Black Arrow Cyber Threat Intelligence Briefing 13 December 2024

15 Dec

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Security Risks Rise During Mergers & Acquisitions

ReliaQuest’s analysis reveals heightened cyber security risks during mergers and acquisitions, with half of incidents stemming from threat actors exploiting potential security gaps, and the remainder from non-malicious employee issues. The manufacturing, finance and retail sectors were the hardest hit. One private equity CISO observed a 400% surge in phishing attempts post-M&A announcements. Key risks include phishing attacks, data leaks, and vulnerabilities due to legacy systems. ReliaQuest recommends proactive strategies like pre-due-diligence assessments, training, network segmentation, and unified logging to mitigate these risks and ensure smoother integration during M&As.

Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry

Ransomware attacks surged by 70% in 2023, hitting 4,611 reported incidents according to industry research, with one gang alone extorting an estimated $42 million. Around 80% of victims are small and medium-size organisations. Many rely on cyber security insurance with limits around £1 million, yet the median ransom soared to $6.5 million this year. This gap between insurance coverage and actual costs has driven some companies into administration. Experts warn that, although attackers often use unsophisticated techniques, they remain ruthless. Robust monitoring software, password protection and comprehensive incident response plans can provide critical defences against this escalating threat.

AI & Cyber Security to Shape the Tech Landscape in 2025

The tech landscape of 2025 will be defined by the growth of specialised AI solutions and evolving cyber security measures, according to sector leaders from Nutanix, Rubrik, Snowflake, Obsidian Security, ManageEngine, and Infoblox. Cloud-based AI agents will automate threat detection, but also heighten risks of data leaks and identity-based attacks. Industry-specific models will transform finance, healthcare, manufacturing, and hospitality, offering faster, more precise services. Organisations must enhance data access controls, involve all staff in cyber security, and align IT and business goals. Government regulations and platform-based strategies will play a critical role in supporting innovation and safeguarding operations.

Phishing: The Silent Precursor to Data Breaches

Phishing remains a silent precursor to destructive data breaches, accounting for 31% of cyber security incidents - outdone only by weak or compromised credentials and pretexting. By exploiting human psychology, phishing bypasses technological safeguards, enabling the theft of sensitive data and triggering large-scale cyber attacks. One major infrastructure breach was initiated through a phishing-driven compromise, underscoring the threat’s far-reaching impact. Organisations can reduce phishing risks by prioritising employee training, filtering malicious emails, and implementing multi-factor authentication. This multi-layered approach, combined with a strong incident response plan, is essential to help safeguard systems and protect sensitive information in the modern cyber threat landscape.

Business Cyber Understanding Gap Creates New Vulnerabilities

Cyber security insurance provider Resilience has found that many UK mid-to-large businesses lack a clear grasp of cyber security as a financial risk, despite 74% having experienced cyber crime. The survey of IT and financial leaders highlighted a worrying gap between media focus on data breaches (cited by 72% as their main worry) and the larger financial impact of ransomware (responsible for more than 80% of losses). Limited use of quantitative risk registries (54%) further hampers businesses’ ability to mitigate cyber threats.

Cyber Defence vs Cyber Resilience: Why It's Time to Prioritise Recovery

AI-driven cyber attacks are prevalent, with intruders able to remain undetected for months and most ransomware campaigns targeting backup repositories. This demands a shift from solely cyber defence to holistic cyber resilience. A strategy includes a robust backup approach, active monitoring, and an isolated recovery environment to ensure data remains clean and recoverable. Equally important is cross-functional collaboration between IT and security teams to flag and respond to breaches quickly. By prioritising recovery and resilience, organisations can maintain business operations, minimise downtime, and stay ahead of evolving cyber threats in today’s borderless IT landscape.

UK SMEs Are Concerned About Preparedness for Cyber Attacks as Fraud Rises

Online payment provider Mollie has reported that five and a half million UK SMEs lost an average of £10,800 to fraud this year, leaving nine in 10 C-Suite executives concerned about their survival. Fraud types included phishing (58%), refund scams (42%), account takeovers (30%) and carding attacks (23%). Firms spent around 15 days annually handling these threats, diverting critical resources from core operations. This underscores a growing need for effective cyber security measures that combat rising threats without stifling business growth. Mollie’s research highlights the importance of equipping smaller enterprises with balanced solutions to safeguard revenue and productivity, protecting them from ever-evolving forms of cyber attack.

Cyber Risk to Intensify in 2025 as Attackers Switch Tactics - Moody’s

According to Moody’s 2025 cyber security outlook, the threat environment is evolving as attackers target bigger businesses and harness AI for more potent attacks. Ransomware soared by 70% from 2022 to 2023, with ransom payments hitting a record $1.1 billion. Meanwhile, the share of victims paying ransoms is falling, driving cyber criminals to focus on larger organisations. Supply chain incidents are growing in parallel with the proliferation of AI-enabled scams and greater reliance on external providers. Moody’s recommends warns that robust risk assessments and improved cyber security measures, including passkeys, can help address these mounting challenges.

Companies Pull Leadership Bios from Their Websites After Insurance Executive’s Killing

Following the tragic shooting of a leading insurance executive in New York City, major health insurers have swiftly removed leadership bios from their websites. Archived versions of UnitedHealthcare, Anthem Blue Cross Blue Shield, and Elevance Health pages show these details were public until shortly after the incident. Faced with heightened security concerns, organisations are reinforcing protective measures, while private security firms report a surge in new business. This underscores an evolving risk landscape for senior leaders, prompting companies to carefully manage executive information online and reassess personal safety protocols.

Boardroom Risks Revealed in Latest Beazley Report

Beazley’s latest report highlights cyber security as the top boardroom concern, cited by 45% of executives. Regulatory compliance (41%) and ESG (35%) follow closely, yet 60% of respondents feel only moderately or poorly prepared for cyber attacks. ESG influences are expected to surge, with 68% foreseeing major board impact, but just 39% feel ready. The report urges proactive risk management, encouraging boards to strengthen internal expertise, invest in technology, and align governance strategies with shifting priorities.

Employee Visits to Adult or Gambling Sites Doubles Risk of Infection by Malware

According to new research, employees visiting gambling or adult sites can double the risk of malware infections, including coinminers, trojans, and hacking tools. Browsing illegal sites may increase malware threats by up to five times, while frequent visits to unknown websites also raise infection odds. By identifying how specific user behaviours relate to distinct malware types, organisations can tailor their cyber security defences accordingly. Governments might prioritise hacktools, whereas healthcare could focus on ransomware. Overall, the study suggests that targeted, behaviour-based cyber security measures can help organisations reduce risks cost-effectively for their unique threat profiles.

North Korea's Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years

North Korea’s covert IT workforce has reportedly generated $88 million over six years by posing as remote tech professionals, according to the US Department of Justice. Hiding their true identities and locations, these “IT warriors” channel their earnings into Pyongyang’s coffers, while some leverage access privileges to steal proprietary data and extort employers. Even cyber security businesses have been duped. Authorities have uncovered over 130 participants, linked to firms in China and Russia. Officials warn the threat persists, with continued guidance on detecting the scam and a multimillion-dollar reward in place to disrupt North Korea’s illicit revenue streams.

Sources:

https://securitybrief.co.nz/story/cybersecurity-risks-rise-during-mergers-acquisitions

https://www.claimsjournal.com/news/national/2024/12/06/327772.htm

https://securitybrief.co.nz/story/ai-cybersecurity-to-shape-the-tech-landscape-in-2025

https://www.securityweek.com/phishing-the-silent-precursor-to-data-breaches/

https://www.emergingrisks.co.uk/business-cyber-understanding-gap-creates-new-vulnerabilities/

https://betanews.com/2024/12/06/cyber-defense-vs-cyber-resilience-why-its-time-to-prioritize-recovery/

https://thefintechtimes.com/uk-smes-are-concerned-about-preparedness-for-cyberattacks-as-fraud-rises-finds-mollie/

https://www.reinsurancene.ws/cyber-risk-to-intensify-in-2025-as-attackers-switch-tactics-moodys/

https://fortune.com/2024/12/06/unitedhealthcare-major-insurance-companies-pull-company-board-leadership-bios-elevance-anthem-blue-shield-cross/

https://www.insurancebusinessmag.com/us/news/breaking-news/boardroom-risks-revealed-in-latest-beazley-report-516949.aspx

https://www.newswise.com/articles/employee-visits-to-adult-or-gambling-sites-doubles-risk-of-infection-by-malware

https://www.theregister.com/2024/12/13/doj_dpkr_fake_tech_worker_indictment/

Governance, Risk and Compliance

UK SMEs Are Concerned About Preparedness For Cyber Attacks as Fraud Rises Finds Mollie | The Fintech Times

Cyber security risks rise during mergers & acquisitions

Boardroom risks revealed in latest Beazley report | Insurance Business America

UnitedHealthcare and other major insurance companies pull company and board leadership bios from their websites after executive’s killing | Fortune

Dear CEO: It’s time to rethink security leadership and empower your CISO | CSO Online

Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks

We must adjust expectations for the CISO role - Help Net Security

Cyber defence vs cyber resilience: why it's time to prioritize recovery

Business cyber understanding gap creates new vulnerabilities

Cyber risk to intensify in 2025 as attackers switch tactics: Moody's - Reinsurance News

Cyber Security In The Digital Frontier: Reimagining Organisational Resilience

Charges Against CISOs Create Worries, Hope in Security Industry: Survey - Security Boulevard

The skills that cyber security leaders need

70 percent of cyber security leaders worry about personal liability

Report: 84% of Fortune 500 companies scored a D or worse for their cyber security efforts | Cybernews

CISOs need to consider the personal risks associated with their role - Help Net Security

Cyber security has become a strategic differentiator for organisations, says Ismail Al Naqi at GN forum | Technology – Gulf News

Cultivating a Hacker Mindset in Cyber Security Defence

Blackbaud Appoints Bradley Pyburn, Former Chief of Staff of US Cyber Command, to Board of Directors

Heed the warnings on cyber security threats - James McGachie

How to Improve Your Cyber Security On a Lower Budget | Mimecast

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Keep cash at home due to cyber attack risks, Dutch Central Bank warns – The Irish Times

NATO Offensive cyber operations exercise Crossed Swords gets underway in Tallinn

Nation State Actors

China

Salt Typhoon recorded 'very senior' US officials' calls • The Register

Counterintelligence director reveals extent of damage from China telecom hacks - Washington Times

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine

How Chinese insiders exploit its surveillance state • The Register

Compromised Software Code Poses New Systemic Risk to US Critical Infrastructure

Chinese hackers use Visual Studio Code tunnels for remote access

US Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

US Telco Security Efforts Ramp Up After Salt Typhoon

Why did China hack the world’s phone networks?

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

US govt says Cisco gear often targeted in China's Salt Typhoon attacks on 8 telecommunications providers — issues Cisco-specific advice to patch networks to fend off attacks | Tom's Hardware

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

As US finally details Chinese Salt Typhoon attack, FCC Chair proposes new rules for telcos

'EagleMsgSpy' Android Spyware Linked to Chinese Police

Russia

Lookout Discovers New Spyware Deployed by Russia and China - Infosecurity Magazine

Keep cash at home due to cyber attack risks, Dutch Central Bank warns – The Irish Times

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Russian hacktivists target oil, gas and water sectors worldwide | SC Media

Suspected Russian hackers target Ukrainian defence enterprises in new espionage campaign | The Record from Recorded Future News

Russian government spies targeted Ukraine using tools developed by cyber criminals | TechCrunch

EU envoys to discuss first sanctions targeting Russian hybrid threats

Exploring Cyber-Darkness: How Moscow Undermines the West via the Dark Web | Geopolitical Monitor

NATO Offensive cyber operations exercise Crossed Swords gets underway in Tallinn

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

Ukraine Weighs Telegram Security Risks Amid War With Russia - The New York Times

Romania Exposes Propaganda Campaign Supporting Pro-Russian Candidate - Infosecurity Magazine

AI fakes, cyber attacks threaten German election – DW – 12/06/2024

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

Experts discovered the first mobile malware families linked to Russia's Gamaredon

Threat hunting case study: Cozy Bear | Intel 471

Phishing Scam Targets Ukrainian Defence Companies - Infosecurity Magazine

Russia disconnects several regions from the global internet to test its sovereign net | TechRadar

Russia takes unusual route to hack Starlink-connected devices in Ukraine - Ars Technica

Russian users report Gazprombank outages amid alleged Ukrainian cyber attack | The Record from Recorded Future News

RedLine info-stealer campaign targets Russian businesses

North Korea

North Korea's fake IT worker scam hauled in $88 million • The Register

Radiant links $50 million crypto heist to North Korean hackers

North Korean Group UNC4736 Blamed for Radiant Capital Breach

North Korean hackers target South Korea with Internet Explorer vulnerabilities to deploy RokRAT malware | TechRadar

Tools and Controls

Who handles what? Common misconceptions about SaaS security responsibilities - Help Net Security

Security researchers set up an API honeypot to dupe hackers – and the results were startling | ITPro

Neglect of endpoints presents a major security gap for enterprises

Conquering the Complexities of Modern BCDR

Safe Handling of Data: Why Secrets Sprawl is a Risk - Security Boulevard

Why don’t security leaders get the funds they need to succeed? | SC Media

What is Cyber Threat Detection and Response? | UpGuard

US Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

Bug bounty programs: Why companies need them now more than ever | CSO Online

Cyber Security Products or Platforms - Which is More Effective? - Security Boulevard

AI is a gamble we cannot afford without cyber security

Exposed APIs and issues in the world's largest organisations - Help Net Security

WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies

Microsoft enforces defences preventing NTLM relay attacks - Help Net Security

Businesses struggle with IT security, Kaspersky reports

Unlocking the Value of DSPM: What You Need to Know - IT Security Guru

7 Must-Know IAM Standards in 2025

Mastering PAM to Guard Against Insider Threats - Security Boulevard

The Future of Network Security: Automated Internal and External Pentesting

How to Make the Case for Network Security Audits - Security Boulevard

Strengthening security posture with comprehensive cyber security assessments - Help Net Security

Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge - Infosecurity Magazine

Generative AI's cyber security potential is clear, but so far it's given hackers the upper hand | ITPro

TPM 2.0: The new standard for secure firmware - Help Net Security

How to Improve Your Cyber Security On a Lower Budget | Mimecast

Reports Published in the Last Week

New Report from Cloud Security Alliance Highlights Key Aspects of Data Resiliency in the Financial Sector | Business Wire

The Cyber Security Challenge in Mergers and Acquisitions - ReliaQuest

5 Email Attacks You Need to Know for 2025 | Abnormal

Cloudflare 2024 report highlights internet growth and rising cyber security challenges - SiliconANGLE

Kiteworks 2025 Cyber Security Report Unveils Critical Trends And Strategies For Protecting Sensitive Data

2025 Forecast Report for Managing Private Content Exposure Risk

Other News

UK SMEs Are Concerned About Preparedness For Cyber Attacks as Fraud Rises Finds Mollie | The Fintech Times

TfL cyber attack cost over £30m to date | Computer Weekly

50% Of M&A Security Issues Are Non-Malicious

Cyber Security In The Digital Frontier: Reimagining Organisational Resilience

Attackers can abuse the Windows UI Automation framework to steal data from apps | CSO Online

Microsoft enforces defences preventing NTLM relay attacks - Help Net Security

Businesses struggle with IT security, Kaspersky reports

IT pros say hackers could compromise device supply chain, firmware security | SC Media

Report: 84% of Fortune 500 companies scored a D or worse for their cyber security efforts | Cybernews

Non-Human Identities: The Silent Threat - InfoRiskToday

The Big Question: Is the UK doing enough when it comes to cyber risks? - Emerging Risks Media Ltd

From Europe to South Africa: Where Is the World on Cyber Defence?

You Don’t Talk to Strangers, So Why Does Your Internet? | SC Media

Drowning in spam? Stop giving out your email address - do this instead | ZDNET

Heed the warnings on cyber security threats - James McGachie

Utility Companies Face 42% Surge in Ransomware Attacks - Infosecurity Magazine

Safeguarding Charities From Cyber Crime l Blog l Nelsons Solicitors

Vulnerability Management

What Is an Application Vulnerability? 8 Common Types - Security Boulevard

Containers have 600+ vulnerabilities on average - Help Net Security

Vulnerabilities

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

SonicWall Patches 6 Vulnerabilities in Secure Access Gateway - SecurityWeek

Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek

SAP Patches Critical Vulnerability in NetWeaver - SecurityWeek

Adobe Patches Over 160 Vulnerabilities Across 16 Products - SecurityWeek

Micropatching service releases fix for a zero-day vulnerability affecting three Windows generations | TechSpot

Apple Pushes Major iOS, macOS Security Updates - SecurityWeek

Apache issues patches for critical Struts 2 RCE bug • The Register

Security Flaws in WordPress Woffice Theme Prompts Urgent Update - Infosecurity Magazine

New Windows zero-day exposes NTLM credentials, gets unofficial patch

Unauthorized file access possible with chained Mitel MiCollab flaws | SC Media

New Windows Warning As Zero-Day With No Official Fix Confirmed For All Users

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Microsoft Azure MFA Flaw Allowed Easy Access Bypass - Infosecurity Magazine

Multiple Ivanti CSA Vulnerabilities Let Attackers Bypass Admin Web Console Remotely

WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies

QNAP Patches Vulnerabilities Exploited at Pwn2Own - SecurityWeek

OpenWrt supply chain attack scare prompts urgent upgrades • The Register

Atlassian, Splunk Patch High-Severity Vulnerabilities - SecurityWeek

AMD VM security tools can be bypassed, letting hackers infilitrate your devices, experts warn | TechRadar

Hunk Companion WordPress plugin exploited to install vulnerable plugins

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 13 December 2024

Top Cyber Stories of the Last Week

Cyber Security Risks Rise During Mergers & Acquisitions

Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry

AI & Cyber Security to Shape the Tech Landscape in 2025

Phishing: The Silent Precursor to Data Breaches

Business Cyber Understanding Gap Creates New Vulnerabilities

Cyber Defence vs Cyber Resilience: Why It's Time to Prioritise Recovery

UK SMEs Are Concerned About Preparedness for Cyber Attacks as Fraud Rises

Cyber Risk to Intensify in 2025 as Attackers Switch Tactics - Moody’s

Companies Pull Leadership Bios from Their Websites After Insurance Executive’s Killing

Boardroom Risks Revealed in Latest Beazley Report

Employee Visits to Adult or Gambling Sites Doubles Risk of Infection by Malware

North Korea's Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years

Sources:

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Bots/Botnets

Mobile

Denial of Service/DoS/DDoS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Outages

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda