Black Arrow Cyber Threat Intelligence Briefing 20 December 2024
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Mobile Spear Phishing Targets Executive Teams
Over the past few months, sophisticated spear phishing campaigns have intensified, targeting corporate executives via mobile devices and trusted business platforms. These attacks leverage advanced redirection techniques, PDF-based phishing links and compromised domains to bypass traditional defences. Mobile devices represent a distinct and often unsecured attack surface, enabling threat actors to harvest high-value corporate credentials with alarming efficiency. To protect against these evolving threats, organisations require education and awareness as well as advanced, on-device detection and prevention measures. Recent research has shown that zero-day protection and adaptive, mobile-specific security solutions are now critical to safeguarding sensitive enterprise data.
From Digital Risk to Physical Threat: Why Cyber Security Must Evolve for Executives
Protecting executives goes beyond digital measures, as these leaders’ personal safety and actions directly affect company valuation, investor confidence, and regulatory scrutiny. The US Securities and Exchange Commission (SEC)’s emphasis on governance and risk transparency underscores the importance of securing executives against both cyber and physical threats. Proactive approaches - blending digital and physical security, continuous monitoring of key terms, and behavioural science insights - are vital. By identifying threats early, understanding their social context, and ensuring senior leaders appreciate these vulnerabilities, organisations can strengthen resilience, reassure stakeholders, and meet regulatory expectations in evolving threat landscape.
Why HNWIs are Seeking Personal Cyber Security Consultants
High net worth individuals (HNWIs) are facing increasingly complex and evolving cyber threats, from phishing and ransomware to social engineering. Their wealth, influence and public profile make them prime targets, exposing them to severe financial, reputational and personal risks. HNWIs need to ensure they have conducted tailored risk assessments, and ensure appropriate security controls, constant monitoring, and privacy management for individuals and families. With global cyber crime costs projected to reach $10.5 trillion annually by 2025, these actions help safeguard digital assets, protect reputations, and ensure peace of mind in an ever more volatile online environment.
Ransomware in 2024: New Players, Bigger Payouts, and Smarter Tactics
Ransomware remains the leading global cyber security threat in 2024, with new groups rising after criminal takedowns. Demands soared, including a record-breaking $75 million ransom. Attacks span multiple sectors, with the construction industry hit hardest, and often occur overnight or at weekends. Over three-quarters paid ransoms, with average demands exceeding $1.5 million, and recovery costs surpassing $2.7 million. Smaller enterprises are especially vulnerable.
Credential Phishing Attacks Up Over 700 Percent
Phishing remains a top concern for organisations worldwide, with a new report showing credential-based attacks increasing by 703% in late 2024. Overall email threats rose by 202%, exposing employees to up to six threats per week and as many as 600 mobile threats annually. 80% of malicious links were previously unknown, underscoring limitations in static defences. Social engineering-based attacks surged by 141%, forcing leaders to reconsider their approach. Experts anticipate continued escalation in 2025, stressing the need for comprehensive and proactive security strategies backed by real-time detection and adaptable mitigation measures to outpace increasingly agile attackers.
All Major European Financial Firms Suffer Supplier Breaches
New research found that all major European financial firms experienced supplier-related breaches last year. Only a quarter achieved top-tier cyber security resilience ratings, while nearly all suffered from third- and fourth-party breaches. Around a fifth also endured a direct breach. Some 33% of financial services companies received a lower rating, with pending EU regulations like DORA adding urgency. Scandinavian firms outperformed peers, whereas French organisations reported the highest rate of supply chain breaches. Improving domain name system (DNS) configurations, endpoint security and patching cycles were recommended to strengthen defences.
Phishers Cast Wide Net with Spoofed Google Calendar Invites
A recent phishing campaign has spoofed Google Calendar invites, reaching about 300 organisations with more than 4,000 malicious emails over four weeks. Fraudsters trick users into clicking bogus links that eventually lead to fake sites designed to steal personal and financial details. Such attacks are lucrative: last year, victims in one country lost nearly $19 million to phishing scams. Security experts advise verifying links before clicking, and using two-factor authentication. As criminals easily adapt their methods, staying vigilant and questioning unusual requests remain vital for safeguarding against these persistent social engineering threats.
Security Leaders Say Machine Identities Are Next Big Target for Cyber Attack
New research shows many organisations faced cloud related security incidents last year, causing delays for over half, service outages for almost half, and data breaches for nearly a third. Security leaders warn that machine identities, especially access tokens and service accounts, are the next major target. They also predict more sophisticated supply chain attacks involving AI. Conflicts persist between security and development teams, and complexity grows as machine identities proliferate. Experts say securing these identities, along with automated protection and comprehensive controls, is now essential to safeguard cloud environments and ensure stable, secure business operations.
Ransomware Defences are Weakened by Backup Technology
Recent research by Object First shows ransomware attacks increasingly target backup data and exploit vulnerabilities. Research participants said their outdated systems (34%), limited encryption (31%) and failed backups (28%) weaken defences. Immutable storage is seen as vital, with 93% agreeing it is essential and 97% planning to invest. Zero Trust principles are widely supported, but managing these technologies poses challenges. Nearly 41% lack the necessary skills and 69% cannot afford extra expertise. The findings underscore the urgency for resilient, ransomware-proof backup systems and highlight the need for robust cyber security measures to mitigate these evolving threats.
Cyber Security is Never Out-of-Office: Protecting Your Business Anytime, Anywhere
With many staff away during the festive season, cyber criminals see an ideal opportunity to strike. Ransomware attacks surge by around 30% on public holidays and weekends, with 89% of security professionals worried about off-hours threats. As payment rates have fallen from around 80% to 36% over five years, attackers now exploit vulnerable times such as night shifts to make their attacks more effective. Organisations must ensure year-round vigilance, including strong authentication, continuous patching, and clear incident response plans. Proper training, supply chain security, data encryption and processes to verify money transfers are essential. In short, robust cyber security plans cannot afford an “out of office.”
Ransomware, Deepfakes, and Scams: The Digital Landscape in 2024
ESET’s 2024 threat report highlights a surge in investment and crypto scams, often using deepfakes and celebrity images to enhance credibility. New ransomware operators have emerged to fill the void left by ransomware gangs such as Lockbit, with RansomHub alone claiming nearly 500 victims, including major companies. Infostealer activity has shifted as infostealers RedLine and Meta were taken down, boosting their competitor Lumma’s popularity by 368%. Malware trends are mixed, with the detection of Agent Tesla malware down by 26% but Formbook malware showing a dramatic spike of up to 7,000 daily detections. Despite some law enforcement successes, the cyber security landscape remains unpredictable and continuously evolving.
UK Companies Face Increasing Cyber Security Risks Across a Range of Threats
New findings from Horizon3.ai’s "Cyber Security Report UK 2024/2025" show a growing risk environment across various industries, with nearly half of UK organisations (48%) citing stolen user credentials as a top cyber security threat. Insufficiently secured or unknown data stores were noted by 42%, and almost a third (29%) flagged attacks exploiting known but unpatched software vulnerabilities. In the survey of 150 executives and IT professionals, 69% reported at least one cyber attack in the past two years, yet 66% lack adequate defences. Experts advise continuous penetration testing and more proactive, attacker-focused security measures to strengthen resilience, given the escalation in attack complexity and severity.
Sources:
https://securityboulevard.com/2024/12/mobile-spear-phishing-targets-executive-teams/
https://securityboulevard.com/2024/12/why-hnwis-are-seeking-personal-cybersecurity-consultants/
https://www.helpnetsecurity.com/2024/12/19/ransomware-surveys-2024/
https://betanews.com/2024/12/18/credential-phishing-attacks-up-over-700-percent/
https://www.infosecurity-magazine.com/news/all-europes-top-financial-firms/
https://www.theregister.com/2024/12/18/google_calendar_spoofed_in_phishing_campaign/
https://www.techradar.com/pro/security/ransomware-deepfakes-and-scams-the-digital-landscape-in-2024
Governance, Risk and Compliance
Why HNWIs are Seeking Personal Cyber Security Consultants - Security Boulevard
From digital risk to physical threat: Why cyber security must evolve for executives | SC Media
Innovation, insight and influence: the CISO playbook for 2025 and beyond | Computer Weekly
77% of IT leaders cite cyber security as top challenge in global survey
ISC2 Survey Reveals Critical Gaps in Cyber Security Leadership Skills - Infosecurity Magazine
How to turn around a toxic cyber security culture | CSO Online
The evolution of incident response: building a successful strategy | TechRadar
The Importance of Empowering CFOs Against Cyber Threats
How the cyber security landscape affects the financial sector
Threat of personal liability has CISOs sweating | ITPro
70% of cyber security leaders influenced by personal liability concerns | Security Magazine
CISO accountability: Navigating a landscape of responsibility - Help Net Security
How weaponized AI drives CISO burnout – and what to do about it | SC Media
CISO Challenges for 2025: Overcoming Cyber Security Complexities - Security Boulevard
MSSP Market Update: Fortune 500 Firms Fail at Cyber Security | MSSP Alert
2025 is set to bring changes in technology adoption and the evolving attack surface
Cyber security In 2025 – A New Era Of Complexity
To Defeat Cyber Criminals, Understand How They Think
The evolution of incident response: building a successful strategy | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware threat shows no sign of slowing down | Microscope
Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop
The year in ransomware: Security lessons to help you stay one step ahead - Security Boulevard
Ransomware in 2024: New players, bigger payouts, and smarter tactics - Help Net Security
‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful… | Intel 471
Cyber security is never out-of-office: Protecting your business anytime, anywhere
46% of financial institutions had a data breach in the past 24 months - Help Net Security
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High - Infosecurity Magazine
Clop ransomware claims responsibility for Cleo data theft attacks
Ransomware, deepfakes, and scams: the digital landscape in 2024 | TechRadar
RansomHub emerges as dominant ransomware group as 2024 ends | SC Media
LockBit ransomware gang teases February 2025 return | Computer Weekly
How Cyber Attacks Hold Patient Care Hostage | MedPage Today
Ransomware Gang Says Deloitte Sucks at Their Job - Going Concern
How Do We Build Ransomware Resilience Beyond Just Backups?
Romanian Netwalker ransomware affiliate sentenced to 20 years in prison
How to mitigate wiper malware | TechTarget
Ransomware Victims
46% of financial institutions had a data breach in the past 24 months - Help Net Security
Clop ransomware claims responsibility for Cleo data theft attacks
How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch
The Bookseller - News - Waterstones hit by Blue Yonder ransomware gang attack
Ransomware Gang Says Deloitte Sucks at Their Job - Going Concern
Rhode Island confirms data breach after Brain Cipher ransomware attack
Major Auto Parts Firm LKQ Hit by Cyber Attack - SecurityWeek
Phishing & Email Based Attacks
How Companies Lose Millions Of Dollars To Phishing
Credential phishing attacks up over 700 percent
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets
Phishing Attacks Double in 2024 - Infosecurity Magazine
Credential phishing attacks rose by 703% in H2 of 2024 | Security Magazine
Mobile Spear Phishing Targets Executive Teams - Security Boulevard
MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security
Organisations Warned of Rise in Okta Support Phishing Attacks - SecurityWeek
Google Calendar invites spoofed in phishing campaign • The Register
Crooks use Docusign lures to attempt Azure account takeovers • The Register
Credential phishing attacks surge, report reveals | SC Media
Executives targeted in mobile spearphishing attacks | Security Magazine
YouTube Channels Targeted With Windows Malware Phishing Attacks
Inside the latest phishing campaigns: dissecting CarPhish, EDG, Tpass, and Mamba2FA kits - VMRay
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
HubSpot phishing targets 20,000 Microsoft Azure accounts
European firms subjected to HubSpot-exploiting phishing | SC Media
New fake Ledger data breach emails try to steal crypto wallets
New Gmail Security Warning For 2.5 Billion—Second Attack Wave Incoming
Other Social Engineering
FTC warns of online task job scams hooking victims like gambling
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
Cyber Criminals Exploit Google Calendar to Spread Malicious Links - Infosecurity Magazine
Microsoft Teams Vishing Spreads DarkGate RAT
Mobile Spear Phishing Targets Executive Teams - Security Boulevard
MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security
DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media
Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System
‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful… | Intel 471
Cyber security is never out-of-office: Protecting your business anytime, anywhere
Interpol: Stop calling it 'pig butchering' • The Register
Now Scammers Are Abusing Legitimate Services to Show You Fake CAPTCHAs
Watch Out for These Holiday Cyber Attacks
Artificial Intelligence
The threat of AI-driven cyber warfare is real and it can disrupt the world
Ransomware, deepfakes, and scams: the digital landscape in 2024 | TechRadar
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
Bosses struggle to police workers’ use of AI
How weaponized AI drives CISO burnout – and what to do about it | SC Media
With 'TPUXtract,' Attackers Can Steal Orgs' AI Models
Identity fraud attacks using AI are fooling biometric security systems | TechRadar
Cloud Threat Landscape Report: AI-generated attacks low for the cloud
2024 Cyber Review: Trump Re-Election Eclipses AI and Ransomware Stories
AI is becoming the weapon of choice for cyber criminals - Help Net Security
Cyber leaders are bullish on generative AI despite risks: report | CIO Dive
Malvertisers Fool Google With AI-Generated Decoys
Malware
How infostealers are used in targeted cyber attacks
Microsoft Teams Vishing Spreads DarkGate RAT
DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media
Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System
Winnti hackers target other threat actors with new Glutton PHP backdoor
PHP backdoor looks to be work of Chinese-linked APT group | CyberScoop
Google, Amnesty International uncover new surveillance malware | SC Media
FBI spots HiatusRAT malware attacks targeting web cameras, DVRs
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection
Malvertising on steroids serves Lumma infostealer - Help Net Security
That cheap webcam? HiatusRAT may be targeting it, FBI warns | CSO Online
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
YouTube Creators Targeted in Major Phishing Campaign - Infosecurity Magazine
How to mitigate wiper malware | TechTarget
Evasive Node.js loader masquerading as game hack - Help Net Security
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems - SecurityWeek
A new antivirus model to fight against evasive malware - Diari digital de la URV
Critical flaw in WordPress plugin exploited to install malicious software | SC Media
Bitter APT Targets Turkish Defence Sector with WmRAT and MiyaRAT Malware
Thai Police Systems Under Fire From 'Yokai' Backdoor
Lazarus targets nuclear-related organisation with new malware | Securelist
Malicious Microsoft VSCode extensions target devs, crypto community
Bots/Botnets
Mirai botnet targets SSR devices, Juniper Networks warns
Juniper Warns of Mirai Botnet Targeting Session Smart Routers - SecurityWeek
Mobile
Mobile Spear Phishing Targets Executive Teams - Security Boulevard
Addressing BYOD Vulnerabilities in the Workplace - Security Boulevard
This Nasty Android Malware Is Picking Up Pace and Targeting Certain Devices
Executives targeted in mobile spearphishing attacks | Security Magazine
BadBox malware botnet infects 192,000 Android devices despite disruption
Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch
Authorities abroad use phone-cracking tools to install spyware, report says - The Washington Post
New Android NoviSpy spyware linked to Qualcomm zero-day bugs
Internet of Things – IoT
Chinese wi-fi tech used in British homes investigated over hacking fears
Concerns over consumer surveillance in some smart devices | News UK Video News | Sky News
Multiple flaws in Volkswagen Group's infotainment unit allow for vehicle compromise
FBI spots HiatusRAT malware attacks targeting web cameras, DVRs
That cheap webcam? HiatusRAT may be targeting it, FBI warns | CSO Online
Zero Day Initiative — Detailing the Attack Surfaces of the Tesla Wall Connector EV Charger
Mirai botnet targets SSR devices, Juniper Networks warns
Juniper Warns of Mirai Botnet Targeting Session Smart Routers - SecurityWeek
FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems - SecurityWeek
Germany blocks BadBox malware loaded on 30,000 Android devices
Data Breaches/Leaks
46% of financial institutions had a data breach in the past 24 months - Help Net Security
Huge cyber crime attack sees 390,000 WordPress websites hit, details stolen | TechRadar
Hacker Leaks Cisco Data - SecurityWeek
Consumers wrongly attribute all data breaches to cyber criminals - Help Net Security
Millions stolen from LastPass users in massive attack — what you need to know | Tom's Guide
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
LastPass threat actor steals $5.4M from victims just a week before Xmas
Deloitte handling 'major' cyber attack on Rhode Island system • The Register
Nearly 400,000 WordPress credentials stolen | Security Magazine
LastPass Hackers Allegedly Stole $5 Million This Week—Report
How common are consumer data breaches? | Chain Store Age
Texas Tech University System data breach impacts 1.4 million patients
Meta Fined $264M for Security Breach in Facebook's 'View As' Feature - CNET
International Development Firm Chemonics Sued Over Breach (1)
900,000 People Impacted by ConnectOnCall Data Breach - SecurityWeek
Regional Care Data Breach Impacts 225,000 People - SecurityWeek
Organised Crime & Criminal Actors
Consumers wrongly attribute all data breaches to cyber criminals - Help Net Security
UK’s internet watchdog unveils online criminal crackdown
Ofcom Issues Guidance for Tech Firms to Tackle Online Harms - Infosecurity Magazine
Major cyber crime crackdowns signal a shift in global cyber security strategies - Policing Insight
Texan man gets 30 years in prison for running CSAM exchange • The Register
Bobbies on the beat won't stop the cyber crime wave | The Spectator
Why Are Crypto Scammers (And Not Hackers) Looking For You? | HackerNoon
Hacker sentenced to 69 months for stealing payment card info | SC Media
Cryptocurrency hackers stole $2.2 billion from platforms in 2024 - Help Net Security
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
Cyber Criminals and the SEC: What Companies Need to Know
Trump to Wage War on Cyber Criminals, Says Advisor
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
LastPass threat actor steals $5.4M from victims just a week before Xmas
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection
Why Are Crypto Scammers (And Not Hackers) Looking For You? | HackerNoon
Cryptocurrency hackers stole $2.2 billion from platforms in 2024 - Help Net Security
North Korean Hackers Stole $1.3 Billion in Crypto in 2024
New fake Ledger data breach emails try to steal crypto wallets
Crypto Hacks in 2024: Centralized Exchanges Are Now the Top Targets for Cyber Criminals
Interpol: Stop calling it 'pig butchering' • The Register
Crypto holder loses assets priced at $2.5 million
Malicious Microsoft VSCode extensions target devs, crypto community
Insider Risk and Insider Threats
Kroll Settles With Ex-Employees Over Cyber Security Trade Secrets
GCHQ worker accused of taking top secret data home - BBC News
Insurance
Lloyd's of London Launches New Cyber Insurance Consortium
What will happen in the cyber insurance space during 2025? | Insurance Business America
Supply Chain and Third Parties
Supply Chain Risk Mitigation Must Be a Priority in 2025
Deloitte handling 'major' cyber attack on Rhode Island system • The Register
Harnessing Threat Intel and Automation to Counter Supply Chain Risks | MSSP Alert
Property deals hit by IT security failure at search service
CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army
Cloud/SaaS
Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop
Crooks use Docusign lures to attempt Azure account takeovers • The Register
SaaS: The Next Big Attack Vector | Grip Security - Security Boulevard
DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media
Crooks use Docusign lures to attempt Azure account takeovers • The Register
CISA issues new directive to bolster cloud security – and Microsoft was singled out | ITPro
Ransomware attacks exploit Cleo bug as Cl0p claims it • The Register
US Government Issues Cloud Security Requirements for Federal Agencies - Infosecurity Magazine
Cloud Threat Landscape Report: AI-generated attacks low for the cloud
HubSpot phishing targets 20,000 Microsoft Azure accounts
European firms subjected to HubSpot-exploiting phishing | SC Media
Microsoft 365 users hit by random product deactivation errors
Identity and Access Management
Why Role-Based Access Control is Critical to Your Security Stack | MSSP Alert
Proactive Approaches to Identity and Access Management - Security Boulevard
Machine identity attacks will be top of mind for security leaders in 2025 | ITPro
Encryption
The Simple Math Behind Public Key Cryptography | WIRED
Why 2025 Will Be Pivotal in Our Defence Against Quantum Threat
Passwords, Credential Stuffing & Brute Force Attacks
"Password Era is Ending " Microsoft to Delete 1 Billion Password to Replace "Passkey"
Millions stolen from LastPass users in massive attack — what you need to know | Tom's Guide
Credential phishing attacks rose by 703% in H2 of 2024 | Security Magazine
LastPass threat actor steals $5.4M from victims just a week before Xmas
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
LastPass 2022 hack fallout continues with millions of dollars more reportedly stolen | TechRadar
Nearly 400,000 WordPress credentials stolen | Security Magazine
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
What is a Compromised Credentials Attack? - Security Boulevard
MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security
Social Media
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
Study reveals vulnerability of metaverse platforms to cyber attacks
YouTube Creators Targeted in Major Phishing Campaign - Infosecurity Magazine
European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine
Meta fined for 2018 breach that exposed 30M accounts • The Register
Malvertising
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
Fake Captcha Campaign Highlights Risks of Malvertising Networks - Infosecurity Magazine
Malvertising on steroids serves Lumma infostealer - Help Net Security
Malvertisers Fool Google With AI-Generated Decoys
Regulations, Fines and Legislation
UK’s internet watchdog unveils online criminal crackdown
Ofcom Issues Guidance for Tech Firms to Tackle Online Harms - Infosecurity Magazine
Why We Should Insist on Future-Proofing Cyber Security Regulatory Frameworks - Security Boulevard
Why the UK's "outdated" cyber security legislation needs an urgent refresh | ITPro
Hundreds of websites to shut down under UK's 'chilling' internet laws
The Top Cyber Security Agency in the US Is Bracing for Donald Trump | WIRED
EU Sanctions Russian Cyber Actors for “Destabilizing Actions” - Infosecurity Magazine
Understanding NIS2: Essential and Important Entities - Security Boulevard
Study finds ‘significant uptick’ in cyber security disclosures to SEC | CyberScoop
Meta Fined $264M for Security Breach in Facebook's 'View As' Feature - CNET
Meta fined for 2018 breach that exposed 30M accounts • The Register
Trump Looks to Go 'On the Offense' Against Cyber Attackers
Models, Frameworks and Standards
How the cyber security landscape affects the financial sector
An easy to follow NIST Compliance Checklist - Security Boulevard
Understanding NIS2: Essential and Important Entities - Security Boulevard
Using CIS Benchmarks to Assess Your System Security Posture | MSSP Alert
NIS2 Penetration Testing and Compliance - Security Boulevard
Backup and Recovery
Careers, Working in Cyber and Information Security
Closing the SMB cyber security skills gap: Key steps | SC Media
Leadership in Cyber Security: A Guide to Your First Role
The key to growing a cyber security career are soft skills - Security Boulevard
Law Enforcement Action and Take Downs
Major cyber crime crackdowns signal a shift in global cyber security strategies - Policing Insight
Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop
Texan man gets 30 years in prison for running CSAM exchange • The Register
Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence - SecurityWeek
Hacker sentenced to 69 months for stealing payment card info | SC Media
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
Dodgy Firestick crackdown: full list of UK areas targeted by police
Germany blocks BadBox malware loaded on 30,000 Android devices
Romanian Netwalker ransomware affiliate sentenced to 20 years in prison
Misinformation, Disinformation and Propaganda
Romania’s election was target of cyber attacks and misinformation, parliament finds
European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Chinese wi-fi tech used in British homes investigated over hacking fears
Feds Investigate, Mull Ban on Chinese-Made Routers | Newsmax.com
TP-Link routers could be banned in the US over national security concerns | TechSpot
European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine
PHP backdoor looks to be work of Chinese-linked APT group | CyberScoop
Trump security advisor urges offensive cyber attacks on China • The Register
Russia
Russia Recruits Ukrainian Children for Sabotage and Reconnaissance - Infosecurity Magazine
Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets
EU Sanctions Russian Cyber Actors for “Destabilizing Actions” - Infosecurity Magazine
Romania’s election was target of cyber attacks and misinformation, parliament finds
Russian hackers use RDP proxies to steal data in MiTM attacks
APT29 group used red team tools in rogue RDP attacks
CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army
Ukraine's Defence Minister agrees with US to deepen cooperation in cyber security | Ukrainska Pravda
Russian FSB relies on Ukrainian minors for criminal activities disguised as "quest games"
Recorded Future CEO applauds "undesirable" designation by Russia
US Organisations Still Using Kaspersky Products Despite Ban - Infosecurity Magazine
Iran
Iran crew used 'cyberweapon' against US critical infra • The Register
North Korea
North Korean Hackers Stole $1.3 Billion in Crypto in 2024
Lazarus targets nuclear-related organisation with new malware | Securelist
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
Bitter APT Targets Turkish Defence Sector with WmRAT and MiyaRAT Malware
Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch
Authorities abroad use phone-cracking tools to install spyware, report says - The Washington Post
New Android NoviSpy spyware linked to Qualcomm zero-day bugs
Tools and Controls
From digital risk to physical threat: Why cyber security must evolve for executives | SC Media
Why Role-Based Access Control is Critical to Your Security Stack | MSSP Alert
Addressing BYOD Vulnerabilities in the Workplace - Security Boulevard
DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media
Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System
Hackers Scanning RDP Services Especially Port 1098 For Exploitation
To Defeat Cyber Criminals, Understand How They Think
Are threat feeds masking your biggest security blind spot? - Help Net Security
The evolution of incident response: building a successful strategy | TechRadar
New APIs Discovered by Attackers in Just 29 Seconds - Infosecurity Magazine
Harnessing Threat Intel and Automation to Counter Supply Chain Risks | MSSP Alert
Penetration testing – a critical component of financial cyber security in 2025
Machine identity attacks will be top of mind for security leaders in 2025 | ITPro
The pros and cons of biometric authentication | TechTarget
Wallarm Releases API Honeypot Report Highlighting API Attack Trends
Might need a mass password reset one day? Read this first.
The evolution of incident response: building a successful strategy | TechRadar
Making smart cyber security spending decisions in 2025
Why You Must Replace Your Legacy SIEM and Migrate to Modern SIEM Analytics? - IT Security Guru
Russian hackers use RDP proxies to steal data in MiTM attacks
APT29 group used red team tools in rogue RDP attacks
What will happen in the cyber insurance space during 2025? | Insurance Business America
Is Your Cloud Infrastructure Truly Protected? - Security Boulevard
The Feds Have Some Advice for 'Highly Targeted' Individuals: Don't Use a VPN
Gaining Confidence Through Effective Secrets Vaulting - Security Boulevard
NCSC Mail Check Changes & Their Impact on UK Public Sector Email Security - Security Boulevard
Reports Published in the Last Week
Other News
Hackers Scanning RDP Services Especially Port 1098 For Exploitation
Travel Cyber Security Threats and How to Stay Protected - Security Boulevard
Schools Need Improved Cyber Education (Urgently) - IT Security Guru
Study reveals vulnerability of metaverse platforms to cyber attacks
WiFi hacking for the everyday spy | Cybernews
Leadership skills for managing cyber security during digital transformation - Help Net Security
UK businesses risk disruption as PSTN switch-off approaches | Computer Weekly
MSSP Market Update: Fortune 500 Firms Fail at Cyber Security | MSSP Alert
2025 is set to bring changes in technology adoption and the evolving attack surface
Cyber Security In 2025 – A New Era Of Complexity
The Feds Have Some Advice for 'Highly Targeted' Individuals: Don't Use a VPN
Resolve to Be Resilient: Top Cyber Priorities for State and Local Government
Cyber Security Threats to Our Most Basic Needs
Cyber Security in the legal sector: awareness & proactive strategies - Legal News
Global cyber security impact on food and drink firms
Inform: The cyber complexities facing local government | UKAuthority
Santa-hacking - how to carry out a cyber attack on Father Christmas - Prolific North
Watch Out for These Holiday Cyber Attacks
How to tell if a USB cable is hiding malicious hacker hardware | PCWorld
Inform: The cyber complexities facing local government | UKAuthority
The Education Industry: Why Its Data Must Be Protected
How fan engagement impacts cyber security in sports - Verdict
Why cyber security is critical to energy modernization - Help Net Security
Vulnerability Management
Are threat feeds masking your biggest security blind spot? - Help Net Security
No, Microsoft has not 'reversed course' on Windows 11 hardware requirements | ZDNET
Vulnerabilities
2024 Sees Sharp Increase in Microsoft Tool Exploits - Infosecurity Magazine
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog - SecurityWeek
Citrix shares mitigations for ongoing Netscaler password spray attacks
Cleo MFT Zero-Day Exploits Are About Escalate
Over 25,000 SonicWall VPN Firewalls exposed to critical flaws
Windows kernel bug now exploited in attacks to gain SYSTEM privileges
Clop ransomware group claims responsibility for exploiting Cleo file transfer vulnerabilities
Over 300 orgs compromised through several DrayTek exploits | SC Media
Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM
Chrome 131 Update Patches High-Severity Memory Safety Bugs - SecurityWeek
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools
Hackers are abusing Microsoft tools more than ever before | TechRadar
BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe - SecurityWeek
New Apache Tomcat Vulnerabilities Let Attackers Execute Remote Code
Undocumented DrayTek Vulnerabilities Exploited to Hack Hundreds of Orgs - SecurityWeek
Critical flaw in WordPress plugin exploited to install malicious software | SC Media
Researchers claim an AMD security flaw could let hackers access encrypted data | ITPro
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.