Black Arrow Cyber Threat Intelligence Briefing 17 January 2025

19 Jan

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week, the EU’s Digital Operational Resilience Act (DORA) has come into effect, imposing stringent cyber security requirements on over 22,000 financial institutions. This regulation strengthens incident reporting, risk management, and IT third-party oversight, aiming to create a unified approach to mitigating ICT-related risks. As cyber security incidents are identified as the top business concern for 2025, organisations are urged to adopt holistic strategies that address interconnected risks like supply chain vulnerabilities, geopolitical tensions, and the increasing role of AI in threat landscapes.

Our selection of threat intelligence news this week shows how emerging threats highlight the need for enhanced resilience. Ransomware attacks reached record highs in 2024, with attackers weaponising disclosure rules and leveraging AI tools for sophisticated phishing and extortion tactics. SMEs face rising concerns over AI-driven risks, while hybrid working has expanded the corporate attack surface, necessitating adaptive security solutions. Meanwhile, geopolitical risks are complicating the global cyber landscape, driving NATO’s efforts to protect critical infrastructure, such as undersea cables essential for internet traffic and financial transactions.

To navigate this era of escalating complexity, organisations must prioritise proactive measures. These include integrating cyber resilience into business strategies, fostering a culture of security awareness, and addressing the often-overlooked emotional impact of cyber attacks on staff. Effective collaboration, innovation, and investment are critical to safeguarding operations and enabling sustained growth.

Top Cyber Stories of the Last Week

New EU Cyber Rules for Financial Institutions Came into Force on Friday 17 January

The EU's Digital Operational Resilience Act (DORA) came into effect on Friday, introducing stringent cyber security requirements for over 22,000 financial institutions, including banks, insurers, and investment firms. Designed to enhance resilience against severe disruptions such as cyber attacks, DORA mandates robust risk management, incident reporting, resilience testing, and oversight of IT third-party risks. It also encourages the sharing of cyber threat intelligence between firms to strengthen collective defences. The new framework aims to create a unified, cross-sectoral approach to mitigating Information and Communications Technology (ICT) related risks, setting strict standards to limit the impact of potential vulnerabilities.

Cyber Attacks Considered Top Business Concern for 2025: Allianz

The Allianz Risk Barometer highlights cyber incidents as the top global business risk for 2025, with 38% of respondents ranking it as their primary concern. Business interruption follows closely, exacerbated by events such as natural disasters, geopolitical instability, and cyber attacks, which increasingly disrupt supply chains. Climate change has risen to fifth place, reflecting its growing significance amid record-breaking global temperatures and extreme weather events in 2024, which caused insured losses exceeding $100 billion for the fifth consecutive year. The interconnected nature of risks underscores the need for holistic, resilient strategies to address evolving challenges.

How CISOs Can Elevate Cyber Security in Boardroom Discussions

Cyber security leaders must align their boardroom presentations with business priorities by highlighting the direct impact of security initiatives on revenue and customer confidence. Metrics like risk reduction trends, cost per incident, and ROI resonate well with non-technical audiences. Persistent challenges include limited board time, misconceptions about spending or certifications, and unclear ownership of security practices. Effective strategies include using concrete examples, such as improved customer experiences through streamlined authentication, and maintaining ongoing dialogue via executive committees or regular updates. This approach fosters deeper understanding and sustained support for security programs, framing them as enablers of business growth and resilience.

Cyber Security is Stepping into a New Era of Complexity

The World Economic Forum’s Global Cybersecurity Outlook 2025 highlights escalating complexity in cyber security driven by technological advances, geopolitical uncertainty, supply chain interdependencies, and a growing skills gap. Over half of large organisations cite supply chain vulnerabilities as a critical barrier to cyber resilience, while 66% predict AI will significantly impact cyber security by 2025, yet only 37% assess AI tool security before deployment. Regulatory fragmentation also challenges 76% of CISOs. Meanwhile, the cyber insurance market is forecast to double from $14 billion in 2023 to $29 billion by 2027, underscoring its growing role in managing cyber risks. The report calls for a shift from cyber security to cyber resilience, emphasising resource allocation.

Ransomware Victim Numbers Hit an All-Time High

Ransomware victim numbers reached a record high in 2024, with over 1,600 reported in Q4 alone, reflecting a 40% year-on-year increase in active threat groups, now totalling 88 globally. The US accounted for 52% of victims. Despite a surge in published vulnerabilities, averaging 110 per day, attackers predominantly exploited older ones. Law enforcement made notable gains, disrupting threat actors, but ransomware-as-a-service remains resilient. Effective risk mitigation in 2025 will depend on robust vulnerability management, attack surface awareness, and actionable intelligence.

The Current State of Ransomware: Weaponising Disclosure Rules and More

Ransomware remains a significant and evolving threat in 2025, with cyber criminals exploiting AI, legal frameworks, and geopolitical tensions to devastating effect. Phishing attacks, now enhanced by AI, have become highly personalised, increasing their success rates, while "living-off-the-land" techniques evade traditional defences. A striking development is the weaponisation of disclosure regulations, where ransomware groups leverage legal obligations to pressure victims. Attack rates continue to rise, with industries like healthcare and public administration heavily targeted. Recovery costs now average $2.73 million, more than double 2023 figures, highlighting the urgent need for proactive measures to mitigate these escalating risks.

The Top SME Security Worries for 2025

Smaller businesses are just as vulnerable to cyber security issues as larger ones, more so in some cases as they have fewer resources to devote to protection. Research by Six Degrees highlights that 35 percent of UK SMEs now view AI-driven threats as their top concern, surpassing malware, phishing, and ransomware. AI is amplifying risks, such as personalised phishing attacks, rather than introducing entirely new methods. The report warns that tools alone are insufficient; effective protection requires active management and integration into a broader organisational strategy.

What They Don’t Tell You About Cyber Attacks – the Emotional Impact on Staff

Cyber attacks often focus attention on financial and operational damage, but the emotional toll on staff involved in recovery is a critical yet overlooked aspect. Frontline employees frequently experience intense stress, fear of failure, isolation, and burnout during recovery efforts, with prolonged hours and high-pressure environments exacerbating these effects. Organisations must proactively support staff by ensuring clear communication, offering mental health resources, and recognising contributions. Addressing the emotional impact not only aids recovery but also strengthens team resilience and preparedness for future incidents.

The Hybrid Workforce Crisis: How it has Weakened Enterprise Security, and What to Do About It

The shift to hybrid working has significantly expanded the corporate attack surface, exposing organisations to heightened cyber security risks. An October 2024 report by the Institute for Critical Infrastructure Technology highlights key vulnerabilities, including unsecured home networks, weak passwords, and unmanaged personal devices. Traditional identity and access management systems struggle to cope, with adaptive solutions like continuous authentication proving essential. Third-party risks require dynamic, real-time monitoring, replacing outdated static assessments. Emerging technologies such as SD-WAN and behavioural biometrics can bolster security while enhancing user convenience. Strategic investment and fostering a culture of cyber security awareness are critical to safeguarding hybrid operations.

New Ransomware Group Uses AI to Develop Nefarious Tools

Check Point Research has identified a new ransomware group, FunkSec, which claims to have targeted 85 organisations in December 2024. FunkSec, a ransomware-as-a-service operation, uses AI-assisted tools to develop malware, enabling even low-skilled operators to create sophisticated attacks. Despite its claims, many of its leaked datasets are recycled from previous hacktivist campaigns, raising doubts about its impact. The group employs double extortion tactics and demands unusually low ransoms, sometimes as little as $10,000. FunkSec’s tools reflect limited technical expertise but showcase the growing use of AI in cyber attacks.

'Arson, Sabotage, Cyber Attacks': UK Enters New Era of Threats from Hostile States

The UK faces an escalating range of threats from hostile states, including cyber attacks, arson, and sabotage, with state-backed criminal groups increasingly adopting terrorist-like tactics. The UK’s Foreign, Commonwealth and Development Office reports a 50% rise in state threat investigations over the past year, highlighting the urgency of rebuilding lost expertise and capability. Cyber attacks, described as the “new normal,” have severely impacted public services, with incidents like the NHS cyber attack disrupting thousands of procedures and appointments. Experts stress the need for a coordinated, whole-of-society response to address these threats and adapt to an evolving global landscape.

NATO Launches New Mission to Protect Crucial Undersea Cables

NATO has launched "Baltic Sentry", a mission to enhance surveillance of the Baltic Sea following a rise in damage to critical undersea cables. The initiative will involve increased deployment of patrol aircraft, warships, and drones, with a focus on monitoring Russia's "shadow fleet." Over 95% of internet traffic and $10 trillion in daily financial transactions depend on undersea cables, making their protection vital. NATO leaders emphasised the potential for hostile intent behind recent incidents, noting that such damage is unlikely to be accidental.

Sources:

https://www.rte.ie/news/business/2025/0117/1491313-banks-cyber-rules/

https://www.reinsurancene.ws/cyber-attacks-considered-top-business-concern-for-2025-allianz/

https://www.helpnetsecurity.com/2025/01/16/ross-young-team8-cybersecurity-boardroom-discussions/

https://www.helpnetsecurity.com/2025/01/15/cybersecurity-complexity-era/

https://betanews.com/2025/01/16/ransomware-victim-numbers-hit-an-all-time-high/

https://securityintelligence.com/articles/the-current-state-of-ransomware-weaponizing-disclosure-rules/ [TC1]

https://betanews.com/2025/01/14/the-top-sme-security-worries-for-2025/

https://www.computerweekly.com/opinion/What-they-dont-tell-you-about-cyber-tatacks-The-Emotional-Impact-on-Staff

https://www.scworld.com/resource/the-hybrid-workforce-crisis-how-it-has-weakened-enterprise-security-and-what-to-do-about-it

https://www.infosecurity-magazine.com/news/new-ransomware-group-uses-ai/

https://inews.co.uk/news/arson-sabotage-cyber-attacks-uk-threats-hostile-states-3481620

https://www.bbc.co.uk/news/articles/c4gx74d06ywo

Governance, Risk and Compliance

Cyber attacks considered top business concern for 2025: Allianz - Reinsurance News

What they don’t tell you about cyber attacks – the emotional impact on staff | Computer Weekly

Cyber attacks, tech disruption ranked as top threats to business growth | CIO Dive

The top SME security worries for 2025

Geopolitics making cyber security challenges more complex: World Economic Forum - World - DAWN.COM

WEF Warns of Growing Cyber Inequity Amid Escalating Complexities - Infosecurity Magazine

Cyber security is stepping into a new era of complexity - Help Net Security

CISOs take on extra responsibilities

The Evolving Role Of The CISO

How CISOs can elevate cyber security in boardroom discussions - Help Net Security

A cyber-resilient culture: Key to adapting to evolving cyber threats - SiliconANGLE

Breaking the Cycle of Isolated Risk Management | MSSP Alert

Vigilance, Resilience, Flexibility as Keys to Countering Evolving Cyber Threats | Newswise

EU AI Act and NIS2 Directive 2025 Compliance Challenges

The Year Of Proactive Defence: Staying Ahead Of Threat Actors

Cyber Risk Quantification: Use Cases and Best Practices | MSSP Alert

73% of office workers say staff get blamed for cyber security incidents - survey

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

'Arson, sabotage, cyber attacks': UK enters new era of threats from hostile states

‘Hybrid threats’, ‘grey zones’, ‘competition’, and ‘proxies’: When is it actually war?

Nation State Actors

China

US Telecom, Zero-Day Attacks Highlight Cyber Hygiene Need

China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again

Salt Typhoon spies spotted on US govt networks before telcos • The Register

US has responded to Chinese-linked cyber attacks on telecoms firms, Sullivan says | Reuters

ISMG Editors: The Coming Battle Over Chinese Cyberthreats

Last-Minute Biden EO Reportedly Prompted By Chinese Cyber Attacks | MSSP Alert

Strengthening America’s Resilience Against the PRC Cyber Threats | CISA

Nato launches 'Baltic Sentry' mission to protect undersea cables - BBC News

China Targeted Foreign Investment, Sanctions Offices in Treasury Hack: Reports - SecurityWeek

As Tensions Mount With China, Taiwan Sees Surge in Attacks

FBI wipes Chinese PlugX malware from over 4,000 US computers

TikTok, five other Chinese firms hit by EU privacy complaints | Reuters

Experts Unpack The Truth Behind TikTok’s Data Collection | HuffPost Life

Chinese hackers accessed Yellen's computer in US Treasury breach, Bloomberg News reports | Reuters

TikTok warns of broad consequences if Supreme Court allows ban | Reuters

Chinese cyber-spies target CFIUS investigations • The Register

Russia

Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says | The Record from Recorded Future News

Russia Carves Out Commercial Surveillance Success

Nato launches 'Baltic Sentry' mission to protect undersea cables - BBC News

Russia-linked APT Star Blizzard targets WhatsApp accounts

Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups - SecurityWeek

Ukraine’s PM discusses defence, cyber security, sanctions with Estonia’s Foreign Minister

Fancy Bear spotted using real Kazak government documents in spearpishing campaign | CyberScoop

Russia Targets Kazakhstan in Espionage Campaign

Suspected Ukrainian hackers impersonating Russian ministries to spy on industry | The Record from Recorded Future News

North Korea

US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists - SecurityWeek

North Korean Hackers Targeting Freelance Software Developers - SecurityWeek

Treasury sanctions North Korea over remote IT worker schemes | CyberScoop

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Governments call for spyware regulations in UN Security Council meeting | TechCrunch

How Barcelona became an unlikely hub for spyware startups | TechCrunch

Tools and Controls

Phishing click rates tripled in 2024 despite user training | CSO Online

What they don’t tell you about cyber attacks – the emotional impact on staff | Computer Weekly

How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET

2025 Informed: Cyber Security and AI

How “right-sizing” cyber security initiatives can prevent data Loss | theHRD

The hybrid workforce crisis: How it has weakened enterprise security, and what to do about it | SC Media

Home Office rolls out cyber crime protections for data centres

How CTEM is providing better cyber security resilience for organisations

Backup technology explained: The fundamentals of enterprise backup | Computer Weekly

Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities - ISPreview UK

A cyber-resilient culture: Key to adapting to evolving cyber threats - SiliconANGLE

Breaking the Cycle of Isolated Risk Management | MSSP Alert

How CISOs Can Build a Disaster Recovery Skillset

Are Your Cloud Security Strategies Effective in 2025? | HackerNoon

Ransomware on ESXi: The Mechanization of Virtualized Attacks

What Security Leaders Get Wrong About Zero-Trust Architecture

First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

The AI Conundrum In Security: Why The Future Belongs To The Bold

How AI and ML are transforming digital banking security - Help Net Security

North Korean Hackers Targeting Freelance Software Developers - SecurityWeek

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

What the 2024 CrowdStrike Glitch Can Teach Us About Cyber Risk

Cyber Risk Quantification: Use Cases and Best Practices | MSSP Alert

Risk, Reputational Scoring Services Enjoy Mixed Success

AI hallucinations can pose a risk to your cyber security

A Deep Dive into ISO 27001 Password Requirements - Security Boulevard

Balancing usability and security in the fight against identity-based attacks - Help Net Security

Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges - Infosecurity Magazine

Enabling confident cyber resilience and recovery with CyberSense - SiliconANGLE

Cyber security on a shoestring: maximizing your ROI | TechRadar

Reports Published in the Last Week

Global Cyber Security Outlook 2025 – Navigating Through Rising Cyber Complexities > Press releases | World Economic Forum

Other News

The top SME security worries for 2025

US Telecom, Zero-Day Attacks Highlight Cyber Hygiene Need

Chrome Web Store is a mess | Almost Secure

UK Registry Nominet Breached Via Ivanti Zero-Day - Infosecurity Magazine

What do financial institutions in CEE, DACH, Nordic, and US markets need to know about Cyber Security in 2025? Finding appropriate responses to evolving threats in various markets - FinTech Futures: Fintech news

CNI Attacks: What to Expect in 2025 | SC Media UK

Nominet probes possible Ivanti zero-day exploit • The Register

EU To Launch Support Centre by 2026 to Boost Healthcare Cyber Security - Infosecurity Magazine

What's happening in the cyber security market? | Insurance Business America

The Year Of Proactive Defence: Staying Ahead Of Threat Actors

Trump and others want to ramp up cyber offense, but there’s plenty of doubt about the idea | CyberScoop

The rise of cyber attacks | Law Gazette

WEF Report Reveals Growing Cyber Resilience Divide Between Public and Private Sectors - SecurityWeek

The Cyber Security Risks Threatening The Automotive Industry, And How To Combat Them

Cyber attack forces Dutch university to cancel lectures | The Record from Recorded Future News

Aerospace Tech Week to put the spotlight on AI, autonomous aviation and cyber security

A humble proposal: The InfoSec CIA triad should be expanded - Help Net Security

Vulnerability Management

Vulnerability Remediation vs Mitigation: Which Strategy Wins in Cyber Security? - Security Boulevard

What 2024 taught us about security vulnerabilities - Help Net Security

89% of executives plan to expand cyber insurance for technological vulnerabilities: Chubb - Reinsurance News

Critical vulnerabilities remain unresolved due to prioritization gaps - Help Net Security

Vulnerabilities

Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days - SecurityWeek

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws

China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

Google Chrome 132 update fixes 16 unique security issues - gHacks Tech News

Fortinet warns a critical vulnerability in its systems could let attackers breach company networks | TechRadar

Fortinet Releases Security Updates for Multiple Products | CISA

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities - SecurityWeek

Ivanti Patches Critical Vulnerabilities in Endpoint Manager - SecurityWeek

Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader

Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS - SecurityWeek

UK Registry Nominet Breached Via Ivanti Zero-Day - Infosecurity Magazine

Nominet probes possible Ivanti zero-day exploit • The Register

SAP Patches Critical Vulnerabilities in NetWeaver - SecurityWeek

Apple Patches Flaw That Allows Kernel Security Bypassing

Adobe Releases Security Updates for Multiple Products | CISA

Microsoft: macOS bug lets hackers install malicious kernel drivers

Windows BitLocker bug triggers warnings on devices with TPMs

New UEFI Secure Boot flaw exposes systems to bootkits, patch now

Debian 12.9 “Bookworm” Arrives with 72 Bug Fixes and 38 Security Updates - 9to5Linux

Google OAuth flaw lets attackers gain access to abandoned accounts

CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks

Researchers disclosed details of a now-patched Samsung zero-click flaw

Microsoft 365 apps crash on Windows Server after Office update

Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities - SecurityWeek

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 17 January 2025

Executive Summary

Top Cyber Stories of the Last Week

New EU Cyber Rules for Financial Institutions Came into Force on Friday 17 January

Cyber Attacks Considered Top Business Concern for 2025: Allianz

How CISOs Can Elevate Cyber Security in Boardroom Discussions

Cyber Security is Stepping into a New Era of Complexity

Ransomware Victim Numbers Hit an All-Time High

The Current State of Ransomware: Weaponising Disclosure Rules and More

The Top SME Security Worries for 2025

What They Don’t Tell You About Cyber Attacks – the Emotional Impact on Staff

The Hybrid Workforce Crisis: How it has Weakened Enterprise Security, and What to Do About It

New Ransomware Group Uses AI to Develop Nefarious Tools

'Arson, Sabotage, Cyber Attacks': UK Enters New Era of Threats from Hostile States

NATO Launches New Mission to Protect Crucial Undersea Cables

Sources:

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Bots/Botnets

Mobile

Denial of Service/DoS/DDoS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Outages

Identity and Access Management

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda