Black Arrow Cyber Threat Intelligence Briefing 17 January 2025

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week, the EU’s Digital Operational Resilience Act (DORA) has come into effect, imposing stringent cyber security requirements on over 22,000 financial institutions. This regulation strengthens incident reporting, risk management, and IT third-party oversight, aiming to create a unified approach to mitigating ICT-related risks. As cyber security incidents are identified as the top business concern for 2025, organisations are urged to adopt holistic strategies that address interconnected risks like supply chain vulnerabilities, geopolitical tensions, and the increasing role of AI in threat landscapes.

Our selection of threat intelligence news this week shows how emerging threats highlight the need for enhanced resilience. Ransomware attacks reached record highs in 2024, with attackers weaponising disclosure rules and leveraging AI tools for sophisticated phishing and extortion tactics. SMEs face rising concerns over AI-driven risks, while hybrid working has expanded the corporate attack surface, necessitating adaptive security solutions. Meanwhile, geopolitical risks are complicating the global cyber landscape, driving NATO’s efforts to protect critical infrastructure, such as undersea cables essential for internet traffic and financial transactions.

To navigate this era of escalating complexity, organisations must prioritise proactive measures. These include integrating cyber resilience into business strategies, fostering a culture of security awareness, and addressing the often-overlooked emotional impact of cyber attacks on staff. Effective collaboration, innovation, and investment are critical to safeguarding operations and enabling sustained growth.


Top Cyber Stories of the Last Week

New EU Cyber Rules for Financial Institutions Came into Force on Friday 17 January

The EU's Digital Operational Resilience Act (DORA) came into effect on Friday, introducing stringent cyber security requirements for over 22,000 financial institutions, including banks, insurers, and investment firms. Designed to enhance resilience against severe disruptions such as cyber attacks, DORA mandates robust risk management, incident reporting, resilience testing, and oversight of IT third-party risks. It also encourages the sharing of cyber threat intelligence between firms to strengthen collective defences. The new framework aims to create a unified, cross-sectoral approach to mitigating Information and Communications Technology (ICT) related risks, setting strict standards to limit the impact of potential vulnerabilities.

Cyber Attacks Considered Top Business Concern for 2025: Allianz

The Allianz Risk Barometer highlights cyber incidents as the top global business risk for 2025, with 38% of respondents ranking it as their primary concern. Business interruption follows closely, exacerbated by events such as natural disasters, geopolitical instability, and cyber attacks, which increasingly disrupt supply chains. Climate change has risen to fifth place, reflecting its growing significance amid record-breaking global temperatures and extreme weather events in 2024, which caused insured losses exceeding $100 billion for the fifth consecutive year. The interconnected nature of risks underscores the need for holistic, resilient strategies to address evolving challenges.

How CISOs Can Elevate Cyber Security in Boardroom Discussions

Cyber security leaders must align their boardroom presentations with business priorities by highlighting the direct impact of security initiatives on revenue and customer confidence. Metrics like risk reduction trends, cost per incident, and ROI resonate well with non-technical audiences. Persistent challenges include limited board time, misconceptions about spending or certifications, and unclear ownership of security practices. Effective strategies include using concrete examples, such as improved customer experiences through streamlined authentication, and maintaining ongoing dialogue via executive committees or regular updates. This approach fosters deeper understanding and sustained support for security programs, framing them as enablers of business growth and resilience.

Cyber Security is Stepping into a New Era of Complexity

The World Economic Forum’s Global Cybersecurity Outlook 2025 highlights escalating complexity in cyber security driven by technological advances, geopolitical uncertainty, supply chain interdependencies, and a growing skills gap. Over half of large organisations cite supply chain vulnerabilities as a critical barrier to cyber resilience, while 66% predict AI will significantly impact cyber security by 2025, yet only 37% assess AI tool security before deployment. Regulatory fragmentation also challenges 76% of CISOs. Meanwhile, the cyber insurance market is forecast to double from $14 billion in 2023 to $29 billion by 2027, underscoring its growing role in managing cyber risks. The report calls for a shift from cyber security to cyber resilience, emphasising resource allocation.

Ransomware Victim Numbers Hit an All-Time High

Ransomware victim numbers reached a record high in 2024, with over 1,600 reported in Q4 alone, reflecting a 40% year-on-year increase in active threat groups, now totalling 88 globally. The US accounted for 52% of victims. Despite a surge in published vulnerabilities, averaging 110 per day, attackers predominantly exploited older ones. Law enforcement made notable gains, disrupting threat actors, but ransomware-as-a-service remains resilient. Effective risk mitigation in 2025 will depend on robust vulnerability management, attack surface awareness, and actionable intelligence.

The Current State of Ransomware: Weaponising Disclosure Rules and More

Ransomware remains a significant and evolving threat in 2025, with cyber criminals exploiting AI, legal frameworks, and geopolitical tensions to devastating effect. Phishing attacks, now enhanced by AI, have become highly personalised, increasing their success rates, while "living-off-the-land" techniques evade traditional defences. A striking development is the weaponisation of disclosure regulations, where ransomware groups leverage legal obligations to pressure victims. Attack rates continue to rise, with industries like healthcare and public administration heavily targeted. Recovery costs now average $2.73 million, more than double 2023 figures, highlighting the urgent need for proactive measures to mitigate these escalating risks.

The Top SME Security Worries for 2025

Smaller businesses are just as vulnerable to cyber security issues as larger ones, more so in some cases as they have fewer resources to devote to protection. Research by Six Degrees highlights that 35 percent of UK SMEs now view AI-driven threats as their top concern, surpassing malware, phishing, and ransomware. AI is amplifying risks, such as personalised phishing attacks, rather than introducing entirely new methods. The report warns that tools alone are insufficient; effective protection requires active management and integration into a broader organisational strategy.

What They Don’t Tell You About Cyber Attacks – the Emotional Impact on Staff

Cyber attacks often focus attention on financial and operational damage, but the emotional toll on staff involved in recovery is a critical yet overlooked aspect. Frontline employees frequently experience intense stress, fear of failure, isolation, and burnout during recovery efforts, with prolonged hours and high-pressure environments exacerbating these effects. Organisations must proactively support staff by ensuring clear communication, offering mental health resources, and recognising contributions. Addressing the emotional impact not only aids recovery but also strengthens team resilience and preparedness for future incidents.

The Hybrid Workforce Crisis: How it has Weakened Enterprise Security, and What to Do About It

The shift to hybrid working has significantly expanded the corporate attack surface, exposing organisations to heightened cyber security risks. An October 2024 report by the Institute for Critical Infrastructure Technology highlights key vulnerabilities, including unsecured home networks, weak passwords, and unmanaged personal devices. Traditional identity and access management systems struggle to cope, with adaptive solutions like continuous authentication proving essential. Third-party risks require dynamic, real-time monitoring, replacing outdated static assessments. Emerging technologies such as SD-WAN and behavioural biometrics can bolster security while enhancing user convenience. Strategic investment and fostering a culture of cyber security awareness are critical to safeguarding hybrid operations.

New Ransomware Group Uses AI to Develop Nefarious Tools

Check Point Research has identified a new ransomware group, FunkSec, which claims to have targeted 85 organisations in December 2024. FunkSec, a ransomware-as-a-service operation, uses AI-assisted tools to develop malware, enabling even low-skilled operators to create sophisticated attacks. Despite its claims, many of its leaked datasets are recycled from previous hacktivist campaigns, raising doubts about its impact. The group employs double extortion tactics and demands unusually low ransoms, sometimes as little as $10,000. FunkSec’s tools reflect limited technical expertise but showcase the growing use of AI in cyber attacks.

'Arson, Sabotage, Cyber Attacks': UK Enters New Era of Threats from Hostile States

The UK faces an escalating range of threats from hostile states, including cyber attacks, arson, and sabotage, with state-backed criminal groups increasingly adopting terrorist-like tactics. The UK’s Foreign, Commonwealth and Development Office reports a 50% rise in state threat investigations over the past year, highlighting the urgency of rebuilding lost expertise and capability. Cyber attacks, described as the “new normal,” have severely impacted public services, with incidents like the NHS cyber attack disrupting thousands of procedures and appointments. Experts stress the need for a coordinated, whole-of-society response to address these threats and adapt to an evolving global landscape.

NATO Launches New Mission to Protect Crucial Undersea Cables

NATO has launched "Baltic Sentry", a mission to enhance surveillance of the Baltic Sea following a rise in damage to critical undersea cables. The initiative will involve increased deployment of patrol aircraft, warships, and drones, with a focus on monitoring Russia's "shadow fleet." Over 95% of internet traffic and $10 trillion in daily financial transactions depend on undersea cables, making their protection vital. NATO leaders emphasised the potential for hostile intent behind recent incidents, noting that such damage is unlikely to be accidental.

Sources:

https://www.rte.ie/news/business/2025/0117/1491313-banks-cyber-rules/

https://www.reinsurancene.ws/cyber-attacks-considered-top-business-concern-for-2025-allianz/

https://www.helpnetsecurity.com/2025/01/16/ross-young-team8-cybersecurity-boardroom-discussions/

https://www.helpnetsecurity.com/2025/01/15/cybersecurity-complexity-era/

https://betanews.com/2025/01/16/ransomware-victim-numbers-hit-an-all-time-high/

https://securityintelligence.com/articles/the-current-state-of-ransomware-weaponizing-disclosure-rules/ [TC1] 

https://betanews.com/2025/01/14/the-top-sme-security-worries-for-2025/

https://www.computerweekly.com/opinion/What-they-dont-tell-you-about-cyber-tatacks-The-Emotional-Impact-on-Staff

https://www.scworld.com/resource/the-hybrid-workforce-crisis-how-it-has-weakened-enterprise-security-and-what-to-do-about-it

https://www.infosecurity-magazine.com/news/new-ransomware-group-uses-ai/

https://inews.co.uk/news/arson-sabotage-cyber-attacks-uk-threats-hostile-states-3481620

https://www.bbc.co.uk/news/articles/c4gx74d06ywo



Threats

Ransomware, Extortion and Destructive Attacks

New Ransomware Group Uses AI to Develop Nefarious Tools - Infosecurity Magazine

The current state of ransomware: Weaponizing disclosure rules and more

85 Victims and Counting: What To Know About FunkSec Ransomware

Ministers consider ban on all UK public bodies making ransomware payments | Cybercrime | The Guardian

‘Millions’ in taxpayer money paid to cyber criminals in recent years – minister | The Standard

Ransomware Victims and Threat Groups Have Reached An All-Time High, GuidePoint Security Finds | Business Wire

US charges operators of cryptomixers linked to ransomware gangs

Ako Ransomware Abusing Windows API Calls To Detect Infected System Locations

New Ransomware Encrypts Amazon S3 Buckets Using SSE-C Encryption

New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment

Ransomware on ESXi: The Mechanization of Virtualized Attacks

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Ongoing Play Ransomware Attack—What You Need To Know

Inside a 90-Minute Attack: Breaking Ground with All-New AI Defeating Black Basta Tactics - Security Boulevard

Ransomware Victims

£33m cost of cyber-attack revealed | News | Health Service Journal

Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches | TechCrunch

Personal data compromised in Gateshead Council cyber attack | ITPro

UnitedHealth hid its Change Healthcare data breach notice for months | TechCrunch

OneBlood confirms personal data stolen in July ransomware attack

Phishing & Email Based Attacks

Phishing click rates tripled in 2024 despite user training | CSO Online

Beware of These Microsoft Teams Phishing Scams

This Phishing Attack Disables Your iPhone Security: Here's How to Protect Yourself

Google Search ads are being hacked to steal account info | TechRadar

Accelerated BlackBasta-like email attack examined | SC Media

Fancy Bear spotted using real Kazak government documents in spearpishing campaign | CyberScoop

Browser-Based Cyber-Threats Surge as Email Malware Declines - Infosecurity Magazine

Other Social Engineering

Scammers have a new phishing trick for iPhone users – here’s how to avoid falling victim | TechRadar

Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine

Artificial Intelligence

New Ransomware Group Uses AI to Develop Nefarious Tools - Infosecurity Magazine

How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET

85 Victims and Counting: What To Know About FunkSec Ransomware

Microsoft takes legal action against bad actors using AI for sophisticated exploitation - Neowin

Tech giants told UK online safety laws ‘not up for negotiation’ | Artificial intelligence (AI) | The Guardian

Addressing the Security Risks of AI in the Cloud

Ensuring U.S. Security and Economic Strength in the Age of Artificial Intelligence | The White House

CyberCube predicts AI will amplify cyber attacks in 2025 - Reinsurance News

What Enterprises Need to Know About Agentic AI Risks

Microsoft AI Red Team says security work will never be done • The Register

AI hallucinations can pose a risk to your cyber security

In-House Lawyers Are Focused on Employment and Cyber Security Disputes, But Looking Out for Conflict Over AI

CISA's AI Playbook Pushes For More Information Sharing

Second Biden cyber executive order directs agency action on fed security, AI, space | CyberScoop

EU AI Act and NIS2 Directive 2025 Compliance Challenges

Law Firm Leads 15,000 to Sue Google and Microsoft over AI Data - Infosecurity Magazine

Trump, Musk Discuss AI, Cyber Security With Microsoft CEO

2FA/MFA

Microsoft MFA outage blocking access to Microsoft 365 apps

MFA Failures - The Worst is Yet to Come

Malware

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

MikroTik botnet relies on DNS misconfiguration to spread malware

Browser-Based Cyber Threats Surge as Email Malware Declines - Infosecurity Magazine

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe | Tom's Guide

Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine

Microsoft: macOS bug lets hackers install malicious kernel drivers

Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely

Cyber Attackers Hide Infostealers in YouTube Comments

FBI wipes Chinese PlugX malware from over 4,000 US computers

Apple devices at risk after security researcher hacks ACE3 USB-C controller - SiliconANGLE

Bots/Botnets

MikroTik botnet uses misconfigured SPF DNS records to spread malware

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)

Mobile

Millions of people's 'intimate' location data stolen in major hack | Science, Climate & Tech News | Sky News

Mobile apps exploited to harvest location data on massive scale, hacked files reveal | TechSpot

This Phishing Attack Disables Your iPhone Security: Here's How to Protect Yourself

Researchers disclosed details of a now-patched Samsung zero-click flaw

Denial of Service/DoS/DDoS

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)

Internet of Things – IoT

Homeowners are clueless about how smart devices collect their data - Help Net Security

GM settles charges it shared driver location data • The Register

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)

Allstate car insurer sued for tracking drivers without permission

Data Breaches/Leaks

2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records - SecurityWeek

Cyber Security Breaches Degrade Consumer Trust, but Apathy Rises - Security Boulevard

Telefonica Breach Hits 20,000 Employees and Exposes Jira Details - Infosecurity Magazine

EU law enforcement training agency data breach: Data of 97,000 individuals compromised - Help Net Security

Personal data stolen in cyber-attack on Gateshead Council - BBC News

60 Million Students and Teachers Targeted in PowerSchool Data Breach

GoDaddy Accused of Serious Security Failings by FTC - Infosecurity Magazine

Largest US addiction treatment provider notifies patients of data breach

OneBlood confirms personal data stolen in July ransomware attack

Prominent US law firm Wolf Haldenstein disclosed a data breach

183M Patient Records Exposed: Fortified Health Security Releases 2025 Healthcare Cyber Security Report

Organised Crime & Criminal Actors

How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET

The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says | WIRED

The Wiretap: At $24 Billion In Sales, The Biggest Illicit Marketplace Ever Is On Telegram

How to protect yourself from the social media cyber crime boom - Digital Journal

The Insider Threat Digital Recruitment Marketplace - Security Boulevard

Online Gambling Unleashed Transnational Crime in Philippines (2)

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Pastor who saw crypto project in his "dream" indicted for fraud

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists - SecurityWeek

US govt says North Korea stole over $659 million in crypto last year

New Web3 attack exploits transaction simulations to steal crypto

US charges operators of cryptomixers linked to ransomware gangs

Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine

Transaction simulation spoofing attack targets cryptocurrency wallets | SC Media

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Pastor who saw crypto project in his "dream" indicted for fraud

Insider Risk and Insider Threats

Phishing click rates tripled in 2024 despite user training | CSO Online

Former Disney Employee Admits to Hacking Menu System to Change Allergy Information – DataBreaches.Net

The Insider Threat Digital Recruitment Marketplace - Security Boulevard

Human Factors in Cyber Security in 2025 | UpGuard

Concern over staff blame for cyber breaches - survey

73% of office workers say staff get blamed for cyber security incidents - survey

Insurance

Cyber attacks considered top business concern for 2025: Allianz - Reinsurance News

89% of executives plan to expand cyber insurance for technological vulnerabilities: Chubb - Reinsurance News

Supply Chain and Third Parties

£33m cost of cyber-attack revealed | News | Health Service Journal

Cloud/SaaS

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Google OAuth flaw lets attackers gain access to abandoned accounts

Beware of These Microsoft Teams Phishing Scams

Addressing the Security Risks of AI in the Cloud

Are Your Cloud Security Strategies Effective in 2025? | HackerNoon

New Ransomware Encrypts Amazon S3 Buckets Using SSE-C Encryption

New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

Azure and M365 MFA outage leaves logins lost • The Register

How snack giant Mondelez is trying to keep pace in the fast-changing realm of AI, cyber security, and cloud | Fortune

Outages

Azure and M365 MFA outage leaves logins lost • The Register

What the 2024 CrowdStrike Glitch Can Teach Us About Cyber Risk

GitHub Git downtime caused by bad configuration update • DEVCLASS

Identity and Access Management

2025: The year of evolution in identity security

First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released

Linux and Open Source

The Shifting Landscape of Open Source Security

Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely

Passwords, Credential Stuffing & Brute Force Attacks

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Google OAuth flaw lets attackers gain access to abandoned accounts

A Deep Dive into ISO 27001 Password Requirements - Security Boulevard

Social Media

How to protect yourself from the social media cyber crime boom - Digital Journal

TikTok warns of broad consequences if Supreme Court allows ban | Reuters

Tech giants told UK online safety laws ‘not up for negotiation’ | Artificial intelligence (AI) | The Guardian

'How to quit Facebook?' searches spike after Meta's fact-checking ban | ZDNET

Meta's fact-checking end raises concerns about disinformation

Cyber Attackers Hide Infostealers in YouTube Comments

The Looming Crisis: Meta, Misinformation, And Public Trust

TikTok, five other Chinese firms hit by EU privacy complaints | Reuters

Trump’s Truth Social Users Targeted by Rampant Scams Online - Infosecurity Magazine

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

Experts Unpack The Truth Behind TikTok’s Data Collection | HuffPost Life

'Free Our Feeds' campaign aims to billionaire-proof Bluesky’s tech | TechCrunch

Malvertising

Google Search ads are being hacked to steal account info | TechRadar

Training, Education and Awareness

Phishing click rates tripled in 2024 despite user training | CSO Online

Regulations, Fines and Legislation

New EU cyber rules for financial institutions from today

DORA Comes Into Force: Experts Weigh In On Its Impact And Opportunities

UK Considers Banning Ransomware Payment by Public Sector and CNI - SecurityWeek

The UK's Online Safety Act applies to Small Tech too • The Register

DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses - Infosecurity Magazine

Tech giants told UK online safety laws ‘not up for negotiation’ | Artificial intelligence (AI) | The Guardian

The EU Cyber Resilience Act - What You Need to Know | A&O Shearman - JDSupra

Biden signs executive order inspired by lessons from recent cyber attacks - Nextgov/FCW

EU AI Act and NIS2 Directive 2025 Compliance Challenges

A Deeper Dive into the Proposed Modifications to the HIPAA Security Rule | Stoel Rives - Global Privacy & Security Blog® - JDSupra

Last-Minute Biden EO Reportedly Prompted By Chinese Cyber Attacks | MSSP Alert

Governments call for spyware regulations in UN Security Council meeting | TechCrunch

TikTok warns of broad consequences if Supreme Court allows ban | Reuters

Trump and others want to ramp up cyber offense, but there’s plenty of doubt about the idea | CyberScoop

New ‘cyber security’ law in Turkey could criminalize reporting on data leaks - Turkish Minute

Models, Frameworks and Standards

European finance readying itself for DORA implementation

DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses - Infosecurity Magazine

New EU cyber rules for financial institutions from today

First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released

The EU Cyber Resilience Act - What You Need to Know | A&O Shearman - JDSupra

A Deep Dive into ISO 27001 Password Requirements - Security Boulevard

A Deeper Dive into the Proposed Modifications to the HIPAA Security Rule | Stoel Rives - Global Privacy & Security Blog® - JDSupra

Backup and Recovery

Backup technology explained: The fundamentals of enterprise backup | Computer Weekly

Careers, Working in Cyber and Information Security

Career Opportunities in Cyber Security: A Guide for Aspiring Professionals | BCS

Microsoft is Laying Off Employees Across its Sales, Security, and Gaming Divisions

ISC2 Cyber Security Workforce Study: Shortage of AI skilled workers

Law Enforcement Action and Take Downs

Former Disney Employee Admits to Hacking Menu System to Change Allergy Information – DataBreaches.Net

US charges operators of cryptomixers linked to ransomware gangs

FBI wipes Chinese PlugX malware from over 4,000 US computers

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Pastor who saw crypto project in his "dream" indicted for fraud

Misinformation, Disinformation and Propaganda

Meta's fact-checking end raises concerns about disinformation

The Looming Crisis: Meta, Misinformation, And Public Trust

Mark Zuckerberg’s end to Meta factchecking is a desperate play for engagement | Mark Zuckerberg | The Guardian

'Free Our Feeds' campaign aims to billionaire-proof Bluesky’s tech | TechCrunch


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

'Arson, sabotage, cyber attacks': UK enters new era of threats from hostile states

‘Hybrid threats’, ‘grey zones’, ‘competition’, and ‘proxies’: When is it actually war?

Nation State Actors

China

US Telecom, Zero-Day Attacks Highlight Cyber Hygiene Need

China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again

Salt Typhoon spies spotted on US govt networks before telcos • The Register

US has responded to Chinese-linked cyber attacks on telecoms firms, Sullivan says | Reuters

ISMG Editors: The Coming Battle Over Chinese Cyberthreats

Last-Minute Biden EO Reportedly Prompted By Chinese Cyber Attacks | MSSP Alert

Strengthening America’s Resilience Against the PRC Cyber Threats | CISA

Nato launches 'Baltic Sentry' mission to protect undersea cables - BBC News

China Targeted Foreign Investment, Sanctions Offices in Treasury Hack: Reports - SecurityWeek

As Tensions Mount With China, Taiwan Sees Surge in Attacks

FBI wipes Chinese PlugX malware from over 4,000 US computers

TikTok, five other Chinese firms hit by EU privacy complaints | Reuters

Experts Unpack The Truth Behind TikTok’s Data Collection | HuffPost Life

Chinese hackers accessed Yellen's computer in US Treasury breach, Bloomberg News reports | Reuters

TikTok warns of broad consequences if Supreme Court allows ban | Reuters

Chinese cyber-spies target CFIUS investigations • The Register

Russia

Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says | The Record from Recorded Future News

Russia Carves Out Commercial Surveillance Success

Nato launches 'Baltic Sentry' mission to protect undersea cables - BBC News

Russia-linked APT Star Blizzard targets WhatsApp accounts

Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups - SecurityWeek

Ukraine’s PM discusses defence, cyber security, sanctions with Estonia’s Foreign Minister

Fancy Bear spotted using real Kazak government documents in spearpishing campaign | CyberScoop

Russia Targets Kazakhstan in Espionage Campaign

Suspected Ukrainian hackers impersonating Russian ministries to spy on industry | The Record from Recorded Future News

North Korea

US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists - SecurityWeek

North Korean Hackers Targeting Freelance Software Developers - SecurityWeek

Treasury sanctions North Korea over remote IT worker schemes | CyberScoop

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Governments call for spyware regulations in UN Security Council meeting | TechCrunch

How Barcelona became an unlikely hub for spyware startups | TechCrunch


Tools and Controls

Phishing click rates tripled in 2024 despite user training | CSO Online

What they don’t tell you about cyber attacks – the emotional impact on staff | Computer Weekly

How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET

2025 Informed: Cyber Security and AI

How “right-sizing” cyber security initiatives can prevent data Loss | theHRD

The hybrid workforce crisis: How it has weakened enterprise security, and what to do about it | SC Media

Home Office rolls out cyber crime protections for data centres 

How CTEM is providing better cyber security resilience for organisations

Backup technology explained: The fundamentals of enterprise backup | Computer Weekly

Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities - ISPreview UK

A cyber-resilient culture: Key to adapting to evolving cyber threats - SiliconANGLE

Breaking the Cycle of Isolated Risk Management | MSSP Alert

How CISOs Can Build a Disaster Recovery Skillset

Are Your Cloud Security Strategies Effective in 2025? | HackerNoon

Ransomware on ESXi: The Mechanization of Virtualized Attacks

What Security Leaders Get Wrong About Zero-Trust Architecture

First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

The AI Conundrum In Security: Why The Future Belongs To The Bold

How AI and ML are transforming digital banking security - Help Net Security

North Korean Hackers Targeting Freelance Software Developers - SecurityWeek

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

What the 2024 CrowdStrike Glitch Can Teach Us About Cyber Risk

Cyber Risk Quantification: Use Cases and Best Practices | MSSP Alert

Risk, Reputational Scoring Services Enjoy Mixed Success

AI hallucinations can pose a risk to your cyber security

A Deep Dive into ISO 27001 Password Requirements - Security Boulevard

Balancing usability and security in the fight against identity-based attacks - Help Net Security

Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges - Infosecurity Magazine

Enabling confident cyber resilience and recovery with CyberSense - SiliconANGLE

Cyber security on a shoestring: maximizing your ROI | TechRadar




Vulnerability Management

Vulnerability Remediation vs Mitigation: Which Strategy Wins in Cyber Security? - Security Boulevard

What 2024 taught us about security vulnerabilities - Help Net Security

89% of executives plan to expand cyber insurance for technological vulnerabilities: Chubb - Reinsurance News

Critical vulnerabilities remain unresolved due to prioritization gaps - Help Net Security

Vulnerabilities

Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days - SecurityWeek

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws

China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

Google Chrome 132 update fixes 16 unique security issues - gHacks Tech News

Fortinet warns a critical vulnerability in its systems could let attackers breach company networks | TechRadar

Fortinet Releases Security Updates for Multiple Products | CISA

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities - SecurityWeek

Ivanti Patches Critical Vulnerabilities in Endpoint Manager - SecurityWeek

Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader

Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS - SecurityWeek

UK Registry Nominet Breached Via Ivanti Zero-Day - Infosecurity Magazine

Nominet probes possible Ivanti zero-day exploit • The Register

SAP Patches Critical Vulnerabilities in NetWeaver - SecurityWeek

Apple Patches Flaw That Allows Kernel Security Bypassing

Adobe Releases Security Updates for Multiple Products | CISA

Microsoft: macOS bug lets hackers install malicious kernel drivers

Windows BitLocker bug triggers warnings on devices with TPMs

New UEFI Secure Boot flaw exposes systems to bootkits, patch now

Debian 12.9 “Bookworm” Arrives with 72 Bug Fixes and 38 Security Updates - 9to5Linux

Google OAuth flaw lets attackers gain access to abandoned accounts

CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks

Researchers disclosed details of a now-patched Samsung zero-click flaw

Microsoft 365 apps crash on Windows Server after Office update

Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities - SecurityWeek


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Previous
Previous

Black Arrow Cyber Threat Intelligence Briefing 24 January 2025

Next
Next

Black Arrow Cyber Advisory 15 January 2025 – Microsoft, Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall, Zyxel, Google Chrome and Zoom Security Updates - updated