Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 03 November 2023
Black Arrow Cyber Threat Intelligence Briefing 03 November 2023:
-Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
-Are You and Your Clients Soft Targets?
-Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
-Executives May be The Biggest Risk to Your Business
-Organisations Can Only Stop 57 Percent of Cyber Attacks
-Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
-Business Email Compromise is Most Common Entry Point for Cyber Attack
-US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
-Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
-Your End-Users are Reusing Passwords, That’s a Big Problem
-Cyber Workforce Demand is Outpacing Supply
-What the Boardroom Is Missing: CISOs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
The best defence against a ransomware attack is assuming it will happen before it does. Research by Visa Inc found that ransomware continues to rapidly rise. One of the main factors is the use of AI services to mass produce highly personalised and plausible emails. The second is the proliferation of highly professional do-it-yourself ransomware kits, which frequently come with 24/7 tech support. These two factors drastically lower the skill level required for cyber criminals to successfully pull off an attack.
Another new ransomware trend is “dual ransomware attacks”. This is where criminals carry out two or more attacks in close proximity of each other, ranging between 48 hours to a maximum of 10 days. With an 80% chance of re-attack, small and medium sized businesses in hard-hit industries including healthcare and manufacturing are primary targets; organisations must be extra vigilant as the holidays approach because this is when cyber criminals are most likely to attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Venture Beat] [SC Media] [Help Net Security] [Infosecurity Magazine] [Help Net Security] [Tech Crunch]
Are You and Your Clients Soft Targets?
Cyber attacks are not a matter of "if" but "when," and the question you need to ask yourself is, ‘Are you a soft target?’. A soft target is a network or organisation that is relatively unprotected or vulnerable to cyber attacks.
You may feel confident in your ability to recover from an attack, but if you've never thoroughly tested your backup and recovery procedures, and when the time comes you find that it does not work, the result will leave you more likely to pay a ransom in an encryption based ransomware scenario. Reliance on legacy antivirus, which often fails to detect modern threats, can also render your network a soft target. Additionally, the absence of a rigorous vulnerability scanning and patching process leaves vulnerabilities undiscovered, and attackers are quick to exploit them. If you rely solely on prevention measures like firewalls and endpoint protection platforms, you are making yourself an appealing soft target for cyber criminals.
No organisation is entirely immune to cyber attacks. The key to defending you and your client's information effectively is to anticipate attacks, understand your security posture, recognise potential adversaries, and recover correctly in the event of an attack.
Source: [MSSP Alert]
Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
Small businesses may be discouraged from investing in preventive cyber security measures due to the expense involved and the mistaken belief that only larger companies are the target of cyber crimes. However, according to a recent report nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information. The report found that employee and customer data continue to be the most impacted categories of information in data breaches with 42% of small businesses losing revenue due to a cyber event.
The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses, with malware, phishing and botnets being the most common threats. Daily malware activity has doubled year over year, and peaks in holiday seasons.
Sources: [Help Net Security] [Security Magazine] [Help Net Security] [JDSupra]
Executives May be The Biggest Risk to Your Business as One in Five Share Work Passwords Outside the Company
According to a recent report, nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do. The research reported one in five sharing their work password with someone outside the company, 77% using easy-to-remember passwords including birth dates, and a third admitting to accessing unauthorised files and data with nearly two-thirds having the ability to edit those files/data.
Additionally, the C-suite was found to be more than three times as likely than regular users to share work devices with unauthorised users. An essential approach to reducing the risks is a tailored training programme that enables all users, including the C-suite, to understand the objective of security controls and the risks caused by bypassing them. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Sources: [Infosecurity Magazine] [Tech Radar] [Security Magazine] [Help Net Security]
Organisations Can Only Stop 57 Percent of Cyber Attacks
According to a report from Tenable, over the last two years, the average organisation's cyber security program was prepared to preventatively defend against, or block, just 57 percent of the cyber attacks it encountered. The report found that 58% of respondents focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. This is put down largely to a struggle to obtain an accurate picture of their attack surface. When it came to risks, 75% viewed cloud infrastructure as the greatest source of exposure risk in their organisation.
Source: [Beta News]
Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
Generative AI has revolutionised many aspects of life, offering new opportunities that have also greatly benefited malicious actors. A report has found that since the launch of ChatGPT, phishing attacks have increased by 1,265%. A separate report found that many businesses remain unprepared for the impact of AI, with just 16% of respondents satisfied in their organisation’s understanding of these AI tools.
Sources: [Decrypt] [Infosecurity Magazine] [Emerging Risks]
Business Email Compromise is Most Common Entry Point for Cyber Attack
According to cyber insurance provider Hiscox, almost half of UK businesses have experienced a cyber attack in the last year, an increase of 9% from the previous year. Business email compromise was recorded as the most common point of entry, mentioned by 35% of companies who suffered an attack.
The report found that 20% of attacked organisations received a ransomware demand, slightly up from 19% the previous year. The proportion paying the ransom fell from 66% to 63%, but the median ransom rose 13%.
Sources: [Hiscox] [Digital Journal]
US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
The US Securities and Exchange Commission (SEC) announced plans to charge a Chief Information Security Officer (CISO) with fraud for their role in allegedly lying to investors, overstating cyber security practices, and understating or failing to disclose known risks. A key piece of evidence presented by the SEC involved a presentation that was shared with the CISO, detailing a lack of security in the CISO employer’s setup. The presentation highlighted how exploitation could lead to major reputational and financial loss.
The case represents a larger shift in the dynamics and corporate reporting of security issues and within this, lies the professionalism of the CISO role. It is likely that this incident could become the start of something larger.
Sources: [The Record] [Security Week ] [Forbes]
Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
A survey found that 66% of companies are reevaluating their data protection and cyber resilience strategies. Despite this, 35% are not prioritising recovery and only half (56.6%) focused on both recovery and prevention.
Whilst it is important to prevent attacks, nothing is 100% secure and organisations need to ensure that their ransomware plans include recovery as a part of this. If, or when, you experience an attack, you will not want to improvise your recovery.
Source: [Help Net Security]
Your End-Users are Reusing Passwords: That’s a Big Problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until it turns up in the form of hackers using compromised credentials as an initial access vector. A recent survey revealed that 53% of people admit to reusing passwords, making it easier for attackers to gain access to multiple applications with a single compromised password.
While it is difficult for organisations to maintain visibility over who is reusing passwords, especially if employees are reusing passwords outside of the organisation, there are still ways to combat this. Implementing tools that can check for compromised passwords, using multi-factor authentication and ensuring all employees carry out cyber security and awareness training are a few methods to help combat password re-use.
Source: [Bleeping Computer]
Cyber Workforce Demand is Outpacing Supply
A study by ISC2 stated that we would need to double the cyber workforce to adequately protect organisations and their critical assets. The study found that the gap between the demand and supply grew 12.6%. For organisations, this can mean a struggle in hiring cyber expertise.
To address the challenge of attracting and retaining quality senior security professionals, Black Arrow offers a fractional CISO service that gives flexible access to a whole team of specialists with wide expertise, experience and backgrounds in technology, governance and transformation, for less than the cost of hiring one individual.
Source: [Cyber Scoop]
What the Boardroom Is Missing: CISOs
According to a new study only 12% of S&P 500 companies have board directors with relevant cyber credentials, highlighting a major gap in expertise needed to keep organisations secure. As most organisations shift to digital and cloud-first strategies, businesses of all shapes and sizes must protect their assets. Unfortunately, there's a considerable gap between security leaders and the board directors responsible for managing businesses. A recent Harvard Business Review survey revealed just 47% regularly interact with their company's Chief Information Security Officer (CISO). That's a severe knowledge gap for a company's security and business leaders.
Introducing CISOs to the boardroom is not just about compliance, it's also about ensuring transparency and accountability. CISOs are already building security programs from the ground up. They provide business compliance, hire the right people, and find the right technology to supplement their team's efforts. Security posture is critical to an enterprise's future success, and having a CISO on the board that speaks the language can help a board understand if their business is making suitable security investments.
Source: [Dark Reading]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
SolarWinds Is A Game Changer - You Cannot Sugarcoat Cyber security (
Part of an executive team? You might be the biggest security risk to your business | TechRadar
One in five executives have shared work passwords outside the company | Security Magazine
Organisations can only stop 57 percent of cyber attacks (
Cyber attacks cause revenue losses in 42% of small businesses - Help Net Security
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
'Are we adversary aligned?' is the new 'Are we secure?' (
Cyber security habits and behaviours executives need to be aware of - Help Net Security
The hidden costs of data breaches for small businesses - Help Net Security
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
How Do We Truly Make Security 'Everyone's Responsibility'? (
Why lack of training can put cyber security at risk [Q&A] (
Threat Prevention Begins With IT & Security Team Collaboration (
The CISO’s toolkit must include political capital within the C-suite | CSO Online
CISO Skills in a Changing Security Market: Are You Prepared? (
Why there’s no one-size-fits all solution to security maturity | TechRadar
Ransomware, Extortion and Destructive Attacks
Ransom Groups Threaten Physical Violence as Social Engineering Tactic (
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Surviving a ransomware attack begins by acknowledging it's inevitable | VentureBeat
Do government sanctions against ransomware groups work? | TechCrunch
Why rookie hackers are capitalizing on ransomware | SC Media (
Experts Reconsider Banning Ransom Payments as Ransomware Attacks Surge (
Why ransomware victims can’t stop paying off hackers | TechCrunch
Key Learnings from “Big Game” Ransomware Campaigns - SecurityWeek
New Hunters International ransomware possible rebrand of Hive (
SIM Swappers Are Working Directly with Ransomware Gangs Now (
One of the most dangerous ransomware kits around might have just gotten a rebrand | TechRadar
Ransomware attacks set to break records in 2023 - Help Net Security
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (
Ransomware Victims
Boeing Confirms Cyber Attack, System Compromise (
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Stanford University investigating security incident • The Register
Massive ransomware attack hinders services in 70 German municipalities (
Medical research exec hit in SIM-swap attack by Alphv gang • The Register
Caesars Hackers Accessed Customer Data; Costs to Be Determined (
Mortgage and loan giant Mr. Cooper blames cyber attack for ongoing outage | TechCrunch
Ransomware attack shuts down Central Florida radiology imager sites (
British, Toronto Libraries Struggle After Cyber Incidents (
Ace Hardware says 1,202 devices were hit during cyber attack (
Phishing & Email Based Attacks
Artificial Intelligence
Email Phishing Attacks Up 1,265% Since ChatGPT Launched: SlashNext - Decrypt
AI poses new cyber threats with many businesses unprepared (
AI is making cyber attacks even smarter and more dangerous | TechRadar
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (
Enterprise AI applications are threatening security | TechRadar
What Lurks in the Dark: Taking Aim at Shadow AI (
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns | Computer Weekly
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Over a million Windows and Linux systems infected by this tricky new malware | TechRadar
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (
Daily malware activity doubled year over year for small businesses | Security Magazine
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (
Malvertising via Dynamic Search Ads delivers malware bonanza (
Windows PCs are being targeted with a nasty new malware - here's what you need to know | TechRadar
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware (
These Seemingly Innocent Search Terms Could Lead Kids to Malware-Filled Websites (
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks (
Arid Viper Camouflages Malware in Knockoff Dating App (
Ghostpulse Malware Targets Windows PCs With Fake App Installers (
Latest RAT attack surge bypasses Microsoft's XLL block • The Register
Mozi malware botnet goes dark after mysterious use of kill-switch (
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection (
16 more infected Android apps you need to delete ASAP (
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Android 14’s user-profile data bug seems indistinguishable from ransomware | Ars Technica
New banking scams delivered instantly via WhatsApp - F-Secure Blog
Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware | PCMag
Google One data breach: Dark web report at your hand - gHacks Tech News
SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register
SIM Swappers Are Working Directly with Ransomware Gangs Now (
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (
Denial of Service/DoS/DDOS
DDoS attacks are getting bigger and more powerful, and that's a really bad thing | TechRadar
Why Does "Anonymous" Launch DDoS Cyber Attacks? (
Internet of Things – IoT
IoT's convenience comes with cyber security challenges - Help Net Security
RCE exploit for Wyze Cam v3 publicly released, patch now (
Data Breaches/Leaks
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Okta discloses a data breach after a third-party vendor was hacked (
ServiceNow Data Exposure: A Wake-Up Call for Companies (
LastPass breach linked to theft of $4.4 million in crypto (
Public exposure of data breaches is becoming inevitable – Help Net Security
Browser extensions could capture passwords and sensitive info as plain text (
Seiged Sec Breach Top Israeli Telecom, Leak Customers Data (
Organised Crime & Criminal Actors
‘Prolific Puma’ Hacker Gives Cyber criminals Access to .us Domains (
Two Russians indicted for hacking JFK taxi dispatch system • The Register
How cyber criminals adapt and thrive amidst changing consumer trends – Help Net Security
Crypto thief steals $4.4M in a day as toll rises from LastPass breach (
UK's National Crime Agency Establishes Crypto Investigative Team (
Insider Risk and Insider Threats
Supply Chain and Third Parties
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (
North Korean Hackers Are Trying to Stage Another Supply Chain Hack (
Okta discloses a data breach after a third-party vendor was hacked (
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cyber
Cryptojackers steal AWS credentials from GitHub in 5 minutes • The Register
Microsoft is Getting Serious About Security. Again. -
Microsoft is overhauling its software security after major Azure cloud attacks - The Verge
Identity and Access Management
Passwords, Credential Stuffing & Brute Force Attacks
Your end-users are reusing passwords – that’s a big problem (
One in five executives have shared work passwords outside the company | Security Magazine
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (
Browser extensions could capture passwords and sensitive info as plain text (
Social Media
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (
Russian hacking tool floods social networks with bots, researchers say (
Training, Education and Awareness
Finding the right approach to security awareness - Help Net Security
Why lack of training can put cyber security at risk [Q&A] (
Regulations, Fines and Legislation
FTC orders non-bank financial firms to report breaches in 30 days (
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
Why The SEC Cyber Security Disclosure Rules Will Improve Cybersecurity (
The UK Online Safety Bill Becomes Law, What Does It Mean? | Hackaday
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (
Setting the standard for cyber security across the EU | Business Post
Models, Frameworks and Standards
Top 12 IT security frameworks and standards explained | TechTarget
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile - SecurityWeek
Careers, Working in Cyber and Information Security
UK cyber skills gap grows 29% despite record hiring (
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
Cyber security workforce shortages: 67% report people deficits - Help Net Security
CISO Skills in a Changing Security Market: Are You Prepared? (
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
Geopolitical Threats/Activity
Hacktivist Activity Related to Gaza Conflict Dwindles (
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (
Spies and Lies: China’s Cyber Espionage Is on an Unprecedented Level | Mind Matters
Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop
Boeing. ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia - The Messenger
Russian hacking tool floods social networks with bots, researchers say (
FSB arrests Russian hackers working for Ukrainian cyber forces (
Russia to launch its own version of VirusTotal due to US snooping fears (
A Ukrainian Company Shares Lessons in Wartime Resilience (
Two Russians indicted for hacking JFK taxi dispatch system • The Register
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
New Iranian state-sponsored hacking campaign uncovered - SiliconANGLE
FBI Director Warns of Increased Iranian Attacks (
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign (
'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet (
North Korea
Vulnerability Management
Lazarus Group Looking for Unpatched Software Vulnerabilities (
CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (
Vulnerability management metrics: How to measure success - Help Net Security
From Windows 9x to 11: Tracing Microsoft's security evolution - Help Net Security
It's Cheap to Exploit Software — and That's a Major Security Problem (
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (
F5 fixes BIG-IP auth bypass allowing remote code execution attacks (
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (
Cisco Patches 27 Vulnerabilities in Network Security Products - SecurityWeek
Atlassian warns users: patch critical Confluence flaw ASAP • The Register
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (
D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges (
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library (
No patches yet for Apple iLeakage side-channel attack | TechTarget
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Tools and Controls
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Vulnerability management metrics: How to measure success - Help Net Security
6 steps to accelerate cyber security incident response | SC Media (
Ethical hackers are helping more and more business stay safe | TechRadar
Getting Smart With Cyber security: AI Can Help the Good Guys, Too (
Massive cyber crime URL shortening service uncovered via DNS data (
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Defence in depth: Layering your security coverage (
Finding the right approach to security awareness - Help Net Security
Mainframes are around to stay, it’s time to protect them - Help Net Security
Reports Published in the Last Week
Other News
Four Under-The-Radar Security Risks That Can Endanger Your Business (
ING CISO says data sharing is key to financial cyber security (
Threat Prevention Begins With IT & Security Team Collaboration (
F5 Labs Report Reveals Rise in Malicious Automation | The Fintech Times
Microsoft Vows to Revamp Security Products After Repeated Hacks - Bloomberg
Microsoft launches Secure Future Initiative to bolster security | TechTarget
The 5 Cs of effective cyber defence: Beyond traditional technical skills | SC Media (
9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month (
How governments can keep data secure in a digital age - New Statesman
Cyber security insights for secure manufacturing - Aerospace Manufacturing and Design
Demystifying the top five OT security myths | Computer Weekly
20 scary cyber security facts and figures for a haunting Halloween (
Construction among industries most at risk from cyber attacks, insurer warns | News | Building
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 September 2023
Black Arrow Cyber Threat Intelligence Briefing 29 September 2023:
-Ransomware Groups Are Shifting Their Focus Away From Larger Targets
-Cover-ups Still the Norm as Half of Cyber Attacks go Unreported
-Reported Cyber Security Breaches Increase Threefold for Financial Services Firms
-Attacks on SME’s Surged in The First Half of 2023
-The CISO Carousel and Its Effect on Enterprise Cyber Security
-Bermuda Struggles to Recover from Ransomware Attack
-Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern
-Business Leaders More Anxious About Ransomware Than Recession as Tally from One Attack Alone Surpasses 2,000 Victim Organisations
-Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign
-Cyber Leaders Worry That AI Will Overwhelm Cyber Defences
-Boards Still Lack Cyber Security Expertise
-4 Legal Surprises You May Encounter After a Cyber Security Incident
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Groups Are Shifting Their Focus Away from Larger Targets
Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.
Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.
Sources: [Techcentral] [Helpnet Security]
Cover-ups Still the Norm as Half of Cyber Attacks go Unreported
A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.
The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.
Sources: [Computer Weekly] [InfoSecurity Magazine]
Reported Cyber Security Breaches Increase Threefold for Financial Services Firms
New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.
Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.
Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]
Attacks on SME’s Surged in The First Half of 2023
According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.
An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices. Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.
Sources: [Inquirer] [HelpNet Security] [Insurance Times]
The CISO Carousel and Its Effect on Enterprise Cyber Security
The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.
In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.
Source: [Security Week]
Bermuda Struggles to Recover from Ransomware Attack
The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.
The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.
Sources: [Duo] [GovInfo Security] [Bleeping Computer]
Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern
A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.
Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.
Source: [Reinsurance News]
Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations
According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.
Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]
Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.
With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.
Sources: [BleepingComputer] [Inforsecurity Magazine]
Cyber Leaders Worry That AI Will Overwhelm Cyber Defences
A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.
AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.
Source: [Management Issues]
Boards Still Lack Cyber Security Expertise
A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]
4 Legal Surprises You May Encounter After a Cyber Security Incident
In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.
Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Dark Reading]
Governance, Risk and Compliance
The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week
Cyber leaders worry that AI will overwhelm cyber defences (
Businesses Unprepared for Cyber Attacks Despite Steady Concern (
Cyber criminals are targeting the financial sector more than ever | TechRadar
The hidden costs of neglecting cyber security for small businesses - Help Net Security
Majority of UK SME c-suites lacking awareness of cyber risks | Insurance Times
Business leaders most anxious about ransomware attacks (
Cyber security incident response: Your company's ICU (
Cover-ups still the norm in the wake of a cyber incident | Computer Weekly
Many firms aren't reporting breaches to the proper authorities | TechRadar
Half of Cyber-Attacks Go Unreported - Infosecurity Magazine (
CISOs are struggling to get cyber security budgets: Report | CSO Online
CISOs are spending more on cyber security - but it might not be enough | TechRadar
Cyber threats remain top concern for businesses in 2023: Travelers Risk Index - Reinsurance News
Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security
The Hot Seat: CISO Accountability in a New Era of SEC Regulation (
Proactive Security: What It Means for Enterprise Security Strategy (
4 Legal Surprises You May Encounter After a Cyber Security Incident (
Moving From Qualitative to Quantitative Cyber Risk Modeling - Security Week
Financial crime compliance costs exceed $206 billion - Help Net Security
Ransomware, Extortion and Destructive Attacks
Ransomware soars as enterprises struggle to respond - Verdict
Ransomware groups are shifting their focus away from larger targets - Help Net Security
Business leaders most anxious about ransomware attacks (
Why is Ransomware Such a Prevalent Threat and Popular Tool for Attackers? | MSSP Alert
ShadowSyndicate: A New Cyber Crime Group Linked to 7 Ransomware Families (
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt
FBI: Dual ransomware attack victims now get hit within 48 hours (
Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security
MOVEit cyber attack is pause for concern | Ary Rosenbaum - The Rosenbaum Law Firm P.C. - JDSupra
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (
'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (
Youth hacking ring at the center of cyber crime spree | CyberScoop
Current ransomware defencs efforts are not working - Help Net Security
VMware users anxious about costs and ransomware threats - Help Net Security
MSP shares details of Kaseya VSA ransomware attack, recovery | TechTarget
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (
Study Reveals Conti Affiliates Money Laundering Practices (
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (
Trend Micro Report Reveals Increase of LockBit Ransomware Attacks in US (
Hospital Ransomware Attacks Go Beyond Health Care Data (
Patient Care at Risk as Hospitals Increasingly on Frontlines of Ransomware Attacks | The Epoch Times
Ransomware Victims
Bermuda Struggles to Recover From Cyber Attack (
Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (
MGM, Caesars Cyber Attack Responses Required Brutal Choices (
Ransomware Group Claims to Have Breached 'All of Sony Systems' (
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week
Youth hacking ring at the center of cyber crime spree | CyberScoop
MGM Resorts and Caesars face class action lawsuits over September cyber attacks By
UK logistics firm blames ransomware attack for insolvency, 730 redundancies (
Ransomware group demands $51 million from Johnson Controls after cyber attack (
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (
Leekes cyber attack? NoEscape ransomware gang claims breach (
Phishing & Email Based Attacks
This devious phishing scam makes it look like dodgy emails are actually safe | TechRadar
New AtlasCross hackers use American Red Cross as phishing lure (
BEC – Business Email Compromise
Nigerian man pleads guilty to attempted $6 million BEC email heist (
BEC Attacks Increase By 279% in Healthcare - Infosecurity Magazine (
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
Cyber leaders worry that AI will overwhelm cyber defences (
Google is working to keep Bard chats out of Search • The Register
New working group to probe AI risks and applications | CyberScoop
A Primer On Artificial Intelligence And Cyber Security (
How should organisations navigate the risks and opportunities of AI? - Help Net Security
Gozi strikes again, targeting banks, cryptocurrency and more (
'Culturestreak' Malware Lurks Inside GitLab Python Package (
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (
New variant of BBTok Trojan targets users of +40 banks in LATAM (
A powerful new malware backdoor is targeting governments across the world | TechRadar
Researchers uncover thriving market for malware targeting IoT devices - The Hindu
China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (
iOS 17 update secretly changed your privacy settings; here's how to set them back (
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks - Security Week
Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (
Bot Swarm: Attacks From Middle East & Africa Are Notably Up (
New variant of BBTok Trojan targets users of +40 banks in LATAM (
Asian banks are a favorite target of cyber cooks, and malicious bots their preferred tool | ZDNET
Denial of Service/DoS/DDOS
Internet of Things – IoT
If You Have An Amazon Alexa Device, You Need To Check This Security Update List (
Researchers uncover thriving market for malware targeting IoT devices - The Hindu
Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog
Data Breaches/Leaks
UK pension schemes reveal 4,000% rise in cyber security breaches - Pensions Age Magazine
Reported cyber security breaches increase threefold for financial services firms (
British charities warn supporters their personal data has been breached • Graham Cluley
Air Canada discloses data breach of employee and 'certain records' (
National Student Clearinghouse data breach impacts 890 schools (
BORN Ontario child registry data breach affects 3.4 million people (
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week
Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (
Hospital alert as 24,000 letters meant for GPs lost in computer error - Mirror Online
Organised Crime & Criminal Actors
'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times
Asian banks are a favourite target of cyber cooks, and malicious bots their preferred tool | ZDNET
Gozi strikes again, targeting banks, cryptocurrency and more (
Yet another hack hits NFT marketplace OpenSea - SiliconANGLE
Crooks stole $200 million worth of assets from Mixin Network (
Bitcoin scammer who was snared by victims sentenced - BBC News
Security researcher stopped at US border for investigating crypto scam (
Insider Risk and Insider Threats
75% who didn't report cyber attack to leadership, felt guilty about it | Security Magazine
Preventing employees from becoming the gateway for cyber attacks | TechRadar
Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security
Fraud, Scams & Financial Crime
Hotel hackers redirect guests to fake to steal cards (
Beware: fraud and smishing scams targeting students | Bournemouth University
Yet another hack hits NFT marketplace OpenSea - SiliconANGLE
Crooks stole $200 million worth of assets from Mixin Network (
Fraud prevention forces scammers to up their game - Help Net Security
Why young people are more prone to online scams than boomers are (
Bitcoin scammer who was snared by victims sentenced - BBC News
Security researcher warns of chilling effect after feds search phone at airport | TechCrunch
Study Reveals Conti Affiliates Money Laundering Practices (
Financial crime compliance costs exceed $206 billion - Help Net Security
Dark Web
Supply Chain and Third Parties
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (
How the Okta Cross-Tenant Impersonation Attacks Succeeded (
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (
3 phases of the third-party risk management lifecycle | TechTarget
The UK just passed an online safety law that could make people less safe (
Regulators Are 'Hurting Their Own Country' in Seeking Encryption Backdoors: Nym CEO - Decrypt
Open Source
Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (
Passwords, Credential Stuffing & Brute Force Attacks
Why Shouldn’t You Use the Same Password Everywhere Online (
Are You Willing to Pay the High Cost of Compromised Credentials? (
Social Media
Elon Musk’s X is biggest outlet of Russia disinformation, EU says (
X scraps tool to report electoral fake news - researchers - BBC News
Training, Education and Awareness
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt
The UK just passed an online safety law that could make people less safe (
Are we about to lose the last pillar of our digital security? | Euronews
New working group to probe AI risks and applications | CyberScoop
Why California's Delete Act matters for the whole country - Help Net Security
Financial crime compliance costs exceed $206 billion - Help Net Security
Models, Frameworks and Standards
Why It’s Wrong To Judge SIEM Success Only Against The ATT&CK Framework (
Urgent actions for protecting utilities against cyber-attack: Navigating NIS 2 - Utility Week
Careers, Working in Cyber and Information Security
The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week
Demand for cyber security staff trebled since 2019 | Business Post
Cyber security and staffing issues key risks for companies | Accountancy Daily
Cyber security skills employers are desperate to find in 2023 - Help Net Security
Preventing security professionals from ‘quietly quitting’ due to alert fatigue (
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia’s APT29 intensifies espionage operations | SC Media (
Russian hacking operations target Ukrainian law enforcement | CyberScoop
Government of Bermuda blames Russian threat actors for the cyber attack (
Bermuda probes major cyber attack as officials slowly bring operations back online (
Ukraine war: Cyber Attack in Crimea after Black Sea fleet HQ hit | News UK Video News | Sky News
Examining the Activities of the Turla APT Group (
Scottish Tory MSP has website hacked by 'hostile Russian group' | The National
Elon Musk’s X is biggest outlet of Russia disinformation, EU says (
Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (
Cyber Attack on Russian Air Booking System Sparks Flight Delays - The Moscow Times
Taiwan is bracing for Chinese cyber attacks, White House official says - POLITICO
China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (
Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - Security Week
China’s national security minister lists top digital threats • The Register
Misc Nation State/Cyber Warfare
Vulnerability Management
Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine (
Google assigns new maximum rated CVE to libwebp bug exploited in attacks (
Cisco Warns of IOS Software Zero-Day Exploitation Attempts - Security Week
Researchers Release Details of New RCE Exploit Chain for SharePoint (
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server (
GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica
Firefox 118 Patches High-Severity Vulnerabilities - Security Week
Hackers actively exploiting Openfire flaw to encrypt servers (
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (
Tools and Controls
Cyber security incident response: Your company's ICU (
CISOs are spending more on cyber security - but it might not be enough | TechRadar
4 Legal Surprises You May Encounter After a Cyber Security Incident (
The 5 most dangerous Wi-Fi attacks, and how to fight them | PCWorld
What Is a Network Security Assessment and Why You Need It | MSSP Alert
Why You Should Phish In Your Own Pond (
The pitfalls of neglecting security ownership at the design stage - Help Net Security
A Primer On Artificial Intelligence And Cyber Security (
Preventing employees from becoming the gateway for cyber attacks | TechRadar
Proactive Security: What It Means for Enterprise Security Strategy (
Looking Beyond the Hype Cycle of AI/ML in Cyber Security (
Moving From Qualitative to Quantitative Cyber Risk Modelling - SecurityWeek
Cyber security budgets show moderate growth - Help Net Security
Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra
Other News
Cyber criminals are targeting the financial sector more than ever | TechRadar
The hidden costs of neglecting cyber security for small businesses - Help Net Security
SMBs face growing cyber security threats, but basic measures can lower risks | ZDNET
Why aviation needs to prioritise cyber security – Airport World (
Are Fire Departments Prepared for a Cyber Attack? | HackerNoon
Fintechs must brace for rising cyber security challenges | Mint (
Space Force chief says commercial satellites may need defending | Ars Technica
UK Cyber Security Council CEO reflects on a year of progress | CSO Online
Google Loophole Lets Drug Dealers Hijack Nearly Any Website to Sell Narcotics (
Cyber Hygiene: A First Line of Against Evolving Cyber Attacks (
Cyber Attacks hit military, Parliament websites as India hacker group targets Canada (
KnowBe4 Finds US. Healthcare a Top Target For Cyber Attacks (
US Government Shutdown Could Bench 80% of CISA Staff - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 March 2023
Black Arrow Cyber Threat Briefing 24 March 2023:
-Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans
-Controlling Third-Party Data Risk Should Be a Top Cyber Security Priority
-IT Security Spending to Reach Nearly $300 Billion by 2026
-2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks
-Board Cyber Shortage: Don’t Get Caught Swimming Naked
-Should Your Organisation Be Worried About Insider Threats?
-UK Ransomware Incident Volumes Surge 17% in 2022
-Financial Industry Hit by Rising Ransomware Attacks and BEC
-55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management
-Security Researchers Spot $36m BEC Attack
-New Victims Come Forward After Mass Ransomware Attack
-Ransomware Gangs’ Harassment of Victims is Increasing
-Wartime Hacktivism is Spilling Over Into the Financial Services Industry
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans
A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.
Controlling Third-Party Data Risk Should be a Top Cyber Security Priority
Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.
IT Security Spending to Reach Nearly $300 Billion by 2026
Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.
2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks
In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.
Board Cyber Shortage: Don’t Get Caught Swimming Naked
The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors.
Should your Organisation be Worried about Insider Threats?
Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.
UK Ransomware Incident Volumes Surge 17% in 2022
According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.
Financial Industry Hit by Rising Ransomware Attacks and BEC
According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.
55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management
According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.
Security Researchers Spot $36m BEC Attack
Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.
New Victims Come Forward After Mass Ransomware Attack
Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.
Ransomware Gangs’ Harassment of Victims is Increasing
Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.
Wartime Hacktivism is Spilling Over into the Financial Services Industry
The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.
Ransomware, Extortion and Destructive Attacks
LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (
UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (
Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg
BianLian ransomware crew swaps encryption for extortion • The Register
New victims come forward after mass-ransomware attack | TechCrunch
Ransomware Gangs' Harassment of Victims Is Increasing (
LockBit ransomware gang now also claims City of Oakland breach (
Free decryptor released for Conti-based ransomware following data leak | Tripwire
New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek
Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert
US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs
Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online
Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (
Researchers Shed Light on CatB Ransomware's Evasion Techniques (
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO
Dole discloses employee data breach after ransomware attack (
Prevent Ransomware with Cyber security Monitoring (
Ferrari in a spin as crims steal customer data • The Register
Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (
City of Toronto confirms data theft, Clop claims responsibility (
Phishing & Email Based Attacks
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Emotet malware now distributed in Microsoft OneNote files to evade defences (
ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (
RAT developer arrested for infecting 10,000 PCs with malware (
Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch
Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (
Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (
Python info-stealing malware uses Unicode to evade detection (
Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (
The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack
Android apps are spying on you — with no easy way to stop them | Digital Trends
Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar
How to keep your phone safe from the scary Exynos modem vulnerability (
Denial of Service/DoS/DDOS
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (
Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (
Internet of Things – IoT
Eufy security cam 'stored unique ID' of everyone filmed • The Register
Google sounds alarm on Samsung modem bugs in Android devices • The Register
EU Council extends product lifetime, clarifies scope in cyber security law –
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (
Data Breaches/Leaks
Complacency of staff to blame for data breaches (
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (
Data breaches cost businesses nearly $6M on average: Mastercard | CTV News
Healthcare provider ILS warns 4.2 million people of data breach (
NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs
Lowe’s Market chain leaves client data up for grabs- Security Affairs
Ferrari discloses data breach after receiving ransom demand (
South Korea fines McDonalds for data leak from raw SMB share • The Register
A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs
Organised Crime & Criminal Actors
Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt
General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (
Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (
Insider Risk and Insider Threats
Should Your Organisation Be Worried About Insider Threats? - IT Security Guru
Top 5 Insider Threats to Look Out For in 2023- Security Affairs
Preventing Insider Threats in Your Active Directory (
Fraud, Scams & Financial Crime
Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security
‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian
The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack
Hackers inject credit card stealers into payment processing modules (
SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET
Cyber insurance carriers expanding role in incident response | TechTarget
Supply Chain and Third Parties
Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (
Companies vulnerable to cyber-attack via suppliers - research | RNZ News
Why you should treat ChatGPT like any other vendor service - Help Net Security
MITRE Rolls Out Supply Chain Security Prototype (
Software Supply Chain
How access management helps protect identities in the cloud | VentureBeat
Bitcoin ATM maker shuts cloud service after user hot wallets compromised (
The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch
Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (
The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley
New CISA tool detects hacking activity in Microsoft cloud services (
4 Tips for Better AWS Cloud Workload Security (
Hybrid/Remote Working
Identity and Access Management
How access management helps protect identities in the cloud | VentureBeat
The impact of AI on the future of ID verification - Help Net Security
Preventing Insider Threats in Your Active Directory (
CISA, NSA push identity and access management framework as risks grow | SC Media (
Open Source
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
BBC presses staff to uninstall TikTok from corporate kit • The Register
TikTok cannot be considered a private company: report • The Register
Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop
Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (
Training, Education and Awareness
Regulations, Fines and Legislation
Board Cyber Shortage: Don’t Get Caught Swimming Naked (
EU Council extends product lifetime, clarifies scope in cyber security law –
India’s infosec reporting rules observed by just 15 orgs • The Register
Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (
Governance, Risk and Compliance
How CISOs Can Work With the CFO to Get the Best Security Budget (
How to best allocate IT and cyber security budgets in 2023 - Help Net Security
IT security spending to reach nearly $300 billion by 2026 - Help Net Security
Board Cyber Shortage: Don’t Get Caught Swimming Naked (
How Your Cyber security Strategy Enables Better Business (
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
How Can CISOs Connect With the Board of Directors? (
Achieving The Five Levels Of Information Security Governance (
Enhance security while lowering IT overhead in times of recession - Help Net Security
Why organisations shouldn't fold to cyber criminal requests - Help Net Security
Models, Frameworks and Standards
Meta Proposes Revamped Approach to Online Kill Chain Frameworks (
MITRE Rolls Out Supply Chain Security Prototype (
Backup and Recovery
Data backup, security alerts, and encryption viewed as top security features - Help Net Security
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
RAT developer arrested for infecting 10,000 PCs with malware (
New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Eufy security cam 'stored unique ID' of everyone filmed • The Register
Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch
How to protect online privacy in the age of pixel trackers - Help Net Security
Windows 11 Snipping Tool privacy bug exposes cropped image content (
French govt clears AI facial scans for Paris Olympics • The Register
Artificial Intelligence
EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews
ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg
ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (
Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security
We need to create guardrails for AI | Financial Times (
GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (
Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom
The impact of AI on the future of ID verification - Help Net Security
7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online
Why you should treat ChatGPT like any other vendor service - Help Net Security
Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch
French govt clears AI facial scans for Paris Olympics • The Register
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek
Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (
Purported Chinese warships interfering with passenger planes • The Register
Putin to staffers: throw out your iPhones over security • The Register
Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert
Facebook Security Exec Seaford Hacked by Greek Predator Spyware (
BBC presses staff to uninstall TikTok from corporate kit • The Register
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (
Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
Unknown actors target orgs in Russia-occupied Ukraine • The Register
Xi, Putin, declare intent to rule the world of AI, infosec • The Register
North Korean hackers using Chrome extensions to steal Gmail emails (
Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop
Nation State Actors
New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek
Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (
Purported Chinese warships interfering with passenger planes • The Register
TikTok cannot be considered a private company: report • The Register
Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop
BBC presses staff to uninstall TikTok from corporate kit • The Register
Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch
Putin to staffers: throw out your iPhones over security • The Register
Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (
Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
Unknown actors target orgs in Russia-occupied Ukraine • The Register
Xi, Putin, declare intent to rule the world of AI, infosec • The Register
The pressing threat of Chinese-made drones flying above US critical infrastructure | CyberScoop
Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop
Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online
Vulnerability Management
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant
10 Vulnerabilities Types to Focus On This Year (
Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (
Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (
CVE-2023-23397 Outlook exploit: "A proliferation event" (
Patch CVE-2023-23397 Immediately: What You Need To Know and Do (
Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs
Exploit released for Veeam bug allowing cleartext credential theft (
Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs
WordPress force patching WooCommerce plugin with 500K installs (
Windows 11 bug warns Local Security Authority protection is off (
Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (
Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar
Microsoft: Defender update behind Windows LSA protection warnings (
ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (
Windows 11 Snipping Tool privacy bug exposes cropped image content (
If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica
Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (
Tools and Controls
Data backup, security alerts, and encryption viewed as top security features - Help Net Security
Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
Complacency of staff to blame for data breaches (
How access management helps protect identities in the cloud | VentureBeat
Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware
The Ethics of Network and Security Monitoring (
Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica
How network perimeters secure enterprise networks | TechTarget
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Other News
Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News
Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica
What Is Shoulder Surfing? How Does It Affect Cyber security (
Inside the DEA Tool Hackers Allegedly Used to Extort Targets (
Top ways attackers are targeting your endpoints - Help Net Security
What Is a Dirty IP Address and How Does It Affect Your Security? (
Techno-nationalism explained: What you need to know (
How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru
Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.