybersecuritynews.com)
Cryptohack Roundup: Focus on Pig Butchering - DataBreachToday
Recruiters and job candidates need to be vigilant of emerging cyber crime (thehrdirector.com)
North Korean Hackers Targets Job Seekers with Fake FreeConference App (thehackernews.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
Artificial Intelligence
The six most dangerous new threats security teams need to know about - IT Security Guru
AI-enhanced cyber attack tops emerging enterprise risk rankings – Gartner - CIR Magazine
AI as an Insider Threat | AFCEA International
87% of executives are concerned about bot attacks and AI fraud | Security Magazine
Deepfakes represent growing cyber threat - CIR Magazine
Gen reveals 46% surge in cyber attacks; AI scams grow rapidly (securitybrief.co.nz)
Think hard before deploying Copilot for Microsoft 365 • The Register
Businesses still ready to invest in Gen AI, with risk management a top priority | ZDNET
Clearview AI fined $33 million for facial recognition database | TechRadar
There are many reasons why companies struggle to exploit generative AI, says Deloitte survey | ZDNET
1 in 3 workers are using AI multiple times a week - and they're shouting about it | ZDNET
Inside NSA's partnerships with AI makers to prevent future attacks - Washington Times
Is AI the new bloatware? | ZDNET
AI, cyber and critical infrastructure | Professional Security
Governments need to beef up cyberdefence for the AI era - and get back to the basics | ZDNET
2FA/MFA
The six most dangerous new threats security teams need to know about - IT Security Guru
How Hackers Bypass MFA, And What You Can Do About It (forbes.com)
Admins of MFA bypass service plead guilty to fraud (bleepingcomputer.com)
UK trio pleads guilty to operating $10M MFA bypass biz • The Register
Malware
'Voldemort' Malware Curses Orgs Using Global Tax Authorities (darkreading.com)
This malware pretends to be a real VPN service to lure in victims | TechRadar
GitHub comments abused to spread Lumma Stealer malware as fake fixes (bleepingcomputer.com)
Godzilla Fileless Backdoor Exploits Atlassian Confluence Vulnerability (cybersecuritynews.com)
3,000 "ghost accounts" on GitHub spreading malware (securityintelligence.com)
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore (thehackernews.com)
New Golang malware capable of cross-platform backdoor attacks spotted in the wild | TechRadar
What is malvertising? Cyber criminals exploiting search ads to spread malware | Invezz
China's 'Earth Lusca' Propagates Multiplatform Backdoor (darkreading.com)
Microsoft Observed A New Tickler Malware Attack Satellite Devices (cybersecuritynews.com)
Chinese organisations are being hit by Cobalt Strike malware from within China | TechRadar
New Backdoor Used By Iranian State-Sponsored Group | Decipher (duo.com)
Thousands of abandoned PyPI projects could be hijacked: Report | CSO Online
Fake OnlyFans cyber crime tool infects hackers with malware (bleepingcomputer.com)
Numerous malware deployed in prolonged APT32 intrusion | SC Media (scmagazine.com)
Mobile
Android And iOS Users Attacked By Russian APT29 Hackers, Google Warns (forbes.com)
This Popular App Company Was Sold, and Now Its Android Apps Are a Privacy Risk (makeuseof.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
Denial of Service/DoS/DDOS
Massive DDoS poured 3.15 billion packets per second on Microsoft server | Cybernews
Only 25% of organisations are prepared to manage a DDoS attack | Security Magazine
Internet of Things – IoT
Attacks Continue on Connected Devices - Electrical Contractor Magazine (ecmag.com)
A Deep Dive Into IoT Communication Protocols (informationsecuritybuzz.com)
CCTV biz Verkada pays $3M to settle FTC complaint • The Register
Data Breaches/Leaks
170 million strong data leak traced to US data broker | TechRadar
Over 1.4M Users Exposed in Tracelo Breach | MSSP Alert
Microchip Technology confirms data was stolen in cyber attack (bleepingcomputer.com)
Organised Crime & Criminal Actors
Philippine authorities detain more than 160 people over suspected cyber crime operation - Bloomberg
Admins of MFA bypass service plead guilty to fraud (bleepingcomputer.com)
CEO's Arrest Likely Won't Dampen Cyber criminal Interest in Telegram (darkreading.com)
Alleged cyber criminal wanted by US spent 15 years evading arrest (voanews.com)
The true cost of cyber crime for your business - Help Net Security
UK trio pleads guilty to operating $10M MFA bypass biz • The Register
Cyber criminals use legitimate software for attacks increasing (securitybrief.co.nz)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day - SecurityWeek
FTC: Over $110 million lost to Bitcoin ATM scams in 2023 (bleepingcomputer.com)
FBI warns crypto firms of aggressive social engineering attacks (bleepingcomputer.com)
North Korean scammers prep stealth attacks on crypto outfits • The Register
Cryptohack Roundup: Focus on Pig Butchering - DataBreachToday
Insider Risk and Insider Threats
How Employees Can Protect a Company's Cyber Security - DevX
IT worker charged over $750,000 cyber extortion plot against former employer (bitdefender.com)
INSIDER THREAT AWARENESS MONTH: Are you prepared? - IT Security Guru
Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities (thehackernews.com)
Human firewalls are essential to keeping SaaS environments safe - Help Net Security
AI as an Insider Threat | AFCEA International
Insurance
Insurance groups urge state support for ‘uninsurable’ cyber risks (ft.com)
Supply Chain and Third Parties
UK Public Worried About Global Over Reliance on IT Systems - IT Security Guru
Improved Software Supply Chain Resilience Equals Increased Security (darkreading.com)
What is Vendor Risk Monitoring in Cyber Security? | UpGuard
Top 8 Vendor Risk Monitoring Solutions in 2024 | UpGuard
Boards Need To Take A Hard Look At Their Cyber Vulnerabilities (forbes.com)
Cloud/SaaS
A third of organisations suffered a SaaS data breach this year - Help Net Security
File-sharing phishing attacks zero-in on the financial sector | SC Media (scmagazine.com)
How Confident Are You That Your Critical Saas Applications Are Secure? (thehackernews.com)
Human firewalls are essential to keeping SaaS environments safe - Help Net Security
What Is the Shared Fate Model? (darkreading.com)
Rising cloud costs leave CIOs seeking ways to cope | CIO
Outages
UK public growing anxious over dependence on IT systems (itbrief.co.uk)
We must break tech monopolies before they break us (thenextweb.com)
Boards Need To Take A Hard Look At Their Cyber Vulnerabilities (forbes.com)
Identity and Access Management
Why Identity Teams Need to Start Reporting to the CISO (darkreading.com)
The Evolution of Identity and Access Management (IAM) - Security Boulevard
Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities (thehackernews.com)
Linux and Open Source
Linux Ransomware Threats: How Attackers Target Linux Systems (itprotoday.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why You Shouldn't Store Passwords in Your Browser: Password Security Risks | HackerNoon
The New Effective Way to Prevent Account Takeovers (thehackernews.com)
Social Media
Russian minister: Telegram 'too free' on content moderation • The Register
Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network (hackread.com)
Germany’s Far Right Is in a Panic Over Telegram | WIRED
Fake OnlyFans cyber crime tool infects hackers with malware (bleepingcomputer.com)
Malvertising
In plain sight: Malicious ads hiding in search results (welivesecurity.com)
What is malvertising? Cyber criminals exploiting search ads to spread malware | Invezz
Your Google searches becoming big target for 'malvertising' hackers (cnbc.com)
Malvertising is popping up on search engines - The Hustle
Regulations, Fines and Legislation
Clearview AI fined $33 million for facial recognition database | TechRadar
UK Signs Council of Europe AI Convention - Infosecurity Magazine (infosecurity-magazine.com)
CCTV biz Verkada pays $3M to settle FTC complaint • The Register
Models, Frameworks and Standards
6 IT risk assessment frameworks compared | CSO Online
Banks Brace for DORA Cyber Security Deadline on Jan. 17 (inforisktoday.com)
NIST Cybersecurity Framework (CSF) and CTEM – Better Together (thehackernews.com)
Complying with PCI DSS requirements by 2025 - Help Net Security
Explaining The OWASP API Security Top 10 (informationsecuritybuzz.com)
NIST Obtains OpenAI, Anthropic AI Model Access | MSSP Alert
Making Sense of Cyber Security Standards Like FedRAMP (pymnts.com)
Careers, Working in Cyber and Information Security
Championing the Wins to Improve Wellbeing in the Cyber Workplace - IT Security Guru
Biden admin calls infosec 'national service' in job-fill bid • The Register
Are IT certifications replacing the college degree? | CIO
Law Enforcement Action and Take Downs
Philippine authorities detain more than 160 people over suspected cyber crime operation - Bloomberg
IT worker charged over $750,000 cyber extortion plot against former employer (bitdefender.com)
Admins of MFA bypass service plead guilty to fraud (bleepingcomputer.com)
CEO's Arrest Likely Won't Dampen Cyber criminal Interest in Telegram (darkreading.com)
Nigerian man sentenced to 5 years for role in BEC operation | CyberScoop
Alleged cyber criminal wanted by US spent 15 years evading arrest (voanews.com)
UK trio pleads guilty to operating $10M MFA bypass biz • The Register
Two Nigerians Sentenced to Prison in US for BEC Fraud - SecurityWeek
Cost of a data breach: Cost savings with law enforcement involvement (securityintelligence.com)
Misinformation, Disinformation and Propaganda
Justice Department accuses Russia of interfering with 2024 elections | CyberScoop
US charges Russian GRU hacking team behind WhisperGate • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
China's 'Earth Lusca' Propagates Multiplatform Backdoor (darkreading.com)
Chinese organisations are being hit by Cobalt Strike malware from within China | TechRadar
Novel attack on Windows spotted in Chinese phishing campaign • The Register
Russia
NCSC and allies call out Russia's Unit 29155 over cyber warfare | Computer Weekly
Russian GRU Unit Tied to Assassinations Linked to Global Cyber Sabotage and Espionage - SecurityWeek
Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team | WIRED
Android And iOS Users Attacked By Russian APT29 Hackers, Google Warns (forbes.com)
Justice Department accuses Russia of interfering with 2024 elections | CyberScoop
Sweden warns of heightened risk of Russian sabotage | Sweden | The Guardian
Russian military intelligence organised cyber attacks against Estonian institutions | News | ERR
US charges Russian GRU hacking team behind WhisperGate • The Register
The FCC has finally banned Kaspersky from telecoms kits | TechRadar
Iran
Israeli spies targeted by Iranian hackers | SC Media (scmagazine.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
New Backdoor Used By Iranian State-Sponsored Group | Decipher (duo.com)
North Korea
North Korean scammers prep stealth attacks on crypto outfits • The Register
North Korean Hackers Targets Job Seekers with Fake FreeConference App (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Numerous malware deployed in prolonged APT32 intrusion | SC Media (scmagazine.com)
Civil Rights Groups Call For Spyware Controls - Infosecurity Magazine (infosecurity-magazine.com)
Germany’s Far Right Is in a Panic Over Telegram | WIRED
Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network (hackread.com)
Spyware vendors thwart restrictions by changing names, reorganise, move - The Washington Post
Predator spyware resurfaces with signs of activity, Recorded Future says | CyberScoop
Civil Rights Groups Call For Spyware Controls - Infosecurity Magazine (infosecurity-magazine.com)
Tools and Controls
To beat cyber-crime your business needs a cyber-hygiene review - Digital Journal
Evolution of Attack Surface Management - Security Boulevard
This malware pretends to be a real VPN service to lure in victims | TechRadar
API Attack Surface: How to secure it and why it matters - Security Boulevard
Why enterprises need real-time visibility of their invisible threats (betanews.com)
Quantifying Risks to Make the Right Cyber Security Investments (inforisktoday.com)
When Cyber Security Breaches Are Inevitable, It's Time To Call For A New Approach (forbes.com)
Making Enterprises Resilient In The Face Of Growing Cyber Threats (forbes.com)
Why the CFO-CISO relationship is key to mitigating cyber risk - Raconteur
Choosing the Best Cyber Security Prioritization Method for Your Organisation - Security Boulevard
What is Vendor Risk Monitoring in Cyber Security? | UpGuard
Is the "Network" Defendable? - Security Boulevard
How Confident Are You That Your Critical SaaS Applications Are Secure? (thehackernews.com)
The Evolution of Identity and Access Management (IAM) - Security Boulevard
NIST Cybersecurity Framework (CSF) and CTEM – Better Together (thehackernews.com)
Explaining The OWASP API Security Top 10 (informationsecuritybuzz.com)
Incident response planning vital for cyber security (devx.com)
Rising cloud costs leave CIOs seeking ways to cope | CIO
Think hard before deploying Copilot for Microsoft 365 • The Register
Use AI threat modeling to mitigate emerging attacks | TechTarget
Don’t Get Your Security from Your RMM Provider: The Risks You Should Know | MSSP Alert
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore (thehackernews.com)
Businesses still ready to invest in Gen AI, with risk management a top priority | ZDNET
Inside NSA's partnerships with AI makers to prevent future attacks - Washington Times
Other News
Critical infrastructure sustained 13 cyber attacks per second in 2023 | TechRadar
SQL injection bug allows anyone to skip airport security • The Register
TfL cyber attack could be due to poor cyber-hygiene, expert says - Verdict
TfL cyber attack could've brought London 'to a standstill' (telecomstechnews.com)
Can Every Business Afford To Be A Target? (informationsecuritybuzz.com)
We must break tech monopolies before they break us (thenextweb.com)
Cyber criminals use legitimate software for attacks increasing (securitybrief.co.nz)
Is the "Network" Defendable? - Security Boulevard
Surge in cyber risks will create new exposures (emergingrisks.co.uk)
Five notorious cyber attacks that targeted governments (theconversation.com)
Vulnerability Management
Tenable finds only 3% of vulnerabilities pose significant risks (securitybrief.co.nz)
Businesses must act now to address the zero day surge | TechRadar
Vulnerabilities
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (thehackernews.com)
Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise - SecurityWeek
Cisco warns of backdoor admin account in Smart Licensing Utility (bleepingcomputer.com)
Godzilla Fileless Backdoor Exploits Atlassian Confluence Vulnerability (cybersecuritynews.com)
Hacktivist Group Exploit WinRAR Vulnerability to Encrypt Windows & Linux (cybersecuritynews.com)
Chrome 128 Updates Patch High-Severity Vulnerabilities - SecurityWeek
Your Google Pixel Phone's September Update Arrived (droid-life.com)
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica
Worried about the YubiKey 5 vulnerability? Here's why I'm not | ZDNET
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution (thehackernews.com)
ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217 | UpGuard
Log4j Continues to act as Organisational Vulnerability - Security Boulevard
DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign - SecurityWeek
Vulnerabilities In Two WordPress Contact Form Plugins Affect +1.1 Million (searchenginejournal.com)
VMware fixed a code execution flaw in Fusion hypervisor (securityaffairs.com)
D-Link says it is not fixing four RCE flaws in DIR-846W routers (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 August 2024
Black Arrow Cyber Threat Intelligence Briefing 30 August 2024:
-76% of Managed Service Providers (MSPs) Faced an Infrastructure Cyber Attack in Last 12 Months
-Third-Party Risk Management is Under the Spotlight
-46% of Enterprises Experience Four or More Ransomware Attacks in a Single Year, Affecting ERP Applications and Systems 89% of the Time
-Cyber Security Spending is Going to Surge in 2025, and AI Threats are a Key Factor
-Aggressively Monitoring for Changes Is a Key Aspect of Cyber Security
-Half of Enterprises Suffer Breaches Despite Heavy Security Investments
-Why the 80-20 Rule No Longer Works for Cyber Security
-Deepfakes: Seeing is No Longer Believing
-Online Scam Cycles are Getting Shorter and More Effective
-Cyber Attacks on Critical Infrastructure Increased by 30% in One Year
-Russia is Signalling It Could Take Out the West's Internet and GPS. There's No Good Backup Plan
-NATO Believes Russia Poses a Threat to the West’s Internet and GPS Services
-Cyber Attacks on UK Law Firms Surge by 77% Amid Rising Ransomware Threat
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
76% of Managed Service Providers (MSPs) Faced an Infrastructure Cyber Attack in Last 12 Months
A recent report by Netwrix highlights that 76% of Managed Service Providers (MSPs) experienced a cyber attack on their infrastructure in the past 12 months, mirroring the 79% seen across all organisations. Of those attacked, 51% incurred unplanned expenses to address security gaps, while 31% suffered a loss of competitive edge, and 27% faced compliance fines - higher than the averages in other sectors. Notably, nearly half (49%) of cloud security incidents involved user account compromises, while 46% of on-premises attacks were related to ransomware or other malware. These findings underscore the critical need for robust security measures in the MSP sector.
Third-Party Risk Management is Under the Spotlight
Recent research highlights a critical vulnerability in the financial sector's digital supply chain resilience, exposed by the recent CrowdStrike IT outage. Despite regulatory pressure from bodies such as the Bank of England and the EU's Digital Operational Resilience Act (DORA), only 20.8% of financial professionals report having stressed exit plans in most third-party agreements, crucial for managing risks from supplier disruptions. With DORA set to be implemented by January 2025, the findings are concerning, as less than 19% of respondents expressed complete confidence in their third-party exit strategies, underscoring the urgent need for improved operational resilience in financial services.
46% of Enterprises Experience Four or More Ransomware Attacks in a Single Year, Affecting ERP Applications and Systems 89% of the Time
Onapsis has revealed that 83% of organisations have faced at least one ransomware attack in the past year, with 46% experiencing four or more, and 14% facing ten or more attacks. Notably, 89% of these attacks impacted Enterprise Resource Planning (ERP) systems, leading to significant business disruptions, with 61% of attacks resulting in at least 24 hours of downtime. As AI-enhanced threats grow, the impact on ERP systems is expected to worsen. The research underscores the inadequacy of generic security solutions, with 93% of respondents agreeing on the need for dedicated ERP security to protect business-critical applications.
Cyber Security Spending is Going to Surge in 2025, and AI Threats are a Key Factor
Gartner's latest research predicts a significant rise in global cyber security spending, expected to reach $183.9 billion in 2024 and increase by 15.1% to $212 billion in 2025. This surge is driven by the adoption of generative AI tools, which are heightening investments in application, data, and infrastructure security. The use of large language models (LLMs) in large-scale social engineering attacks is anticipated to contribute to 17% of cyber attacks or data leaks by 2027. Additionally, the growing shift to cloud services is expected to boost demand for cloud security solutions, with the Cloud Access Security Broker (CASB) and Cloud Workload Protection Platform (CWPP) market projected to hit $8.7 billion by 2025.
Aggressively Monitoring for Changes Is a Key Aspect of Cyber Security
Effective cyber security relies on multiple layers of defence, with file integrity monitoring and change detection being two of the most crucial. These layers are managed through an organisation's change management programme, which ensures that changes are carefully planned, tested, documented, and approved. In the past, making undocumented changes without oversight was common, but today, such practices are a fast track to unemployment. Modern change management involves detailed coordination and approval processes, often by committees, to minimise risks and prevent disruptions to business operations. These layers, while essential, underscore that no system is entirely risk-free.
Half of Enterprises Suffer Breaches Despite Heavy Security Investments
Recent reports indicate a sharp rise in data breach frequency and costs, with the average breach now costing $4.88 million, a 10% increase from the previous year. Notably, 40% of breaches involve data spread across multiple environments, including cloud and on-premises, taking an average of 283 days to identify and contain. Despite having extensive security measures, 51% of enterprises still reported breaches in the last 24 months, with 93% experiencing significant disruptions. Human error remains a critical factor, contributing to 68% of breaches. Additionally, 98% of businesses are linked to breaches through third-party relationships, highlighting the need for robust security across the supply chain.
Why the 80-20 Rule No Longer Works for Cyber Security
A recent analysis challenges the application of the Pareto Principle in cyber security, highlighting that monitoring only 80% of assets leaves organisations significantly exposed. The report reveals that over 90% of CISOs acknowledge breaches are more likely to originate from unknown or unmanaged assets rather than well-monitored ones. Using the metaphor of a ship with unchecked sections, the study emphasises that neglecting even a small percentage of assets can lead to catastrophic outcomes. It questions why some security leaders persist with this approach, given that the unmonitored 20% often contains the most exploitable vulnerabilities. The findings underscore the critical need for comprehensive asset management to effectively mitigate cyber risks.
Deepfakes: Seeing is No Longer Believing
The rising threat of deepfakes is significantly impacting organisations and public trust, with 47% of companies having encountered deepfakes and 70% believing these AI-generated attacks could heavily affect them. Despite 73% of organisations implementing measures against deepfakes, confidence in these defences remains low, with 62% fearing their efforts are insufficient. Public concern is also high, with 81% of Americans worried about the impact of deepfakes on election integrity. However, many people overestimate their ability to detect deepfakes, with 60% believing they could identify one, despite the increasing sophistication of these AI-generated threats.
Online Scam Cycles are Getting Shorter and More Effective
A recent Chainalysis mid-year report highlights that online scam cycles have become significantly shorter and more effective, with cyber criminals increasingly favouring smaller, faster, and more targeted campaigns. The report reveals that 43% of scam revenues on the blockchain were sent to wallets created within the past year, a sharp rise from 29.9% in 2022. This shift indicates a surge in newly launched scams, with the average duration of scams dropping from 271 days in 2020 to just 42 days in 2024. This trend underscores the growing agility and sophistication of cyber criminals in executing their fraudulent activities.
Cyber Attacks on Critical Infrastructure Increased by 30% in One Year
A recent report from KnowBe4 reveals a significant 30% increase in cyber attacks on critical infrastructure, amounting to over 420 million attacks between January 2023 and 2024, or approximately 13 attacks every second. Globally, the weekly average of cyber incidents has quadrupled since 2020, with a doubling just in 2023. The report also highlights growing vulnerabilities in the US power grid, with around 60 new vulnerable points emerging daily, raising the total from 21,000 in 2022 to approximately 24,000. These findings underscore the escalating risks facing critical infrastructure and the urgent need for enhanced security measures.
Russia is Signalling It Could Take Out the West's Internet and GPS. There's No Good Backup Plan
NATO intelligence officials have raised concerns that Russia may disrupt global internet and GPS networks, with recent reports suggesting that Russia is mapping undersea fibre optic cables, which carry 95% of international data. Russia's deputy chairman of the Security Council, Dmitry Medvedev, issued a stark warning after the Nord Stream 2 pipeline attack, suggesting Russia could target these vital communications links. Incidents such as the disruption of telecommunications between Sweden and Estonia in 2023 and the grounding of flights due to GPS interference highlight the growing threat. NATO is increasing surveillance, but experts stress the urgent need for resilient backup systems to protect against potential cyber attacks on this critical infrastructure.
Cyber Attacks on UK Law Firms Surge by 77% Amid Rising Ransomware Threat
A recent study has revealed a 77% increase in successful cyber attacks on UK law firms over the past year, rising from 538 to 954 incidents. Law firms are particularly attractive targets for cyber criminals due to the sensitive and valuable data they hold, leading to frequent ransomware attacks and blackmail attempts. According to a report by the UK’s National Cyber Security Centre, nearly three-quarters of the UK’s top 100 law firms have been impacted by cyber-attacks. The average ransom demand following an attack is $2.47 million, with firms typically paying $1.65 million. Despite the escalating threat, 35% of UK law firms still lack a cyber mitigation plan. Experts recommend stronger cyber defences, including data segregation, to better protect against these attacks.
Sources:
https://www.helpnetsecurity.com/2024/08/29/third-party-risk-management-spotlight/
https://www.helpnetsecurity.com/2024/08/27/data-breach-trends/
https://www.scmagazine.com/perspective/why-the-80-20-rule-no-longer-works-for-cybersecurity
https://www.helpnetsecurity.com/2024/08/29/deepfakes-technology-threat/
https://cyberscoop.com/online-scamming-cycles-shorter-more-effective-chainalysis/
https://www.businessinsider.com/russia-could-take-out-west-internet-gps-back-up-plan-2024-8
https://informationsecuritybuzz.com/cyberattacks-uk-law-firms-ransomware/
Governance, Risk and Compliance
How hard is it to navigate and comply with global cyber security regulations? | Business Wire
Cyber attacks on law firms jumped by 77% over the past year | Law Gazette
Half of enterprises suffer breaches despite heavy security investments - Help Net Security
Why the 80-20 rule no longer works for cyber security | SC Media (scmagazine.com)
Evolving Cyber Security: Aligning Strategy with Business Growth - Security Boulevard
Global Cyber Security spending to surge by 15% next year (electronicspecifier.com)
Cyber security spending is going to surge in 2025 – and AI threats are a key factor | ITPro
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Third-party risk management is under the spotlight - Help Net Security
European Agencies are Taking Cyber Security Seriously and Your Business Should, Too | Entrepreneur
Why cyber risk quantification is ‘becoming more mainstream’ - Security - CRN Australia
Boards Need a New Approach to Technology
If you’re a CISO without D&O insurance, you may need to fight for it | CSO Online
Cyber Security Maturity: A Must-Have on the CISO’s Agenda - SecurityWeek
Business leaders are losing faith in IT, according to this IBM study. Here's why | ZDNET
Cyber Hygiene: Constant Defence Against Evolving B2B Threats (pymnts.com)
6 hot cyber security trends — and 2 going cold | CSO Online
US firms see spike in cyber security services as data breaches increase: ISG - Reinsurance News
Why Companies Need Real-Time Compliance (informationsecuritybuzz.com)
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
BlackSuit Ransomware Threat Actors Demand Up To $500 Million - Security Boulevard
BlackSuit Ransomware Deployed After 15 Days From Initial Access (cybersecuritynews.com)
Ransomware Attacks, Demands, And Payments Rise In Q2 (informationsecuritybuzz.com)
Lateral movement: Clearest sign of unfolding ransomware attack - Help Net Security
Ransomware Group Defences Are Better Than Fortune 100 Firms (govinfosecurity.com)
FBI: RansomHub ransomware breached 210 victims since February (bleepingcomputer.com)
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Threat Group 'Bling Libra' Pivots to Extortion for Cloud Attacks (darkreading.com)
BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (thehackernews.com)
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates - Help Net Security
PoorTry Windows driver evolves into a full-featured EDR wiper (bleepingcomputer.com)
Ransomware attacks increasingly target ERP systems (securitybrief.co.nz)
'Big-game hunting' - Ransomware gangs are focusing on more lucrative attacks - Exponential-e Blog
77% of Educational Institutions Spotted a Cyber Attack Within the Last 12 Months (darkreading.com)
Ransomware Victims
US oil giant Halliburton confirms cyber attack behind systems shutdown (bleepingcomputer.com)
BlackSuit ransomware stole data of 950,000 from software vendor (bleepingcomputer.com)
Hunters International ransomware gang threatens to leak US Marshals data | SC Media (scmagazine.com)
Blood donation: NHS stocks are still in short supply after June cyber attack | The BMJ
Cyber attack disrupts Seattle’s Tacoma International Airport and seaport - The Hindu
Ransomware Gang Leaks Data Allegedly Stolen From Microchip Technology - SecurityWeek
77% of Educational Institutions Spotted a Cyber Attack Within the Last 12 Months (darkreading.com)
Patelco confirms thousands of customers hit in ransomware attack | TechRadar
McLaren Health Care restores network weeks after ransomware attack | Healthcare Dive
Play ransomware hackers claim attack on US manufacturer Microchip Technology (therecord.media)
Phishing & Email Based Attacks
Widespread QR Code Phishing Targeted Microsoft 365 Credentials | MSSP Alert
File sharing phishing attacks increase 350 percent (betanews.com)
PSA: Watch out for phishing attacks with fake banking app updates - 9to5Mac
Attackers exploiting trust in VPNs for phishing attacks | Cybernews
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (thehackernews.com)
Spoofing: What It Is And How To Spot It | HuffPost Life
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit | Tripwire
Other Social Engineering
Scammers are increasingly using messaging and social media apps to attack | ZDNET
AI voice generators: What they can do and how they work | ZDNET
Deepfakes: Seeing is no longer believing - Help Net Security
Powerful Spyware Exploits Enable a New String of 'Watering Hole' Attacks | WIRED
Don’t call it quishing but, please, do take it seriously | TechFinitive
Spoofing: What It Is And How To Spot It | HuffPost Life
How Telecom Vulnerabilities Can Be a Threat to Cyber Security Posture (darkreading.com)
Widespread QR Code Phishing Targeted Microsoft 365 Credentials | MSSP Alert
Threat actor lures victims to malware-laden VPN page via call, text | SC Media (scmagazine.com)
Artificial Intelligence
AI voice generators: What they can do and how they work | ZDNET
Deepfakes: Seeing is no longer believing - Help Net Security
Cyber security spending is going to surge in 2025 – and AI threats are a key factor | ITPro
1 in 5 top companies mention generative AI in their financial reports, but not in a good way | ZDNET
Why LLMs Are Just the Tip of the AI Security Iceberg (darkreading.com)
News Desk 2024: Hacking Microsoft Copilot Is Scary Easy (darkreading.com)
6 hot cyber security trends — and 2 going cold | CSO Online
OpenAI and Anthropic to collaborate with US government on AI safety | ZDNET
2FA/MFA
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (thehackernews.com)
How Telecom Vulnerabilities Can Be a Threat to Cyber Security Posture (darkreading.com)
Malware
Hackers infect ISPs with malware that steals customers’ credentials | Ars Technica
A new macOS data stealer is going after Apple users | TechRadar
Cthulhu Stealer malware aimed to take macOS user data (appleinsider.com)
New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules (thehackernews.com)
MacOS Malware Mimicked Popular Apps to Steal Passwords, Crypto Wallets (pcmag.com)
Microsoft: Exchange Online mistakenly tags emails as malware (bleepingcomputer.com)
This sneaky Linux malware went undetected for years, and is using all-new attack tactics | TechRadar
New vulnerabilities, infostealer compromise on the rise | SC Media (scmagazine.com)
Hackers linked to Russian government found using some very familiar malware tools | TechRadar
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises (bleepingcomputer.com)
Threat actor lures victims to malware-laden VPN page via call, text | SC Media (scmagazine.com)
New Tickler malware used to backdoor US govt, defence orgs (bleepingcomputer.com)
Hackers Exploited Digital Marketing Tools to Launch Malicious Campaigns (cybersecuritynews.com)
New Cyber Attack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads (thehackernews.com)
Mobile
Attackers draining bank accounts using new Android card cloning malware | Cybernews
PSA: Watch out for phishing attacks with fake banking app updates - 9to5Mac
Denial of Service/DoS/DDOS
Mind the Geopolitical Bot: Defending Digitalisation in an Era of Mass Disruption (institute.global)
Internet of Things – IoT
Unpatchable 0-day in surveillance cam is being exploited to install Mirai | Ars Technica
Data Breaches/Leaks
A third of companies hit by data breach amid rising concerns (securitybrief.co.nz)
5 Of The Biggest Security Breaches To Ever Hit Microsoft (slashgear.com)
NHS staff mobile numbers revealed in data breach - BBC News
Scottish health boards hit by cyber-attack (holyrood.com)
500k Impacted by Texas Dow Employees Credit Union Data Breach - SecurityWeek
AMD data reportedly offered for sale on dark web souk • The Register
Hackers claim to have hit US Marshals Service with a major cyber attack | TechRadar
Park’N Fly notifies 1 million customers of data breach (bleepingcomputer.com)
Patelco confirms thousands of customers hit in ransomware attack | TechRadar
DICK’s Sporting Goods says confidential data exposed in cyber attack (bleepingcomputer.com)
Staff details stolen in Banham Poultry cyber attack - BBC News
Watchdog warns FBI is very sloppy on safe data storage • The Register
Organised Crime & Criminal Actors
Ransomware Group Defences Are Better Than Fortune 100 Firms (govinfosecurity.com)
Greasy Opal's CAPTCHA solver still serving cyber crime after 16 years (bleepingcomputer.com)
Telegram: Why Extremists, Criminal Activity Thrive on Chat App - Bloomberg
Hacker USDoD Sheds Light on Identity | MSSP Alert
Adversaries love bots, short-lived IP addresses, out-of-band domains - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
MacOS Malware Mimicked Popular Apps to Steal Passwords, Crypto Wallets (pcmag.com)
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking (darkreading.com)
Crypto scammers who hacked McDonald's Instagram account say they stole $700,000 (bitdefender.com)
Insider Risk and Insider Threats
Microsoft security tools probed for workplace surveillance • The Register
Insurance
Meeting The New Cyber Insurance Requirements (informationsecuritybuzz.com)
If you’re a CISO without D&O insurance, you may need to fight for it | CSO Online
Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums (darkreading.com)
Insurer Seeks to Rescind Policy Over Privacy Law Compliance (bloomberglaw.com)
Supply Chain and Third Parties
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Third-party risk management is under the spotlight - Help Net Security
76% of MSPs faced an infrastructure cyber attack in last 12 months | Security Magazine
BlackSuit ransomware stole data of 950,000 from software vendor (bleepingcomputer.com)
Supply Chain Security for FinServ - ActiveState
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Cloud/SaaS
File sharing phishing attacks increase 350 percent (betanews.com)
SaaS security woes continue to haunt cyber teams | ITPro
How to Strengthen Your SaaS Security Posture Management - Security Boulevard
Threat Group 'Bling Libra' Pivots to Extortion for Cloud Attacks (darkreading.com)
Enterprise SaaS apps are still a major security risk | TechRadar
When Convenience Costs: CISOs Struggle With SaaS Security Oversight - SecurityWeek
Cyber criminals capitalize on travel industry's peak season - Help Net Security
Outages
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Third-party risk management is under the spotlight - Help Net Security
Supply Chain Security for FinServ - ActiveState
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Identity and Access Management
Why ransomware attackers target Active Directory - Help Net Security
The Evolving Landscape Of Identity And Access Management In 2024 (informationsecuritybuzz.com)
Encryption
Denmark wants to ban encrypted Telegram, Signal chats | Cybernews
Linux and Open Source
New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules (thehackernews.com)
Linux malware sedexp uses udev rules for persistence and evasion (securityaffairs.com)
This sneaky Linux malware went undetected for years, and is using all-new attack tactics | TechRadar
Passwords, Credential Stuffing & Brute Force Attacks
MacOS Malware Mimicked Popular Apps to Steal Passwords, Crypto Wallets (pcmag.com)
Widespread QR Code Phishing Targeted Microsoft 365 Credentials | MSSP Alert
If You're Still Using This Insecure Password Method, It's Time to Stop (makeuseof.com)
Social Media
Scammers are increasingly using messaging and social media apps to attack | ZDNET
Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures (thehackernews.com)
Malvertising
Hackers Exploited Digital Marketing Tools to Launch Malicious Campaigns (cybersecuritynews.com)
Regulations, Fines and Legislation
Uber Hit With €290m GDPR Fine - Infosecurity Magazine (infosecurity-magazine.com)
UK Labour Party reprimanded over cyber attack backlog by privacy regulator (therecord.media)
The NIS2 Directive: How far does it reach? - Help Net Security
Cyber law reform should be top of Labour's policy list | Computer Weekly
Lawmakers must incentivize cyber protection for critical infrastructure | CyberScoop
Models, Frameworks and Standards
The NIS2 Directive: How far does it reach? - Help Net Security
NIS2 Directive: Focusing on Critical Infrastructure Security (govinfosecurity.com)
5 open source Mitre ATT&CK tools | TechTarget
Data Protection
Uber Hit With €290m GDPR Fine - Infosecurity Magazine (infosecurity-magazine.com)
UK Labour Party reprimanded over cyber attack backlog by privacy regulator (therecord.media)
Watchdog reprimands Labour following data protection breach - BBC News
Law Enforcement Action and Take Downs
Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures (thehackernews.com)
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Telegram CEO arrest is fuzzy warning to Big Tech | Reuters
Stakes high for European Union after arrest of Telegram co-founder | European Union | The Guardian
Russia-France ties hit new low after Telegram boss' arrest, Moscow says | Reuters
Telegram is a bigger headache than Elon Musk’s X for the EU – POLITICO
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit | Tripwire
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The New Frontiers of Cyber-Warfare: Insights From Black Hat 2024 (itprotoday.com)
Ramping Up Cyber Defences Against Adversarial States | AFCEA International
Military 'silent hangar' to help protect against foreign GPS jamming - GOV.UK
Nation State Actors
China
Hackers infect ISPs with malware that steals customers’ credentials | Ars Technica
Chinese government hackers infiltrate at least two top US ISPs | TechRadar
Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (bleepingcomputer.com)
Chinese cyber attacks hit nearly half of German firms, study – DW – 08/28/2024
Cyber crime and sabotage cost German firms $300 bln in past year | Reuters
Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs (darkreading.com)
US efforts to stop Chinese hackers haven’t been fully effective, FBI official says - Nextgov/FCW
Russia
Russia Could Take Out West's Internet, No Good Back up Plan - Business Insider
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyber Attack (thehackernews.com)
In Russia, questions swirl over Telegram CEO's arrest - BBC News
The bewildering politics of Telegram - POLITICO
Russia's APT29 using spyware exploits in new campaigns | TechTarget
Powerful Spyware Exploits Enable a New String of 'Watering Hole' Attacks | WIRED
Latvia and Ukraine sign memorandum of understanding on cyber security | Ukrainska Pravda
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Iran
Tehran’s state-sponsored hackers helping cybergangs deploy ransomware | Cybernews
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates - Help Net Security
New Tickler malware used to backdoor US govt, defence orgs (bleepingcomputer.com)
Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp (thehackernews.com)
Iran hunts down double agents with fake recruiting sites • The Register
Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor | WIRED
North Korea
South Korean Spies Exploit WPS Office Zero-Day - Infosecurity Magazine (infosecurity-magazine.com)
North Korean Hackers Target Developers with Malicious npm Packages (thehackernews.com)
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Telegram: Why Extremists, Criminal Activity Thrive on Chat App - Bloomberg
Cyber Attacks Deployed in Retaliation to Telegram CEO Arrest | MSSP Alert
Tools and Controls
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Aggressively Monitoring for Changes Is a Key Aspect of Cyber Security (darkreading.com)
Global Cyber Security spending to surge by 15% next year (electronicspecifier.com)
Third-party risk management is under the spotlight - Help Net Security
Is the vulnerability disclosure process glitched? How CISOs are being left in the dark | CSO Online
How to Strengthen Your SaaS Security Posture Management - Security Boulevard
Remote Work: A Ticking Time Bomb Waiting to be Exploited (bleepingcomputer.com)
When Convenience Costs: CISOs Struggle With SaaS Security Oversight - SecurityWeek
Combating alert fatigue by prioritizing malicious intent | SC Media (scmagazine.com)
Attackers exploiting trust in VPNs for phishing attacks | Cybernews
Ransomware attacks increasingly target ERP systems (securitybrief.co.nz)
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (thehackernews.com)
Why cyber risk quantification is ‘becoming more mainstream’ - Security - CRN Australia
Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums (darkreading.com)
Cyber Hygiene: Constant Defence Against Evolving B2B Threats (pymnts.com)
Supply Chain Security for FinServ - ActiveState
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Why Every Business Should Prioritize Confidential Computing (darkreading.com)
How Security Teams are Strengthening Their Threat Hunting - Security Boulevard
Why Companies Need Real-Time Compliance (informationsecuritybuzz.com)
10 key steps for crafting a robust business continuity plan (networkingplus.co.uk)
Focus on What Matters Most: Exposure Management and Your Attack Surface (thehackernews.com)
After cyber security lab wouldn’t use AV software, US accuses Georgia Tech of fraud | Ars Technica
How to use the NIST CSF and AI RMF to address AI risks | TechTarget
5 open source Mitre ATT&CK tools | TechTarget
Inside the role of a ransomware negotiator - CBS News
The art and science behind Microsoft threat hunting: Part 3 | Microsoft Security Blog
Other News
Cyber attacks on critical infrastructure increase 30 percent (betanews.com)
Cyber attacks on law firms jumped by 77% over the past year | Law Gazette
Why the 80-20 rule no longer works for cyber security | SC Media (scmagazine.com)
Evolving Cyber Security: Aligning Strategy with Business Growth - Security Boulevard
Types of hackers: Black hat, white hat, red hat and more | TechTarget
6 hot cyber security trends — and 2 going cold | CSO Online
Cyber Security Maturity: A Must-Have on the CISO’s Agenda - SecurityWeek
Top Travel Sites Have Some First-Class Security Issues to Clean Up (darkreading.com)
A macro look at the most pressing cyber security risks - Help Net Security
Cyber Accountability: US Strategy Puts Onus on Big Tech (inforisktoday.com)
Microsoft hosts a closed security summit? How transparent • The Register
Nothing to Smile About: Hacks on Dental Practices Swell (databreachtoday.co.uk)
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool | Trend Micro (US)
Cyber threats that shaped the first half of 2024 - Help Net Security
A coherent Labour cyber strategy depends on consistency | Computer Weekly
Vulnerability Management
Vulnerabilities rise in first half of 2024 (betanews.com)
Is the vulnerability disclosure process glitched? How CISOs are being left in the dark | CSO Online
New vulnerabilities, infostealer compromise on the rise | SC Media (scmagazine.com)
How to make Windows updates less annoying, in three easy steps | ZDNET
Windows 11 updates are about to become a lot easier with hotpatching | PCWorld
Cyber criminals capitalise on travel industry's peak season - Help Net Security
Vulnerabilities
SonicWall Patches Critical SonicOS Vulnerability - SecurityWeek
Chrome just patched some high-risk security flaws, so go update now | PCWorld
Microsoft Edge RCE Vulnerability Let Attackers Take Control of the System (cybersecuritynews.com)
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports (thehackernews.com)
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses (darkreading.com)
BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (thehackernews.com)
3CX Phone System Local Privilege Escalation Vulnerability - Security Boulevard
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking (darkreading.com)
Cisco Patches Multiple NX-OS Software Vulnerabilities - SecurityWeek
Update Windows now, there are some worrying security hacks on the way | TechRadar
Second Apache OFBiz Vulnerability Exploited in Attacks - SecurityWeek
WordPress Elementor Widgets Add-On Vulnerability (searchenginejournal.com)
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) - Help Net Security
South Korean Spies Exploit WPS Office Zero-Day - Infosecurity Magazine (infosecurity-magazine.com)
Still have a Windows 10 PC? You have 5 options before support ends next year | ZDNET
3 easy ways to make Windows updates less annoying | ZDNET
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23 August 2024
Black Arrow Cyber Threat Intelligence Briefing 23 August 2024:
-Why C-Suite Leaders Are Prime Cyber Targets
-Most Ransomware Attacks Occur Between 1am and 5am When Security Staff are Asleep,
Study Finds
-Companies are Not as Resilient as They Think, Cyber Resilience Overestimation Leads to Business Continuity Issues, Ransom Payments
-Third of Firms Put Money Aside to Pay Cyber Ransoms
-AI-Powered Cyber Threats Are Too Overpowering for Over 50% of Security Teams
-Five Novel Email Phishing Attacks and What to Do About Them
-NFC Traffic Stealer Targets Android Users and Their Banking Info
-91% of Cyber Attacks Targeted Multiple Organisations Using Mass Scanning to Uncover and Exploit Vulnerabilities
-You Really Need to Stop Using Work Laptops for Personal Use. Here's Why
-Human Nature is Causing Our Cyber Security Problem
-Cyber Crime Consolidation: The Big Fish Are Getting Bigger
-Why End of Life for Applications Is the Beginning of Life for Hackers
-Beyond Prevention: Why Breach Readiness Is Your Cyber Security Lifeline
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Why C-Suite Leaders Are Prime Cyber Targets
A recent report by GetApp reveals that 72% of surveyed cyber security professionals have observed cyber attacks targeting senior executives in the past 18 months, with incidents involving AI-generated deepfakes in 27% of cases. Despite this growing threat, 37% of companies globally do not provide specialised cyber security training for their top leaders, leaving a significant vulnerability. The report also notes a sharp rise in attack frequency, with 69% of US companies experiencing increased attacks over the past three years, higher than the global average. Over half of US firms reported at least one identity fraud incident affecting a senior executive, highlighting the urgent need for enhanced cyber security strategies, including ongoing training and advanced security tools.
Most Ransomware Attacks Occur Between 1am and 5am When Security Staff are Asleep, Study Finds
The 2024 ThreatDown State of Ransomware report by Malwarebytes reveals that ransomware attacks are increasingly timed to exploit periods when security professionals are off-duty, with most incidents occurring between 1 am and 5 am. The report highlights a 33% global increase in ransomware attacks over the past year, with the UK experiencing a 67% rise and the US a 63% increase. Traditional response measures to ransomware are proving inadequate, as threat actors now move rapidly to compromise networks. This stresses the need for continuous security coverage to keep pace with evolving ransomware tactics.
Companies are Not as Resilient as They Think, Cyber Resilience Overestimation Leads to Business Continuity Issues, Ransom Payments
Cohesity’s Global Cyber Resilience Report 2024 reveals a worrying disconnect between organisations' confidence in their cyber resilience strategies and the reality of escalating cyber threats. The survey of over 3,100 IT and security decision-makers across eight countries found that 67% of respondents had fallen victim to a ransomware attack in 2024, with 69% admitting to paying a ransom, despite 77% of these organisations having a "do not pay" policy. While 78% expressed confidence in their resilience strategies, an overwhelming 96% acknowledged that the threat to their industry had increased or would increase this year, with many willing to pay over $1 million to recover data.
Third of Firms Put Money Aside to Pay Cyber Ransoms
A recent survey reveals that nearly a third of businesses have set aside funds specifically to pay ransoms in the event of a ransomware attack, reflecting the growing threat landscape. The survey found that half of the companies had suffered a ransomware breach in the past year, with one in three admitting to paying a ransom. Additionally, 31% of businesses reported severe impacts from cyber security incidents, either within their organisation or supply chain. Despite these challenges, 29% of respondents expect a successful cyber attack in the next year, with medium-to-large enterprises planning to invest an average of €1.18 million in cyber security, although a significant portion still feel their defences are outdated.
AI-Powered Cyber Threats Are Too Overpowering for Over 50% of Security Teams
A recent report by Absolute Security reveals that over half (54%) of UK Chief Information Security Officers (CISOs) feel their security teams are unprepared for emerging AI-powered threats. The Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 CISOs, highlights growing concerns about the impact of AI on cyber resilience. Nearly half (46%) view AI as more of a threat than a benefit to their organisation's security. Additionally, 39% of CISOs have personally stopped using AI due to cyber breach concerns, and 44% have banned AI use by employees for the same reason. The findings underscore the need for enhanced strategies to address AI-driven cyber risks.
Five Novel Email Phishing Attacks and What to Do About Them
Phishing attacks are continuing to grow in sophistication, driven by AI and evolving techniques. Notably, "pastejacking" tricks victims into running malicious code via copied commands, while phishing through Google Drawings exploits the tool's perceived safety to steal personal data. Cyber criminals are also abusing URL protection services, re-writing URLs to bypass security checks. A new trend blends spear phishing with mass phishing, using AI to personalise large-scale attacks. Real-time phishing, which bypasses two-factor authentication, is now widespread, with ready-made kits available on dark web markets, illustrating the growing complexity and reach of modern phishing tactics.
NFC Traffic Stealer Targets Android Users and Their Banking Info
ESET has uncovered a new Android malware named NGate, capable of cloning contactless payment data from physical credit and debit cards, posing significant risks of fraudulent transactions. This malware, the first of its kind observed in the wild, is based on NFCgate, a legitimate tool developed by students at Germany's University of Darmstadt for research purposes. NGate exploits NFCgate’s ability to capture and relay near-field communication (NFC) traffic, extending the range of contactless communication. Threat actors are using this capability alongside phishing and social engineering tactics to steal funds via fraudulent ATM transactions.
91% of Cyber Attacks Targeted Multiple Organisations Using Mass Scanning to Uncover and Exploit Vulnerabilities
The latest "Fastly Threat Insights Report" highlights a significant rise in cyber attacks, with 91% now targeting multiple organisations by scanning them online en-mass, up from 69% in 2023. The report, based on data from Fastly’s Network Learning Exchange, reveals that 36% of global internet traffic originates from bots, with short-lived IP addresses being used by attackers to evade detection. Notably, the High-Tech sector remains the top target, accounting for 37% of attacks. Fastly's findings underscore the need for adaptive security measures, as attackers increasingly exploit vulnerabilities across a broader range of targets using advanced techniques.
You Really Need to Stop Using Work Laptops for Personal Use. Here's Why
A recent study by ESET has revealed that 90% of employees use their company-provided laptops for personal activities, creating significant cyber security risks. Risky behaviours, such as viewing adult content and connecting to unsecured public Wi-Fi, were particularly common among younger workers. ESET attributes these risks to the shift towards hybrid and remote work, urging companies to enhance security measures for corporate devices and to educate employees on safe practices. These findings emphasised the need for stronger endpoint security.
Human Nature is Causing Our Cyber Security Problem
A recent analysis highlights the persistent challenge of cyber attacks, now the most significant threat to businesses, yet many organisations continue to delay adopting necessary security measures. This reluctance is attributed to a motivational deficit rooted in temporal discounting—a human tendency to prioritise immediate gratification over long-term benefits. Despite the severe consequences of security breaches and increasing regulatory pressures, organisations often procrastinate on implementing modern processes and critical tools. The article suggests that, much like automatic enrolment in retirement plans has increased participation, similar mechanisms are needed to combat procrastination and improve cyber security practices.
Cyber Crime Consolidation: The Big Fish Are Getting Bigger
A recent report by Chainalysis reveals that cyber criminals seized $16.7 billion in illicit funds during the first half of 2024, a 20% drop from the previous year, marking the fourth consecutive annual decline. Despite this overall decrease, large-scale crypto heists nearly doubled to $1.58 billion, and ransomware payments reached $459.8 million, a 2% increase from the same period last year. The median ransom payment has surged from under $200,000 in early 2023 to $1.5 million by mid-2024, reflecting a shift towards targeting larger organisations and critical infrastructure. The year is on track to be the highest-grossing for ransomware, despite disruptions to major gangs like ALPHV/BlackCat and LockBit.
Why End of Life for Applications Is the Beginning of Life for Hackers
A recent analysis highlights the significant cyber security risks posed by aging software, with over 35,000 applications set to reach end-of-life status in the next year. End-of-life software may still receive critical security patches, but end-of-support applications will no longer receive any updates, making them prime targets for threat actors. Chief Information Security Officers (CISOs) face challenges in securing backing for updates, particularly when applications are tied to outdated hardware or unsupported vendors. The Apache Log4j vulnerability exemplifies the dangers of neglecting software updates. Effective risk management requires proactive planning to address these aging software assets before they become significant vulnerabilities.
Beyond Prevention: Why Breach Readiness Is Your Cyber Security Lifeline
A recent analysis underscores the limitations of breach prevention strategies in the evolving cyber security landscape. Despite significant investments in firewalls, endpoint detection and response (EDR) and intrusion detection systems, the increasing sophistication of cyber threats has rendered breaches almost inevitable. The high number of recent breaches highlights that prevention alone is insufficient to protect critical business processes and data. Organisations must shift from relying solely on prevention to adopting a resilience-by-design approach, ensuring that they can continue operations even in the face of an attack. This proactive stance is essential to address the growing capabilities of cyber criminals.
Sources:
https://www.helpnetsecurity.com/2024/08/22/c-suite-leaders-prime-cyber-targets/
https://www.techrepublic.com/article/ransomware-trends-malwarebytes/
https://www.insurancejournal.com/news/national/2024/08/22/789621.htm
https://www.scmagazine.com/perspective/five-novel-email-phishing-attacks-and-what-to-do-about-them
https://cybernews.com/security/cybercrime-consolidation-big-fish-getting-bigger/
Governance, Risk and Compliance
Why C-suite leaders are prime cyber targets - Help Net Security
What is digital executive protection and how does it work? | CSO Online
The Cyber Security Paradox: Why Free Costs Too Much | HackerNoon
72% of cyber security leaders faced a cyber attack in last 18 months | Security Magazine
Cyber crime consolidation: the big fish are getting bigger | Cybernews
Companies aren’t as cyber resilient as they think | CIO Dive
Human Nature Is Causing Our Cyber Security Problem (darkreading.com)
You really need to stop using work laptops for personal use — here's why | TechRadar
Beyond prevention: Why breach readiness is your cyber security lifeline (securitybrief.co.nz)
CISOs list human error as their top cyber security risk (securityintelligence.com)
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
3 CIO lessons for maximizing cyber security investments | CIO Dive
Strategies for security leaders: Building a positive cyber security culture - Help Net Security
The influence of optimism bias and loss aversion in cyber risk management decisions (techxplore.com)
Governance, Risk and Compliance: The Current Context | MSSP Alert
CISOs on the Hook: SEC Tightens Cyber security Disclosures (govinfosecurity.com)
Threats
Ransomware, Extortion and Destructive Attacks
Why Are Organisations Losing the Ransomware Battle? (darkreading.com)
Ransomware Surge Exploits Cyber security Gaps Caused by M&A - Security Boulevard
Ransomware Victims Paid $460 Million in First Half of 2024 - SecurityWeek
Ransomware Trends: Most Attacks Hit Between 1am and 5am, Study Finds (techrepublic.com)
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
Cyber Crime Goes Corporate As Ransomware Gangs Want More (pymnts.com)
Ransomware on track for record profits, even as fewer victims pay | SC Media (scmagazine.com)
Third of firms put money aside to pay cyber ransoms (rte.ie)
Ransomware attacks rise 20% in July, industrial sectors hit hardest (securitybrief.co.nz)
Ransomware Attack Proceeds, Crypto Theft Rise in First Half | MSSP Alert
No honour among ransomware thieves: affiliates' trust craters after takedown (computing.co.uk)
Tracing the destructive path of ransomware's evolution (betanews.com)
Ransomware attacks rise over 60 percent (betanews.com)
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack - IT Security Guru
Q2’24 marks second highest quarter for ransomware attacks, says Corvus - Reinsurance News
RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary (darkreading.com)
Chainalysis: Illicit Crypto Activity Down 20%, Stolen Funds and Ransomware Up | Cryptoglobe
Why you need to know about ransomware | Malwarebytes
Critical industries top ransomware hitlist, attacks dwindle • The Register
Understanding the 'Morphology' of Ransomware: A Deeper Dive - SecurityWeek
U.S. charges Karakurt extortion gang’s “cold case” negotiator (bleepingcomputer.com)
Qilin Targets Chrome-Stored Credentials In “Troubling” New Attack (informationsecuritybuzz.com)
The changing dynamics of ransomware as law enforcement strikes - Help Net Security
Ransomware Victims
How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch
Top US oilfield firm Halliburton hit by cyber attack, source says (yahoo.com)
Halliburton Suffers Cyber Attack | Houston Press
Medibank's data breach costs anticipated to reach $126m by mid-2025 - Security - iTnews
AutoCanada Hit by Cyber Attack - SecurityWeek
Three councils fall victim to cyber-attack (themj.co.uk)
CDK Global antitrust lawsuit leads to $100 million payout for car dealers (qz.com)
Top architectural firm reveals it was hit by major ransomware attack | TechRadar
Phishing & Email Based Attacks
The evolving threat landscape: Staying ahead of phishing attack trends | TechRadar
Five novel email phishing attacks – and what to do about them | SC Media (scmagazine.com)
The cyber attack cycle: First comes outage, next comes phishing (securityintelligence.com)
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks - SecurityWeek
Abnormal sees 350% uptick in phishing via file-sharing sites (securitybrief.co.nz)
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
Android and iOS users targeted with novel banking app phishing campaign | Cybernews
Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs (cybersecuritynews.com)
Anatomy of an Attack (thehackernews.com)
This sophisticated new phishing campaign is going after US government contractors | TechRadar
Iran named as source of Trump campaign phish, leaks • The Register
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (thehackernews.com)
Other Social Engineering
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Artificial Intelligence
AI-powered cyber threats are too overpowering for over 50% of security teams - IT Security Guru
Protecting against AI-enabled cyber crime | Professional Security
73% of orgs embracing gen AI, but far fewer are assessing risks | VentureBeat
Fraud tactics and the growing prevalence of AI scams - Help Net Security
xAI’s new Grok image generator floods X with controversial AI fakes - The Verge
Could AI be your company’s Achilles heel? - Raconteur
Deepfakes Are Having a Deeper Impact on These Three Industries (techspective.net)
Organisations turn to biometrics to counter deepfakes - Help Net Security
Artificial intelligence, real anxiety: Why we can't stop worrying and love AI | ZDNET
Microsoft Copilot Studio Vulnerability Led to Information Disclosure - SecurityWeek
OpenAI kills Iranian accounts spreading US election disinfo • The Register
2FA/MFA
The Silver Bullet of MFA Was Never Enough (darkreading.com)
Microsoft Mandates MFA for All Azure Sign-Ins - Infosecurity Magazine (infosecurity-magazine.com)
Malware
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (thehackernews.com)
Cyber criminals launch new malware that can completely wipe out your antivirus | TechRadar
This new threat proves that Macs aren't immune from malware | Digital Trends
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
New Russian threat targets over 100 Apple macOS browser extensions | Fox News
Beyond the wail: deconstructing the BANSHEE infostealer — Elastic Security Labs
Styx Stealer Malware Stealing Browser And Instant Messenger Data (cybersecuritynews.com)
5 Emerging Malware Variants You Must Be Aware Of (informationsecuritybuzz.com)
Cyber criminals Exploit Popular Software Searches to Spread FakeBat Malware (thehackernews.com)
Massive infostealer campaign exploits legitimate brands | SC Media (scmagazine.com)
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (thehackernews.com)
Hackers deployed new malware against university in Taiwan (therecord.media)
New macOS Malware TodoSwift Linked to North Korean Hacking Groups (thehackernews.com)
Chinese Threat Actors Use MSI Files to Bypass Windows, VT Detection (darkreading.com)
Hackers may have found an entirely new way to backdoor into Windows systems | TechRadar
Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds (darkreading.com)
New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data (thehackernews.com)
Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware - SecurityWeek
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware (thehackernews.com)
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics (thehackernews.com)
Has my PC been hacked? 5 ways to detect virus attacks, step-by-step | PCWorld
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (thehackernews.com)
Mobile
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
Google Pixels Carry Verizon App Doubling As a Backdoor (darkreading.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs (cybersecuritynews.com)
Czech Mobile Users Targeted in New Banking Credential Theft Scheme (thehackernews.com)
Does Your Smartphone Need An Antivirus App? - TechRound
Denial of Service/DoS/DDOS
Average DDoS attack costs $6,000 per minute - Help Net Security
Moscow detains scientist suspected of carrying out DDoS attacks on Russia (therecord.media)
Russia blames mass tech outages on DDoS attack | TechRadar
49% of DDoS attacks targeted gaming organisations | Security Magazine
Internet of Things – IoT
Russia fears Ukraine hijacking home CCTV systems for intel • The Register
Data Breaches/Leaks
The saga of the National Public Data Social Security number leak continues - The Verge
Thousands of Oracle NetSuite sites said to be exposing customer data | SC Media (scmagazine.com)
Florida data broker says it was ransacked by cyber-thieves • The Register
The Slow-Burn Nightmare of the National Public Data Breach | WIRED
FlightAware admits passwords, SSNs exposed for over 3 years • The Register
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Security flaws in Microsoft's Health Bot put patient data at risk (computing.co.uk)
Apple Prototypes and Corporate Secrets Are for Sale Online—If You Know Where to Look | WIRED
Organised Crime & Criminal Actors
Cyber crime consolidation: the big fish are getting bigger | Cybernews
Researchers Uncover New Infrastructure Tied to FIN7 Cyber crime Group (thehackernews.com)
Digital wallets can allow purchases with stolen credit cards • The Register
Kim Dotcom: 5 outrageous moments from the internet’s anti-hero (thenextweb.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ransomware Attack Proceeds, Crypto Theft Rise in First Half | MSSP Alert
Hackers linked to $14M Holograph crypto heist arrested in Italy (bleepingcomputer.com)
Digital wallets can allow purchases with stolen credit cards • The Register
Chainalysis: Illicit Crypto Activity Down 20%, Stolen Funds and Ransomware Up | Cryptoglobe
Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds (darkreading.com)
Unicoin recovers from G-Suite raid, hints at data woes • The Register
PostgreSQL databases under attack - Help Net Security
11 Cyber security Risks for NFT Buyers | HackerNoon
Insider Risk and Insider Threats
You really need to stop using work laptops for personal use — here's why | TechRadar
CISOs list human error as their top cyber security risk (securityintelligence.com)
Human Nature Is Causing Our Cyber security Problem (darkreading.com)
Insurance
Supply Chain and Third Parties
Three councils fall victim to cyber-attack (themj.co.uk)
Cloud/SaaS
Survey Surfaces Growing SaaS Application Security Concerns - Security Boulevard
45% of tech leaders have experienced a SaaS cyber security incident | Security Magazine
Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign - SecurityWeek
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence? (thehackernews.com)
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
It's Time To Untangle the SaaS Ball of Yarn (thehackernews.com)
8 cloud security gotchas most CISOs miss | CSO Online
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence? - Security Boulevard
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
GitHub Enterprise Server vulnerable to critical auth bypass flaw (bleepingcomputer.com)
Microsoft Mandates MFA for All Azure Sign-Ins - Infosecurity Magazine (infosecurity-magazine.com)
Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue - SecurityWeek
Azure Kubernetes Services Vulnerability Exposed Sensitive Information - SecurityWeek
Authentication bypass discovered in Microsoft Entra ID | Security Magazine
North Korean Hackers Pivot Away From Public Cloud (inforisktoday.com)
Outages
The cyber attack cycle: First comes outage, next comes phishing (securityintelligence.com)
CrowdStrike hits out at rivals’ ‘shady’ attacks after global IT outage
CrowdStrike outage lessons learned: Questions to ask vendors | TechTarget
CrowdStrike deja vu for IT admins with 'performance issue' • The Register
Post Office systems crash hits 'collapsing' Horizon system | Computer Weekly
Encryption
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Linux and Open Source
Don't panic! It's only 60 Linux CVE security bulletins a week | ZDNET
PostgreSQL databases under attack - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
The saga of the National Public Data Social Security number leak continues - The Verge
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
Qilin Targets Chrome-Stored Credentials In “Troubling” New Attack (informationsecuritybuzz.com)
Czech Mobile Users Targeted in New Banking Credential Theft Scheme (thehackernews.com)
Social Media
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Training, Education and Awareness
The Cyber Security Paradox: Why Free Costs Too Much | HackerNoon
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
The worst security test ever? University slammed over fake Ebola scare as phishing test | TechRadar
Regulations, Fines and Legislation
Cisco wants United Nations to revisit cyber crime Convention • The Register
Cyber security Is Everywhere: ENISA COO - GovInfoSecurity
EU Directive Network and Information Security (NIS2): Modernizing security compliance (betanews.com)
CISOs on the Hook: SEC Tightens Cyber security Disclosures (govinfosecurity.com)
FAA Proposes New Aircraft Cyber security Rules - Infosecurity Magazine (infosecurity-magazine.com)
Models, Frameworks and Standards
ISO 27001 vs NIST: The Differences and How They Overlap - Security Boulevard
EU Directive Network and Information Security (NIS2): Modernizing security compliance (betanews.com)
Careers, Working in Cyber and Information Security
British civil service to target cyber specialists with new graduate scheme (therecord.media)
Law Enforcement Action and Take Downs
Hackers linked to $14M Holograph crypto heist arrested in Italy (bleepingcomputer.com)
National Crime Agency threatens extraditions over rise in sextortion cases (yahoo.com)
U.S. charges Karakurt extortion gang’s “cold case” negotiator (bleepingcomputer.com)
No honour among ransomware thieves: affiliates' trust craters after takedown (computing.co.uk)
Misinformation, Disinformation and Propaganda
FBI says Iranian hackers are targeting both presidential campaigns (engadget.com)
Are 2024 US Political Campaigns Prepared for Coming Cyber Threats? (darkreading.com)
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
Meet the Iranian cyber attackers suspected of trying to hack the U.S. election - Washington Times
US warns of Iranian hackers escalating influence operations (bleepingcomputer.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
Are 2024 US Political Campaigns Prepared for Coming Cyber Threats? (darkreading.com)
China
US lawmakers urge probe into TP-Link over fears of possible cyber attacks | TechRadar
Chinese Threat Actors Use MSI Files to Bypass Windows, VT Detection (darkreading.com)
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Hackers deployed new malware against university in Taiwan (therecord.media)
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics (thehackernews.com)
Russia
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (thehackernews.com)
Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks - SecurityWeek
Cyber attack hits Monobank, Ukraine's largest direct bank (kyivindependent.com)
Ukraine subjected to novel malware attack | SC Media (scmagazine.com)
Russia fears Ukraine hijacking home CCTV systems for intel • The Register
Moscow detains scientist suspected of carrying out DDoS attacks on Russia (therecord.media)
Russia blames mass tech outages on DDoS attack | TechRadar
Iran
Meet the Iranian cyber attackers suspected of trying to hack the U.S. election - Washington Times
FBI says Iranian hackers are targeting both presidential campaigns (engadget.com)
Iran named as source of Trump campaign phish, leaks • The Register
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware (thehackernews.com)
OpenAI kills Iranian accounts spreading US election disinfo • The Register
Iran and Israel are already engaged in a fierce cyberwar (economist.com)
North Korea
New macOS Malware TodoSwift Linked to North Korean Hacking Groups (thehackernews.com)
North Korean Hackers Pivot Away From Public Cloud (inforisktoday.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
Ransomware Gangs Introduce New EDR-Killing Tool (informationsecuritybuzz.com)
73% of orgs embracing gen AI, but far fewer are assessing risks | VentureBeat
The Cyber security Paradox: Why Free Costs Too Much | HackerNoon
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
Beyond prevention: Why breach readiness is your cyber security lifeline (securitybrief.co.nz)
The Silver Bullet of MFA Was Never Enough (darkreading.com)
Cyber criminals launch new malware that can completely wipe out your antivirus | TechRadar
Common API security issues: From exposed secrets to unauthorized access - Help Net Security
Organisations turn to biometrics to counter deepfakes - Help Net Security
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
This system can sort real pictures from AI fakes — why aren’t platforms using it? - The Verge
RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary (darkreading.com)
How Pen Testing is Evolving and Where it’s Headed Next - Security Boulevard
Cyber security and Physical Security Go Hand-in-Hand | HHS.gov
3 lessons for maximizing cyber security investments | CIO Dive
The influence of optimism bias and loss aversion in cyber risk management decisions (techxplore.com)
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Are virtual machines safe for end users? | TechTarget
AI for application security: Balancing automation with human oversight - Help Net Security
EDR vs. MDR vs. XDR: Key differences | TechTarget
Top Cyber security Risk Mitigation Strategies Every Business Should Implement (cybersaint.io)
Other News
72% of cyber security leaders faced a cyber attack in last 18 months | Security Magazine
72% of Senior Executives Targeted by Cyber attacks in the Last 18 Months | Business Wire
Sitting Ducks Attack: Over 1M Domains At Risk Of Takeover! - Security Boulevard
How Hollywood hacking scenes turn cyber security into entertainment (globenewswire.com)
Browser Syncing Is Useful, but Be Aware of These 4 Security Issues (makeuseof.com)
36% of global internet traffic originated from bots | Security Magazine
How might the UK's cyber landscape change under Labour? | Computer Weekly
Are the New FAA Cyber Requirements for Future Planes Enough? (govinfosecurity.com)
Preparing the IT Infrastructure For the Next Era of Cyber attacks | Entrepreneur
Switzerland to join European Cyber Security Organisation (aa.com.tr)
Protecting connected, self-driving vehicles from hackers (techxplore.com)
Empowering SMBs On The Path To Cyber security Maturity (forbes.com)
Olympics were case in point of cyber threat to global sport (emergingrisks.co.uk)
Africa's Economies Feel Pain of Cyber security Deficit (darkreading.com)
Food security: Accelerating national protections around critical infrastructure - Help Net Security
Security Alert: U.K. Political Donation Sites at Risk - Security Boulevard
Vulnerability Management
Fastly report reveals 91% of cyber attacks now target multiple organisations - SiliconANGLE
Why End of Life for Applications Is the Beginning of Life for Hackers (darkreading.com)
The Fundamentals of Vulnerability Management Explained | MSSP Alert
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Vulnerability prioritization is only the beginning - Help Net Security
Vulnerabilities
PoC Exploit Released for Windows 0-Day Downgrade Attack (cybersecuritynews.com)
Google fixes ninth Chrome zero-day exploited in attacks this year (bleepingcomputer.com)
If You Have an AMD CPU, You Must Install This Vital Security Update (makeuseof.com)
Microsoft shares workaround for Outlook crashing after opening (bleepingcomputer.com)
Kubernetes Vulnerability Exposes Clusters to Command Injection Attacks (cybersecuritynews.com)
Windows 0-Day Flaw Exploited by Lazarus to Gain Unauthorized Access (cybersecuritynews.com)
Serious flaws in Microsoft apps on macOS could let hackers spy on users | ITPro
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (thehackernews.com)
F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus - SecurityWeek
Symantec warns of new sophisticated backdoor exploiting patched PHP vulnerability - SiliconANGLE
AMD changes its mind, says it will patch more Ryzen chips against security flaw | TechRadar
Authentication bypass discovered in Microsoft Entra ID | Security Magazine
Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue - SecurityWeek
Security flaws in Microsoft's Health Bot put patient data at risk (computing.co.uk)
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (thehackernews.com)
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira - SecurityWeek
SolarWinds left hardcoded credentials in helpdesk product • The Register
Azure Kubernetes Services Vulnerability Exposed Sensitive Information - SecurityWeek
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks (bleepingcomputer.com)
GitHub Enterprise Server vulnerable to critical auth bypass flaw (bleepingcomputer.com)
Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 16 August 2024
Black Arrow Cyber Threat Intelligence Briefing 16 August 2024:
-Business and Tech Consolidation Opens Doors for Cyber Criminals
-High-Risk Cloud Exposures Surge Due to Rapid Service Growth
-69% of UK Small Businesses Currently Use Weak Passwords to Access Important Documents
-DDoS Attacks Surge 46% in First Half of 2024
-Six Ransomware Gangs Behind Over 50% of 2024 Attacks
-Why Attacks Against Critical National Infrastructure are Such a Threat and How Governments are Responding
-Social Engineering Attacks Continue to Evolve, Here’s How to Keep Up
-How Phishing Attacks Adapt Quickly to Capitalise on Current Events
-MacOS is Increasingly Targeted by Threat Actors
-There’s a New Ransomware Gang on the Block, and it’s Exploiting the Human Element
-What is Threat Intelligence?
-New Cyber Security Laws ‘Could Double’ Number of Reported Breaches
-Why MFA Alone is not Enough: The Crucial Role of Security Awareness Training
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business and Tech Consolidation Opens Doors for Cyber Criminals
A recent analysis highlights the rising cyber risks associated with increasing M&A activity, which grew by 36% in Q1 2024, and the consolidation of technology services where industries rely on single suppliers for critical platforms. These trends have significantly expanded potential points of failure for cyber attacks. High-profile incidents, such as the BlackCat group's attack on Change Healthcare, demonstrate the severe downstream impacts of breaches, including significant business interruptions and revenue loss. The report urges businesses to reassess their approach to cyber risk, emphasising the importance of resilience across interconnected systems and their extended supply chains.
High-Risk Cloud Exposures Surge Due to Rapid Service Growth
A recent report by Palo Alto Networks' Unit 42 reveals that organisations are introducing over 300 new digital services each month, contributing to nearly 32% of high or critical cloud exposures. The report highlights the complexity of the cyber security landscape, with 73% of high-risk exposures stemming from IT and networking infrastructure, business operations applications, and remote access services. Over 23% of these exposures involve critical IT and security infrastructure, leaving essential systems vulnerable to attacks. This rapid expansion of services makes it increasingly difficult for organisations to maintain a secure IT asset inventory, heightening the risk of exploitation.
69% of UK Small Businesses Currently Use Weak Passwords to Access Important Documents
A recent study by highlights concerning cyber security practices among UK small businesses, revealing that 69% use weak passwords for accessing crucial documents and internal platforms. The research, which analysed hundreds of small to mid-sized organisations, found that 47% lacked up-to-date anti-virus software, and 15% had no firewall protection against cyber attacks. Additionally, nearly half (48%) of these businesses do not offer cyber security awareness training to their employees, leaving them vulnerable to potential risks when using technology. These findings underscore significant gaps in basic cyber security measures within the sector.
DDoS Attacks Surge 46% in First Half of 2024
The first half of 2024 has seen a significant rise in Distributed Denial of Service (DDoS) attacks, with a 46% increase compared to the same period last year, reaching 445,000 attacks in Q2 2024.
A DDoS attack is like a digital traffic jam that blocks access to a website or online service. Imagine if thousands of people tried to enter a shop all at once, overwhelming the doors so no one could get in. In a DDoS attack, many computers, often controlled by hackers, flood a website with so much fake traffic that it can't handle the load. This makes the website slow down or even crash, preventing real users from accessing it. The goal of these attacks is usually to disrupt services, cause financial loss, or damage a company's reputation.
The increase in attack volumes and power underscores the growing threat posed by DDoS attacks, where even comparatively mild 300 Gbps attack can render an unprotected server unavailable, leading to reputational damage and loss of customers.
Six Ransomware Gangs Behind Over 50% of 2024 Attacks
A recent report by Palo Alto Networks' Unit 42 reveals that the ransomware landscape for 2024 is dominated by just six gangs. LockBit 3.0 remains the most active ransomware group in 2024, despite a law enforcement takedown six months ago. LockBit 3.0 accounted for 325 victims in the first half of 2024, leading the list of 53 ransomware groups tracked. The Play gang follows in second place with 155 victims, up from fourth place last year. Newcomer 8base ranked third with 119 victims, followed by Akira, BlackBasta and Medusa. Overall, Unit 42 observed a 4.3% year-over-year increase in ransomware activity, with 1,762 posts on leak sites in H1 2024.
Why Attacks Against Critical National Infrastructure are Such a Threat and How Governments are Responding
A recent analysis underscores the escalating threat posed by state-sponsored cyber attacks against critical national infrastructure (CNI), which includes vital systems such as energy grids, telecommunications networks, and water infrastructure. Notably, UK and US authorities have identified pro-Russian hacktivists targeting small-scale industrial control systems (ICS) in North America and Europe, leveraging techniques that pose physical risks to vulnerable and misconfigured operational technology (OT) environments. Historical precedents, such as the 2021 Colonial Pipeline ransomware attack and the breach of a Florida water treatment plant, illustrate the severe consequences of such incursions, which can cause physical damage and impact lives on a significant scale. The inherent vulnerabilities of outdated legacy systems, particularly in sectors like energy, exacerbate these risks, highlighting the urgent need for enhanced defence strategies and international cooperation.
Social Engineering Attacks Continue to Evolve, Here’s How to Keep Up
Social engineering attacks continue to evolve, having advanced significantly since the early days of phishing. Traditional tactics have been replaced by more sophisticated methods, such as Business Email Compromise (BEC), which surged by over 100% last year, causing losses exceeding $2.9 billion. Additionally, the rise of AI-generated attacks has further complicated detection, with 80% of organisations reporting exposure to such threats. Add to the list QR code phishing, vishing (voice phishing), baiting, pretexting, romance scams, deepfakes, etc., there is a clear need for adaptive security strategies focused on human behaviour, alongside more personalised and timely cyber security awareness training to combat these increasingly complex attacks.
How Phishing Attacks Adapt Quickly to Capitalise on Current Events
Egress reveals that 94% of businesses were impacted by phishing attacks in 2023, marking a 40% increase from the previous year. The surge in phishing is largely attributed to the rise of generative AI, which has simplified the creation of convincing malicious content, including deepfake videos. Additionally, Phishing as a Service (PhaaS) has enabled even unskilled attackers to launch sophisticated phishing campaigns with ease. These developments have made phishing more agile, allowing threat actors to quickly exploit unexpected events for high-impact attacks, significantly heightening the threat landscape.
MacOS is Increasingly Targeted by Threat Actors
A recent analysis highlights the growing interest of cyber threat actors in targeting macOS devices, challenging the long-held perception of Apple computers as more secure than Windows. While Windows holds a dominant market share of about 72%, with Apple at 15%, the increasing use of macOS in organisations, particularly in the SME sector, where Apple's share is 22.4%, has made it a more attractive target. From January 2023 to July 2024, over 40 threat actors were observed focusing on macOS, with 21 active in 2024 alone, indicating a rising trend in macOS-targeted malware. Despite Apple’s robust security measures, vulnerabilities continue to be exploited as macOS usage grows.
There’s a New Ransomware Gang on the Block, and it’s Exploiting the Human Element
A recent analysis by the Sophos X-Ops Incident Response team has identified a new ransomware threat actor, "Mad Liberator". The group only emerged in mid-July and is becoming known for targeting users of the remote-access application Anydesk. Unlike traditional ransomware gangs, Mad Liberator primarily focuses on data exfiltration, occasionally using encryption and double extortion tactics. The group has already targeted at least eight victims across various sectors and countries, pressuring them by posting stolen data on a leak site when ransoms are not paid. The methods used by Mad Liberator to gain initial access remain unclear, adding to the mystery surrounding this emerging threat.
What is Threat Intelligence?
A recent analysis highlights the growing importance of threat intelligence in cyber security strategies, as organisations face increasingly sophisticated and large-scale cyber threats. Threat intelligence involves collecting, analysing, and disseminating information on past, current, and potential future threats, drawing from sources like the dark web and industry-specific data. This intelligence enables proactive defence by allowing organisations to anticipate and mitigate attacks, optimise resources, and make informed decisions. It also supports compliance with cyber security regulations. The report categorises threat intelligence into strategic, tactical, operational, and technical types, each providing unique insights crucial for developing effective defence mechanisms.
New Cyber Security Laws ‘Could Double’ Number of Reported Breaches
A recent analysis by the Compliance Institute predicts a significant increase in reported data breaches and cyber crime incidents when the EU Digital Operational Resilience Act (DORA) takes effect in January. The new regulations will impose stricter standards on financial institutions across Europe, focusing on their ability to protect, detect, contain, and recover from ICT-related incidents. With DORA’s enhanced reporting obligations and detection requirements, the volume of reported incidents is expected to at least double, highlighting the urgent need for organisations to enhance their resilience and compliance efforts.
Why MFA Alone is not Enough: The Crucial Role of Security Awareness Training
A recent analysis highlights the increasing sophistication of phishing campaigns, with credential phishing accounting for 91% of active threats in 2023, a 67% rise from 2022. The effectiveness of these attacks is exacerbated in environments lacking Multi-Factor Authentication (MFA), as seen in the Change Healthcare breach, where stolen credentials compromised sensitive health data. While MFA and unique passwords are vital, they alone are insufficient; kits that enable attackers to bypass MFA, like Tycoon 2FA, illustrate that even these measures can be circumvented. The report underscores the importance of comprehensive cyber security strategies, including robust password management and ongoing security awareness training to empower employees as the first line of defence.
Sources:
https://www.helpnetsecurity.com/2024/08/16/technology-consolidation-risks/
https://www.infosecurity-magazine.com/news/high-risk-cloud-exposures-palo/
https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html
https://www.theregister.com/2024/08/13/lockbit_ransomware_stats/
https://thehackernews.com/2024/08/how-phishing-attacks-adapt-quickly-to.html
https://intel471.com/blog/macos-is-increasingly-targeted-by-threat-actors
https://cybernews.com/security/mad-liberator-new-ransomware-gang-exploiting-human-element/
https://securityboulevard.com/2024/08/what-is-threat-intelligence-3/
Governance, Risk and Compliance
What is Threat Intelligence? - Security Boulevard
Cyber Security's Real Challenge Is Communication, Not Just Technology (darkreading.com)
Effective Communication Is Key to Successful Cyber Security (govinfosecurity.com)
Flashpoint CEO: Cyber, physical security threats converging | TechTarget
How CIOs, CTOs, and CISOs view cyber risks differently - Help Net Security
AI governance and clear roadmap lacking across enterprise adoption | ZDNET
How leading CISOs build business-critical cyber cultures | CIO
It’s time to bring cyber into the boardroom - Anthony Quinn (scotsman.com)
How Outdated Security Measures Can Devastate Your Organisation - Security Boulevard
Threats
Ransomware, Extortion and Destructive Attacks
74% of ransomware victims were attacked multiple times in a year - Help Net Security
Six ransomware gangs behind over 50% of 2024 attacks • The Register
There’s a new ransomware gang on the block, and it’s exploiting the human element | Cybernews
STAC6451 Hackers Attacking Microsoft SQL Servers to Compromise Organisations (cybersecuritynews.com)
Infiltrating ransomware gangs on the dark web - CBS News
Ransomware Group BlackSuit Upgrades Capabilities | Silicon UK
FBI claims success in taking down another major ransomware group | TechRadar
‘Elite’ ransomware pioneer suspect charged after 9-year hunt • The Register
Black Basta-Linked Attackers Target Users with SystemBC Malware (thehackernews.com)
Unlearning the RaaS Model: How ransomware attacks are evolving | TechRadar
Ransomware Attacks on Industrial Firms Surged in Q2 2024 - SecurityWeek
Cyber crime group disables EDR software to launch RansomHub ransomware | SC Media (scmagazine.com)
July ransomware attacks slam public sector organisations | TechTarget
New Double-Extortion Ransomware Attacking Linux Machines (cybersecuritynews.com)
'Radar' ransomware group taken down by FBI - Tech Monitor
Suspected head of Reveton, Ransom Cartel RaaS groups arrested - Help Net Security
Ransomware Victims
Enzo Biochem penalized $4.5M over 2023 ransomware theft • The Register
The Washington Times newspaper claimed by Rhysida ransomware cartel | Cybernews
Swiss-based Schlatter says IT network affected by cyberattack - CNA (channelnewsasia.com)
Phishing & Email Based Attacks
Email Security Risk Remains Alarmingly High (informationsecuritybuzz.com)
Russia launching more sophisticated phishing attacks, new report finds | Russia | The Guardian
How Phishing Attacks Adapt Quickly to Capitalize on Current Events (thehackernews.com)
Why Business Email Compromise Scams Target B2B Relationships (pymnts.com)
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA - SecurityWeek
How to spot phishing in the age of AI - IT Security Guru
Russians team up with young, English-speaking hackers for cyberattacks | 60 Minutes - CBS News
Scammers dupe chemical company into wiring $60 million - Help Net Security
Email Breach Report 2024: Vulnerable Names And Providers Exposed (informationsecuritybuzz.com)
Social engineering attacks continue to evolve – here’s how to keep up | SC Media (scmagazine.com)
Russia FSB cyber snoops linked to massive phishing campaign • The Register
Phishing via file-sharing services jumps 350%, warns Abnormal Security (techmonitor.ai)
Google raps APT42 for high-profile spear-phishing attacks • The Register
There's more than 25 ways to bypass a Secure Web Gateway • The Register
Russian hacking campaign targets rights groups, media, former US ambassador | CyberScoop
Beware of Phishing Campaign that Impersonates Google Safety Centre (cybersecuritynews.com)
Apple Intelligence is “a boomer dad” that reportedly prioritizes phishing emails | Cybernews
BEC
Why Business Email Compromise Scams Target B2B Relationships (pymnts.com)
Scammers dupe chemical company into wiring $60 million - Help Net Security
Chemical company Orion loses $60 million in business email compromise scam (therecord.media)
Other Social Engineering
There’s a new ransomware gang on the block, and it’s exploiting the human element | Cybernews
A new extortion crew, Mad Liberator, emerges on the scene • The Register
USPS Text Scammers Duped His Wife, So He Hacked Their Operation | WIRED
Social engineering attacks continue to evolve – here’s how to keep up | SC Media (scmagazine.com)
Artificial Intelligence
How to spot phishing in the age of AI - IT Security Guru
Why a 'Swiss cheese' approach is needed to combat deepfakes [Q&A] (betanews.com)
Microsoft Copilot Flaws Could Lead to Targeted Cyber Attacks (petri.com)
Cyber Security: The Impact Of AI On Today’s Businesses - Minutehack
Rogue AI is the Future of Cyber Threats | Trend Micro (US)
AI governance and clear roadmap lacking across enterprise adoption | ZDNET
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Apple Intelligence is “a boomer dad” that reportedly prioritizes phishing emails | Cybernews
A world-first law in Europe is targeting artificial intelligence. Other countries can learn from it
Grok gets an impressive upgrade - and unchecked AI image generation apparently | ZDNET
74% of IT professionals worry AI tools will replace them - Help Net Security
Grammarly's new tool aims to detect AI-generated text. Here's how it works | ZDNET
2FA/MFA
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA - SecurityWeek
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
Malware
Flaw in AMD Chips Can Be Exploited to Plant Malware That Survives OS Reinstalls | PCMag
Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs (bleepingcomputer.com)
Black Basta-Linked Attackers Target Users with SystemBC Malware (thehackernews.com)
Malware Loaders Dominate Cyber Security Threats In 2024 (informationsecuritybuzz.com)
Mobile
How to Remove an Android Virus - Tech Advisor
Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App | WIRED
Denial of Service/DoS/DDOS
DDoS attack volume rises, peak power reaches 1.7 Tbps - Help Net Security
DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals (thehackernews.com)
Internet of Things – IoT
Are Brain-Computer Interfaces at Risk of Mass Cyberattacks? | HackerNoon
Your Gym Locker May Be Hackable | WIRED
How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards | WIRED
Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users (thehackernews.com)
Ecovacs home robots can be hacked to spy on their owners, researchers say | TechCrunch
Data Breaches/Leaks
One of the worst data breaches in history just got worse | Digital Trends
Cyber attacks 2024: The biggest attacks of the first half of 2024 - Security Boulevard
Trump Campaign Blames Iranian Hack on Docs Leaked to Media (databreachtoday.co.uk)
Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All | WIRED
Almost 50 PII categories impacted in data breach at East Valley Institute of Technology | Cybernews
Hackers leak 2.7 billion data records with Social Security numbers (bleepingcomputer.com)
Kakao Pay shared over 40M users' data with China’s Alipay • The Register
Organised Crime & Criminal Actors
Cyber criminal Duo Attracts FBI Notice by Spending Big & Living Large (darkreading.com)
Russian Sentenced To 40 Months For Selling Stolen Data On Dark Web (informationsecuritybuzz.com)
Cyber threat actors evolve tactics - CIR Magazine
Megaupload Founder Kim Dotcom Gets Extradition to US, Claims 'I'm Not Leaving' | PCMag
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
43% of Meta ads based on UK prime minister are crypto scams (protos.com)
Insurance
Cyber insurance costs ease, but for how much longer? - Raconteur
Evolving threat landscape influencing cyber insurance market | TechTarget
Federal Cyber Insurance Policy for Cataclysmic Cyber Events Imminent | MSSP Alert
Supply Chain and Third Parties
Delta And Frontier Airlines Want Tech Companies To Pay Up For Losses (forbes.com)
The role of employee awareness in preventing supply chain attacks | TechRadar
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Cloud/SaaS
Phishing via file-sharing services jumps 350%, warns Abnormal Security (techmonitor.ai)
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs (darkreading.com)
Major GitHub repos leak access tokens putting code and clouds at risk | CSO Online
Outages
Delta And Frontier Airlines Want Tech Companies To Pay Up For Losses (forbes.com)
Encryption
NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum
Linux and Open Source
18-year-old browser bug still allows access to internal networks – Computerworld
Zero trust: How the ‘Jia Tan’ hack complicated open-source software | CyberScoop
New Double-Extortion Ransomware Attacking Linux Machines (cybersecuritynews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
Social Media
Fake X content warnings on Ukraine war, earthquakes used as clickbait (bleepingcomputer.com)
43% of Meta ads based on UK prime minister are crypto scams (protos.com)
Labour MPs begin quitting X over ‘hate and disinformation’ | X | The Guardian
Grok gets an impressive upgrade - and unchecked AI image generation apparently | ZDNET
Malvertising
43% of Meta ads based on UK prime minister are crypto scams (protos.com)
Training, Education and Awareness
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
The role of employee awareness in preventing supply chain attacks | TechRadar
Regulations, Fines and Legislation
New cyber security laws ‘could double’ number of reported breaches – The Irish Times
UN Approves Cyber Crime Treaty Despite Major Tech, Privacy Concerns (darkreading.com)
How Can Organisations Navigate SEC's Cyber Materiality Disclosures? (darkreading.com)
How to implement NIS2, Christoph Werkmeister, Hanna Hoffmann, Julia Utzerath (freshfields.com)
Enzo Biochem penalized $4.5M over 2023 ransomware theft • The Register
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
A world-first law in Europe is targeting artificial intelligence. Other countries can learn from it
Cyber Security In Healthcare: Regulation, Incentives Patient Safety (informationsecuritybuzz.com)
Models, Frameworks and Standards
NIST Releases First 3 Finalized Post-Quantum Encryption Standards | NIST
How to implement NIS2, Christoph Werkmeister, Hanna Hoffmann, Julia Utzerath (freshfields.com)
How UK firms can get ready for the implementation of NIS2 | Computer Weekly
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Data Protection
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Careers, Working in Cyber and Information Security
It's Time to Promote Security Talent From Within (darkreading.com)
Calls for lighter visa restrictions mount as UK tech faces talent shortfall | ITPro
Law Enforcement Action and Take Downs
FBI claims success in taking down another major ransomware group | TechRadar
‘Elite’ ransomware pioneer suspect charged after 9-year hunt • The Register
Cyber Criminal Duo Attracts FBI Notice by Spending Big & Living Large (darkreading.com)
Russian Sentenced To 40 Months For Selling Stolen Data On Dark Web (informationsecuritybuzz.com)
'Radar' ransomware group taken down by FBI - Tech Monitor
Suspected head of Reveton, Ransom Cartel RaaS groups arrested - Help Net Security
Misinformation, Disinformation and Propaganda
Multiple Iran groups step up US election influence efforts • The Register
Microsoft Report Exposes Iranian Cyber Warfare Targeting U.S. Election (fdd.org)
Tackling Disinformation Online With The Use Of Proper Tools (informationsecuritybuzz.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Japan will launch DARPA-esque research institute for cyber warfare | Cybernews
Nation State Actors
Trump Leak Likely a Harbinger of More Interference to Come (databreachtoday.co.uk)
China
China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa (thehackernews.com)
APT41 Spinoff Expands Chinese Actor's Scope Beyond Asia (darkreading.com)
Chinese hacking groups target Russian government, IT firms (bleepingcomputer.com)
Expanded attacks by Earth Baku detailed | SC Media (scmagazine.com)
China-linked cyber-spies infect Russian govt, IT sector • The Register
Russia
Russia launching more sophisticated phishing attacks, new report finds | Russia | The Guardian
Russians team up with young, English-speaking hackers for cyberattacks | 60 Minutes - CBS News
Russian cyber spies stole data and emails from UK government systems (securityaffairs.com)
Chinese hacking groups target Russian government, IT firms (bleepingcomputer.com)
Russia FSB cyber snoops linked to massive phishing campaign • The Register
Russian hacking campaign targets rights groups, media, former US ambassador | CyberScoop
Russian-Linked Hackers Target Eastern European NGOs and Media (thehackernews.com)
How the Kaspersky ban affects you and how to protect your data | Proton
Russia blocks Signal for 'violating' anti-terrorism laws (bleepingcomputer.com)
Russian Sentenced To 40 Months For Selling Stolen Data On Dark Web (informationsecuritybuzz.com)
Iran
Multiple Iran groups step up US election influence efforts • The Register
Microsoft Report Exposes Iranian Cyber Warfare Targeting U.S. Election (fdd.org)
Trump campaign said senior staffer hacked by Iran-backed APT | SC Media (scmagazine.com)
Google raps APT42 for high-profile spear-phishing attacks • The Register
Iran increases phishing attempts on U.S., Israeli targets | CyberScoop
North Korea
Beyond espionage – how the Lazarus Group is reshaping cyber security threats (securitybrief.co.nz)
North Korea stole technical data about key ROK military spy planes: Ruling party | NK News
South Korea says DPRK hackers stole spy plane technical data (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Greece leaves spy services unchecked on Predator hacks – POLITICO
Tools and Controls
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA - SecurityWeek
What is Threat Intelligence? - Security Boulevard
The role of employee awareness in preventing supply chain attacks | TechRadar
The Importance Of APIs/API Security In Financial Services (informationsecuritybuzz.com)
35% of exposed API keys still active, posing major security risks - Help Net Security
EDR testing: How to validate EDR tools | TechTarget
Cyber crime group disables EDR software to launch RansomHub ransomware | SC Media (scmagazine.com)
Taming Identity Sprawl With A Least Privilege Approach (informationsecuritybuzz.com)
Effective Communication Is Key to Successful Cyber Security (govinfosecurity.com)
A deep dive into multi-stage attacks and the need for complete visibility | TechRadar
Three ways a cyber-resilient approach can keep your data safe | TechRadar
Flashpoint CEO: Cyber, physical security threats converging | TechTarget
The 5 Different Types of Firewalls Explained (techtarget.com)
Evolving threat landscape influencing cyber insurance market | TechTarget
There's more than 25 ways to bypass a Secure Web Gateway • The Register
AI In Cyber Security: Can We Trust It? | MSSP Alert
How to select an MDR security service | TechTarget
Student raised security concerns in Mobile Guardian MDM weeks before cyberattack | TechCrunch
Federal Cyber Insurance Policy for Cataclysmic Cyber Events Imminent | MSSP Alert
Cyber Security: The Impact Of AI On Today’s Businesses - Minutehack
Apple Intelligence is “a boomer dad” that reportedly prioritizes phishing emails | Cybernews
AI/ML's Role in Cyber Security: Balancing Innovation, Safety (inforisktoday.com)
Other News
We are gradually becoming inured to technological messes – The Irish Times
Aware of what tech debt costs them, CIOs still can’t make it an IT priority | CIO
Why attacks against critical national infrastructure (CNI) are such a threat | ITPro
Three ways a cyber-resilient approach can keep your data safe | TechRadar
Flashpoint CEO: Cyber, physical security threats converging | TechTarget
Britain moves to tamper down cyber security row | SC Media (scmagazine.com)
The impact of cyber crime on modern businesses in Europe - Emerging Europe (emerging-europe.com)
Global Aviation Cyber Risk Landscape 2024 (airtrafficmanagement.net)
Media and entertainment firms are being hit with more cyberattacks than ever | TechRadar
What the Delta-Crowdstrike lawsuit may mean for IT contracts | TechTarget
Delta vs. CrowdStrike: The duties vendors owe to customers - or do they? - Help Net Security
How the Kaspersky ban affects you and how to protect your data | Proton
Cyber Security In Healthcare: Regulation, Incentives Patient Safety (informationsecuritybuzz.com)
US considers breaking up Google after illegal monopoly ruling, reports say | Google | The Guardian
Vulnerability Management
Tackling Vulnerabilities & Errors Head-on for Proactive Security (darkreading.com)
Easterly: Cyber security is a software quality problem | CyberScoop
A Lesson From the CrowdStrike Incident (darkreading.com)
Zero trust: How the ‘Jia Tan’ hack complicated open-source software | CyberScoop
Lessons learned from CrowdStrike's automation errors | TechTarget
Vulnerabilities
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (bleepingcomputer.com)
Microsoft discloses Office zero-day, still working on a patch (bleepingcomputer.com)
Microsoft Office Apps Provide a New Path for Hackers (howtogeek.com)
0-Click Outlook Vulnerability Triggred RCE When Email is Opened (cybersecuritynews.com)
Fortinet, Zoom Patch Multiple Vulnerabilities - SecurityWeek
18-year-old browser bug still allows access to internal networks – Computerworld
Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share (thehackernews.com)
Open Source Firewall pfsense Vulnerable to Remote Code Execution Attacks (cybersecuritynews.com)
Microsoft Copilot Flaws Could Lead to Targeted Cyberattacks (petri.com)
Worried about the Windows BitLocker recovery bug? 6 things you need to know | ZDNET
Former Microsoft security architect showcases 15 different ways to break Copilot | Windows Central
Adobe Calls Attention to Massive Batch of Code Execution Flaws - SecurityWeek
Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities - SecurityWeek
SolarWinds addressed a critical RCE in all Web Help Desk versions (securityaffairs.com)
Attacks Leveraging Windows SmartScreen Bypass Flaw Deployed Since March | MSSP Alert
Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR - SecurityWeek
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability (thehackernews.com)
Ivanti warns of critical vTM auth bypass with public exploit (bleepingcomputer.com)
SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps - SecurityWeek
Post-Exploitation Technique After Hacking Ivanti, Fortigate VPN Servers (cybersecuritynews.com)
GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover (thehackernews.com)
Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 14 August 2024 – Microsoft, Adobe, Ivanti, SAP, Fortinet, Zoom, Intel and AMD Security Updates
Black Arrow Cyber Advisory 14 August 2024 – Microsoft, Adobe, Ivanti, SAP, Fortinet, Zoom, Intel and AMD Security Updates
Executive summary
Microsoft’s August Patch Tuesday provides updates to address 89 security issues across its product range, including six actively exploited zero-day vulnerabilities and three publicly disclosed zero-days. In addition to the Microsoft updates this week also saw Adobe fix 72 vulnerabilities across various products, Ivanti addressing a critical vulnerability in their Virtual Traffic Manager product and SAP releasing 25 patches for a variety of products, including 2 for critical vulnerabilities. Also, Fortinet released patches for a number of their different products, Zoom addressed 15 vulnerabilities across their product range, including two high-severity issues, and Intel and AMD patched 110 vulnerabilities between them.
Microsoft
Within the 89 addressed security issues, the actively exploited zero-day vulnerabilities include privilege elevations, memory corruption, web security feature bypass and remote code execution. All of which have been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog”. Also, among the updates provided by Microsoft were 8 critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution and information disclosure.
Adobe
This month, Adobe released fixes for 72 vulnerabilities, of which 35 were rated critical, across several of their products. The affected products and their respective vulnerabilities are as follows: Adobe Illustrator (1 critical), Adobe Dimension (3 critical), Adobe Photoshop (1 critical), InDesign (9 critical), Adobe Acrobat Reader (8 critical), Adobe Bridge (2 critical), Adobe Commerce (7 critical), Adobe InCopy (1 critical), Adobe Substance 3D Stager (1 critical), Adobe Substance 3D Sampler (1 critical), Adobe 3D Designer (1 critical). Adobe have specifically warned that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks. At current, Adobe is not aware of any of these vulnerabilities being actively exploited.
Fortinet
Fortinet have released patches for three vulnerabilities impacting FortiOS, FortiAnalyser, FortiManager, FortiProxy, FortiPAM and FortiSwitchManager. At current, Fortinet makes no mention of any of these vulnerabilities being actively exploited. Further details on the vulnerabilities and the patches can be found in the details below.
Ivanti
Ivanti have released a security update to address a critical vulnerability (CVE-2024-7593) in Virtual Traffic Manager (vTM) which could allow an unauthenticated attacker to bypass authentication of the admin panel and create admin users. The issue affects vTM versions 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, and 22.7R1, with fixes available in versions 22.2R1, 22.7R2, and 22.3R3, 22.5R2, and 22.6R2 (all available the week of August 19, 2024). Currently Ivanti is not aware of any of these vulnerabilities being actively exploited however there is a public proof of concept that has been released so it is advised to apply the patches as soon as possible.
SAP
This month, SAP has released 25 patches, which include 17 new releases and 8 updates from previous releases. 2 patches have been given the “hot news” priority in SAP, the highest severity. The vulnerabilities encompass a range of issues, including missing authentication checks, server-side request forgery (SSRF), XML injection and Prototype pollution.
Intel and AMD
Intel has published 43 new advisories covering roughly 70 vulnerabilities, including 9 high-severity issues affecting products like Intel NUC and Ethernet Controllers. Exploitation of these vulnerabilities can lead to privilege escalation, information disclosure, and denial of service. Meanwhile, AMD has released patches for 46 vulnerabilities across 8 advisories. Further information on the different vulnerabilities can be found below.
Zoom
This month, Zoom addressed 15 vulnerabilities across their product range, including two high-severity issues. CVE-2024-39825 affects Zoom Workplace apps and Rooms clients, allowing authenticated attackers to escalate privileges. CVE-2024-39818 impacts Zoom Workplace apps and Meeting SDKs, enabling authenticated users to access restricted information. Currently Zoom is not aware of any active exploitation but users are advised to update the affected applications.
What’s the risk to me or my business?
There are a large number of actively exploited vulnerabilities which could affect the confidentiality, integrity and availability of the systems. There is also a large quantity of critical and non-critical vulnerabilities that have been addressed in various vendor patches.
What can I do?
The updates should be applied as soon as possible for all the actively exploited vulnerabilities and all other vulnerabilities that have a critical severity rating. Each vulnerability should be internally assessed and patched following vulnerability management and software/firmware update practices, in line with the risk that the vulnerabilities pose to the underlying systems.
More information:
Microsoft
Further details on other specific updates within this Microsoft patch Tuesday can be found here:
Adobe
Further details of the vulnerabilities in Adobe Illustrator can be found here:
https://helpx.adobe.com/security/products/illustrator/apsb24-45.html
Further details of the vulnerabilities in Adobe Dimension can be found here:
https://helpx.adobe.com/security/products/dimension/apsb24-47.html
Further details of the vulnerabilities in Adobe Photoshop can be found here:
https://helpx.adobe.com/security/products/photoshop/apsb24-49.html
Further details of the vulnerabilities in Adobe InDesign can be found here:
https://helpx.adobe.com/security/products/indesign/apsb24-56.html
Further details of the vulnerabilities in Adobe Acrobat Reader can be found here:
https://helpx.adobe.com/security/products/acrobat/apsb24-57.html
Further details of the vulnerabilities in Adobe Bridge can be found here:
https://helpx.adobe.com/security/products/bridge/apsb24-59.html
Further details of the vulnerabilities in Adobe Commerce can be found here:
https://helpx.adobe.com/security/products/magento/apsb24-61.html
Further details of the vulnerabilities in Adobe InCopy can be found here:
https://helpx.adobe.com/security/products/incopy/apsb24-64.html
Further details of the vulnerabilities in Adobe Substance 3D Stager can be found here:
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-60.html
Further details of the vulnerabilities in Adobe Substance 3D Sampler can be found here:
https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-65.html
Further details of the vulnerabilities in Adobe Substance 3D Designer can be found here:
https://helpx.adobe.com/security/products/substance3d_designer/apsb24-67.html
Fortinet
https://www.fortiguard.com/psirt?page=1&date=&severity=&product=FortiExtender,FortiAP-U,FortiAP-W2,FortiAP-S,FortiOS-6K7K,FortiSwitchManager,FortiSandbox,FortiAP-C,FortiAnalyzer,FortiSwitch,FortiManager,FortiAP,FortiOS,FortiAnalyzer-BigData&component=&version= [ND1]
Ivanti
Further details of the vulnerabilities on Ivanti Virtual Traffic Manager can be found here:
SAP
Further details of the vulnerabilities addressed by SAP can be found here:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2024.html
Intel
https://www.intel.com/content/www/us/en/security-center/default.html
AMD
https://www.amd.com/en/resources/product-security.html
Zoom
Known Exploited Vulnerabilities Catalog:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 09 August 2024
Black Arrow Cyber Threat Intelligence Briefing 09 August 2024:
-UK Business Struggling to Prioritise Cyber Security Needs
-The C-Suite Conundrum: Are Senior Executives the Achilles’ Heel of Cyber Security?
-Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication
-Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cyber Criminals
-How the Theft of 40M UK Voter Register Records was Entirely Preventable
-18-Year-Old Security Flaw in Firefox and Chrome Exploited in Attacks
-99% of Global 2000 Companies Directly Connected to a Supply Chain Breach
-Email Attacks Skyrocket 293%
-Police Recover Over $40m Headed to BEC Scammers
-Russia's Priorities in Prisoner Swap Suggest Cyber Focus
-Point of Entry: Why Hackers Target Stolen Credentials for Initial Access
-FBI: BlackSuit Ransomware Behind Over $500 Million in Ransom Demands
-Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes
-Finance Should Pay Much More Attention to Undersea Cables Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Business Struggling to Prioritise Cyber Security Needs
UK businesses are increasingly struggling to meet cyber security demands due to insufficient technology, expertise, and funding. Over 80% of organisations report a significant cyber skills gap, with six in 10 CISOs citing underfunded security budgets. Insider threats, particularly those involving AI tools like ChatGPT, are identified as the biggest risk, yet nearly two-thirds of organisations lack the technology to combat these threats. While 85% have turned to automation to bolster defences, experts caution against overreliance on AI, stressing the need for skilled personnel. Simultaneously, 86% of cyber security professionals now rank unknown threats as their top concern, driving nearly 99% of organisations to plan outsourcing segments of their cyber risk management to third-party providers within the next two years. This trend underscores the importance of improved network visibility and the critical role of managed detection and response (MDR) services, which depend heavily on accurate data and human analysis.
The C-Suite Conundrum: Are Senior Executives the Achilles’ Heel of Cyber Security?
A recent analysis highlights the heightened risk facing C-suite executives, who are increasingly targeted by sophisticated spear phishing and whaling attacks due to their access to valuable corporate data and decision-making authority. CEOs are the primary targets, receiving 23% of phishing emails, followed closely by chief people officers (21%) and chief finance officers (19%). The human element remains a significant vulnerability, with 74% of breaches linked to human error, including misdirected emails. To mitigate these risks, organisations should provide tailored security training for executives and enhance their email security with integrated cloud solutions to prevent advanced threats and outbound data loss.
Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication
Ransomware attacks are escalating in 2024, with over 2,500 incidents recorded in the first half of the year, averaging more than 14 attacks daily. The rise in double extortion tactics is evident, with postings on leak sites increasing from 24 per month in early 2023 to 40 per month in 2024. Despite this growing sophistication, many organisations still neglect basic cyber hygiene, leaving vulnerabilities in RDP, VPNs, and the absence of multi-factor authentication as key entry points for attackers. A separate report by Sophos X-Ops highlights the increasing psychological tactics of ransomware gangs, who now aim to inflict emotional and reputational harm on victims. The Monti gang, for example, threatened to expose an employee's falsely accused browser history, while other groups have doxed (leaked personal information online) business owners, revealing personal and financial details. Ransomware operators also leverage media pressure and new regulations, threatening to report breaches to regulatory bodies if victims fail to comply. This shift underscores the intensified psychological warfare being waged by ransomware groups against targeted organisations.
Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cyber Criminals
A recent report highlights the increasing sophistication of cyber threats, with cyber crime-as-a-service models such as Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) lowering the barrier to entry for attackers. Notably, information-stealing malware accounted for 29% of early investigations, while phishing remains a significant concern, with 17.8 million phishing emails detected between December 2023 and July 2024. The report underscores the need for more proactive or anticipatory security measures as traditional reactive defences struggle to keep pace with evolving tactics, techniques, and procedures (TTPs) used by cyber criminals.
How the Theft of 40M UK Voter Register Records was Entirely Preventable
The UK’s Information Commissioner’s Office (ICO) has revealed that the massive data breach affecting 40 million UK voters was entirely preventable. The breach, which went undetected for over a year, was attributed to the Electoral Commission's failure to patch known vulnerabilities in its self-hosted Microsoft Exchange server. The ICO criticised the Commission for inadequate security measures, including poor password management, and noted that these basic lapses allowed hackers to steal voter information. Despite the severity of the breach, the ICO did not impose a fine, citing the absence of evidence that the stolen data was misused.
18-Year-Old Security Flaw in Firefox and Chrome Exploited in Attacks
A recently highlighted vulnerability, known as "0.0.0.0 Day", has persisted for 18 years and affects Linux and macOS devices, allowing malicious websites to bypass security in Chrome, Firefox, and Safari. This flaw enables attackers to interact with local network services, potentially changing settings or accessing protected information, and in some cases, executing remote code. Despite being reported in 2008, the vulnerability remains unresolved, with browsers acknowledging the issue and working towards a fix. The flaw exploits inconsistencies in browser security mechanisms like Cross-Origin Resource Sharing (CORS) and Private Network Access (PNA), making it a significant ongoing risk.
99% of Global 2000 Companies Directly Connected to a Supply Chain Breach
SecurityScorecard and The Cyentia Institute has revealed that 99% of Global 2000 companies are directly connected to vendors that have experienced recent breaches, underscoring the escalating risk of supply chain cyber attacks. These interconnected businesses face severe cyber risks, with supply chain incidents costing 17 times more to manage than first-party breaches. The report estimates that losses from Global 2000 breaches over 15 months ranged between $20 billion and $80 billion, with 90% of these companies acting as vendors to each other.
Email Attacks Skyrocket 293%
Acronis reveals a 293% surge in email attacks during the first half of 2024 compared to the same period in 2023, with ransomware detections also rising by 32% from Q4 2023 to Q1 2024. The report highlights that SMBs in government and healthcare are particularly vulnerable, with new ransomware groups accounting for 84 global attacks. The growing use of AI in cyber attacks, including social engineering and automation, is emphasised as a significant emerging threat. It is recommended that MSPs adopt a comprehensive security strategies, including advanced endpoint protection and security awareness training, to combat these evolving risks.
Police Recover Over $40m Headed to BEC Scammers
A Singaporean commodity firm narrowly avoided a significant loss after falling victim to a business email compromise (BEC) scam, transferring $42.3m to fraudsters in Timor Leste. Fortunately, the Singapore Police Force, utilising Interpol's Global Rapid Intervention of Payments (I-GRIP) mechanism, managed to recover $41m within ten days of the incident. This case underscores the effectiveness of rapid international cooperation in combating financial cyber crime. BEC scams continue to be a major threat, with the FBI reporting over $2.9bn lost to such attacks in 2023 alone.
Russia's Priorities in Prisoner Swap Suggest Cyber Focus
A recent prisoner exchange between the United States and Russia involved the release of eight convicted Russian nationals, including cyber criminals Vladislav Klyushin and Roman Seleznev, in return for 16 imprisoned Americans and Europeans. Klyushin, involved in a $93 million "hack-to-trade" scheme, and Seleznev, who ran a large-scale credit card fraud operation, highlight Russia's emphasis on cyber activities. Despite concerns about the implications of such exchanges, experts suggest that this historic swap, supported by five allied nations, is unlikely to alter how law enforcement approaches cyber crime prosecution.
Point of Entry: Why Hackers Target Stolen Credentials for Initial Access
ENISA, the European Union Agency for Cybersecurity, has highlighted the growing threat posed by stolen credentials, now the leading cause of data breaches, accounting for 24% of incidents. The Initial Access Broker (IAB) market has seen significant growth, with cyber criminals using malware such as Redline and Raccoon Stealer to harvest and sell credentials. Despite advancements in security measures, including multi-factor authentication (MFA), attackers continue to find ways to bypass defences. The report underscores the critical need for organisations to enforce strong password policies and continuously monitor for compromised credentials to mitigate this evolving threat.
FBI: BlackSuit Ransomware Behind Over $500 Million in Ransom Demands
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI has confirmed that the ransomware group previously known as Royal has rebranded as BlackSuit, demanding over $500 million in ransoms since its emergence. Active since September 2022, BlackSuit is believed to be the direct successor of the Conti syndicate, responsible for attacks on over 350 organisations and linked to major incidents like the CDK Global IT outage. Ransom demands typically range from $1 million to $10 million, with a peak demand of $60 million. The rebranding follows the deployment of a new encryptor, marking an evolution in the group's tactics and capabilities.
Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes
According to a recent survey conducted among nearly 1,000 IT and security professionals, it was found that 74% of respondents had experienced multiple ransomware attacks within the past year. Among those targeted, 78% ended up paying the ransom. Even more concerning is that out of those who paid, 72% did so on more than one occasion. Notably, 33% reported paying the ransom as many as four times or more. Despite these payments, 87% of attacks led to significant business disruption, including data loss, and 35% of victims did not receive functional decryption keys. Recovery was slow, with nearly half taking up to seven days to restore minimal IT functionality. This comes as another report highlights the rising threat, with security leaders facing an average of eight attacks per year, leading to nearly $2.5 million in ransom payments.
Finance Should Pay Much More Attention to Undersea Cables Risk
A recent analysis has highlighted the critical yet overlooked risk posed by undersea cables, which carry over 99% of global internet traffic, including $10 trillion in daily financial transactions. A new Rogucci report warns that while previous threats were mainly local sabotage, the current danger stems from state-sponsored hostile acts, with nations like Russia posing significant risks. The report calls for a $5 billion investment to triple the repair fleet and establish a centralised command to ensure network resilience. Without immediate action, the world’s financial infrastructure remains highly vulnerable to catastrophic disruption.
Sources:
https://www.scmagazine.com/news/most-companies-are-afraid-of-unseen-cybersecurity-threats
https://www.scmagazine.com/news/ransomware-gangs-leverage-new-tactics-to-pressure-victims-to-pay-up
https://www.helpnetsecurity.com/2024/08/09/maas-threat-landscape/
https://www.helpnetsecurity.com/2024/08/06/email-attacks-h1-2024/
https://www.infosecurity-magazine.com/news/police-recover-40m-bec-scammers/
https://www.darkreading.com/cyber-risk/russias-priorities-in-prisoner-swap-suggest-cyber-focus
https://www.insurancejournal.com/news/national/2024/08/08/787480.htm
https://www.ft.com/content/ab0e00b3-ce0a-4b44-a694-d398d67f64cc
Governance, Risk and Compliance
How C-Suite Leaders Can Set The Cyber Security Tone (forbes.com)
UK business struggling to prioritise cyber security needs, report reveals (holyrood.com)
CISOs don't feel supported at board level (betanews.com)
Boardroom Defence: Questions About Cyber Security (forbes.com)
Microsoft on CISOs: Thriving Community Means Stronger Security (darkreading.com)
Cyber resilience and the C-Suite navigating innovation and risk | SC Media (scmagazine.com)
Executives Beware: Understanding the Risk of Targeted Cyber Attacks - Security Boulevard
Effective Board Communication: Lessons from CrowdStrike for CISOs | UpGuard
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware groups develop more sophisticated business models (betanews.com)
Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses - Security Week
Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes (insurancejournal.com)
Ransomware gangs leverage new tactics to pressure victims to pay up | SC Media (scmagazine.com)
Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication - Security Week
Ransomware attacks expected to worsen this year | SC Media (scmagazine.com)
Organisations face an average of 8 ransomware incidents per year | Security Magazine
FBI: BlackSuit ransomware made over $500 million in ransom demands (bleepingcomputer.com)
Soft ransomware targets, a new top emerging risk for enterprises: Gartner - Reinsurance News
Intelligence bill would elevate ransomware to a terrorist threat | CyberScoop
Should Organisations Pay Ransom Demands? (securityaffairs.com)
Royal ransomware crew puts on a BlackSuit in rebrand | Computer Weekly
Proton ransomware continues evolution with latest Zola variant | SC Media (scmagazine.com)
Ransomware gang targets IT workers with new RAT masquerading as IP scanner - Help Net Security
Ransomware Victims
UK IT provider faces $7.7 million fine for 2022 ransomware breach (bleepingcomputer.com)
French Museums Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
Surge in Magniber ransomware attacks impact home users worldwide (bleepingcomputer.com)
Watchdog set to fine NHS IT firm after medical records hack - BBC News
Ransomware attack paralyzes milking robots — cow dead | CSO Online
Ransomware Attack Cost Keytronic Over $17 Million - Security Week
Phishing & Email Based Attacks
The Alarming Surge Of Lateral Phishing – Are We All Just Sitting Ducks? | HackerNoon
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
62 percent of phishing emails pass DMARC checks (betanews.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Email attacks skyrocket 293% - Help Net Security
Microsoft 365 anti-phishing alert "erased" with one simple trick - Help Net Security
Darktrace report: 56% of phishing emails bypass security checks (securitybrief.co.nz)
KnowBe4 Releases Q2 Quarterly Phishing Test Results | Business Wire
HR emails top phishing tactics in KnowBe4's Q2 2024 report (securitybrief.co.nz)
Phishers have figured out that everyone is afraid of HR | CSO Online
BEC
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
Email attacks skyrocket 293% - Help Net Security
Other Social Engineering
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Artificial Intelligence
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
Auditors fear AI will ‘turbocharge’ cyber crime - CIR Magazine
AI in the Enterprise: Cutting Through the Hype and Assessing Real Risks - Security Week
Do you know what's in the new AI Cyber Code? - Accountancy Age
ACCA welcomes gov’s proposed AI cyber security code | Accountancy Today
Tech giants reveal plans to combat AI-fueled election antics | CyberScoop
Security industry braces for Democracy’s biggest test yet | SC Media (scmagazine.com)
Disinformation may 'go nuclear' rather than 'go viral,' researchers say | TechCrunch
Securing against GenAI weaponization - Help Net Security
AI-obsessed company leaders can't ignore cyber security, says Palo Alto's CEO | Fortune
UK cyber spies plan AI lab to counter hostile state threats (cryptopolitan.com)
The dangers of voice deepfakes in the November election | TechTarget
AI PCs bring new security protections and risks. Here's what users need to know | ZDNET
What Does the EU AI Act Mean for Cyber Security? - Silicon UK Expert Advice
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
2FA/MFA
Implement MFA or Risk Non-Compliance With GDPR - Security Week
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
Malware
Hackers breach ISP to poison software updates with malware (bleepingcomputer.com)
Google Ads used to spread Mac malware disguised as 'Loom' (appleinsider.com)
Malware goes undetected by hiding malicious code in uncommon MS Access format - VMRay
Sneaky SnakeKeylogger slithers into Windows email inboxes • The Register
North Korean hackers exploit VPN update flaw to install malware (bleepingcomputer.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Chameleon Banking Trojan Makes a Comeback Cloaked as CRM App (darkreading.com)
New CMoon USB worm targets Russians in data theft attacks (bleepingcomputer.com)
Bad apps bypass Windows alerts for six years using LNK files • The Register
Ransomware gang targets IT workers with new RAT masquerading as IP scanner - Help Net Security
Mobile
Cyber Security is Not Complete Without EDR for Mobile | MSSP Alert
New LianSpy malware hides by blocking Android security feature (bleepingcomputer.com)
Extensive capabilities of new BlankBot Android trojan detailed | SC Media (scmagazine.com)
Google Patches New Android Kernel Vulnerability Exploited in the Wild (thehackernews.com)
Flaw in 5G phones exposes millions of users to spying (newsbytesapp.com)
Denial of Service/DoS/DDOS
Gaming Industry Faces 94% Surge in DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft Azure Attack Shows Persistence of Blunt Hacking Tool (claimsjournal.com)
How to recover from a DDoS attack – and what they can teach businesses | ITPro
Port of Tyne website hit by cyber attack - BBC News
Internet of Things – IoT
20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers (darkreading.com)
As use of IoT devices grows, so do the associated security risks | ZDNET
Next-Gen Vehicle Technologies Poses Challenges For Cyber Security Pros (informationsecuritybuzz.com)
With Most Modern Cars Locked Down, Hackers Turn to EV Chargers (pcmag.com)
Data Breaches/Leaks
How the theft of 40M UK voter register records was entirely preventable | TechCrunch
Personal Data of 3 Billion People Stolen in Hack, Suit Says (bloomberglaw.com)
Florida firm sued over theft of 2.9B personal records • The Register
ADT confirms data breach after customer info leaked on hacking forum (bleepingcomputer.com)
Tech Contractor Exposes Data Of 4.6 Million US Voters (informationsecuritybuzz.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Billion-dollar bust as cops op shutters Cryptonator wallet • The Register
Airbnb host adds ‘no crypto mining’ rule after tenant installs 10 rigs
How blockchain can support third-party risk management | TechTarget
Insider Risk and Insider Threats
Suspicious Minds: Insider Threats in The SaaS World (thehackernews.com)
Stopping cyber attackers from targeting the weakest links in security | ITPro
Insurance
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
Supply Chain and Third Parties
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
99% of Global 2000 Companies Directly Connected to a Supply Chain Breach | Business Wire
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
CrowdStrike: Delta Rejected Our Help in Wake of Windows Crash (pcmag.com)
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Lessons unlearned -- the cyber security industry is stuck in the past (betanews.com)
Tech Contractor Exposes Data Of 4.6 Million US Voters (informationsecuritybuzz.com)
Sports venues must vet their vendors to maintain security - Help Net Security
Cloud/SaaS
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins (darkreading.com)
Suspicious Minds: Insider Threats in The SaaS World (thehackernews.com)
Inherent disadvantage: Why attackers have the upper hand in the cloud | SC Media (scmagazine.com)
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds - Security Week
Outages
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Delta: CrowdStrike’s offer for help too little, too late • The Register
Lessons unlearned -- the cyber security industry is stuck in the past (betanews.com)
Encryption
The looming threat of Q-day and how CFOs should prepare | Fortune
Preparing for the Future of Post-Quantum Cryptography (darkreading.com)
US nears milestone in race to prevent quantum hacking (ft.com)
Linux and Open Source
Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com)
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Point of entry: Why hackers target stolen credentials for initial access (bleepingcomputer.com)
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds - Security Week
Social Media
US sued TikTok and ByteDance for violating children’s privacy laws - Security Affairs
Many dating apps a matchmaker for cyber criminals, study finds | Premium | Compliance Week
Online platforms told they risk stirring up hate and violence - BBC News
Malvertising
Google Ads used to spread Mac malware disguised as 'Loom' (appleinsider.com)
You’re telling me that ad was fake? Malvertising is sneakier than ever (securitybrief.co.nz)
Training, Education and Awareness
Stopping cyber attackers from targeting the weakest links in security | ITPro
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
Regulations, Fines and Legislation
UK IT provider faces $7.7 million fine for 2022 ransomware breach (bleepingcomputer.com)
US sued TikTok and ByteDance for violating children’s privacy laws - Security Affairs
Implement MFA or Risk Non-Compliance With GDPR - Security Week
Florida firm sued over theft of 2.9B personal records • The Register
Watchdog set to fine NHS IT firm after medical records hack - BBC News
Do you know what's in the new AI Cyber Code? - Accountancy Age
ACCA welcomes gov’s proposed AI cyber security code | Accountancy Today
SEC ends probe into MOVEit attacks impacting 95 million people (bleepingcomputer.com)
Intelligence bill would elevate ransomware to a terrorist threat | CyberScoop
Unraveling the ‘Materiality’ Mystery of SEC Compliance (informationweek.com)
NIS2 Directive in the EU: An imminent deadline, insufficient preparation - IT Security Guru
What Does the EU AI Act Mean for Cyber Security? - Silicon UK Expert Advice
Cyber Security and Resilience Bill good news for business and insurers (emergingrisks.co.uk)
Models, Frameworks and Standards
Download: CIS Critical Security Controls v8.1 - Help Net Security
NIS2 Directive in the EU: An imminent deadline, insufficient preparation - IT Security Guru
Backup and Recovery
What's the best way to protect against HDD failure? | TechTarget
Careers, Working in Cyber and Information Security
How to start your cyber security career: Expert tips and guidance - Help Net Security
What cyber security pros can learn from first responders (securityintelligence.com)
Law Enforcement Action and Take Downs
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Billion-dollar bust as cops op shutters Cryptonator wallet • The Register
Nashville man arrested for aiding North Korean remote IT worker fraud | CyberScoop
US dismantles laptop farm used by undercover North Korean IT workers (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Tech giants reveal plans to combat AI-fueled election antics | CyberScoop
Security industry braces for Democracy’s biggest test yet | SC Media (scmagazine.com)
Disinformation may 'go nuclear' rather than 'go viral,' researchers say | TechCrunch
The dangers of voice deepfakes in the November election | TechTarget
Microsoft: Iran makes late play to meddle in US elections | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK cyber spies plan AI lab to counter hostile state threats (cryptopolitan.com)
How Africa became the testing ground for cyber warfare | ITPro
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Nation State Actors
China
How the theft of 40M UK voter register records was entirely preventable | TechCrunch
Easterly: Potential Chinese cyber attack could unfold like CrowdStrike error | CyberScoop
Hackers breach ISP to poison software updates with malware (bleepingcomputer.com)
Chinese cyber attack sparks alert over six year old MS vuln | Computer Weekly
Fears of war with China grow but Labour is intent on a relationship with Beijing (inews.co.uk)
China's APT41 Targets Taiwan Research Institute for Cyber Espionage (darkreading.com)
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Russia
Russia's Priorities in Prisoner Swap Suggest Cyber Focus (darkreading.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
New CMoon USB worm targets Russians in data theft attacks (bleepingcomputer.com)
Iran
Microsoft: Iran makes late play to meddle in US elections | CyberScoop
Israeli hacktivist group claims it took down Iran's internet • The Register
North Korea
North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry (thehackernews.com)
North Korean hackers exploit VPN update flaw to install malware (bleepingcomputer.com)
Nashville man arrested for aiding North Korean remote IT worker fraud | CyberScoop
US dismantles laptop farm used by undercover North Korean IT workers (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Israeli hacktivist group claims it took down Iran's internet • The Register
Tools and Controls
62 percent of phishing emails pass DMARC checks (betanews.com)
Cyber Security is Not Complete Without EDR for Mobile | MSSP Alert
Security teams failing to manage Apple devices effectively (betanews.com)
Why every modern SOC needs a dedicated Vulnerability Operations Center (VOC) | TechRadar
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
AI in the Enterprise: Cutting Through the Hype and Assessing Real Risks - Security Week
The Potential Pitfalls Of Cyber Security Platformisation (forbes.com)
Securing from Active Directory Attacks - Security Boulevard
Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released - Help Net Security
The API Security Crisis: Why Your Company Could Be Next (darkreading.com)
How to recover from a DDoS attack – and what they can teach businesses | ITPro
12 types of endpoint security | TechTarget
Building an Effective Strategy to Manage AI Risks (darkreading.com)
Microsoft 365 anti-phishing alert "erased" with one simple trick - Help Net Security
After the Dust Settles: Post-Incident Actions - Security Week
Cyber Security and Resilience Bill good news for business and insurers (emergingrisks.co.uk)
Stopping cyber attackers from targeting the weakest links in security | ITPro
How Situational Awareness Enhances the Security of Your Facility - Security Boulevard
Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year - Security Week
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
AI PCs bring new security protections and risks. Here's what users need to know | ZDNET
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Where internal audit teams are spending most of their time - Help Net Security
Effective Board Communication: Lessons from CrowdStrike for CISOs | UpGuard
Other News
Most companies are afraid of unseen cyber security threats | SC Media (scmagazine.com)
Finance should pay much more attention to undersea cables risk (ft.com)
Mobile device management vendor Mobile Guardian attacked • The Register
Every Microsoft employee is now being judged on their security work - The Verge
How Cyber Criminals Are Weaponizing Sound Waves | HackerNoon
Report: Myths about tech still plaguing the IT world • The Register
UK under threat from exposed industrial systems – Censys (datacentrenews.uk)
How I got ‘hacked’ and what that says about the banking system (ft.com)
Attackers Use Multiple Techniques to Bypass Reputation-Based Security (darkreading.com)
Is the US Federal Government Increasing Cyber Risk Through Monoculture? (darkreading.com)
Over 40,000 Internet-Exposed ICS Devices Found in US: Censys - Security Week
Vulnerability Management
CVEs Surge 30% in 2024, Only 0.91% Weaponized - Infosecurity Magazine (infosecurity-magazine.com)
Why every modern SOC needs a dedicated Vulnerability Operations Center (VOC) | TechRadar
Best Practices for Effective Vulnerability Management | MSSP Alert
Monitoring KEV List for Changes Can Guide Security Teams (darkreading.com)
Vulnerabilities
Windows Update downgrade attack "unpatches" fully-updated systems (bleepingcomputer.com)
18-year-old security flaw in Firefox and Chrome exploited in attacks (bleepingcomputer.com)
Bitdefender Vulnerability Let Attackers Trigger SSRF Attacks (cybersecuritynews.com)
Microsoft Edge Vulnerability Let Attackers Execute Arbitrary Code (cybersecuritynews.com)
12 wide-impact firmware vulnerabilities and threats | CSO Online
Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com)
Google Patches New Android Kernel Vulnerability Exploited in the Wild (thehackernews.com)
20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers (darkreading.com)
Windows Smart App Control has a worrying security bug that hackers exploited for years | TechRadar
Microsoft Update Warning—70% Of All Windows Users Now At Risk (forbes.com)
Chrome, Firefox Updates Patch Serious Vulnerabilities - Security Week
Apple to Address '0.0.0.0' Security Vulnerability in Safari 18 - MacRumors
Critical Progress WhatsUp RCE flaw now under active exploitation (bleepingcomputer.com)
Windows Update Flaws Allow Undetectable Downgrade Attacks - Security Week
Hackers Exploited An 18-Year-Old Loophole In Safari, Chrome And Firefox (forbes.com)
Download iOS 17.6.1 Now to Ensure This Feature Is Working Correctly - CNET
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins (darkreading.com)
GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU - Security Week
Chinese cyber attack sparks alert over six year old MS vuln | Computer Weekly
BIND Vulnerabilities: Urgent Security Updates Released - Security Boulevard
AWS Patches Vulnerabilities Potentially Allowing Account Takeovers - Security Week
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (thehackernews.com)
Cisco warns of critical RCE zero-days in end of life IP phones (bleepingcomputer.com)
Exploit released for Cisco SSM bug allowing admin password changes (bleepingcomputer.com)
CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature (thehackernews.com)
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
Flaw in 5G phones exposes millions of users to spying (newsbytesapp.com)
Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year - Security Week
1Password vulnerability lets attackers steal Vault items • The Register
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
Microsoft: Exchange 2016 reaches extended end of support in October (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 08 August 2024 – Critical WhatsUp Gold RCE Vulnerability
Black Arrow Cyber Advisory 08 August 2024 – Critical WhatsUp Gold RCE Vulnerability
Executive summary
Progress Software has released patches for WhatsUp Gold, a network monitoring application. The patches fix three critical vulnerabilities including one which is seeing active exploitation attempts. The actively exploited critical vulnerability (CVE-2024-4885) allows an unauthenticated malicious attacker to perform remote code execution with elevated privileges. The other two critical vulnerabilities (CVE-2024-4883 and CVE-2024-4884) allow an unauthenticated attacker to perform remote code execution with elevated privileges.
What’s the risk to me or my business?
The vulnerability CVE-2024-4885 allows unauthenticated remote code execution, enabling attackers to execute arbitrary commands with elevated privileges (service account). Exploitation of this flaw can lead to severe consequences, including unauthorised access to sensitive data, disruption of network monitoring services and potential lateral movement within the network.
Increased risk of further exploitation through other vulnerabilities
Active exploitation attempts have been observed since August 1, 2024, highlighting the urgency for businesses to address this vulnerability. Failure to mitigate this risk could result in significant financial and reputational damage.
What can I do?
Security researchers have uncovered active exploitation attempts of CVE-2024-4885 in the wild, dating back to the 1st of August. Given the severity of this vulnerability, which impacts all versions released prior to 2023.1.3, immediate action is advised. Black Arrow strongly recommends the prompt application of the available patches to mitigate the risk.
Technical Summary
CVE-2024-4885 – If successfully exploited this vulnerability, in the WhatsUp.ExportUtilities.Export.GetFileWithoutZip function, allows an unauthenticated attacker to execute of commands as a service account through NmApi.exe.
CVE-2024-4884 - If successfully exploited, this vulnerability allows an unauthenticated attacker to execute commands with iisapppool\nmconsole privileges. The vulnerability specifically exists in Apm.UI.Areas.APM.Controllers.CommunityController.
CVE-2024-4883 - If successfully exploited, this vulnerability allows an unauthenticated attacker to execute commands with iisapppool\nmconsole privileges. The vulnerability specifically exists in Apm.UI.Areas.APM.Controllers.CommunityController.
Further information on WhatsUp Gold can be found here:
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 02 August 2024
Black Arrow Cyber Threat Intelligence Briefing 02 August 2024:
-UK IT Leaders Feeling Less Secure Despite Cyber Security Investments
-Average Data Breach Cost Jumps to $4.88 Million, Collateral Damage Increased
-Cyber Attacks Are Inevitable, Stop Preparing for If One Happens and Start Preparing for When One Will
-How AI is Shaping Fraud as BEC Attacks Surge 20% Annually Thanks to AI Tooling
-Organisations Fail to Log 44% of Cyber Attacks. Just One in 10 Attacks Flagged by Security Tools, 40% of Environments are Vulnerable to Full Takeover
-One in Five Employees Have No Cyber Security Training
-Ferrari Exec Foils Deepfake Attempt by Asking the Scammer a Question Only CEO Benedetto Vigna Could Answer
-Half of Businesses Report an Increase in State-Sponsored Cyber Threats Amid Rising Geopolitical Tension
-New Android Malware Wipes your Device After Draining Bank Accounts
-Report Reveals how Cyber Attacks Target Organisations Depending on Size
-An 18% Increase in Ransomware Attacks Includes $75M Payment
-UK ‘Desperately Exposed’ to Cyber Threats - Is It Time for the UK to Refresh Its Cyber Strategy?
-People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK IT Leaders Feeling Less Secure Despite Cyber Security Investments
A recent report indicates that despite increased investment in cyber security, over 87% of UK IT leaders feel less secure than a year ago. In a survey of 150 decision-makers, 90% noted a rise in the risk and severity of cyber attacks, with 61% finding the attack surface uncontrollable. Concerns include ransomware, lack of visibility, identity misuse, misconfiguration, and emerging technologies like Generative AI. Despite 97% increasing their cyber security budgets, 61% doubt its sufficiency, and 71% believe complete security is unattainable. Additionally, 53% have adopted some Zero Trust controls, but face challenges in comprehensive implementation due to costs and resource limitations.
Average Data Breach Cost Jumps to $4.88 Million, Collateral Damage Increased
IBM's annual Cost of a Data Breach Report for 2024 reveals the global average cost of a data breach has reached $4.88 million, marking a 10% increase from the previous year. A significant 70% of breached organisations reported severe disruption, with recovery taking over 100 days for most. AI and automation in security can reduce breach costs by $2.2 million, with organisations using these technologies detecting incidents 98 days faster. The report notes that 40% of breaches involved data stored across multiple environments, costing over $5 million on average. Staffing shortages also led to higher breach costs, averaging $5.74 million for those with severe shortages.
Cyber Attacks Are Inevitable, Stop Preparing for If One Happens and Start Preparing for When One Will
Cyber resilience is crucial for businesses, going far beyond the traditional approach to cyber security measures. In Q1 2024, organisations faced an average of 1,308 cyber attacks per week, marking a 28% increase from the previous quarter. Cyber crime losses hit $12.8 billion in 2023 and are projected to reach $23.84 trillion by 2027. A robust incident response plan and regular security audits are key to help mitigate long-term costs and ensure business continuity. Training employees and engaging third-party experts are also recommended to fortify defences against sophisticated cyber threats. Embracing cyber resilience is not merely a trend but a vital strategy for maintaining operational integrity in the digital landscape.
How AI is Shaping Fraud as BEC Attacks Surge 20% Annually Thanks to AI Tooling
A recent study by Vipre Security Group reveals a significant rise in business email compromise (BEC) attacks, driven by AI tools generating scam messages. The Email Threat Trends Report: Q2 2024, based on 1.8 billion processed emails, detected 226 million spam messages and nearly 17 million malicious URLs. Almost half (49%) of blocked spam emails were BEC attacks, with a 20% increase in BEC incidents compared to Q2 2023, and 40% of these attacks were AI-generated. Additionally, the report highlighted a doubling of evasive malicious attachments and a 74% rise in malicious URLs, with phishing being a dominant threat as 86% of malspam emails used malicious links.
Organisations Fail to Log 44% of Cyber Attacks. Just One in 10 Attacks Flagged by Security Tools, 40% of Environments are Vulnerable to Full Takeover
A recent study by Picus Security highlights significant gaps in cyber defence, revealing that only 12% of simulated cyber attacks triggered an alert and just 56% were logged by detection tools. Organisations manage to prevent 70% of attacks on average, but 40% of tested environments had vulnerabilities allowing attackers to gain domain admin privileges. Despite their reputation macOS endpoints were found to be particularly vulnerable, preventing just 23% of simulated attacks compared to 62% for Windows and 65% for Linux. Furthermore, only 9% of data exfiltration techniques were thwarted, with BlackByte ransomware being notably difficult to defend against, stopped by just 17% of organisations. These findings underscore the need for improved threat exposure management and the adoption of an "assume breach" mindset to enhance detection and response capabilities.
One in Five Employees Have No Cyber Security Training
A recent report by reveals significant gaps in workplace cyber security training among UK employees. The survey found that 18% of employees have never received any cyber security training, with 83% lacking training on deepfakes and AI, 60% on secure remote working, and 51% on avoiding phishing scams. Additionally, 48% have never been trained on creating strong passwords. Despite nearly three-quarters claiming to follow cyber security advice, 29% admit they forget to adhere to practices, and 22% find the advice too complicated. Furthermore, 14% do not consider it their responsibility to secure work systems. Organisations need to provide clear, relevant training, integrating it into daily roles and workflows to mitigate cyber risks effectively.
Ferrari Exec Foils Deepfake Attempt by Asking the Scammer a Question Only CEO Benedetto Vigna Could Answer
A Ferrari NV executive was recently targeted as part of a deepfake scam, where a fraudster impersonated CEO Benedetto Vigna in a convincing live phone call. The executive’s suspicion was aroused by mechanical intonations, leading to the scam's exposure when the impersonator failed to answer a personal question. Such incidents are on the rise, with AI tools increasingly used for voice cloning. In a similar case, an unnamed multinational lost $26 million to a deepfake scam. Experts warn that these AI-based tools will become increasingly accurate, necessitating robust training and vigilance for executives.
Half of Businesses Report an Increase in State-Sponsored Cyber Threats Amid Rising Geopolitical Tension
A recent report by Absolute Security reveals a significant rise in state-sponsored cyber threats, amid escalating geopolitical tensions, with 47% of businesses noting increased attacks over the past year. The UK faced a Chinese-backed cyber attack exposing the personal information of 270,000 Defence Ministry personnel, servicemen and veterans. The report, surveying 250 UK CISOs, reveals that 69% fear the financial impact of ransomware could cripple their organisation, with 62% worried about job security following a major attack. Ransomware remains the top concern, with four out of five CISOs identifying it as their most significant cyber threat.
New Android Malware Wipes your Device After Draining Bank Accounts
A recent report reveals a new Android malware, BingoMod, which can wipe devices after stealing up to €15,000 per transaction from victims' bank accounts. Disguised as legitimate security apps, BingoMod is distributed through smishing (SMS based phishing) campaigns and exploits Android's Accessibility Services for extensive control. It uses on-device fraud techniques to bypass standard anti-fraud systems by initiating transactions directly from the victim's device. The malware includes features like remote command execution and screen-casting, and can disable security apps and goes on to wipe external storage. Currently in early development, BingoMod employs advanced evasion mechanisms, complicating detection efforts.
Report Reveals how Cyber Attacks Target Organisations Depending on Size
A recent report by Barracuda highlights distinct differences in email attack types based on company size. Large organisations with over 2,000 employees face a higher risk of lateral phishing (a kind of cyber attack where the phishing email purportedly comes from a corporate email address), accounting for 42% of targeted attacks, compared to just 2% for companies with up to 100 employees. Smaller companies, however, are predominantly targeted by external phishing, which comprises 71% of email threats against them. Additionally, smaller firms experience three times more extortion attacks than larger ones. The report emphasises the need for regular security awareness training and multi-layered defences to mitigate these threats, with smaller businesses potentially benefiting from managed service providers.
An 18% Increase in Ransomware Attacks Includes $75M Payment
A recent report reveals an 18% increase in ransomware attacks, with a record $75 million payment made to the Dark Angels group. The US experienced a 93% year-over-year rise, followed by Italy at 78% and Mexico at 58%. Despite law enforcement efforts, ransomware syndicates like Lockbit 2.0 reconstitute operations using standby IT infrastructure. Similarly, a report by Cisco Talos Incident Response reveals that ransomware and business email compromise (BEC) attacks now constitute 60% of cyber engagements. Ransomware alone accounted for nearly 30% of these incidents, marking a 22% increase from the previous quarter. Although BEC engagements have slightly decreased, they remain a significant threat for the second consecutive quarter. Additionally, 80% of ransomware victims lacked proper multi-factor authentication (MFA) on critical systems, with misconfigured systems contributing to a 46% increase in vulnerabilities.
UK ‘Desperately Exposed’ to Cyber Threats - Is It Time for the UK to Refresh Its Cyber Strategy?
A recent warning from the UK Science Secretary highlights Britain's dire vulnerability to cyber and other potentially catastrophic threats such as another pandemic, attributing this exposure to severe public spending cuts under the previous government. Peter Kyle, appointed Science Secretary three weeks ago, criticised the lack of action on rising cyber security risks and inadequate preparedness for cyber and other threats, exacerbated by internal conflicts within the Tory ranks. He emphasised that "national resilience suffered terribly, catastrophically," leaving the NHS and other services weakened and the country ill-prepared for future threats. This comes as a report by the Chartered Institute for IT (BCS) has listed a series of recommendations after the last month saw more concerns about Russian cyber attacks on the UK linked to misinformation about the Southport attack and a major outage taking down aeroplanes, trains, hospitals, broadcasters and scores of companies.
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
A recent report by Keeper Security, Fortifying Cyber Resilience: Insights Into Global Cybersecurity Practices, highlights concerning trends in password management. Despite 85% of respondents believing their passwords are secure, over half admit to sharing them, and 2 in 5 reuse passwords. The survey of over 6,000 individuals globally found that 62% are overwhelmed by managing multiple passwords, with 24% writing them down and 19% storing them in browsers or phone apps. Notably, 34% share passwords for streaming sites. Organisations and employees should consider the need for adopting password managers, creating strong, unique passwords, and enabling Multi-Factor Authentication (MFA) to help mitigate cyber risks. A recent study highlights the alarming speed at which modern systems can crack passwords. An eight-character password of same-case English letters and digits can be guessed in just 17 seconds. The study found that 59% of passwords can be cracked in under an hour, revealing a significant vulnerability.
Sources:
https://www.helpnetsecurity.com/2024/07/30/ibm-cost-data-breach-report-2024/
https://www.infosecurity-magazine.com/news/bec-attacks-surge-20-annually-ai/
https://informationsecuritybuzz.com/bec-emails-are-now-ai-generated/
https://www.infosecurity-magazine.com/news/one-10-attacks-detected-security/
https://www.helpnetsecurity.com/2024/08/02/threat-exposure-management/
https://pcr-online.biz/2024/07/26/report-exposes-lack-of-cybersecurity-training-in-uk-workplaces/
https://www.hrmagazine.co.uk/content/news/one-in-five-employees-have-no-cybersecurity-training
https://www.computerweekly.com/opinion/Is-it-time-to-refresh-the-UKs-cyber-strategy
Governance, Risk and Compliance
UK IT leaders feeling less secure despite cybersecurity investments (securitybrief.co.nz)
SMEs spending thousands on outsourced cyber security costs | Insurance Times
What CISOs need to keep CEOs (and themselves) out of jail - Help Net Security
Average data breach cost jumps to $4.88 million, collateral damage increased - Help Net Security
Cyber Threat Worries Hit HR | The Global Recruiter
Recent Incidents Have CISOs — and Everyone Else — Talking (recordedfuture.com)
The Cybersecurity Leadership Crisis Dooming America’s Companies (forbes.com)
Cyber warning amid regulatory countdown (emergingrisks.co.uk)
Why CISOs face greater personal liability - Help Net Security
Report exposes lack of Cybersecurity training in UK workplaces – PCR (pcr-online.biz)
Executive Cybersecurity Accountability: A Rising Trend? - Security Boulevard
The three cybersecurity blind spots affecting today’s CISOs | TechRadar
Is it time to refresh the UK's cyber strategy? | Computer Weekly
Emerging Issues Shaping The Future Of Cyber GRC (realbusiness.co.uk)
Addressing communication roadblocks to overcome cybersecurity threats - IT Security Guru
Crucial Lessons Learned For Cybersecurity Resilience (forbes.com)
Business focus: Instilling best cybersecurity practices at work - Digital Journal
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware and email attacks are hitting businesses more than ever before | TechRadar
Report: An 18% Increase in Ransomware Attacks Includes $75M Payment - Security Boulevard
Ransomware: What Every Business Needs To Know (informationsecuritybuzz.com)
Email Attacks Surge, Ransomware Threat Remains Elevated - Security Boulevard
Organisations urged to take a proactive approach to ransomware threats (securitybrief.co.nz)
Law firms facing "astronomical ransom demands" from cyber attackers - Legal Futures
Russian ransomware generates over $500m in crypto proceeds, TRM Labs says
Russian ransomware gangs account for 69% of all ransom proceeds (bleepingcomputer.com)
Utility firms hit by huge leap in cyber threats – insurer (emergingrisks.co.uk)
How the Change Healthcare attack may affect cyber insurance | TechTarget
Ransomware Dominated by Russian Threat Operations | MSSP Alert
Black Basta ransomware switches to more evasive custom malware (bleepingcomputer.com)
LockBit ransomware titan now hangs by a thread • The Register
Would Making Ransom Payments Illegal Result in Fewer Attacks? (darkreading.com)
Black Basta Develops Custom Malware in Wake of Qakbot Takedown (darkreading.com)
Australian Companies Will Soon Need to Report Ransom Payments (darkreading.com)
Ransomware Victims
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment (pcmag.com)
Law firms facing "astronomical ransom demands" from cyber attackers - Legal Futures
How the Change Healthcare attack may affect cyber insurance | TechTarget
World leading silver producer Fresnillo discloses cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
13% of phishing scams analysed likely to be AI-generated: CSA | The Straits Times
Ransomware and email attacks are hitting businesses more than ever before | TechRadar
Proofpoint settings exploited to send millions of phishing emails daily (bleepingcomputer.com)
Hackers Use Microsoft Forms for Two-Step Phishing Attacks (cybersecuritynews.com)
IBM, Nike, Disney, others caught in Proofpoint phish palaver • The Register
Email Attacks Surge, Ransomware Threat Remains Elevated - Security Boulevard
'LockBit of phishing' EvilProxy used in 1M+ attacks monthly • The Register
Watch out — that Microsoft OneDrive security warning could actually be a malware scam | TechRadar
Nation-state actors exploit political tension to launch phishing campaigns (betanews.com)
Acronis reports 293% increase in email cyber attacks in H1 2024 (securitybrief.co.nz)
Microsoft is the most commonly imitated company in phishing scams | TechRadar
Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains - Security Week
Phishing campaigns target SMBs in Poland, Romania and Italy (securityaffairs.com)
SideWinder phishing campaign targets maritime facilities in multiple countries (securityaffairs.com)
Business Email Compromise (BEC), Email Account Compromise (EAC)
13% of phishing scams analysed likely to be AI-generated: CSA | The Straits Times
Ransomware and email attacks are hitting businesses more than ever before | TechRadar
Email Attacks Surge, Ransomware Threat Remains Elevated - Security Boulevard
Other Social Engineering
Watch out — that Microsoft OneDrive security warning could actually be a malware scam | TechRadar
Massive SMS stealer campaign infects Android devices in 113 countries (bleepingcomputer.com)
Dynamically Evolving SMS Stealer Threatens Global Android Users (darkreading.com)
New Android malware wipes your device after draining bank accounts (bleepingcomputer.com)
9 Social Engineering Attack Examples to Watch Out For | MSSP Alert
Threat actor impersonates Google via fake ad for Authenticator | Malwarebytes
A field guide on how to spot fake pictures - The Washington Post
North Koreans Target Devs Worldwide With Spyware, Job Offers (darkreading.com)
Artificial Intelligence
13% of phishing scams analysed likely to be AI-generated: CSA | The Straits Times
Ferrari exec foils deepfake plot by asking a question only the CEO could answer | Fortune
Most people worry about deepfakes - and overestimate their ability to spot them | ZDNET
AI-Powered Deepfake Tools Used by Cyber Criminals | Trend Micro (US)
How AI Is Assisting Cyber Criminals - TechRound
FraudGPT helps cyber criminals hack (mybroadband.co.za)
CISOs face AI risks while managing innovation & security (securitybrief.co.nz)
IT leaders worry the rush to adopt Gen AI may have tech infrastructure repercussions | ZDNET
Growing underground market for rogue AI sparks cyber security concerns | The Straits Times
A field guide on how to spot fake pictures - The Washington Post
Malware
Watch out — that Microsoft OneDrive security warning could actually be a malware scam | TechRadar
How Infostealers Pillaged the World’s Passwords | WIRED
WhatsApp for Windows lets Python, PHP scripts execute with no warning (bleepingcomputer.com)
New Specula tool uses Outlook for remote code execution in Windows (bleepingcomputer.com)
Black Basta ransomware switches to more evasive custom malware (bleepingcomputer.com)
Updated TgRat trojan sets sights on Linux servers | SC Media (scmagazine.com)
OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script (thehackernews.com)
macOS Malware Disguise As Unarchiver App Steals User Data (cybersecuritynews.com)
Black Basta Develops Custom Malware in Wake of Qakbot Takedown (darkreading.com)
Hackers abuse free TryCloudflare to deliver remote access malware (bleepingcomputer.com)
Mobile
New Android malware wipes your device after draining bank accounts (bleepingcomputer.com)
WhatsApp for Windows lets Python, PHP scripts execute with no warning (bleepingcomputer.com)
Massive SMS stealer campaign infects Android devices in 113 countries (bleepingcomputer.com)
Dynamically Evolving SMS Stealer Threatens Global Android Users (darkreading.com)
Google on why you should disable 2G on your Android phone (9to5google.com)
CBP needs warrant to search phones, says yet another judge • The Register
Denial of Service/DoS/DDOS
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
Microsoft apologises after thousands report new outage - BBC News
Microsoft: DDoS defence error amplified attack on Azure, leading to outage - Help Net Security
Internet of Things – IoT
Global Smart Buildings Cyber Security Market Responds to (globenewswire.com)
Data Breaches/Leaks
Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly
More Legal Records Stolen in 2023 Than Previous 5 Years Combined (darkreading.com)
Unauthorized access at HealthEquity affects 4.3M people • The Register
UK govt links 2021 Electoral Commission breach to Exchange server (bleepingcomputer.com)
FBCS data breach impact now reaches 4.2 million people (bleepingcomputer.com)
Researcher says deleted GitHub data can be accessed 'forever' | TechTarget
South Korea probes data leak of agents spying on the North | South China Morning Post (scmp.com)
CrowdStrike Denies Claims that IoC list Exposed by USDoD | MSSP Alert
Cognizant denies data breach claims, says hacker group stole fake test data
France's cyber crime unit called in on Israeli athletes data leak (insidethegames.biz)
Organised Crime & Criminal Actors
Russian cyber criminals head home in US prisoner swap deal • The Register
Hacker USDoD: “I don't pick sides. I play both sides and always win” – interview | Cybernews
Cyber Crime and the Dark Web | MSSP Alert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Russian ransomware generates over $500m in crypto proceeds, TRM Labs says
Blockchain Security: Vulnerabilities and Protective Measures | MSSP Alert
Russian-Speaking Groups Dominate Crypto-Related Cyber Crime: TRM Labs (cryptopotato.com)
WazirX increases bounty to $23 million for recovery of stolen assets
Wave of Cyber Attacks Rocks the Crypto World: Key Incidents from the Past Week (coinpedia.org)
Insurance
How the Change Healthcare attack may affect cyber insurance | TechTarget
Supply Chain and Third Parties
Microsoft charts plans for a future without CrowdStrike-like outages | Windows Central
Top Ways To Assess And Address Third-Party Cyber Security Risk (forbes.com)
Here's what the CrowdStrike outage exposed about our connected world. It's not good. (yahoo.com)
CrowdStrike Outage Losses Estimated at a Staggering $5.4B (darkreading.com)
Microsoft admits 8.5 million CrowdStruck machines was low • The Register
Microsoft 365 and Azure outage takes down multiple services (bleepingcomputer.com)
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
CrowdStrike Faces Lawsuits From Customers, Investors - Security Week
The CrowdStrike Meltdown: A Wake-up Call for Cyber Security (darkreading.com)
IT Outage Cost Delta Air Lines $500 million - AVweb
Cloud/SaaS
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
Microsoft: DDoS defence error amplified attack on Azure, leading to outage - Help Net Security
The three cyber security blind spots affecting today’s CISOs | TechRadar
The gap between business confidence and cyber resiliency - Help Net Security
Outages
Microsoft Suggests Windows Changes After CrowdStrike Outage (petri.com)
Here's what the CrowdStrike outage exposed about our connected world. It's not good. (yahoo.com)
CrowdStrike Outage Losses Estimated at a Staggering $5.4B (darkreading.com)
Companies Struggle to Recover From CrowdStrike's Crippling Falcon Update (darkreading.com)
Microsoft admits 8.5 million CrowdStruck machines was low • The Register
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
CrowdStrike Faces Lawsuits From Customers, Investors - Security Week
The CrowdStrike Meltdown: A Wake-up Call for Cyber Security (darkreading.com)
IT Outage Cost Delta Air Lines $500 million - AVweb
Linux and Open Source
Updated TgRat trojan sets sights on Linux servers | SC Media (scmagazine.com)
Passwords, Credential Stuffing & Brute Force Attacks
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords - IT Security Guru
Acronis warns of Cyber Infrastructure default password abused in attacks (bleepingcomputer.com)
How quickly can attackers guess your password? | Securelist
Russia-linked brute-force attacks trying to compromise European networks, report (computing.co.uk)
How Infostealers Pillaged the World’s Passwords | WIRED
Social Media
Elon Musk's X now trains Grok on your data by default - here's how to opt out | ZDNET
Meta agrees to pay record $1.4B in Texas facial recognition suit - The Washington Post
Training, Education and Awareness
HR Magazine - One in five employees have no cyber security training
Report exposes lack of Cyber Security training in UK workplaces – PCR (pcr-online.biz)
SANS Institute Unveils Highly Anticipated Annual Security Awareness Report for 2024 (prweb.com)
Regulations, Fines and Legislation
Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly
NIS2 Directive: German government adopts draft NIS2 Implementation Act | Hogan Lovells - JDSupra
One Year Post-SEC Cyber Security Disclosure Updates: What has Changed? | Law.com
The Cyber Security Leadership Crisis Dooming America’s Companies (forbes.com)
The NIS2 Directive: Implications for Your Organisation - Security Boulevard
Cyber warning amid regulatory countdown (emergingrisks.co.uk)
Meta agrees to pay record $1.4B in Texas facial recognition suit - The Washington Post
'Essential' cyber protection law comes closer - Jersey Evening Post
Models, Frameworks and Standards
NIS2 Directive: German government adopts draft NIS2 Implementation Act | Hogan Lovells - JDSupra
The NIS2 Directive: Implications for Your Organisation - Security Boulevard
Cyber warning amid regulatory countdown (emergingrisks.co.uk)
Careers, Working in Cyber and Information Security
The cost of cyber security burnout: Impact on performance and well-being - Help Net Security
Contributing to Your Cyber Security Team as an Informal Leader (govinfosecurity.com)
Law Enforcement Action and Take Downs
UK cops shut down global call-spoofing service • The Register
FBI Flies 65-Strong Cyber Action Team Across Globe To Fight Hackers (forbes.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Half of Businesses Report Rise in State-Sponsored Cyber Threats (itsecuritywire.com)
SideWinder Launches New Espionage Campaign on Ports (inforisktoday.com)
Nation State Actors
Half of Businesses Report Rise in State-Sponsored Cyber Threats (itsecuritywire.com)
Nation-state actors exploit political tension to launch phishing campaigns (betanews.com)
China
Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly
Germany summons Chinese envoy over 2021 cyber attack – DW – 07/31/2024
Russia
Russian ransomware gangs account for 69% of all ransom proceeds (bleepingcomputer.com)
Russia-linked brute-force attacks trying to compromise European networks, report (computing.co.uk)
US Trades Cyber Criminals to Russia in Prisoner Swap – Krebs on Security
Russian ransomware generates over $500m in crypto proceeds, TRM Labs says
Russia’s war against Ukraine: Lessons on infrastructure security an (epc.eu)
Ukraine's IT Army Is a 'World First' in Cyberwarfare, but It's a Gamble - Business Insider
Ransomware Dominated by Russian Threat Operations | MSSP Alert
Domains with delegated name service may be Sitting Ducks • The Register
Russian-Speaking Groups Dominate Crypto-Related Cyber Crime: TRM Labs (cryptopotato.com)
From Geopolitics to Boardrooms: The Impact of the Kaspersky Ban - Security Boulevard
Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova (thehackernews.com)
Ukraine's cyber op shut down ATM services of major Russian banks (securityaffairs.com)
North Korea
UK and allies expose North Korean cyber campaign (ukdefencejournal.org.uk)
North Koreans Target Devs Worldwide With Spyware, Job Offers (darkreading.com)
South Korea probes data leak of agents spying on the North | South China Morning Post (scmp.com)
Tools and Controls
Just One in 10 Attacks Flagged By Security Tools - Infosecurity Magazine (infosecurity-magazine.com)
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords - IT Security Guru
SMEs spending thousands on outsourced cyber security costs | Insurance Times
HR Magazine - One in five employees have no cyber security training
Report exposes lack of Cyber Security training in UK workplaces – PCR (pcr-online.biz)
SANS Institute Unveils Highly Anticipated Annual Security Awareness Report for 2024 (prweb.com)
Threat intelligence: A blessing and a curse? - Help Net Security
Crucial Lessons Learned For Cyber Security Resilience (forbes.com)
Top Ways To Assess And Address Third-Party Cyber Security Risk (forbes.com)
The Critical Role Of Response Time In Cyber Security (informationsecuritybuzz.com)
Cheshire East Council ready to 'wargame' potential cyber attacks - BBC News
What is cyber attribution? | Definition from TechTarget
PR vs cyber security teams: Handling disagreements in a crisis (securityintelligence.com)
The Power and Peril of RMM Tools (thehackernews.com)
The three cyber security blind spots affecting today’s CISOs | TechRadar
Building Resilience: Key Cyber Security Solutions for Enterprises (itprotoday.com)
Sitting Ducks attack exposes over a million domains to hijacking (securityaffairs.com)
Why monitoring dark web traffic is crucial for cyber security teams | TechRadar
ECB cyber resilience stress test reveals banks' strengths and gaps - ThePaypers
6 types of DNS attacks and how to prevent them | TechTarget
DigiCert Revoking 83,000 Certificates of 6,800 Customers - Security Week
Cyber crisis? How good PR can save your brand | Computer Weekly
Reports Published in the Last Week
SANS Institute Unveils Highly Anticipated Annual Security Awareness Report for 2024 (prweb.com)
Cost of a Data Breach Report 2024.pdf (ibm.com)
Vipre Q2 2024 Email Threat Report
Fortifying Cyber Resilience: Insights Into Global Cyber Security Practices (keepersecurity.com)
Other News
Nearly 7% of Internet Traffic Is Malicious - Schneier on Security
Starmer told to ‘wake up’ and protect UK from cyber attacks before it is too late | The Independent
Organisations fail to log 44% of cyber attacks, major exposure gaps remain - Help Net Security
Report reveals how cyber attacks target organisations depending on size (securitybrief.co.nz)
Cyber attacks against UK utility companies up 586% in 2023: Chaucer - Reinsurance News
Cyber attacks on utilities increased seven-fold in 2023 - Utility Week
Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw - Security Week
Utility firms hit by huge leap in cyber threats – insurer (emergingrisks.co.uk)
Is it time to refresh the UK's cyber strategy? | Computer Weekly
French Internet Lines Cut in Latest Attack During Olympics – BNN Bloomberg
The Top Challenges Of Managed Security (forbes.com)
ECB cyber resilience stress test reveals banks' strengths and gaps - ThePaypers
Cyber Attacks Present Shipping's Biggest Threat Since WWII (pymnts.com)
Cyber Security: A key focus for North American Banks | Global Finance Magazine (gfmag.com)
From Geopolitics to Boardrooms: The Impact of the Kaspersky Ban - Security Boulevard
8 in 10 Large Merchants Have Faced Cyber Attacks in Past Year (pymnts.com)
Telecoms are prime targets for cyber attacks in 2024, Kaspersky report - Africa Business Communities
Vulnerability Management
6% of All Published CVEs Have Been Exploited in the Wild, Report Finds - IT Security Guru
NIST may not resolve vulnerability database backlog until early 2025, analysis shows - Nextgov/FCW
Why a strong patch management strategy is essential for reducing business risk - Help Net Security
NVD Backlog Continues to Grow (darkreading.com)
Navigating the Evolving Landscape of Cyber Security - Security Boulevard
Vulnerabilities
VMware ESXi hypervisor vulnerability grants full admin privileges | CSO Online
PatchNow: ServiceNow Critical RCE Bugs Under Active Exploit (darkreading.com)
Proofpoint settings exploited to send millions of phishing emails daily (bleepingcomputer.com)
Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw - Security Week
Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances - Security Week
Veeam Backup Software Being Exploited By New Ransomware Group - Security Boulevard
July Windows Server updates break Remote Desktop connections (bleepingcomputer.com)
Update your Chrome browser to add critical security feature | Digital Trends
Could Intel Have Fixed Spectre & Meltdown Bugs Earlier? (darkreading.com)
Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue (darkreading.com)
Microsoft Confirms It Broke Windows As 30-Minute Crashes Hit After Update (forbes.com)
RADIUS Protocol Vulnerability Impacted Multiple Cisco Products (cybersecuritynews.com)
Acronis Cyber Infrastructure bug actively exploited in the wild (securityaffairs.com)
Apple Rolls Out Security Updates for iOS, macOS - Security Week
Researcher says deleted GitHub data can be accessed 'forever' | TechTarget
New Specula tool uses Outlook for remote code execution in Windows (bleepingcomputer.com)
Got a PC with a 13th or 14th gen Intel Core CPU? You need to read this | ZDNET
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 30 July 2024 – Proofpoint “EchoSpoofing” Phishing Campaign
Black Arrow Cyber Advisory 30 July 2024 – Proofpoint “EchoSpoofing” Phishing Campaign
Executive summary
A recent phishing incident involved scammers spoofing emails from well-known companies like Disney, IBM, Nike, Best Buy, and Coca-Cola. These emails, which appeared to be legitimate emails sent from the companies’ domains due to authenticated SPF and DKIM signatures, aimed to deceive recipients into providing their credit card details by offering fake subscription renewals. The campaign, dubbed “EchoSpoofing,” ran from January to June 2024, peaking at 14 million emails in a single day. The campaign was successful due to a misconfiguration on the client’s side Proofpoint Server. Proofpoint has since made the misconfiguration less likely by introducing a streamlined administrative interface that allows customers to specify which Microsoft 365 tenants are permitted to relay emails for their domain, through Proofpoint’s servers.
Technical Summary
The phishing campaign exploited a configuration oversight by customers of Proofpoint’s email filtering systems. Attackers took advantage of an insecure-by-default email routing feature, which allowed outbound messages to be relayed from any Microsoft 365 tenant, including those that were not a part of the organisations that were being spoofed. This enabled them to send spoofed emails with valid Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) signatures, making the emails appear legitimate to recipients. Proofpoint has since updated its configuration processes to prevent unauthorised relay abuse by default and confirmed that no customer data was compromised. Additionally, Proofpoint has launched an outreach program to notify affected customers and mitigate the risk.
What is the takeaway from this?
While all of the controls, such as SPF, DKIM, and the tool itself, worked individually, this campaign highlights several important lessons:
Awareness and Vigilance: Even if tools are designed to verify users and originate from large organisations like Disney, IBM, and Coca-Cola, employees and users must always be vigilant. They should look out for signs of malicious intent, such as a sense of urgency as in the case of the fake subscription renewals included in these malicious emails.
Constant Evolution of Threats: Attackers are continuously seeking new ways to exploit and bypass the tools and controls we put in place to protect our organisations.
Configuration Matters: In this case, the root cause of the issue was an overlooked default configuration setting not limiting email relay to only trusted tenants. This allowed billions of phishing emails to be sent. Proper configuration and regular reviews of security settings are crucial to prevent such vulnerabilities.
Further information on the research can be found here:
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Advisory 30 July 2024 – Critical Updates for ServiceNow, VMware ESXi and Apple Devices
Black Arrow Cyber Advisory 30 July 2024 – Critical Updates for ServiceNow, VMware ESXi and Apple Devices
Executive summary
ServiceNow, VMware, and Apple have addressed multiple vulnerabilities across their product ranges. ServiceNow patched two actively exploited critical vulnerabilities that allow unauthenticated remote code execution, with threat actors claiming to have harvested data from over 105 databases. VMware ESXi’s recent patch addresses a flaw exploited by ransomware groups to gain administrative access via Active Directory group manipulation. Apple released iOS/iPadOS 17.6 and MacOS 14.6, fixing 35 significant security issues in the Kernel and WebKit, urging users to update immediately to ensure maximum security. Despite the availability of patches, many systems remain vulnerable.
ServiceNow
ServiceNow, a cloud-based platform that helps manage digital workflows for enterprise operations, has recently patched two critical vulnerabilities that are being actively exploited in the wild and have been added to the Known Exploited Vulnerabilities (KEV) Catalog. The two critical vulnerabilities, CVE-2024-4879 and CVE-2024-5217, allow unauthenticated attackers to execute arbitrary code and perform remote code execution without requiring any user interaction or special conditions. Threat actors on breach forums are claiming to have harvested data from more than 105 ServiceNow databases and are selling them online. ServiceNow released the patches back on 10 July, further details on the patches can be found below.
VMware ESXi
A recently patched security flaw (CVE-2024-37085) in VMware ESXi hypervisors has been actively exploited by several ransomware groups. This vulnerability allows attackers, who have sufficient Active Directory permissions, to bypass Active Directory integration authentication to gain administrative access to vulnerable ESXi hosts. The flaw can be exploited by creating or renaming an Active Directory group named “ESX Admins” and adding users to it, even if the group did not originally exist within Active Directory. Once attackers have gained admin rights through this vulnerability, they are able to carry out data exfiltration and encryption to demand ransom.
Apple
Apple has released iOS 17.6, urging users to update immediately due to 35 significant security fixes. These fixes address serious vulnerabilities in the Kernel and WebKit, the engine behind Safari. Notably, CVE-2024-27863 and CVE-2024-40788 in the Kernel could allow attackers to determine memory layout or cause system shutdowns, requiring physical access to the device. Additionally, eight WebKit issues, including CVE-2024-40785, could lead to cross-site scripting attacks. Despite no current real-life attacks, the severity of these flaws makes updating crucial.
Apple also released iOS 16.7.9 for older devices. The iOS 17.6 update is available for iPhone XS and later, various iPad models, and iPad mini 5th generation and later. MacOS Sonoma was also updated to 14.6 and included big fixes and security improvements. Users are advised to update to ensure maximum security.
Further information on ServiceNow vulnerabilities can be found here:
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
Kev Catalog - https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Further information on VMware ESXi vulnerability can be found here:
Further information on Apple update can be found here:
https://support.apple.com/en-ca/HT214117
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Advisory 30 July 2024 – Secure Boot Bypass identified, 200+ models from various vendors affected by PKFail Vulnerability
Black Arrow Cyber Advisory 30 July 2024 – Secure Boot Bypass identified, 200+ models from various vendors affected by PKFail Vulnerability
Executive summary
A major supply chain vulnerability known as PKFail has been discovered in hundreds of devices from numerous vendors. The flaw, which has been around for the past 12 years, revolves around a test Secure Boot master key. If exploited, it allows an attacker to bypass ‘Secure Boot’, take complete control of affected devices and install malware. Major brands like Acer, Dell, HP, Intel and Lenovo are impacted, with over 200 device models sold by Acer, Dell, Gigabyte, intel and Supermicro specifically affected.
What’s the risk to me or my business?
If successfully exploited attackers can manipulate key databases to bypass secure boot. This could potentially allow attackers to install malware at a BIOS level before booting into Windows or another operating system, steal data or cause operational disruption. This could compromise the confidentiality, integrity, and availability of your organisation’s data. An attacker would need either remote or physical access to a vulnerable device to perform the attack.
What can I do?
To address this, organisations should ensure firmware and BIOS updates are installed which address the weakness, and rekey any affected devices, assume all affected devices are compromised and thoroughly inspect the Key Exchange Key (KEK), Signature Database (db), and Forbidden Signature Database (dbx). The security researchers who first identified the vulnerability have provided a free scanning tool to help identify vulnerable devices.
Technical Summary
The PKFail vulnerability stems from a test Secure Boot "master key" created by American Megatrends International (AMI), intended to be replaced by vendors with secure keys. Many vendors did not replace this key, leaving devices vulnerable. Attackers exploiting this flaw can tamper with the Key Exchange Key (KEK) database, the Signature Database (db), and the Forbidden Signature Database (dbx), bypassing Secure Boot. This allows them to sign and execute malicious code, leading to the deployment of UEFI malware and compromising the device at a fundamental level.
Further information on PKFail vulnerability research and details can be found here:
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem (binarly.io)
https://github.com/binarly-io/Vulnerability-REsearch/blob/main/PKfail/BRLY-2024-005.md
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 26 July 2024
Black Arrow Cyber Threat Intelligence Briefing 26 July 2024:
-CrowdStrike Insured Losses May Top $1.5B, MSP Insurance Expert Advises “Read the Fine Print” on Your Policy
-Fragmented and Multiplied Cyber Criminal Landscape, Warns New Europol Report
-Ransomware and BEC Make Up 60% of Cyber Incidents
-Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams
-Cyber Threat Landscape is ‘The Worst it has Been in the Past Five Years
-In Cyber Security, Mitigating Human Risk Goes Far Beyond Training
-Malware Attacks Surge 30% in First Half of 2024
-AI-generated Deepfake Attacks Force Companies to Reassess Cyber Security, as Deepfakes Demean, Defraud and Disinform
-KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware
-Low Level Cyber Criminals are Pouncing on CrowdStrike Connected Outage
-The Importance of Cyber Resilience in the Face of Global IT Failures
-Russia’s Shadow War Against Europe has Begun as Cyber Attacks Abusing Microsoft Infrastructure Increase
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
CrowdStrike Insured Losses May Top $1.5B, MSP Insurance Expert Advises “Read the Fine Print” on Your Policy
A recent analysis by CyberCube estimates that the 19 July CrowdStrike outage will result in insured losses between $400 million and $1.5 billion, the largest single insured loss event in cyber insurance history. It should be noted that many insurance policies exclude coverage for software design flaws, likely surprising many affected organisations. The incident highlights the importance of reading policy fine print and may lead to higher premiums. The outage's non-malicious nature means contingent business interruption coverage will be the primary trigger, affecting policies differently based on their specifics. Other estimates place global financial losses from the outage potentially reaching $15 billion, with the banking and healthcare sectors likely incurring over $3 billion in losses. Airlines are expected to suffer the most per company, losing in the region of $143 million each, followed by the tech industry at around $113 million per company.
Fragmented and Multiplied Cyber Criminal Landscape, Warns New Europol Report
A recent report published by Europol, the 10th edition of the Internet Organised Crime Threat Assessment (IOCTA), highlights significant developments in cyber crime over the past year. The report notes the fragmentation of ransomware groups and the rise in attacks on small and medium-sized businesses due to their lower defences. E-merchants and banks are frequently targeted by digital skimming, while phishing, BEC, and online frauds remain prevalent. The use of AI and cryptocurrencies in cyber crime is increasing, with AI-assisted child sexual abuse material (CSAM) posing a growing challenge. Europol emphasises the need for enhanced tools, training, and legislation to combat these evolving threats effectively.
Ransomware and BEC Make Up 60% of Cyber Incidents
A recent report by Cisco Talos reveals that ransomware and business email compromise (BEC) attacks constituted 60% of all incidents in Q2 2024. The technology sector was the most targeted, accounting for 24% of incidents, a 30% rise from the previous quarter. Compromised credentials were the primary initial access method, comprising 60% of attacks, a 25% increase. Vulnerable or misconfigured systems and inadequate MFA implementation were notable weaknesses, both rising by 46%. Ransomware made up 30% of incidents, with 80% of ransomware engagements lacking proper MFA on critical systems. BEC attacks also represented 30% of incidents, a decline from 50% in Q1 2024.
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams
A recent report reveals significant gaps in cyber security training among UK employees, with 51% untrained in avoiding phishing scams and 18% never receiving any cyber security training. The study highlights that 60% of employees lack training on remote work best practices, despite the shift to remote/hybrid working. Additionally, critical areas such as breach response (66%), social engineering (82%), deepfakes and AI (83%), and BYOD policies (84%) are largely neglected. Only 42% of workers have signed their organisation's cyber security policy, and a third admit to bypassing policies for convenience. The report stresses the urgent need for updated and comprehensive training to mitigate evolving cyber threats.
Cyber Threat Landscape is ‘The Worst it has Been in the Past Five Years’
The recent CrowdStrike outage, affecting millions of computers and critical services, highlights our reliance on technology and its vulnerabilities. Any attacks on it can have far reaching consequences. Research found 52% of European organisations faced successful cyber attacks last year, with the UK at 55%. In response, the UK will introduce the Cyber Security and Resilience Bill for quick incident reporting and resilience plans. Cybernews reported an average of 1,636 weekly cyber attacks globally between April and June, a 25% increase from the first quarter. Check Point attributes this to sophisticated threat actors and AI advancements targeting education, research, government, military, and healthcare sectors.
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training
As cyber attack stakes rise, organisations invest heavily in new services and equipment. However, many still use a one-size-fits-all approach to securing the most critical threat vector: the human element. Human error is projected to play a role in 68% to 90% of breaches in 2024. Traditional security awareness training is insufficient, as it fails to address individual risk levels. Studies indicate that 8% of employees cause 80% of incidents, with managers receiving 2.5 times more phishing emails than non-managers. Organisations should analyse security data to create personalised risk profiles, leading to adaptive training and targeted interventions. Such measures can enhance security while effectively utilising resources, improving overall organisational resilience against cyber threats.
Malware Attacks Surge 30% in First Half of 2024
A recent report by SonicWall reveals a 30% surge in malware-based threats in the first half of 2024 compared to the same period in 2023, with May witnessing a 92% year-on-year increase. The report identified 78,923 new malware variants, averaging 526 per day, and noted that 15% of malware utilised software packing techniques. PowerShell is exploited by over 90% of malware families to bypass security measures. IoT device attacks rose by 107%, with the TP-Link command injection flaw (CVE-2023-1389) being the most targeted vulnerability. Additionally, ransomware attacks increased by 15% in North America and 51% in Latin America, while decreasing by 49% in EMEA.
AI-generated Deepfake Attacks Force Companies to Reassess Cyber Security, as Deepfakes Demean, Defraud and Disinform
A recent report highlights the increasing threat of AI-generated deepfake attacks, with 73% of US organisations developing response plans to combat this menace. Deepfakes convincingly mimic human appearances and voices, spreading misinformation and enabling financial fraud. From 2022 to 2023, detected deepfakes increased tenfold, with 72% of consumers worried about deception. Separately, research by the UK’s telecommunications regulator Ofcom reveals 43% of people over 15 and 50% of children aged 8-15 have encountered deepfakes online recently. Non-consensual intimate deepfakes have been viewed over 4.2 billion times, primarily targeting women and causing psychological harm. Ofcom recommends a multi-faceted defence strategy involving prevention, embedding, detection, and enforcement. Companies must enhance cyber security training to counter this growing threat and to raise awareness of deepfake usage in attacks.
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware
A recent incident at KnowBe4 highlights a sophisticated infiltration attempt by a North Korean operative posing as a software engineer. The deception was uncovered when the employee's company-provided Mac began loading malware immediately after the subject received it. The operative manipulated session history files and attempted unauthorised actions but was detected within 25 minutes. Although the fake IT worker was hired after passing routine background checks and video interviews, it was later identified that they were using AI-modified photos and stolen IDs.
This incident should be a cautionary tale for HR departments that further evidences the need to be mindful and wary of deepfakes and potential employees not being who they claim to be. Once on the inside a deliberately malicious employee can cause a lot of damage.
Low Level Cyber Criminals are Pouncing on CrowdStrike Connected Outage
A recent report reveals that cyber criminals are exploiting the CrowdStrike Falcon software outage, which affected millions of Windows computers globally. Threat actors have registered over 2,000 CrowdStrike-themed domains and are distributing malware via phishing emails and malicious documents. Documented attacks include malicious payloads including information stealers and loaders. Additionally sophisticated phishing emails have delivered wiper malware under the guise of remediation instructions for the Falcon issue.
The Importance of Cyber Resilience in the Face of Global IT Failures
A recent study highlights the crucial need to shift more focus from merely a prevention mindset to more of a resilience mindset in cyber security. While traditional defences focus on keeping threats out, experts now emphasise the importance of preparing for inevitable breaches. Findings reveal that new attack vectors are emerging frequently, with AI and quantum computing being weaponised by malicious actors. Notably, many organisations still neglect basic fixes, such as updating passwords and applying patches.
A separate survey of cyber executives underscored the need for comprehensive recovery plans, defining resilience as the ability to minimise harm and maximise recovery efficacy post-incident. Although many view cyber security as a purely technical issue within IT departments, it has far-reaching implications across all facets of society and has long been a much wider issue than just IT. Understanding the necessity for cyber resilience and the connection between cyber safety and IT infrastructure is vital for businesses and communities alike.
Russia’s Shadow War Against Europe has Begun as Cyber Attacks Abusing Microsoft Infrastructure Increase
A recent report highlights a significant increase in brute force attacks targeting corporate and institutional networks across Europe, with the majority originating from Russia. These attacks, exploiting weak passwords through trial and error, have been active since at least May 2024. Russian threat actors are specifically targeting Microsoft infrastructure to evade detection, posing a substantial risk to organisational security. Over half of these attacks are traced back to IP addresses in Moscow, targeting cities in the UK, Lithuania, Denmark, and Hungary. Additionally, 60% of the IPs used are new, with 65% recently compromised. Motivations include data exfiltration, service disruption, and financial gain, with evidence pointing to ties with Chinese and Indian infrastructure.
Sources:
https://www.msspalert.com/news/crowdstrike-outage-could-cost-cyber-insurers-1-5-billion-cybercube
https://www.theregister.com/2024/07/26/crowdstrike_insurance_money/
https://www.infosecurity-magazine.com/news/ransomware-bec-cyber-incidents/
https://www.scmagazine.com/brief/unprecedented-global-cyberattack-prevalence-reported-in-q2
https://www.infosecurity-magazine.com/news/malware-attacks-surge-30-per-cent/
https://www.helpnetsecurity.com/2024/07/26/deepfake-response-plans/
https://securityboulevard.com/2024/07/how-to-prepare-your-workforce-for-the-deepfake-era/
https://cyberscoop.com/low-level-cybercriminals-are-pouncing-on-crowdstrike-connected-outage/
https://techround.co.uk/tech/importance-cyber-resilience-global-it-failures/
https://hbr.org/2024/07/when-cyberattacks-are-inevitable-focus-on-cyber-resilience
Governance, Risk and Compliance
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
Mitigating cyber risks in mergers and acquisitions | ITPro
Cyber threat landscape is ‘the worst it has been in the past five years’ (managementtoday.co.uk)
Unprecedented global cyber attack prevalence reported in Q2 | SC Media (scmagazine.com)
Risky security behaviours rife in the workplace | Retail Technology Review
Cyber Security ROI: Top metrics and KPIs - Help Net Security
CIOs and CISOs Battle Cyber Threats, Climate, Compliance - Compare the Cloud
CISOs are burned out – now they face personal liability too - Raconteur
Most CISOs feel unprepared for new compliance regulations - Help Net Security
How to Measure the Effectiveness of Your IT Security Solutions - DevX
Navigating Cyber Security Legal Liabilities - Security Boulevard
Risk Mitigation Beyond Remediation (forbes.com)
End-user cyber security errors that can cost you millions (bleepingcomputer.com)
SEC’s Lawsuit Against SolarWinds and CISO Dismissed | MSSP Alert
Are you a CISO who doesn’t know jack? Here’s how to bridge your own skills gap | CSO Online
Why C-Suite Executives Won’t Cut it Without Data Skills Anymore | HackerNoon
Threats
Ransomware, Extortion and Destructive Attacks
Why businesses must reckon with the human cost of ransomware - Raconteur
Ransomware Remains a ‘Brutal’ Threat in 2024 (govtech.com)
Experts Expect Ransomware Surge After Police Disruption (silicon.co.uk)
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (thehackernews.com)
Government Agencies Are Paying the Most for Ransomware Attacks - Business Insider
Stop following the herd to start fighting ransomware | TechRadar
New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US)
17-Year-Old Linked to Scattered Spider Cyber Crime Syndicate Arrested in UK (thehackernews.com)
Russians plead guilty to involvement in LockBit ransomware attacks (bleepingcomputer.com)
The cost of dealing with a ransomware attack is skyrocketing for some industries | TechRadar
US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks (bleepingcomputer.com)
North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
Emulating the Prickly Cactus Ransomware - Security Boulevard
Secrets of a ransomware negotiator (economist.com)
Ransomware Victims
Less than two days left of Type O blood after Russian cyber attack, NHS warns as health... - LBC
NHS hack prompts tougher UK cyber security rules for private providers (ft.com)
Ransomware attack shuts down three dozen Los Angeles courts | SC Media (scmagazine.com)
Largest US trial court forced to shut down following ransomware attack | TechRadar
North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
Phishing & Email Based Attacks
CrowdStrike outage: Phishing jumps as scam artists exploit event | Fortune
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams - IT Security Guru
New phishing kit on dark web bypasses security, targets logins (newsbytesapp.com)
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (thehackernews.com)
Three ways to mitigate digital impersonation attacks | SC Media (scmagazine.com)
Real estate wire fraud: Silicon Valley exec had $400,000 stolen (cnbc.com)
Warning after spike in cyber attacks in Guernsey - BBC News
CrowdStrike Warns of New Phishing Scam Targeting German Customers (thehackernews.com)
BEC
Real estate wire fraud: Silicon Valley exec had $400,000 stolen (cnbc.com)
Other Social Engineering
Meta takes down 63,000 accounts linked to sextortion scams targeting US men (yahoo.com)
Smishing Texts: What To Look Out For & How To Stop Them (slashgear.com)
QR Codes: Convenience or Cyber Threat? | Trend Micro (US)
Artificial Intelligence
The Urgent Need To Protect AI (forbes.com)
Europol fears increasing use of AI tools by cyber criminals (belganewsagency.eu)
AI-generated deepfake attacks force companies to reassess cyber security - Help Net Security
Top Tech Agree to Standardize AI Security (darkreading.com)
How to Prepare Your Workforce for the Deepfake Era - Security Boulevard
The CISO’s approach to AI: Balancing transformation with trust - Help Net Security
A Deep Dive into Deepfakes | Law Society of Scotland (lawscot.org.uk)
The most urgent security risks for GenAI users are all data-related - Help Net Security
Corporate Data Security at Risk From ‘Shadow AI’ Accounts (technewsworld.com)
UK faces down threat of deepfakes that demean, defraud, disinform | Biometric Update
16% of organisations experience disruptions due to insufficient AI maturity - Help Net Security
2FA/MFA
Warning after spike in cyber attacks in Guernsey - BBC News
Starlink Quietly Adds Two-Factor Authentication to Stop Account Hijackings (pcmag.com)
Malware
Fake CrowdStrike fixes target companies with malware, data wipers (bleepingcomputer.com)
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware - Security Week
Malware Attacks Surge 30% in First Half of 2024 - Infosecurity Magazine (infosecurity-magazine.com)
Logic bombs explained: Definition, examples, prevention | CSO Online
SocGholish malware used to spread AsyncRAT malware (securityaffairs.com)
Chinese Hackers Target Taiwan and US NGO with MgBot Malware (thehackernews.com)
FrostyGoop malware used to shut down heat in Ukraine attack • The Register
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers (thehackernews.com)
Chinese hackers deploy new Macma macOS backdoor version (bleepingcomputer.com)
Updated malware arsenal leveraged in Chinese Daggerfly attacks | SC Media (scmagazine.com)
'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware (darkreading.com)
Chrome Browser to Better Explain Why It Blocked a File Download (pcmag.com)
This new Google Chrome security warning is very important | Digital Trends
PHP Vulnerability Used For Malware And DDOS Attacks - Security Boulevard
French police push PlugX malware self-destruct payload to clean PCs (bleepingcomputer.com)
China's 'Evasive Panda' APT Spies on Taiwan Targets Across Platforms (darkreading.com)
Hamster Kombat’s 250 million players targeted in malware attacks (bleepingcomputer.com)
Mobile
Why mobile security audits are important in the enterprise | TechTarget
Google Confirms Play Store App Deletion—Now Just 6 Weeks Away (forbes.com)
Now-patched Telegram for Android vulnerability exposed users to malicious videos - SiliconANGLE
Swipe Right for Data Leaks: Dating Apps Expose Location, More (darkreading.com)
Growth in nude image sharing heightens cyber abuse risk | Computer Weekly
Smishing Texts: What To Look Out For & How To Stop Them (slashgear.com)
Denial of Service/DoS/DDOS
DDoS attacks have doubled so far in 2024 | ITPro
Three 'pro-Russian' hackers arrested in Spain over cyber attacks | Reuters
NCA cracks digitalstress DDoS-for-hire operation | Computer Weekly
Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank (darkreading.com)
PHP Vulnerability Used For Malware And DDOS Attacks - Security Boulevard
DDoS: The tool of Hacktivism | TechRadar
Internet of Things – IoT
Burglars are jamming Wi-Fi security cameras — here's what you can do | PCWorld
Hacking EVs and level 3 chargers through 1920's technology (newatlas.com)
Can Hackers Remotely Steal Your Cars? (analyticsindiamag.com)
Cyber Attacks Shift Gears: The Growing Threat to Automotive Technology | NADA
Data Breaches/Leaks
Hackney Council failure to change password led to cyber attack | Times Series (times-series.co.uk)
Verizon to pay $16 million in TracFone data breach settlement (bleepingcomputer.com)
Hackers leak documents stolen from Pentagon contractor Leidos | CSO Online
CrowdStrike gets hit with some more bad news | Digital Trends
Greece’s Land Registry agency breached in wave of 400 cyber attacks (bleepingcomputer.com)
BreachForums v1 hacking forum data leak exposes members’ info (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cyber crooks are typosquatting to exploit CrowdStrike fallout • The Register
Low-level cyber criminals are pouncing on CrowdStrike-connected outage | CyberScoop
Fragmented and multiplied cyber criminal landscape, warns new Europol report | Europol (europa.eu)
Tech firms top list of most targeted industry in Q2 by cyber criminals | SC Media (scmagazine.com)
Microsoft confirms CrowdStrike update also hit Windows 365 PCs (bleepingcomputer.com)
Chinese Crime Ring Hides Behind Stealth Tech and Soccer (darkreading.com)
Insurers must prepare for a rise in cyber crime :: Insurance Day
BreachForums v1 hacking forum data leak exposes members’ info (bleepingcomputer.com)
Philippines to end online casinos, maybe scams too • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ongoing Cyber Attack Targets Exposed Selenium Grid Services for Crypto Mining (thehackernews.com)
Insider Risk and Insider Threats
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware - Security Week
Risky security behaviours rife in the workplace | Retail Technology Review
Uncle Sam accuses telco IT pro of decade of spying for China • The Register
Insurance
Cyber insurance 2.0: The systemic changes required for future security - Help Net Security
Insurers’ losses from global IT outage could reach billions (ft.com)
Cyber Insurance Market Evolves as Threat Landscape Changes - Security Boulevard
Insurers must prepare for a rise in cyber crime :: Insurance Day
Supply Chain and Third Parties
CrowdStrike global tech outage and Microsoft Azure bugs: Everything to know (qz.com)
CrowdStrike outage: Phishing jumps as scam artists exploit event | Fortune
Outage Shows All Our Eggs Are in One Cyber Security Basket: Szabo | NTD
IT outage exposes fragility of tech infrastructure - BBC News
What Can We Learn From Payment System Failures and Global IT Outage? | The Fintech Times
Are We Really Ready for a Fully Digital Financial System? (financemagnates.com)
The Critical Role of Supply Chain Resilience in Today's Digital Landscape - Zimperium
Cyber crooks are typosquatting to exploit CrowdStrike fallout • The Register
EU gave CrowdStrike keys to Windows kernel, Microsoft claims • The Register
CrowdStrike Microsoft Outage Demands More Resilient Cloud Computing - Bloomberg
NHS hack prompts tougher UK cyber security rules for private providers (ft.com)
When Cyber Attacks Are Inevitable, Focus on Cyber Resilience (hbr.org)
Tech firms top list of most targeted industry in Q2 by cyber criminals | SC Media (scmagazine.com)
CEO at cyber security firm that caused a global outage forgot to apologize | Fortune
Is the UK resilient enough to withstand a major cyber attack? | Microsoft IT outage | The Guardian
CrowdStrike’s Falcon Sensor linked to Linux crashes, too • The Register
Delta cancels another 600 flights on Monday in wake of cyber outage | Reuters
CrowdStrike incident has CIOs rethinking their cloud strategies | CIO
Data pilfered from Pentagon IT supplier Leidos • The Register
Fighting Third-Party Risk With Threat Intelligence (darkreading.com)
Learning from CrowdStrike’s quality assurance failures - Help Net Security
CrowdStrike faces backlash over 10 dollar apology vouchers for IT outage | Evening Standard
Cloud/SaaS
Cyber Pros Spot Spike in Malicious Activity Over CrowdStrike Outage | MSSP Alert
Cyber crooks are typosquatting to exploit CrowdStrike fallout • The Register
CrowdStrike Microsoft Outage Demands More Resilient Cloud Computing - Bloomberg
Tech firms top list of most targeted industry in Q2 by cyber criminals | SC Media (scmagazine.com)
Fortune 500 stands to lose $5bn plus from CrowdStrike incident | Computer Weekly
Warning after spike in cyber attacks in Guernsey - BBC News
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (thehackernews.com)
CrowdStrike could have an EU-sized data problem on its hands - Fast Company
Learning from CrowdStrike’s quality assurance failures - Help Net Security
Microsoft confirms CrowdStrike update also hit Windows 365 PCs (bleepingcomputer.com)
US opens probe into Delta Air Lines' handling of CrowdStrike • The Register
CrowdStrike faces backlash over 10 dollar apology vouchers for IT outage | Evening Standard
Outages
Cyber Pros Spot Spike in Malicious Activity Over CrowdStrike Outage | MSSP Alert
CrowdStrike Says Logic Error Caused Windows BSOD Chaos - SecurityWeek
One faulty CrowdStrike update caused a global outage | AP News
IT outage exposes fragility of tech infrastructure - BBC News
CrowdStrike Microsoft Outage Demands More Resilient Cloud Computing - Bloomberg
The CrowdStrike Failure Was a Warning - The Atlantic
Mass global IT outage a wake-up call for resilient cyber security - SHINE News
Without Backup Plans, Global IT Outages Will Happen Again (claimsjournal.com)
Is the UK resilient enough to withstand a major cyber-attack? | Microsoft IT outage | The Guardian
Are global IT outages becoming more frequent? What the experts say (yahoo.com)
Microsoft blames EU rules for allowing world's biggest IT outage to happen (telegraph.co.uk)
TechScape: Why CrowdStrike-style chaos is here to stay | Technology | The Guardian
CrowdStrike Outage Is Another Sharp Warning for Banks - Bloomberg
Microsoft: CrowdStrike's outage affected 8.5 million Windows PCs worldwide - Neowin
Identity and Access Management
Time to Rethink Identity: What Security Leaders Need to Know (govinfosecurity.com)
Linux and Open Source
Focusing open source on security, not ideology | InfoWorld
CrowdStrike’s Falcon Sensor linked to Linux crashes, too • The Register
New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US)
Switzerland now requires all government software to be open source | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
Hackney Council failure to change password led to cyber attack | Times Series (times-series.co.uk)
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing (thehackernews.com)
Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication (darkreading.com)
Mitigating the growing threats of account takeover attacks in 2024 | TechRadar
Social Media
Social Media and Travel: Be Careful of What You Share - Security Boulevard
Study: TikTok Lite is a 'safety hazard' for millions of users around the world | ZDNET
Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model (thehackernews.com)
10 social media scams and how to avoid them (techtarget.com)
Training, Education and Awareness
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams - IT Security Guru
Regulations, Fines and Legislation
Hackney Council failure to change password led to cyber attack | Times Series (times-series.co.uk)
NHS hack prompts tougher UK cyber security rules for private providers (ft.com)
Verizon to pay $16 million in TracFone data breach settlement (bleepingcomputer.com)
White House mandates stricter cyber security for R&D institutions (securityintelligence.com)
Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model (thehackernews.com)
CrowdStrike could have an EU-sized data problem on its hands - Fast Company
New legislation will help counter the cyber threat to our... - NCSC.GOV.UK
UK school reprimanded by ICO for using facial recognition without DPIA | Biometric Update
CISOs are burned out – now they face personal liability too - Raconteur
Most CISOs feel unprepared for new compliance regulations - Help Net Security
Judge Dismisses Major SEC Charges Against SolarWinds and CISO - Security Week
Preparing for Cyber Security Audits: Insights from US Regulations | UpGuard
Backup and Recovery
Without Backup Plans, Global IT Outages Will Happen Again (claimsjournal.com)
Data Protection
CrowdStrike could have an EU-sized data problem on its hands - Fast Company
Careers, Working in Cyber and Information Security
Closing cyber skills gap needs public-private collaboration | World Economic Forum (weforum.org)
Enhancing the cyber security talent pool is key to securing our digital future - IT Security Guru
Shocked, Devastated, Stuck: Cyber Security Pros Open Up About Their Layoffs (darkreading.com)
9 ways CSOs lose their jobs | CSO Online
Are you a CISO who doesn’t know jack? Here’s how to bridge your own skills gap | CSO Online
How dark data and scarcity of cyber experts are threatening organisations | Ctech (calcalistech.com)
Critical sectors short on cyber security pros | Canada's National Observer: Climate News
Law Enforcement Action and Take Downs
Three 'pro-Russian' hackers arrested in Spain over cyber attacks | Reuters
17-Year-Old Linked to Scattered Spider Cyber Crime Syndicate Arrested in UK (thehackernews.com)
Russians plead guilty to involvement in LockBit ransomware attacks (bleepingcomputer.com)
NCA cracks digitalstress DDoS-for-hire operation | Computer Weekly
Ransomware takedowns leave crims scrambling for stability • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Don’t sanction cyberweapons — sanction how they’re used | Euronews
Global cyberespionage campaign launched by novel TAG-100 operation | SC Media (scmagazine.com)
Nation State Actors
China
Chinese Hacker Gang GhostEmperor Re-Emerges After Two Years (darkreading.com)
Threat Hunting Case Study: Looking for Volt Typhoon | Intel471
Study: TikTok Lite is a 'safety hazard' for millions of users around the world | ZDNET
Chinese Hackers Target Taiwan and US NGO with MgBot Malware (thehackernews.com)
Chinese hackers deploy new Macma macOS backdoor version (bleepingcomputer.com)
Updated malware arsenal leveraged in Chinese Daggerfly attacks | SC Media (scmagazine.com)
China's 'Evasive Panda' APT Spies on Taiwan Targets Across Platforms (darkreading.com)
Uncle Sam accuses telco IT pro of decade of spying for China • The Register
Microsoft: CrowdStrike's outage affected 8.5 million Windows PCs worldwide - Neowin
Chinese Crime Ring Hides Behind Stealth Tech and Soccer (darkreading.com)
Russia
NATO, Others Targeted by Novel Hacktivist Collective | MSSP Alert
Less than two days left of Type O blood after Russian cyber attack, NHS warns as health... - LBC
Russian Cyber Army members face US sanctions | SC Media (scmagazine.com)
Kaspersky Is an Unacceptable Risk Threatening the US's Cyber Defence (darkreading.com)
FrostyGoop malware used to shut down heat in Ukraine attack • The Register
Russia Adjusts Cyber Strategy for the Long Haul in Ukraine War (darkreading.com)
Three 'pro-Russian' hackers arrested in Spain over cyber attacks | Reuters
Russians plead guilty to involvement in LockBit ransomware attacks (bleepingcomputer.com)
North Korea
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (thehackernews.com)
North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop
North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop
US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
NATO, Others Targeted by Novel Hacktivist Collective | MSSP Alert
Tools and Controls
In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)
Without Backup Plans, Global IT Outages Will Happen Again (claimsjournal.com)
Stop following the herd to start fighting ransomware | TechRadar
Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams - IT Security Guru
Why mobile security audits are important in the enterprise | TechTarget
Cyber insurance 2.0: The systemic changes required for future security - Help Net Security
Large US banks are failing on operational risk, secret OCC report finds | Fortune
The Importance of Red Teaming - DevX
Fighting Third-Party Risk With Threat Intelligence (darkreading.com)
Cyber Security ROI: Top metrics and KPIs - Help Net Security
Don't Leave The Door Open: The API Model To Defend Against Intruders (forbes.com)
Chrome Browser to Better Explain Why It Blocked a File Download (pcmag.com)
This new Google Chrome security warning is very important | Digital Trends
Types of MDR security services: MEDR vs. MNDR vs. MXDR | TechTarget
Small Businesses Need Default Security in Products Now (darkreading.com)
How CISOs enable ITDR approach through the principle of least privilege - Help Net Security
The Imperative of Threat Hunting for a Mature Security Posture | Binary Defence
Understanding Threat Intelligence: Exploring The Cyber Realm (informationsecuritybuzz.com)
How to Measure the Effectiveness of Your IT Security Solutions - DevX
The Future Of Cyber Security In A Net-Zero World (forbes.com)
Microsoft's licensing practices harm cyber security, coalition says - Global Competition Review
Preparing for Cyber Security Audits: Insights from US Regulations | UpGuard
Reports Published in the Last Week
Internet Organised Crime Threat Assessment (IOCTA) 2024 | Europol (europa.eu)
Other News
Google abandons plan to drop third-party cookies in Chrome • The Register
Risky security behaviours rife in the workplace | Retail Technology Review
Privilege escalation: unravelling a novel cyber attack technique - IT Security Guru
Cyber security measures 'cost SMEs £60,000 a year' - CIR Magazine
End-user cyber security errors that can cost you millions (bleepingcomputer.com)
Study reveals cyber attack response times in UK CNI - CIR Magazine
Is Our Water Safe to Drink? Securing Our Critical Infrastructure (darkreading.com)
Vulnerability Management
The complexities of cyber security update processes (welivesecurity.com)
CrowdStrike Explains Why Bad Update Was Not Properly Tested - Security Week
Poor patch posture isn't just a problem in your office • The Register
Microsoft's new way of updating Windows will hopefully be a hit (xda-developers.com)
Are You Configured for Failure? - Security Boulevard
Vulnerabilities
One faulty CrowdStrike update caused a global outage | AP News
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers (thehackernews.com)
Secure Boot is completely broken on 200+ models from 5 big device makers | Ars Technica
Cisco patches critical flaw in Secure Email Gateway appliances (computing.co.uk)
SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software (thehackernews.com)
Juniper Networks Critical Security Update Released - Security Boulevard
Now-patched Telegram for Android vulnerability exposed users to malicious videos - SiliconANGLE
Chrome 127 Patches 24 Vulnerabilities - Security Week
Organisations Warned of Exploited Twilio Authy Vulnerability - Security Week
PHP Vulnerability Used For Malware And DDOS Attacks - Security Boulevard
CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software (thehackernews.com)
Windows: latest security update is causing huge issues for some users - gHacks Tech News
Progress warns of critical RCE bug in Telerik Report Server (bleepingcomputer.com)
Critical ServiceNow RCE flaws actively exploited to steal credentials (bleepingcomputer.com)
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins (thehackernews.com)
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 - Security Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 25 July 2024 - Guernsey Businesses Experiencing a Spike in Cyber Attacks
Black Arrow Cyber Advisory 25 July 2024 - Guernsey Businesses Experiencing a Spike in Cyber Attacks
We are aware of Guernsey businesses experiencing a spike in cyber attacks. We know from helping firms respond to incidents how devastating the impact can be financially as well as at a human level. At the end of the day, it is people who are affected through loss and stress, and the experience can be traumatic.
We work with many organisations on their cyber security journey. Our advice to everyone remains unchanged: all businesses should first focus on three things to help prevent and be resilient to an attack.
Firstly, ensure your leadership team truly understands your cyber risks and how to manage them. Understand what you are up against, how attackers are operating today, and the most proportionate way to address the risks. This means a boardroom level conversation with cyber security experts.
Secondly, ensure you have an objective assessment of how good your security controls are in protecting you against those risks. Make sure the person doing the assessment is independent enough to tell you where they are gaps that you need to address.
Finally, recognising that we live in the real world and that you can never be 100% bullet proof, prepare to respond to a cyber incident. Make sure you know who will do what, and that you have the resources available to help including out of hours. Rehearse this annually in a boardroom setting; a well-designed rehearsal is also a great way of upskilling the Board.
We are happy to share the benefits of our experience and qualifications in cyber security. Stay vigilant and reach out to us if we can help.
More info: Warning after spike in cyber-attacks in Guernsey - BBC News
Black Arrow Cyber Advisory 23 July 2024 – Splunk Path Traversal Vulnerability
Black Arrow Cyber Advisory 23 July 2024 – Splunk Path Traversal Vulnerability
Executive summary
Organisations using Splunk Enterprise on Windows are advised to apply patches for a high severity vulnerability (CVE-2024-36991) as more than 230,000 internet exposed servers have been identified with this flaw. The vulnerability, which has had a proof of concept released, allows an attacker to performing a directory listing on the Splunk endpoint, which will allow the threat actor to gain unauthorised access to sensitive files in the system.
What’s the risk to me or my business?
While there are currently no reports of this vulnerability being exploited in the wild, there have been several proof of concept (PoC) exploits including one that performs bulk scanning for vulnerable internet-facing endpoints. If the Splunk instance has Splunk Web turned on, an attacker successfully exploiting the vulnerability can gain unauthorised access to sensitive files in the system.
What can I do?
Splunk has released a patch for the affected products which should be applied as soon as possible. The affected products are; Splunk Enterprise versions 9.2, 9.1, and 9.0 on Windows. It is advised to upgrade to 9.2.2, 9.1.5, and 9.0.10, or higher.
Technical Summary
CVE-2024-36991 – This exploit uses a crafted GET request which takes advantage of a vulnerability associated with Path traversal on the “/modules/messaging/” endpoint on Splunk Enterprise for Windows. The vulnerability exists because the Python “os.path.join” function removes the drive letter from path tokens if the drive in the token matches the drive in the built path.
Further information on the Splunk vulnerability can be found here:
https://advisory.splunk.com/advisories/SVD-2024-0711
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Advisory 22 July 2024 – Critical Cisco Secure Email Gateway File Write Vulnerability
Black Arrow Cyber Advisory 22 July 2024 - Critical Cisco Secure Email Gateway File Write Vulnerability
Executive summary
Cisco has released a patch for a critical vulnerability in their Secure Email Gateway (SEG) which could allow attackers to replace any file on the underlying system, add users with root privileges, modify the device configuration or cause permanent denial of service (DoS) conditions on the affected device by sending an email with crafted malicious attachments when file and content analysis is enabled.
What’s the risk to me or my business?
While this vulnerability has not yet been exploited in the wild, the ingress point through emails is of concern since the product is designed to receive and scan emails for malicious content, meaning that an attacker simply has to send a specially crafted email to compromise the device, potentially exposing any emails that are sent/received through the device.
What can I do?
Cisco has released a patch which should be applied as soon as possible, following the organisations software and firmware update procedures, including testing as necessary. Devices which are in the permanently DoS condition will need support from Cisco’s Technical Assistance Center to recover the device to a working state.
Technical Summary
CVE-2024-20401 – This vulnerability, caused by incorrect handling of email attachments with enabled file analysis and content filters, could allow an attacker to replace system files. This could lead to adding root users, altering device settings, running arbitrary code, or causing a permanent DoS condition on the device.
Further information on the Cisco vulnerability can be found here:
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 19 July 2024
Black Arrow Cyber Threat Intelligence Briefing 19 July 2024:
-Crowdstrike: Software Update Triggered Worldwide Microsoft IT Outages
-Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months
-Cyber Criminals Exploit AI for Near-Perfect Phishing Emails
-Hotel Wi-Fi: a Hotspot for Cyber Threats
-Cyber Security Can Be a Businesses Enabler
-Navigating Insider Risks: Are your Employees Enabling External Threats?
-How Tabletop Exercises Can Sharpen Incident Response from Chaos to Calm
-Gap Found Between Data Security Perceptions and Breach Reality
-Why Top Leadership Must Foster a Security-Conscious Culture
-Hackers Use PoC Exploits in Attacks 22 Minutes After Release
-There's No Margin for Error in Cyber Security
-UK to Introduce Watered-Down Version of Mandatory Reporting for Ransomware Attacks
-CISOs Must Shift from Tactical Defence to Strategic Leadership
-One-Third of Dev Professionals Unfamiliar with Secure Coding Practices
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Crowdstrike: Software Update Triggered Worldwide Microsoft IT Outages
A recent report by cyber security firm Crowdstrike reveals that a "defect" in its software update caused major IT outages globally, affecting industries such as airlines, banking, and healthcare. The issue, which impacted Windows operating systems, was identified, isolated, and resolved, but not until a huge amount of disruption had been experienced around the world. American Airlines and other affected services have since restored operations. This incident, the worst since the 2017 WannaCry attack, resulted in a fall of over 20% ($16 billion) in Crowdstrike's value before markets opened. The event raises questions about the resilience of economic infrastructure reliant on concentrated cloud security services.
Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months
A recent report by JumpCloud reveals that 49% of SME IT teams believe they lack the resources to defend against cyber threats. The survey, which included 612 IT decision-makers in the UK and US, found that nearly half (45%) of SMEs experienced a cyber attack in the first half of 2024. Of these, 28% faced two attacks and 17% encountered three. Phishing was the most common attack source (43%), followed by shadow IT (37%) and stolen credentials (33%). The report also highlights that 60% of respondents identified security as their biggest IT challenge, with 84% expressing concern about shadow IT (referring to any software, hardware, or other IT resource that is used within an organisation without the explicit approval, knowledge, or oversight of the IT department). Furthermore, 71% of respondents believe budget cuts would increase organisational risk, underscoring the high threat level SMEs face.
Cyber Criminals Exploit AI for Near-Perfect Phishing Emails
A new report by ReliaQuest reveals cyber criminals exploiting AI tools like ChatGPT for operations, notably creating near-perfect phishing emails with a 2.8% success rate. Although seemingly small, this rate is significant given the vast number of phishing emails sent daily. Criminals bypass AI security filters to generate harmful content, sharing and refining their techniques in cyber criminal forums.
Hotel Wi-Fi: A Hotspot for Cyber Threats
A recent report highlights significant cyber threats associated with hotel Wi-Fi networks, which prioritise guest access over robust security. Hotels had the third-least secure public Wi-Fi as of February 2023. In 2019, none of the 45 hotels across five countries that were tested passed a Wi-Fi hacking test, reflecting widespread vulnerabilities. Hotels are the third most common target for cyber attacks, accounting for 13% of all cyber compromises in 2020. Nearly 31% of hospitality organisations have experienced a data breach, with 89% facing multiple breaches annually. These breaches, averaging $3.4 million in costs, pose severe reputational risks in the competitive hospitality industry, and bigger risks for the hotel guests using them.
Cyber Security Can Be a Business Enabler
Many cyber security leaders tout the notion that cyber security is a business enabler as a way to elevate their personal brand, but the idea is backed up by knowledge and real-world examples. By reducing unnecessary controls and ensuring secure yet functional operations, organisations can enhance productivity and innovation. Effective cyber security can reduce legal fees and financial losses from breaches, while also boosting customer and partner confidence. Furthermore, compliance with regulations enhances business value, and strong security practices can differentiate an organisation from its competitors, fostering growth and trust.
Navigating Insider Risks: Are your Employees Enabling External Threats?
A recent report highlights the growing threat of accidental insiders in network security breaches. These insiders, through negligence or lack of awareness, expose internal weaknesses. Common issues include weak password practices and falling victim to phishing. Such lapses can lead to significant financial losses, reputational damage, and operational disruption. The report highlights the importance of security awareness training and fostering a culture of security to mitigate these risks effectively.
How Tabletop Exercises Can Sharpen Incident Response from Chaos to Calm
Every 39 seconds some company is hit by a cyber attack. Security incidents are a constant threat, an inevitability rather than a possibility. Incident response plans can help organisations with the aftermath of a cyber attack. Effective execution of these plans requires regular practice through tabletop exercises. These hypothetical, scenario-based activities involve key stakeholders and help clarify roles, enhance communication, and build team resilience. By conducting these exercises at least annually, organisations can identify gaps, refine their response plans, and improve overall cyber security awareness. Furthermore, involving internal and/or external stakeholders like legal counsel and law enforcement can enhance coordination during real incidents, ultimately strengthening the organisation's preparedness and response capabilities.
Gap Found Between Data Security Perceptions and Breach Reality
A recent report reveals a significant disparity between organisations' perceptions of data security and the actual frequency of breaches. Despite 63% of organisations believing their security measures are effective, 2023 saw a record-breaking number of data breaches. The report highlights major concerns of data breaches, ransomware, insider threats, and misconfigurations. It found that 72% of organisations use audits and compliance tools to meet regulatory requirements, and 60% employ role-based access control systems. However, ongoing challenges persist, with only 27% adopting data cataloguing tools and many relying on manual processes. The report recommends comprehensive data discovery, automated monitoring, and a zero-trust security model to bridge the gap between perceived and actual data security.
Why Top Leadership Must Foster a Security-Conscious Culture
A recent report highlights the crucial role of organisational culture in building cyber resilience. Despite technical defences, organisations remain vulnerable to cyber attacks due to a vast attack surface. Emphasising collective responsibility, a robust cyber security culture involves all employees, from executives to frontline staff, in protecting digital assets. Leadership is pivotal, requiring a genuine commitment to security, clear communication, and active participation in cyber security initiatives. Transparency and psychological safety are essential, encouraging employees to report suspicious activity without fear. Continuous learning and improvement, beyond mere compliance, are vital to adapting to evolving threats and fostering a security-conscious environment for long-term success.
Hackers Use PoC Exploits in Attacks 22 Minutes After Release
A recent report by Cloudflare reveals that threat actors can weaponise proof-of-concept (PoC) exploits as quickly as 22 minutes after they are made public. Covering activity from May 2023 to March 2024, the report highlights significant threats, including heightened scanning for CVEs (known vulnerabilities) and rapid exploitation attempts. This emphasises the need for robust vulnerability management and timely patching of vulnerable systems.
There's No Margin for Error in Cyber Security
A recent report reveals that human error is responsible for 74% of cyber attacks, with employees using an average of 2.5 devices for work, creating numerous potential breach points. Notable incidents include the 2020 Marriott breach affecting 5.2 million guests, caused by stolen employee credentials, and Sequoia Capital’s 2021 phishing attack. Verizon's report highlights that 49% of breaches begin with compromised credentials. Effective cyber security measures include using unique, complex passwords, enabling multi-factor authentication, updating software regularly, and cautious email practices. Organisations should implement Unified Endpoint Management (UEM) and Identity and Access Management (IAM) solutions, alongside continuous employee training, to mitigate these risks.
UK to Introduce Watered-Down Version of Mandatory Reporting for Ransomware Attacks
A recent announcement from the UK Government reveals plans to introduce the Cyber Security and Resilience Bill, updating the country's cyber security regulations. This new legislation will mandate ransomware attack reporting for regulated entities, addressing record levels of ransomware incidents in British businesses. This measure, part of the King’s Speech, responds to increasing cyber threats impacting public services and infrastructure, such as the recent Russian attack on Synnovis, which is still having repercussions for the NHS weeks later. The bill expands regulatory oversight to include supply chains and demands incident reporting to improve understanding of the cyber crime landscape. Experts highlight the bill’s alignment with the EU’s NIS2 Directive, emphasising the importance of robust security governance and mandatory notification obligations for effective policy design.
CISOs Must Shift from Tactical Defence to Strategic Leadership
A recent report highlights the evolving role of the CISO, demanding a blend of technical expertise and strong diplomatic skills. Despite increased cyber security budgets in 2024, nearly one-third of IT professionals lack documented strategies to address AI risks. The report shows a confidence gap: while 60% of non-IT leaders are confident in their cyber security, only 46% of IT professionals share this view. Moreover, 55% of IT leaders believe non-IT executives do not fully understand vulnerability management , potentially undermining security efforts. Cyber security is now a board-level discussion, CISOs must align technical risks with business priorities, effectively communicating the financial and reputational impacts of cyber threats.
One-Third of Dev Professionals Unfamiliar with Secure Coding Practices
A recent report by OpenSSF and the Linux Foundation underscores the critical need for robust software security as attackers continue to exploit software vulnerabilities. Nearly one-third of development professionals feel unfamiliar with secure software practices, with 69% relying on on-the-job experience, which takes at least five years for basic security familiarity. Lack of time (58%) and inadequate training (50%) are the main barriers to implementing secure development practices. Furthermore, 44% cite a lack of knowledge about good courses as a reason for not pursuing secure software development education. The report advocates for industry-wide efforts and language-agnostic courses to address these educational gaps.
Sources:
https://www.bbc.co.uk/news/live/cnk4jdwp49et
https://securitybrief.co.nz/story/cybercriminals-exploit-chatgpt-for-near-perfect-phishing-emails
https://securityboulevard.com/2024/07/hotel-wi-fi-a-hotspot-for-cyber-threats/
https://www.inforisktoday.com/blogs/cybersecurity-be-businesses-enabler-p-3668
https://thehackernews.com/2024/07/navigating-insider-risks-are-your.html
https://securitybrief.co.nz/story/gap-found-between-data-security-perceptions-breach-reality
https://www.scmagazine.com/perspective/why-top-leadership-must-foster-a-security-conscious-culture
https://therecord.media/uk-cyber-security-resilience-bill-labour-government
https://www.helpnetsecurity.com/2024/07/19/cyber-threats-size-sophistication/
https://www.helpnetsecurity.com/2024/07/19/devs-secure-coding-practices/
Governance, Risk and Compliance
Cyber Security Can Be a Businesses Enabler - InfoRiskToday
Half of SMEs Unprepared for Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)
How Tabletop Exercises Can Sharpen Incident Response From Chaos To Calm (forbes.com)
Gap found between data security perceptions & breach reality (securitybrief.co.nz)
Why top leadership must foster a security-conscious culture | SC Media (scmagazine.com)
Survey: Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months - Security Boulevard
CISOs must shift from tactical defence to strategic leadership - Help Net Security
What savvy hiring execs look for in a CISO today | CSO Online
SMEs vulnerable to cyber security breaches, report reveals - NZ Herald
What business leaders need to know about the Cyber Security and Resilience Bill - Raconteur
Why CISOs should report to the CEO—and not the CIO | Fortune
7 Tips for Navigating Cyber Security Risks in M&As (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks (thehackernews.com)
UK to introduce watered-down version of mandatory reporting for ransomware attacks (therecord.media)
Year-Old Veeam Vulnerability Exploited in Fresh Ransomware Attacks - Security Week
RansomHub Ransomware - What You Need To Know | Tripwire
New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection (thehackernews.com)
BianLian Ransomware Leveraging RDP Credentials To Gain Initial Access (cybersecuritynews.com)
SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks (bleepingcomputer.com)
HardBit Ransomware - What You Need to Know | Tripwire
Digging Into FIN7's Latest Tools and Tactics | Decipher (duo.com)
Using Threat Intelligence to Predict Potential Ransomware Attacks - Security Week
This new ransomware tries to stop victims recovery by using passphrases | TechRadar
Ransomware costs at critical infrastructure orgs soar • The Register
Ransomware Victims
NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack | Computer Weekly
Costs From UnitedHealth's Ransomware Attack Soar to at Least $2.3 Billion (pcmag.com)
CDK Global said to have paid $25M ransom after cyber attack • The Register
AT&T reportedly pays $370K to hackers to delete stolen customer data - SiliconANGLE
'NHS cyber attack delayed my baby son’s life-saving kidney transplant' (inews.co.uk)
AT&T Breach Linked to American Hacker, Telecom Giant Paid $370k Ransom: Reports - Security Week
CDK Global car dealership cyber attack could cost industry $1 billion (qz.com)
London Borough of Hackney reprimanded over cyber attack | Cybernews
A Negligence Case Has Been Filed Against CDK Over Cyber Attack (jalopnik.com)
UK national blood stocks in 'very fragile' state following ransomware attack (therecord.media)
Rite Aid confirms data breach after June ransomware attack (bleepingcomputer.com)
Furniture giant shuts down manufacturing facilities after ransomware attack (therecord.media)
Phishing & Email Based Attacks
Cyber criminals exploit ChatGPT for near-perfect phishing emails (securitybrief.co.nz)
New phishing tactic hijacks email protections to mask links | SC Media (scmagazine.com)
URL protection services used to mask phishing attacks (betanews.com)
Beware of the Latest Phishing Tactic Targeting Employees - Security Boulevard
How to protect your startup from email scams | TechCrunch
Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands - Security Boulevard
Shadowroot Ransomware Lures Turkish Victims via Phishing Attacks (darkreading.com)
Other Social Engineering
Social Engineering Defence - An Emerging Career (govinfosecurity.com)
Artificial Intelligence
Cyber criminals exploit ChatGPT for near-perfect phishing emails (securitybrief.co.nz)
Weaponized AI: The Malicious Mind of Hackers (financemagnates.com)
US Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (thehackernews.com)
Why deepfakes are set to be one of 2024’s biggest cyber security dangers | TechRadar
SAP security holes raise questions about the rush to AI | CSO Online
ChatGPTriage: How can CISOs see and control employees’ AI use? - Help Net Security
White House urged to probe $1.5B G42-Microsoft AI deal • The Register
Mark Cuban: Social media algorithms' influence in 2024 election
Protect AI warns of increasing security risks in open-source AI and ML tools - SiliconANGLE
Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands - Security Boulevard
SMEs looking to MSPs to help with AI and security challenges | Microscope (computerweekly.com)
Mixed reaction from the AI community on King's Speech (datacentrenews.uk)
Malware
Zeus Banking Malware Player Gets 9-Year Prison Term (inforisktoday.com)
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign (thehackernews.com)
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit (thehackernews.com)
Facebook ads for Windows desktop themes push info-stealing malware (bleepingcomputer.com)
DarkGate malware sees boom after the Feds crush Qbot • The Register
Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice | Ars Technica
'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins (thehackernews.com)
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts - Help Net Security
DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls (darkreading.com)
This New "Cluster Bomb" Malware Sounds Deadly, but You Can Avoid It (makeuseof.com)
Iraq-based cyber criminals deploy malicious Python packages to steal data (therecord.media)
Weaponized AWS Packages That Deliver Malware Via JPEG Files (cybersecuritynews.com)
Malware scammers gearing up for 2024 summer Olympics in Paris | SC Media (scmagazine.com)
Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges (darkreading.com)
Revolver Rabbit gang registers 500,000 domains for malware campaigns (bleepingcomputer.com)
Mobile
What is juice jacking? Why you shouldn't use public USB chargers (androidauthority.com)
'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins (thehackernews.com)
Denial of Service/DoS/DDOS
DDoS attacks see a huge rise as criminals get braver and more ambitious | TechRadar
Telecom sees fastest increase in DDoS attacks: Report - RCR Wireless News
Data Breaches/Leaks
AT&T says criminals stole phone records of 'nearly all' customers in new data breach | TechCrunch
AT&T cyber security breach potentially posed 'risk to national security' (lexch.com)
Major data breaches that have rocked organisations in 2024 - Help Net Security
US Data Breach Victim Numbers Increase by 1,000%, Literally (darkreading.com)
Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages | WIRED
Snowflake Account Attacks Driven by Exposed Legitimate Credentials (darkreading.com)
Over 400,000 Life360 user phone numbers leaked via unsecured API (bleepingcomputer.com)
Rite Aid confirms data breach after June ransomware attack (bleepingcomputer.com)
Stalkerware vendor mSpy breached for a third time • The Register
Organised Crime & Criminal Actors
Weaponized AI: The Malicious Mind of Hackers (financemagnates.com)
Well-Established Cyber Criminal Ecosystem Blooms in Iraq (darkreading.com)
Digging Into FIN7's Latest Tools and Tactics | Decipher (duo.com)
Iraq-based cyber criminals deploy malicious Python packages to steal data (therecord.media)
Why OT has become a hot target for cyber criminals | SC Media (scmagazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
DNS hijacks target crypto platforms registered with Squarespace (bleepingcomputer.com)
Dough Finance loses $1.8M in flash loan attack (cointelegraph.com)
North Korean Cyber Threats Escalate with Crypto Job Posting Hacks, Report Reveals (bitcoinist.com)
WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach (thehackernews.com)
North Korea may have attacked Indian crypto exchange WazirX • The Register
Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands - Security Boulevard
Insider Risk and Insider Threats
How to Protect Your Business From Insider Threats | HackerNoon
Navigating Insider Risks: Are your Employees Enabling External Threats? (thehackernews.com)
Australian Defence Force Private and Husband Charged with Espionage for Russia (thehackernews.com)
Australian Spycatchers Snatch Pair of Married Russian Operatives (darkreading.com)
Pentagon Leaker Jack Teixeira to Face Military Court-Martial, Air Force Says - Security Week
Insurance
Cyber insurance: How to achieve the right coverage | SC Media (scmagazine.com)
Supply Chain and Third Parties
NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack | Computer Weekly
AT&T cyber security breach potentially posed 'risk to national security' (lexch.com)
Cloud/SaaS
Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice | Ars Technica
Weaponized AWS Packages That Deliver Malware Via JPEG Files (cybersecuritynews.com)
Encryption
Encrypted traffic: A double-edged sword for network defenders - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Snowflake Account Attacks Driven by Exposed Legitimate Credentials (darkreading.com)
Social Media
Facebook ads for Windows desktop themes push info-stealing malware (bleepingcomputer.com)
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts - Help Net Security
My LinkedIn account was hacked: I don't use it but I fixed it fast. Here's why and how | ZDNET
Is Musk’s X Using Dark Patterns To Trick Users? EU Says ‘Yes’
Mark Cuban: Social media algorithms' influence in 2024 election
Malvertising
'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins (thehackernews.com)
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts - Help Net Security
What is malvertising? And how to protect yourself against it | PCWorld
Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges (darkreading.com)
Regulations, Fines and Legislation
The Impact of SEC Cyber Rules on Corporate Risk Management - Security Boulevard
What business leaders need to know about the Cyber Security and Resilience Bill - Raconteur
UK to introduce watered-down version of mandatory reporting for ransomware attacks (therecord.media)
Will Smaller Companies Buckle Under the SEC's New Requirements? (darkreading.com)
CDK hack shows SEC disclosure standards are unsettled | CyberScoop
Labour unveils AI, cyber security goals in King’s Speech (techmonitor.ai)
The Strategic Defence Review must maintain a cyber focus - LBC
London Borough of Hackney reprimanded over cyber attack | Cybernews
Judge dismisses much of SEC suit against SolarWinds over cyber security disclosures | CyberScoop
Preparing for the EU Cyber Resilience Act (techuk.org)
Models, Frameworks and Standards
What is NIST Compliance? A Guide to NIST Standards, Framework & Controls - Security Boulevard
Decoding NIS2 to Secure Your Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)
5 Things We've Learned From 10 Years Of Cyber Essentials (forbes.com)
Careers, Working in Cyber and Information Security
What savvy hiring execs look for in a CISO today | CSO Online
Managing exam pressure: Tips for certification preparation - Help Net Security
Social Engineering Defence - An Emerging Career (govinfosecurity.com)
The Need to Recruit Cyber Talent in the Government (darkreading.com)
3 Free Online Cyber Security Courses With Certificates (forbes.com)
Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills (darkreading.com)
What a cyber security analyst does and how to become one | TechTarget
Teams facing 'alert fatigue' need certainty | Professional Security
The cyber security skills gap and breaches | SC Media (scmagazine.com)
Law Enforcement Action and Take Downs
Zeus Banking Malware Player Gets 9-Year Prison Term (inforisktoday.com)
DarkGate malware sees boom after the Feds crush Qbot • The Register
Pentagon Leaker Jack Teixeira to Face Military Court-Martial, Air Force Says - Security Week
Misinformation, Disinformation and Propaganda
US Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (thehackernews.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Weaponised AI: The Malicious Mind of Hackers (financemagnates.com)
NATO to Establish Integrated Cyber Security Centre in Europe (thedefensepost.com)
IDF Has Rebuffed 3B Cloud Cyber Attacks Since Oct. 7, Colonel Claims (darkreading.com)
TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks (thehackernews.com)
Nation State Actors
China
Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges (darkreading.com)
China-linked APT17 Targets Italian Companies with 9002 RAT Malware (thehackernews.com)
Russia
APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer - Security Week
For MSPs, Kaspersky’s US exit is a reminder to not ignore geopolitics - Security - CRN Australia
US Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (thehackernews.com)
Kaspersky Exits US Market Following Commerce Department Ban (thehackernews.com)
Surge in cyber attacks after Romania donates Patriot to Ukraine - Verdict
Void Banshee APT exploited "lingering Windows relic" in zero-day attacks - Help Net Security
Putin's Spies Are a Threat to Paris Olympics, Google Warns - Newsweek
Australian Spycatchers Snatch Pair of Married Russian Operatives (darkreading.com)
Kaspersky offers free security software for six months in US goodbye (bleepingcomputer.com)
Iran
Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks (thehackernews.com)
New BugSleep malware implant deployed in MuddyWater attacks (bleepingcomputer.com)
IDF Has Rebuffed 3B Cloud Cyber Attacks Since Oct. 7, Colonel Claims (darkreading.com)
North Korea
DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls (darkreading.com)
Defending against APTs: A learning exercise with Kimsuky (securitybrief.co.nz)
North Korean Cyber Threats Escalate with Crypto Job Posting Hacks, Report Reveals (bitcoinist.com)
WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
For MSPs, Kaspersky’s US exit is a reminder to not ignore geopolitics - Security - CRN Australia
Damaged Internet Subsea Cables Repaired in Red Sea Amid Militant Attacks on Ships – BNN Bloomberg
Disney faces potential data breach, hacker group claims massive leak (computing.co.uk)
Stalkerware vendor mSpy breached for a third time • The Register
Tools and Controls
How Tabletop Exercises Can Sharpen Incident Response From Chaos To Calm (forbes.com)
The Impact of SEC Cyber Rules on Corporate Risk Management - Security Boulevard
Decoding NIS2 to Secure Your Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)
Encrypted traffic: A double-edged sword for network defenders - Help Net Security
BianLian Ransomware Leveraging RDP Credentials To Gain Initial Access (cybersecuritynews.com)
API Transformation Cyber Risks and Survival Tactics - Security Boulevard
Threat Prevention & Detection in SaaS Environments - 101 (thehackernews.com)
Overlooked essentials: API security best practices - Help Net Security
FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums (thehackernews.com)
Risk related to non-human identities: Believe the hype, reject the FUD - Help Net Security
Cloudflare reports almost 7% of internet traffic is malicious | ZDNET
Using Threat Intelligence to Predict Potential Ransomware Attacks - Security Week
Teams facing 'alert fatigue' need certainty | Professional Security
One-third of dev professionals unfamiliar with secure coding practices - Help Net Security
20 Million Trusted Domains Vulnerable to Email Hosting Exploits (darkreading.com)
6 Steps to Build an Incident Response Workflow for Your Business - Security Boulevard
DNS hijacks target crypto platforms registered with Squarespace (bleepingcomputer.com)
Cyber insurance: How to achieve the right coverage | SC Media (scmagazine.com)
Firms skip security reviews of updates about half the time • The Register
Securing datacenters may soon need sniffer dogs • The Register
Other News
SMEs vulnerable to cyber security breaches, report reveals - NZ Herald
IT providers must navigate AI, cyber security, efficiency and economic fluctuations – Channel EYE
Hotel Wi-Fi: A Hotspot for Cyber Threats - Security Boulevard
How Startups Can Bolster Defences as Cyber Threats Loom in Cloud Era | HackerNoon
Staying Safe on the Go: Insider Risk and Travel Security Tips - Security Boulevard
CISA broke into US federal agency, wasn't spotted for months • The Register
UK Retailers Most Concerned About Cyber, Data Security Risks, Study Finds | ESM Magazine
Improving cyber resilience of frontline forces in Europe - GOV.UK (www.gov.uk)
Defending OT Requires Agility, Proactive Controls (darkreading.com)
MSP security confidence remains high despite facing a torrent of cyber threats | ITPro
Paris 2024 Olympics to face complex cyber threats - Help Net Security
Automated Threats Pose Increasing Risk to the Travel Industry (thehackernews.com)
Vulnerability Management
Hackers use PoC exploits in attacks 22 minutes after release (bleepingcomputer.com)
ZDI shames Microsoft for coordinated vuln disclosure snafu • The Register
Microsoft is changing how it delivers Windows updates: 4 things you need to know | ZDNET
Firms skip security reviews of updates about half the time • The Register
Vulnerabilities
CrowdStrike code update bricking PCs around the world • The Register
Critical Exim bug bypasses security filters on 1.5 million mail servers (bleepingcomputer.com)
Year-Old Veeam Vulnerability Exploited in Fresh Ransomware Attacks - Security Week
GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln (darkreading.com)
APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer - Security Week
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (thehackernews.com)
Attacks Exploiting Internet Explorer Persist | MSSP Alert
Chrome 126 Updates Patch High-Severity Vulnerabilities - Security Week
Oracle Patches 240 Vulnerabilities With July 2024 CPU - Security Week
Recent Adobe Commerce Vulnerability Exploited in Wild - Security Week
Cyber Security teams advised to look out for critical Adobe, Cisco bugs | SC Media (scmagazine.com)
20 Million Trusted Domains Vulnerable to Email Hosting Exploits (darkreading.com)
Cisco Releases Security Updates for Multiple Products | CISA
Netgear warns users to patch auth bypass, XSS router flaws (bleepingcomputer.com)
Void Banshee APT exploited "lingering Windows relic" in zero-day attacks - Help Net Security
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (bleepingcomputer.com)
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Updated: Black Arrow Cyber Alert 19 July 2024 – IT outages causing chaos worldwide, airports, airlines, hospitals, emergency services, shipping, media, banks affected - CrowdStrike blamed
Black Arrow Cyber Alert 19 July 2024 – IT outages causing chaos worldwide, airports, airlines, hospitals, emergency services, shipping, media, banks affected - CrowdStrike and Microsoft Azure blamed
Update: We can now confirm from statements provided by both Microsoft and CrowdStrike that a Crowdstrike content update was the cause of the outage
Executive summary
Black Arrow is aware of ongoing outages affecting airlines, media outlets, stock exchanges, shipping, hospitals, emergency services, banks globally.
This is an ongoing and unfolding situation which we will continue to monitor and update.
These disruptions appear to have occurred due to recent updates from both CrowdStrike and Microsoft, resulting in device access issues and Blue Screen errors. CrowdStrike has identified the problematic update and taken corrective action. For affected users,the advice is to boot into Safe Mode or the Windows Recovery Environment, navigating to the C:\Windows\System32\drivers\CrowdStrike directory, and deleting the file corresponding to C-0000029*.sys.
For the latest updates on this story further information can be found on the BBC:
https://www.bbc.co.uk/news/live/cnk4jdwp49et?post=asset%3Aaaba3e5c-a8b0-4d60-bcde-32c1e3a6c2a3#post
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 12 July 2024
Black Arrow Cyber Threat Intelligence Briefing 12 July 2024:
-New Study Reveals UK Businesses at Risk from Imminent Cyber Attacks
-The Escalating War Against Email-Based Espionage and Fraud
-Trade the Comfort of Security Theatre for True Security
-Traditional Cyber Security Measures are No Longer Enough
-Threats to NATO Countries Escalate, as NATO Outlines Internet Doomsday Plan
-In Ransomware Attacks, Expect to Lose 43 Percent of Affected Data Even if You Pay
-New Ransomware Scam Will Hassle You with Phone Calls Until You Pay Up
-China's APT40 Gang is Attacking Vulnerabilities Within Hours of Public Release
-New Survey: Generative AI and Phishing Concerns, Employees Put Corporate Data at Risk
-The Urgent Need for Digital Executive Protection: A CEO’s Perspective
-Businesses Must do Better to Understand Complexity of Business Email Compromise
-Ransomware Surges Annually Despite Law Enforcement Takedowns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
New Study Reveals UK Businesses at Risk from Imminent Cyber Attacks
A recent report by Cloudflare reveals that 70% of UK business leaders anticipate a cyber security incident within the next year, yet only 35% feel adequately prepared. The survey, involving over 4,000 business and technology leaders across Europe, highlights that 48% of UK organisations have faced a cyber security incident in the past 12 months, the highest in Europe. 80% of UK leaders report an increase in cyber incidents, with 60% expecting this trend to continue.
The Escalating War Against Email-Based Espionage and Fraud
A recent report highlights the rapid rise in email-based cyber crime, with cyber criminals sending an estimated 3.4 billion malicious emails daily, contributing to over $43 billion in business email compromise losses since 2016. Traditional email security measures are proving inadequate, prompting the need for proactive solutions like DMARC (Domain-based Message Authentication, Reporting & Conformance). Acting as an identity check for emails, DMARC can reduce email impersonation threats by over 90% when enforced correctly. However, global adoption remains slow at 30%, hindered by perceived complexity. New zero-trust email authentication tools are simplifying deployment, promising faster and more effective domain protection.
Trade the Comfort of Security Theatre for True Security
A recent article highlights the prevalence of "security theatre," where companies focus on creating an illusion of robust cyber security rather than implementing substantial defensive measures. Despite these superficial efforts, organisations continue to face lawsuits, fines, and regulatory scrutiny over their inadequate data protection practices. The article underscores the need for genuine cyber security programmes, driven by actual risk mitigation to protect against the rising tide of cyber threats rather than marketing tactics and checklist compliance. Regulatory bodies in the EU and the US are intensifying their focus, with fines reaching up to 7% of global revenue for breaches.
Traditional Cyber Security Measures are No Longer Enough
A recent report by LogRhythm highlights that traditional cyber security measures are insufficient against sophisticated AI-powered attacks, necessitating agile and adaptive strategies. According to the 'State of the Security Team’ report, 95% of companies adjusted their security strategies in the past year due to evolving threats, regulatory changes, and AI adoption. Additionally, 78% of professionals now hold cyber security leaders and CEOs accountable for breaches. The widespread adoption of cloud computing and remote work has expanded the attack surface, underscoring the need for robust cloud security practices, comprehensive security training, and advanced threat detection technologies.
Threats to NATO Countries Escalate, as NATO Outlines Internet Doomsday Plan
A Mandiant report reveals increasing cyber attack risks for NATO countries from state-sponsored actors, hacktivists, and criminals. Russia’s invasion of Ukraine drives many attacks, while China's espionage targets NATO intel and trade secrets. Cyber threats extend beyond military targets, impacting hospitals and civil infrastructure, with ransomware attacks on healthcare and government services escalating due to lax cyber crime enforcement.
NATO has recently outlined plans to safeguard subsea internet cables, a favoured target of nation state actors, and the data carried by these cables by rerouting to satellites in case of disruptions. This system, part of the HEIST project, involves researchers from the US, Iceland, Sweden, and Switzerland, supported by NATO's Science for Peace and Security Programme. By detecting disturbances in undersea cables and ensuring uninterrupted communication, the project addresses heightened concerns over global instability and threats to critical infrastructure.
In Ransomware Attacks, Expect to Lose 43 Percent of Affected Data Even if You Pay
A recent report by Veeam highlights the pervasive threat of ransomware, with the endemic impacting 3 out of 4 organisations in 2023. In many cases only 57% of compromised data was recoverable, leaving 43% lost. The report indicates that 81% of affected organisations paid ransoms, yet one-third failed to recover their data even after paying. Additionally, 63% of organisations risk reintroducing infections during recovery due to pressure to restore quickly. Despite increased focus on cyber preparedness, 63% of organisations find their backup and cyber teams misaligned.
New Ransomware Scam Will Hassle You with Phone Calls Until You Pay Up
A recent report reveals that a new ransomware group, Volcano Demon, has emerged, harassing its victims via phone until payment is made. The group has targeted several organisations in the past weeks, deploying an encryptor named LukaLocker. This ransomware maps and exfiltrates sensitive files before encrypting them, adding a .nba extension, which works on both Windows and Linux systems. Notably, Volcano Demon does not operate a data leak site but instead directly contacts company leadership to negotiate payments, often using threatening tones. Additionally, LukaLocker can disable most antivirus processes and clear logs, complicating forensic investigations. Limited logging and monitoring solutions among victims exacerbate the issue.
China's APT40 Gang is Attacking Vulnerabilities Within Hours of Public Release
A recent advisory led by Australia, with contributions from seven other nations, details the sophisticated methods of the China-aligned threat actor APT40, also known as Kryptonite Panda and Gingham Typhoon. This state-sponsored group is adept at exploiting new vulnerabilities within hours, as well as targeting unpatched systems dating back to 2017 such as Log4J and Microsoft Exchange. APT40 employs compromised devices, including small-office/home-office equipment, to launch attacks, masking their activities as legitimate traffic. The advisory recommends basic cyber security practices like logging, patch management, and network segmentation to defend against APT40's persistent threats.
New Survey: Generative AI and Phishing Concerns, Employees Put Corporate Data at Risk
A study by Censuswide reveals that 74% of security professionals express confidence in their IT departments, yet over half have experienced a data breach recently. The misuse of generative AI, particularly deepfake phishing attacks, is cited as a significant threat. All types of phishing, along with poor software design, ransomware, and zero-day threats are top concerns, with 55% of experts admitting to not conducting regular security audits. Cloud security issues, especially incorrectly set identity and access management policies, are also highlighted. Additionally, trust in employees is dwindling, with 63% of IT security decision-makers in the UK and US expecting remote workers to put corporate data at risk. Notably, 55% reported these workers have knowingly jeopardised data security, and 73% lack the necessary skills and technology to keep data safe. This underscores the urgent need for improved training and robust security measures.
The Urgent Need for Digital Executive Protection: A CEO’s Perspective
A recent article highlights the urgent need for Digital Executive Protection amidst increasing cyber threats. Cyber criminals are now targeting executives personally, endangering both their personal integrity and their companies' credibility and market perception. A cyber attack on a CEO can lead to severe consequences, including data breaches and financial losses. The sophistication of phishing attempts, ransomware, and social engineering tactics demands advanced security measures tailored for high-value targets. By prioritising their own digital security, executives can ensure business continuity, safeguard confidential information, and set a precedent for a robust corporate security posture, thereby protecting both their personal and professional integrity.
Businesses Must do Better to Understand Complexity of Business Email Compromise
A recent report highlights Business Email Compromise (BEC) as one of the most financially damaging cyber threats. BEC attacks, involving impersonation schemes where cyber criminals masquerade as trusted entities, are increasing in frequency and sophistication. The FBI’s Internet Crime Complaint Center reports annual economic losses from BEC attacks in the billions of dollars. Organisations must enhance their understanding and defences against BEC to protect their assets, reputation, and operations from severe financial losses and regulatory penalties.
Ransomware Surges Annually Despite Law Enforcement Takedowns
A recent report by Symantec reveals a 9% year-on-year increase in ransomware attacks advertised on leak sites in Q1 2024, with 962 claimed attacks. Despite law enforcement actions against major groups like ALPHV/BlackCat and LockBit, the latter remains the top threat, responsible for over 20% of all claimed attacks. Known vulnerabilities continue to be the primary vector for these attacks.
Sources:
https://www.afcea.org/signal-media/cyber-edge/escalating-war-against-email-based-espionage-and-fraud
https://www.darkreading.com/cyber-risk/trade-the-comfort-of-security-theater-for-true-security
https://www.techradar.com/pro/traditional-cybersecurity-measures-are-no-longer-enough
https://www.msspalert.com/brief/escalating-cyber-threats-faced-by-nato-countries
https://www.tomshardware.com/tech-industry/nato-outlines-internet-doomsday-plan
https://www.theregister.com/2024/07/09/apt_40_tradecraft_advisory/
https://www.infosecurity-magazine.com/news/ransomware-surges-2024-law/
Governance, Risk and Compliance
Traditional cyber security measures are no longer enough | TechRadar
Cloudflare Study: UK Businesses are at Risk of Cyber Attacks (itsecuritywire.com)
The Escalating War Against Email-Based Espionage and Fraud | AFCEA International
5 Key Questions CISOs Must Ask Themselves About Their Cyber Security Strategy (thehackernews.com)
Cyber security pros don't like being ignored (betanews.com)
Trade the Comfort of Security Theater for True Security (darkreading.com)
The Urgent Need for Digital Executive Protection: A CEO's Perspective - Security Boulevard
More than a CISO: the rise of the dual-titled IT leader | CSO Online
Survey Sees Modern CISOs Becoming More Comfortable With Risk - Security Boulevard
A CISO's Guide to Avoiding Jail After a Breach (darkreading.com)
5 Steps CISOs Can Take to Ensure Resilience (informationweek.com)
It’s Time to Reassess Your Cyber Security Priorities - Security Week
Three pillars of cyber | Professional Security
The Future Of Cyber Security: Emerging Threats And How To Combat Them (forbes.com)
Top priorities for compliance leaders this year - Help Net Security
Deconstructing Security Assumptions to Ensure Future Resilience (darkreading.com)
Managing cyber attack fallout: Financial and operational damage - Help Net Security
Applying Bloch’s Philosophy to Cyber Security - Security Boulevard
Cyber Security Success Hinges on Leadership, Not Just Tech (inforisktoday.com)
Threats
Ransomware, Extortion and Destructive Attacks
This new ransomware scam will hassle you with phone calls until you pay up | TechRadar
Victims of cyber extortion and ransomware increase in 2024 | SC Media (scmagazine.com)
LockBit 3.0: The Rising Costs of Ransomware Attacks - Security Boulevard
Ransomware gangs invest in custom data stealing malware • The Register
New Ransomware Group Exploiting Veeam Backup Software Vulnerability (thehackernews.com)
Ransomware gangs increasingly exploiting vulnerabilities | TechTarget
Akira Ransomware: Lightning-Fast Data Exfiltration in 2-Ish Hours (darkreading.com)
In ransomware attacks, expect to lose 43 percent of affected data - eCampus News
NHS cyber security: Ex security chief warns of future attacks - BBC News
New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems (thehackernews.com)
Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi (darkreading.com)
CISA Advises Against Paying Ransom, But Rules Out a Ban | MSSP Alert
Risk & Repeat: Hacks, lies and LockBit | TechTarget
An In-Depth Look at Crypto-Crime in 2023 Part 1 | Trend Micro (US)
Evolving ransomware attack techniques examined | SC Media (scmagazine.com)
Fujitsu Suffers Worm-Like Attack From Something That Wasn't Ransomware (darkreading.com)
Envisioning cyber resilience beyond ransom payments - SiliconANGLE
Avast releases DoNex ransomware decryptor • The Register
CISA director says banning ransomware payments is off the table (securityintelligence.com)
Cisco Talos: Top Ransomware TTPs Exposed (techrepublic.com)
Emulating the Long-Term Extortionist Nefilim Ransomware - Security Boulevard
Ransomware Victims
Evolve Bank says ransomware gang stole personal data on millions of customers | TechCrunch
The untold impact of Qilin's attack on London hospitals • The Register
Nearly 800,000 affected by children’s hospital ransomware attack | Security Magazine
Patelco faces multiple lawsuits over ransomware attack | American Banker
Hackers leak 170k Taylor Swift ’s ERAS Tour Barcodes (securityaffairs.com)
Indonesian National Data Center Breach Traced to Weak Password: 'Admin#1234' (jakartaglobe.id)
STORMOUS Ransomware Group Claiming Breach of HITC Telecom (cybersecuritynews.com)
‘Serious hacker attack’ forces Frankfurt university to shut down IT systems (therecord.media)
Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events (bleepingcomputer.com)
Ransomware attack on blood-testing service puts lives in danger in South Africa (bitdefender.com)
NTT Data Romania, hacked (romaniajournal.ro)
Phishing & Email Based Attacks
The Escalating War Against Email-Based Espionage and Fraud | AFCEA International
New 'FishXProxy' phishing kit lowers entry bar for cyber attacks - SiliconANGLE
Spear phishing techniques in mass phishing: a new trend | Securelist
Why You Might Be Getting Spam Emails From Yourself (slashgear.com)
How do cryptocurrency drainer phishing scams work? (talosintelligence.com)
The New Battlefield in Banking: Defending Against Phishing Scams (financemagnates.com)
The 9 most common phishing scam types, explained | PCWorld
State, local governments facing deluge of phishing attacks | SC Media (scmagazine.com)
The FIA has been hacked after workers fell for a phishing attack | TechRadar
BEC
The 9 most common phishing scam types, explained | PCWorld
Other Social Engineering
This new ransomware scam will hassle you with phone calls until you pay up | TechRadar
Euro Vishing Fraudsters Add Physical Intimidation to Arsenal (darkreading.com)
Google Fi's 'Number Lock' adds protection against SIM swaps - here's how to enable it | ZDNET
Revealed the cyber security risks of working in public places | theHRD (thehrdirector.com)
The 9 most common phishing scam types, explained | PCWorld
Artificial Intelligence
OpenAI breach is a reminder that AI companies are treasure troves for hackers | TechCrunch
Bring Your Own AI to Work Creates a Haven for Cyber Attackers (technewsworld.com)
Human Vigilance is Required Amid AI-Generated Cyber Security Threats - Security Boulevard
Top 10 AI Security Risks for 2024 | Trend Micro (US)
Security, privacy, and generative AI | InfoWorld
Winner takes Al | Professional Security
ChatGPT for Mac app flaw left users' chat history exposed (bitdefender.com)
Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge? - Security Week
ChatGPT 4 exploits 87% of vulnerabilities (devx.com)
When implementing AI, first train your managers | ZDNET
Privacy & Security Concerns With AI Meeting Tools (darkreading.com)
Cyber Security Success Hinges on Leadership, Not Just Tech (inforisktoday.com)
Most Security Pros Admit Shadow SaaS and AI Use - Infosecurity Magazine (infosecurity-magazine.com)
2FA/MFA
Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers - MacRumors
Hackers abused API to verify millions of Authy MFA phone numbers (bleepingcomputer.com)
Multifactor Authentication Shouldn't Be Optional (govinfosecurity.com)
Gmail Users Offered Free Top Tier Security Upgrade—Say Goodbye To 2FA (forbes.com)
Malware
Botnets are being sold on the dark web for as little as $99 | ITPro
GootLoader is still active and efficient (securityaffairs.com)
Security Bite: Mac Malware wreaking the most havoc in 2024 - 9to5Mac
Ransomware gangs invest in custom data stealing malware • The Register
GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel (thehackernews.com)
ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks (thehackernews.com)
Fujitsu Suffers Worm-Like Attack From Something That Wasn't Ransomware (darkreading.com)
Hackers Resurrect Internet Explorer to Attack Windows PCs (pcmag.com)
Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk (thehackernews.com)
350 million people downloaded insecure browser extensions over two years | Cybernews
Hackers Weaponizing Shortcut Files With Zero-day Tricks (cybersecuritynews.com)
Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison | WIRED
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack (thehackernews.com)
Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware (securityaffairs.com)
GuardZoo spyware used by Houthis to target military personnel - Help Net Security
Mac Security: How secure is a Mac, is macOS more secure than Windows? | Macworld
Mobile
New Google Play Store Warning As Dangerous Threat Returns (forbes.com)
Europol says mobile roaming tech is hampering crimefighters • The Register
Hackers abused API to verify millions of Authy MFA phone numbers (bleepingcomputer.com)
Examining the impact of cyber crime and online fraud | TechRadar
A simple firmware update completely hides a device's Bluetooth fingerprint (techxplore.com)
Apple warns iPhone users in 98 countries of spyware attacks | TechCrunch
Every Phone Can ID Your Router—Here's How to Stop It | PCMag
Google is opening its dark web reports to all users free of charge | TechSpot
How to protect Apple ID and avoid scams - 9to5Mac
How to clear your Google search cache on Android (and why you should) | ZDNET
Denial of Service/DoS/DDOS
OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers (thehackernews.com)
Internet of Things – IoT
How to clear the cache on your TV (and why you should do it) | ZDNET
Data Breaches/Leaks
OpenAI breach is a reminder that AI companies are treasure troves for hackers | TechCrunch
Hacker Stole Secrets From OpenAI - Security Week
Hackers stole OpenAI secrets in a 2023 security breach (securityaffairs.com)
Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers - MacRumors
OpenAI hit by two big security issues this week (engadget.com)
Shopify denies it was hacked, links stolen data to third-party app (bleepingcomputer.com)
Fujitsu Suffers Worm-Like Attack From Something That Wasn't Ransomware (darkreading.com)
The FIA has been hacked after workers fell for a phishing attack | TechRadar
Cyber Confidence at MSPs high, despite falling victim to data breaches - IT Security Guru
General Motors reports “suspicious activity” within certain GM accounts | Cybernews
Ticketmaster hack: Customers told to sign up to security service - BBC News
Hackers leak 170k Taylor Swift ’s ERAS Tour Barcodes (securityaffairs.com)
NTT Data Romania, hacked (romaniajournal.ro)
Top cyber agency still unsure of fallout months after hack - Washington Times
Computer maker Zotac exposed customers' RMA info on Google Search (bleepingcomputer.com)
Fujitsu confirms customer data exposed in March cyber attack (bleepingcomputer.com)
Neiman Marcus data breach: 31 million email addresses found exposed (bleepingcomputer.com)
Philhealth: Victims of data leak not yet notified of hacking’s extent (inquirer.net)
ChatGPT for Mac app flaw left users' chat history exposed (bitdefender.com)
Heritage Foundation Exec Threatens 'Gay Furry Hackers' in Unhinged Texts (rollingstone.com)
Mastodon: Security flaw allows unauthorized access to posts (stackdiary.com)
Advance Auto Parts data breach impacts 2.3 million people (bleepingcomputer.com)
Organised Crime & Criminal Actors
New 'FishXProxy' phishing kit lowers entry bar for cyber attacks - SiliconANGLE
An In-Depth Look at Crypto-Crime in 2023 Part 1 | Trend Micro (US)
Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison | WIRED
How AI helps decode cyber criminal strategies - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers Have Stolen $1.38 Billion in Crypto So Far This Year (pcmag.com)
How do cryptocurrency drainer phishing scams work? (talosintelligence.com)
An In-Depth Look at Crypto-Crime in 2023 Part 1 | Trend Micro (US)
Insider Risk and Insider Threats
Fears escalate that employees will put corporate data at risk | theHRD (thehrdirector.com)
Insurance
Cyber Insurance Prices Plummet as Market Competition Grows (darkreading.com)
Supply Chain and Third Parties
Shopify denies it was hacked, links stolen data to third-party app (bleepingcomputer.com)
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack (thehackernews.com)
Are SOC 2 Reports Sufficient for Vendor Risk Management? (darkreading.com)
Addressing third-party security risks - FreightWaves
Cloud/SaaS
OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers (thehackernews.com)
SaaS Security in Europe: A Report Card - Infosecurity Magazine (infosecurity-magazine.com)
Multifactor Authentication Shouldn't Be Optional (govinfosecurity.com)
The Crucial Role Of Browser Context In Modern Cyber Security (forbes.com)
Most Security Pros Admit Shadow SaaS and AI Use - Infosecurity Magazine (infosecurity-magazine.com)
Security pros use unauthorized SaaS apps despite the risk (betanews.com)
73% of security pros use unauthorized SaaS applications - Help Net Security
Encryption
Linux and Open Source
New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems (thehackernews.com)
OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable • The Register
Do you need antivirus on Linux? | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
Indonesian National Data Center Breach Traced to Weak Password: 'Admin#1234' (jakartaglobe.id)
General Motors reports “suspicious activity” within certain GM accounts | Cybernews
Back to Basics of Automated Attacks: Account Takeover | Fastly
Time to see past the blind spots of account takeover | SC Media (scmagazine.com)
Self-service password reset: How the cure could introduce more security ills (betanews.com)
Training, Education and Awareness
Human Vigilance is Required Amid AI-Generated Cyber Security Threats - Security Boulevard
When implementing AI, first train your managers | ZDNET
Training, awareness key to preventing cyber attacks | Country 94
Regulations, Fines and Legislation
Vinted Fined €2.3m Over Data Protection Failure - Infosecurity Magazine (infosecurity-magazine.com)
What You Need to Know About the EU Cyber Resilience Act - Security Boulevard
How to Prepare for the EU’s NIS2 Directive - Security Boulevard
CISA Advises Against Paying Ransom, But Rules Out a Ban | MSSP Alert
The New Battlefield in Banking: Defending Against Phishing Scams (financemagnates.com)
A CISO's Guide to Avoiding Jail After a Breach (darkreading.com)
A Comprehensive Guide to the Digital Operational Resilience Act (DORA) - Security Boulevard
CISA director says banning ransomware payments is off the table (securityintelligence.com)
Supreme Court Ruling Threatens the Framework of Cyber Security Regulation - Security Week
Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge? - Security Week
A CISO's Summary Of The Cyber Resilience Act (forbes.com)
Models, Frameworks and Standards
OWASP Penetration Testing: Methodology, Kit, Checklist (Downloadable) - Security Boulevard
A Comprehensive Guide to the Digital Operational Resilience Act (DORA) - Security Boulevard
Are SOC 2 Reports Sufficient for Vendor Risk Management? (darkreading.com)
Data Protection
Vinted Fined €2.3m Over Data Protection Failure - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
What Kind of People Do Cyber Security for a Living? (databreachtoday.co.uk)
5 Ways to Run Security as a Meritocracy (darkreading.com)
Diversifying cyber teams to tackle complex threats - Help Net Security
Three critical steps to close the cyber security talent gap, once and for all | VentureBeat
Organisations change recruitment strategies to find cyber talent - Help Net Security
Exploring the root causes of the cyber security skills gap - Help Net Security
Most Security Pros Admit Shadow SaaS and AI Use - Infosecurity Magazine (infosecurity-magazine.com)
Security pros use unauthorized SaaS apps despite the risk (betanews.com)
73% of security pros use unauthorized SaaS applications - Help Net Security
Law Enforcement Action and Take Downs
Europol says mobile roaming tech is hampering crimefighters • The Register
Risk & Repeat: Hacks, lies and LockBit | TechTarget
Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison | WIRED
Cyber stalking expert jailed after 'grotesque' online threats • The Register
FBI, cyber cops zap 968 'Russian AI disinfo' Twitter bots • The Register
Misinformation, Disinformation and Propaganda
How Disinformation From a Russian AI Spam Farm Ended up on Top of Google Search Results | WIRED
US intel officials: Kremlin once again prefers Trump | CyberScoop
Feds Uncover Sprawling, GenAI-Enabled Russian Troll Farm (darkreading.com)
FBI, cyber cops zap 968 'Russian AI disinfo' Twitter bots • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The Escalating War Against Email-Based Espionage and Fraud | AFCEA International
Escalating Cyber Threats Faced by NATO Countries | MSSP Alert
NATO members increasingly targeted by state-sponsored cyber attacks | SC Media (scmagazine.com)
Allies Agree New NATO Integrated Cyber Defence Center – Eurasia Review
Allies Agree New NATO Integrated Cyber Defence Center – Eurasia Review
Nation State Actors
China
China’s APT40 gang can attack new vulns within hours • The Register
Eight Nations Issue Warning About Speed Of Chinese Hackers’ Operations (forbes.com)
Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk (thehackernews.com)
Australia accuses China-backed hackers of breaching government networks (ft.com)
Global Coalition Blames China’s APT40 for Hacking Government Networks - Security Week
China-Made Tech Discovered at Taiwanese Army Base (thedefensepost.com)
Germany finally gets round to banning Huawei, sort of (telecoms.com)
Russia
A recent Microsoft data breach also let Russian hackers compromise US federal agencies | TechRadar
Teamviewer Discloses Investigation Update Following Cyber Attack (cybersecuritynews.com)
How Disinformation From a Russian AI Spam Farm Ended up on Top of Google Search Results | WIRED
The Stark Truth Behind the Resurgence of Russia’s Fin7 – Krebs on Security
Feds Uncover Sprawling, GenAI-Enabled Russian Troll Farm (darkreading.com)
CloudSorcerer hackers abuse cloud services to steal Russian govt data (bleepingcomputer.com)
New APT Group "CloudSorcerer" Targets Russian Government Entities (thehackernews.com)
French political turmoil, cyber attacks and protests threaten to disrupt Olympics (inews.co.uk)
US intel officials: Kremlin once again prefers Trump | CyberScoop
Alert Level Raised at US Bases in Europe Over Russian Threats - The New York Times
North Korea
Japan warns of attacks linked to North Korean Kimsuky hackers (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Heritage Foundation Exec Threatens 'Gay Furry Hackers' in Unhinged Texts (rollingstone.com)
'Gay furry hackers' take credit for Project 2025 cyber attack (thepinknews.com)
Furry Hackers SiegedSec Suspended from X Amid Leak Spree (dailydot.com)
Tools and Controls
Why Firewalls Are Not Enough in Today’s Cyber Security Landscape | MSSP Alert
5 Key Questions CISOs Must Ask Themselves About Their Cyber Security Strategy (thehackernews.com)
Cloudflare blames recent outage on BGP hijacking incident (bleepingcomputer.com)
Cyber Security 101: MDR vs. XDR | MSSP Alert
Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers - MacRumors
Blueprint for Success: Implementing a CTEM Operation (thehackernews.com)
Human Vigilance is Required Amid AI-Generated Cyber Security Threats - Security Boulevard
How API attacks work, plus 5 common types | TechTarget
Selfie-based authentication is on the rise, alarming security experts | TechSpot
The Crucial Role Of Browser Context In Modern Cyber Security (forbes.com)
Training, awareness key to preventing cyber attacks | Country 94
Survey Sees Modern CISOs Becoming More Comfortable With Risk - Security Boulevard
5 Steps CISOs Can Take to Ensure Resilience (informationweek.com)
How Observability Leads to Better Cyber Security | eWEEK
Deconstructing Security Assumptions to Ensure Future Resilience (darkreading.com)
Cyber Insurance Prices Plummet as Market Competition Grows (darkreading.com)
2024 SANS SOC Survey Reveals Critical Trends and Technologies in Cyber Defence (darkreading.com)
ChatGPT 4 exploits 87% of vulnerabilities (devx.com)
When implementing AI, first train your managers | ZDNET
Fake network traffic is on the rise — here's how to counter it | CSO Online
Self-service password reset: How the cure could introduce more security ills (betanews.com)
Strengthening cyber security preparedness with defence in depth - Help Net Security
Navigating Europe’s digital identity crossroads • The Register
Other News
Euro 2024 Becomes Latest Sporting Event to Attract Cyber Attacks (darkreading.com)
Cyber Security Checklist: Preparing Your Devices for Summer Travel - Security Boulevard
Halton Council 'at mercy of criminal hacker gangs' - report - BBC News
The Future Of Cyber Security: Emerging Threats And How To Combat Them (forbes.com)
Labour’s next steps: Cyber security, AI, & Open-Source industry leaders weigh in (techinformed.com)
Microsoft’s cyber security dilemma: An open letter to Satya Nadella - Help Net Security
Checking in on the state of cyber security and the Olympics (talosintelligence.com)
MSPs confident they can fend off cyber threat | Microscope (computerweekly.com)
From Iron Dome To Cyber Dome: Defending Israel’s Cyber Space – Analysis – Eurasia Review
'Gay furry hackers' take credit for Project 2025 cyber attack (thepinknews.com)
Why 'change' for the UK must include cyber security (computing.co.uk)
Is Your Gaming Setup Safe? Gaming Security Musts (cgmagonline.com)
Protecting against cyber attacks in space (mybroadband.co.za)
Vulnerability Management
China’s APT40 gang can attack new vulns within hours • The Register
Ransomware gangs increasingly exploiting vulnerabilities | TechTarget
Blueprint for Success: Implementing a CTEM Operation (thehackernews.com)
ChatGPT 4 exploits 87% of vulnerabilities (devx.com)
Introducing a New Vulnerability Class: False File Immutability — Elastic Security Labs
What's Bugging the NSA? A Vuln in Its 'SkillTree' Training Platform (darkreading.com)
Vulnerabilities
Attackers Already Exploiting Flaws in Microsoft's July Security Update (darkreading.com)
‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans - Security Boulevard
The Windows Security Updates of July 2024 are now available - gHacks Tech News
Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited (thehackernews.com)
Microsoft Warns of Windows Hyper-V Zero-Day Being Exploited - Security Week
Blast RADIUS attack can bypass authentication for clients • The Register
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk (thehackernews.com)
Citrix Patches Critical NetScaler Console Vulnerability - Security Week
Veeam flaw becomes malware target a year after patching • The Register
Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it | Ars Technica
Bust this Ghostscript bug or risk a big breach, say experts • The Register
Apache fixed a source code disclosure flaw in Apache HTTP Server (securityaffairs.com)
MongoDB Compass Code Injection Flaw Exposes Systems to Hacking (cybersecuritynews.com)
New Ransomware Group Exploiting Veeam Backup Software Vulnerability (thehackernews.com)
Adobe Issues Critical Patches for Multiple Products, Warns of Code Execution Risks - Security Week
Cisco Warns of regreSSHion RCE Impacting Multiple Products (cybersecuritynews.com)
Hackers Resurrect Internet Explorer to Attack Windows PCs (pcmag.com)
SAP Patches High-Severity Vulnerabilities in PDCE, Commerce - Security Week
CISA Takedown of Ivanti Systems Is a Wake-up Call (darkreading.com)
Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware (securityaffairs.com)
Hackers target WordPress calendar plugin used by 150,000 sites (bleepingcomputer.com)
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs (thehackernews.com)
VMware Patches Critical SQL-Injection Flaw in Aria Automation - Security Week
Introducing a New Vulnerability Class: False File Immutability — Elastic Security Labs
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 11 July 2024 – BlastRADIUS Authentication Bypass Vulnerability
Black Arrow Cyber Advisory 11 July 2024 – Blast-RADIUS Authentication Bypass Vulnerability
Executive summary
A vulnerability, known as BlastRADIUS, affecting the RADIUS networking protocol, a networking protocol used across various applications, including VPNs, Wi-Fi and home connections from ISPs, has recently been disclosed by researchers. The vulnerability (CVE-2024-3596) potentially allows a malicious actor to bypass authentication via man-in-the-middle (MITM) attacks.
What’s the risk to me or my business?
If an attacker successfully exploits this vulnerability, they can escalate privileges from partial network access to be able to log into any device that uses RADIUS for authentication, or to assign itself arbitrary network privileges. To exploit this vulnerability an attacker would require network access to a network that is utilising RADIUS.
What can I do?
In the short term, implementers and vendors are advised to mandate that both clients and servers consistently send and require Message-Authenticator attributes for all requests and responses, with the Message-Authenticator being the first attribute included in Access-Accept or Access-Reject responses. Researchers have noted that this mitigation strategy has been adopted by all known RADIUS patches. This recommendation is set to be included in an upcoming RADIUS RFC. For long-term mitigations, the implementation of RADIUS over TLS (RadSec) is suggested, as it provides a stronger encrypted stream to protect RADIUS packets.
Technical Summary
CVE-2024-3569 – This vulnerability is in the RADIUS protocol and allows a malicious local actor to perform forgery attacks, modifying any valid response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against an MD5 Response authenticator signature.
Further information on the Blast-RADIUS vulnerability can be found here:
https://www.theregister.com/2024/07/10/radius_critical_vulnerability/
Further information on the technical breakdown on this vulnerability can be found here:
https://www.blastradius.fail/pdf/radius.pdf
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Advisory 10 July 2024 – Microsoft Patch Tuesday, Adobe and Citrix Updates
Black Arrow Cyber Advisory 10 July 2024 – Microsoft Patch Tuesday, Adobe and Citrix Updates
Executive summary
Microsoft’s July Patch Tuesday provides updates to address 143 security issues across its product range, including two actively exploited zero-day vulnerabilities (CVE-2024-38080 and CVE-2024-38112). The exploited zero-day vulnerabilities are a privilege escalation vulnerability in Hypervisor (CVE-2024-38080) and a spoofing vulnerability (CVE-2024-38112), both of which have been added the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog. Also, among the updates provided by Microsoft were 5 critical vulnerabilities.
In addition to the Microsoft updates this week also saw Adobe fix 7 vulnerabilities across various products, Citrix have also addressed multiple vulnerabilities including a critical in NetScaler Console.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker with access, to gain SYSTEM privileges or use malicious sites and spoof them to appear trusted. Both vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of Windows and Adobe products impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.
Technical Summary
Microsoft
CVE-2024-38080 – This vulnerability is an integer overflow affecting Hyper-V. If successfully exploited it allows an attacker to gain SYSTEM privileges on the host machine, however initial access to the local machine is required to exploit the flaw.
CVE-2024-38112 – This vulnerability is a spoofing vulnerability which affects Windows MSHTML Platform and can be exploited with a specially crafted HTML file. If successfully exploited it will allow an attacker to render malicious content as trusted, misleading users to divulge sensitive information like login credentials or to install malware.
Adobe
This month, Adobe released fixes for a total of 7 vulnerabilities across several of its products. Out of these, 6 were rated as critical. The affected products and their respective vulnerabilities are as follows: Adobe Premier Pro had 1 critical vulnerability, Adobe Bridge also had 1 critical vulnerability, and Adobe InDesign had 4 critical vulnerabilities. Currently, Adobe is not aware of any active exploitation of these vulnerabilities. The types of vulnerabilities addressed include arbitrary code execution and memory leaks.
Citrix
Citrix have released patches to fix multiple security vulnerabilities including a critical and high vulnerability in the NetScaler Console and Agent product. The critical vulnerability (CVE-2024-6235) if successfully exploited is an improper authorisation bug that could allow attackers to access sensitive information.
While Citrix has not stated that any of these vulnerabilities are being exploited in the wild, Black Arrow advises that organisations update the affected appliances as soon as possible. The affected products can be found below in the further information section.
Further details on Windows specific updates within this patch Tuesday can be found here:
https://www.securityweek.com/microsoft-warns-of-windows-hyper-v-zero-day-being-exploited/
Further details of the vulnerabilities addressed in Adobe Premiere Pro can be found here: https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html
Further details of the vulnerabilities addressed in Adobe Bridge can be found here:
https://helpx.adobe.com/security/products/bridge/apsb24-51.html
Further details of the vulnerabilities addressed in Adobe InDesign can be found here:
https://helpx.adobe.com/security/products/indesign/apsb24-48.html
Further details of the vulnerabilities addressed in Citrix NetScaler can be found here:
Further information on US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog can be found here:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity