Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 13 June 2024 – Microsoft Patches Critical RCE Flaw and Zero-Click Vulnerability

Black Arrow Cyber Advisory 13 June 2024 – Microsoft Patches Critical RCE Flaw and Zero-Click Vulnerability

Executive summary

Microsoft have released patches for a ‘critical’ remote code execution vulnerability (CVE-2024-30080) and a ‘high’ zero-click vulnerability (CVE-2024-30103) this week. The critical vulnerability allows an attacker to perform remote code execution by sending a specially crafted malicious Microsoft Message Queuing (MSMQ) technology packet to an MSMQ server. The zero-click vulnerability allows an attacker to bypass Outlook registry block lists and enable the creation of malicious files, which is initiated when an affected email is previewed in Outlook or opened.

What’s the risk to me or my business?

If the vulnerabilities are successfully exploited this will allow an attacker to perform arbitrary remote code execution, and the other will allow for malicious DLL files to be created. Both vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.

What can I do?

Black Arrow recommends applying the available patches for the vulnerability as soon as possible following their organisations update policies due to the severity.

Technical Summary

CVE-2024-30080 – This vulnerability allows an attacker to completely take over an affected server by sending a specially crafted malicious MSMQ packet to a MSMQ server, performing arbitrary remote code execution on the server side.

CVE-2024-30103 – This vulnerability allows an authenticated malicious actor using valid Exchange user credentials to bypass the Outlook registry block lists and enable the creation of malicious DLL files, allowing them to perform other malicious activities.

Further information on Microsoft Patches released this week can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun

Further information on the RCE vulnerability can be found here:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30080

Further information on the Zero-Click vulnerability can be found here:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30103

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 12 June 2024 – Fortinet FortiGate SSL VPN Vulnerability Leads to 20,000 Systems Being Breached by China Globally

Black Arrow Cyber Advisory 12 June 2024 – Fortinet FortiGate SSL VPN Vulnerability Leads to 20,000 Systems Being Breached by China Globally

Executive summary

The Dutch cyber security agency has recently State-sponsored threat actors backed by China have gained access to 20,000 Fortinet Fortigate systems globally between 2022 and 2023 through the Coathanger malware campaign.  The vulnerability (CVE-2022-42475) allows a malicious actor to remotely execute malicious code. The Coathanger malware is persistent and remains on the devices even after reboots and firmware and software updates. While Fortinet silently released an update to fix this vulnerability in November 2022, they did not announce this until December 2022 in which during this time 14,000 devices were backdoored.

What’s the risk to me or my business?

The vulnerability in Fortinet’s products affected by this could pose a significant risk to your organisation. If exploited it could allow an attacker to remain in the product even after reboots and firmware updates. It also could allow an attacker to remotely execute malicious code. This could compromise the confidentiality, integrity, and availability of your organisation’s data

What can I do?

The vulnerability is difficult to identify and remove even if the patch has been installed to fix this vulnerability, indicators of compromise can be found in the link below. If you are unsure of what to do, please contact Black Arrow for further help and guidance.

Technical Summary

CVE-2022-42475: This is a heap-based buffer overflow vulnerability which may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

The affected products are:

·         FortiOS version 7.2.0 through 7.2.2

·         FortiOS version 7.0.0 through 7.0.8

·         FortiOS version 6.4.0 through 6.4.10

·         FortiOS version 6.2.0 through 6.2.11

·         FortiOS version 6.0.0 through 6.0.15

·         FortiOS version 5.6.0 through 5.6.14

·         FortiOS version 5.4.0 through 5.4.13

·         FortiOS version 5.2.0 through 5.2.15

·         FortiOS version 5.0.0 through 5.0.14

·         FortiOS-6K7K version 7.0.0 through 7.0.7

·         FortiOS-6K7K version 6.4.0 through 6.4.9

·         FortiOS-6K7K version 6.2.0 through 6.2.11

·         FortiOS-6K7K version 6.0.0 through 6.0.14

·         FortiProxy version 7.2.0 through 7.2.1

·         FortiProxy version 7.0.0 through 7.0.7

·         FortiProxy version 2.0.0 through 2.0.11

·         FortiProxy version 1.2.0 through 1.2.13

·         FortiProxy version 1.1.0 through 1.1.6

·         FortiProxy version 1.0.0 through 1.0.7

Further information from the National Cyber Security Centre can be found here:

https://www.ncsc.nl/actueel/nieuws/2024/juni/10/aanhoudende-statelijke-cyberspionagecampagne-via-kwetsbare-edge-devices

Further information on the FortiGuard Advisory can be found here:

https://www.fortiguard.com/psirt/FG-IR-22-398

Further information on the Indicators of compromise can be found here:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-heap-based/ta-p/239420


Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 11 June 2024 – Active exploitation of Check Point Zero-Day Vulnerability

Black Arrow Cyber Advisory 11 June 2024 – Active exploitation of Check Point Zero-Day Vulnerability

Executive summary

Recent exploitation of Check Point VPN zero-days have been ramping up since the proof of concept was released to the public. The actively exploited zero-day (CVE2024-24919) has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog and could allow an attacker to access sensitive information on Check Point Security gateways and allow them to obtain admin privileges. Check Point have recently stated that it is thought exploitation to have begun in early April, however Checkpoint is not due to release any patches until 20 June.

What’s the risk to me or my business?

The vulnerability in Check Point’s products could pose a significant risk to your organisation. If exploited, it could potentially allow an attacker to access sensitive information from your Check Point Security Gateways. In some instances, the attacker might even gain domain admin privileges. This could compromise the confidentiality, integrity, and availability of your organisation’s data

What can I do?

Check Point have not released any patches for this vulnerability however they have released automatic interim preventative measures deployed through AutoUpdater utility. Black arrow recommends following Check Points advice, which can be found in their advisory linked below.

Technical Summary

CVE-2024-24919 - A path traversal vulnerability, which could allow an attacker to read any file on the system. No specific privilege level is required to exploit this vulnerability.

The affected products are:

·         CloudGuard Network

·         Quantum Maestro

·         Quantum Scalable Chassis

·         Quantum Security Gateways

·         Quantum Spark Appliances

A security gateway is vulnerable if one of the configurations is applied:

·         If the “IPSec VPN” blade has been enabled and the Security Gateway device is part of the “Remote Access” VPN community.

·         If the “Mobile Access” blade has been enabled.

The advisory provided by Check Point can be found here:

https://support.checkpoint.com/results/sk/sk182336

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 07 June 2024

Black Arrow Cyber Threat Intelligence Briefing 07 June 2024:

-Urgent Training Gap Exposed as a Quarter of Organisations Provide No Cyber Training to End-Users

-UK SMEs Unaware of the True Cost of Cyber Attacks, Whilst 78% of SMBs Fear Cyber Attacks Could Shut Down Their Business

-Major Cyber Crime Networks Dismantled in US and Europe Deemed a Wake-Up Call for Businesses, Ransomware Rises Despite Law Enforcement Takedowns

-Companies Need to Be Aware of Cyber Risks Related to Proliferation of IoT, or How the Smart TV in your Office Could Infect Your Whole Business with Malware

-CISOs Are Facing a ‘Tsunami of Regulations’; Here’s Why It’s Crucial They Focus on Quantifying Cyber Risk

-90% of Threats are Social Engineering

-UK Businesses Faced with Month-Long Recoveries from Supply Chain Attacks

-Account Takeovers Outpace Ransomware as Top Security Concern

-The Impact of Legacy Vulnerabilities in Today's Cyber Security Landscape

-Nearly All FTSE 100 Companies Exposed to Third and Fourth-Party Breaches

-Snowflake Denies Breach, Blames Data Theft on Poorly Secured Customer Accounts

-97 percent of Security Experts Worry about AI Security Related Threats and Incidents

-85% of Managed Service and Security Providers Face “Significant” Challenges Maintaining Security Compliance for Clients

-Cyber Attack Causes Critical Incident in London Hospitals with Operations Cancelled and Emergency Patients Diverted

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Urgent Training Gap Exposed as a Quarter of Organisations Provide No Cyber Training to End-Users

A recent survey by Hornetsecurity highlights a concerning gap in IT security training among organisations, with 26% not providing any training to end-users. While 79% of organisations believe their training is moderately effective, 39% admit it fails to address recent AI-powered threats adequately. Notably, 31% of respondents found the training unengaging. The survey also revealed that 23% of organisations experienced a cyber security breach in the past year, leading 94% to implement additional controls. However, 52% of end-users often ignore identified threats, emphasising the need for ongoing, engaging, and adaptive training programmes.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.  

UK SMBs Unaware of True Cost of Cyber Attacks, 78% of SMBs Fear Cyber Attacks Could Shut Down Their Business

New research reveals that UK SMBs underestimate the financial impact of cyber attacks by nearly £85,000. SMBs that have not experienced an attack estimate losses at £39,633, while those that have suffered breaches report actual losses at £123,984.

A separate report by ConnectWise reveals that 94% of SMBs have experienced at least one cyber attack in the last year, up from 64% in 2019, highlighting a significant rise in cyber threats. The report shows that 76% of SMBs lack in-house cyber security skills, driving demand for externally sourced third party security experts. Additionally, 78% of SMBs fear a severe cyber attack could jeopardise their operations. The study found that 56% have faced a cyber attack so far this year, with 89% anticipating another within six months. 83% of SMBs plan to increase their cyber security budgets by an average of 19% over the next year to bolster defences.

Major Cyber Crime Networks Dismantled in US and Europe Deemed a Wake-Up Call for Businesses, Although Ransomware Rises Despite Law Enforcement Takedowns

The recent crackdown on cyber crime by the US and Europe underscores the critical need for robust cyber security measures for businesses. The US Department of Justice arrested Chinese national YunHe Wang, who allegedly compromised over 19 million devices, resulting in $5.9 billion in fraudulent claims. Europol simultaneously apprehended key figures in Armenia and Ukraine, dismantling ransomware networks extorting millions in cryptocurrency. Despite these efforts, a recent report from Mandiant reveals a 75% increase in ransomware activity in 2023, with nearly 1,400 victims across 110 countries.

Factors driving this resurgence include new ransomware entrants, partnerships between groups, and the use of remote management tools, which featured in 41% of intrusions. Established groups like ALPHV/BlackCat and LockBit were prominent, but the landscape also saw 50 new ransomware variants, with a trend towards updating existing families rather than creating new ones.

Businesses must adopt comprehensive security training, regular system updates, advanced threat detection, and incident response planning to mitigate these substantial threats.

Companies Need to Be Aware of Cyber Risks Related to Proliferation of IoT, or How the Smart TV in your Office Could Infect Your Whole Business with Malware

A recent report underscores the escalating cyber risks linked to the Internet of Things (IoT), especially for critical infrastructure. Vulnerable legacy IoT devices, often manually updated, pose significant security risks.

Additionally, there is now more malware specifically targeting IoT devices, such as the Pandoraspear malware, which targets smart TVs via free streaming sites accessed on smartphones. This malware turns TVs into part of a botnet for Distributed Denial of Service (DDoS) attacks. The botnet has compromised over 170,000 endpoints, with estimates suggesting it involves 1.3 million unique IP addresses.

These findings highlight the critical need for enhanced cyber security measures to safeguard against IoT threats, including changing default passwords, network isolation, encrypting data, and conducting regular software updates.

CISOs Are Facing a ‘Tsunami of Regulations’; Here’s Why It’s Crucial They Focus on Quantifying Cyber Risk

Recent discussions emphasise the challenges CISOs encounter when trying to quantify cyber risk in the face of an influx of new regulations such as NIS2 in Europe and SEC requirements in the US that are transforming the way security leaders handle risks. CISOs must translate diverse threats into simplified metrics to communicate effectively with boards. The importance of continuous assessment over annual checks to keep up with evolving vulnerabilities cannot be stressed enough. A mature approach involves visibility, prioritisation, communication, and quantification of risks. The focus should be on defending yourself against the attacker by maintaining credible controls, not on defending yourself against the regulator through a weak tick box exercise.

90% of Threats are Social Engineering

The Avast Q1 2024 Threat Report reveals that nearly 90% of threats were social engineering-based, with scams and phishing utilising deepfake technology and hijacked YouTube channels. Over 90% of mobile threats were scams, including adware and banker malware. YouTube was heavily exploited for phishing and crypto scams.

UK Businesses Faced with Month-Long Recoveries from Supply Chain Attacks

New research by BlackBerry shows that 38% of British organisations face month-long recovery times following software supply chain attacks. The survey, involving 200 IT decision-makers, found that 74% of UK IT leaders were notified of supply chain attacks or vulnerabilities in the past year. While regulatory requirements are encouraging proactive monitoring, a lack of technical knowledge and confidence to act on threats persists. Notably, only 22% of organisations perform real-time inventories of their software environment. The impacts of these attacks include financial loss (62%), data loss (59%), and reputational damage (57%).

Account Takeovers Outpace Ransomware as Top Security Concern

A recent survey by Abnormal Security highlights account takeover attacks as the primary threat to organisations. According to the 2024 State of Cloud Account Takeover Attacks Report, 83% of organisations experienced at least one such attack in the past year, with 77% of security leaders ranking them among their top four threats. Nearly half faced these attacks over five times annually, and 20% encountered more than ten incidents. Despite common defences like multi-factor authentication and strong password policies, 63% of respondents doubted MFA’s effectiveness. The survey emphasises the need for solutions offering cross-platform visibility and automated remediation to combat these pervasive threats effectively.

The Impact of Legacy Vulnerabilities in Today's Cyber Security Landscape

Research shows that the vulnerabilities most affecting small to medium sized businesses (SMBs) are older, known vulnerabilities rather than newer highly publicised zero-days. According to SonicWall’s data from January 2022 to March 2024, the top five network attacks included Log4j (43%) and Heartbleed (35%), both of which target vulnerabilities up to a decade old. Despite advancements in AI and novel threats, these older vulnerabilities remain significant risks due to their ease of exploitation and how widespread they continue to be. SMBs, especially in critical industries, are advised to utilise industry-leading tools and automated patches, ensuring robust cyber security measures against both old and new threats.

Nearly All FTSE 100 Companies Exposed to Third and Fourth-Party Breaches

A recent report by SecurityScorecard reveals that virtually all FTSE 100 companies had suppliers experiencing breaches in the past year. The UK Top 100 Companies: Cybersecurity Threat Report graded firms A-F based on factors predicting a security breach. While UK firms generally scored higher than their continental counterparts, 97% had breaches in their third-party ecosystem. This shows the increasing threat of supply chain attacks, with 97% also experiencing fourth-party breaches. Notably, the energy and basic materials sectors were the most secure, with only 12% and 16% reporting third-party breaches, respectively, while the communications sector had the lowest security posture.

Snowflake Denies Breach, Blames Data Theft on Poorly Secured Customer Accounts

Recent incidents involving cloud storage provider Snowflake highlights the risks associated with compromised credentials. A threat actor claimed to have breached Snowflake’s infrastructure, accessing data from Santander, Ticketmaster and others. However, Snowflake maintains that the theft resulted from stolen customer login details, not a vulnerability or misconfiguration in their system. Snowflake’s CISO clarified that a former employee's demo account was accessed, which was not protected by two-factor authentication (2FA). Santander confirmed a third-party database breach, and Ticketmaster identified unauthorised activity in a Snowflake-hosted database. Snowflake, alongside Crowdstrike and Mandiant, found no evidence implicating Snowflake's platform itself.

97 percent of Security Experts Worry about AI Security Related Threats and Incidents

A new report from Deep Instinct reveals that 97% of security professionals fear AI-generated security incidents, prompting 75% to alter their cyber security strategies over the past year, with 73% focusing more on prevention. The survey of 500 senior experts from large enterprises also shows a 61% rise in deepfake incidents, primarily targeting CEOs and C-suite members. Stress levels have increased for 66% of cyber security professionals due to these threats. Despite 41% relying on endpoint detection and response (EDR) solutions, only 31% plan to boost EDR investments, while 53% feel board pressure to adopt preventative tools against AI threats. This report highlights the need for predictive prevention to enhance resilience.

85% of Managed Service and Security Providers Face “Significant” Challenges Maintaining Security Compliance for Clients

Recent reports by Apptega and Sophos reveals that 85% of managed service providers (MSPs) face significant challenges in maintaining compliance for customers due to resource, expertise, and technology gaps. The MSP Perspectives 2024 survey reveals that MSPs struggle to keep pace with evolving threats and industry trends, with 91% of ransomware attacks occurring outside business hours.

Cyber Attack Causes Critical Incident in London Hospitals with Operations Cancelled and Emergency Patients Diverted

Major hospitals in London declared a critical incident earlier in the week after a cyber attack led to operations being cancelled and emergency patients being diverted elsewhere.  It applies to hospitals partnered with Synnovis, a provider of pathology services which suffered a ransomware attack linked to Russian threat actors. King’s College Hospital, Guy’s and St Thomas’, the Royal Brompton and the Evelina London Children’s Hospital, as well as primary care services, were among those affected.

The incident has had a "major impact" on the delivery of services, especially blood transfusions and test results. Some procedures were cancelled or were redirected to other NHS providers as the hospitals tried to establish what work can be carried out safely.

Sources:

https://www.prnewswire.com/news-releases/urgent-training-gap-exposed-as-a-quarter-of-organisations-unprepared-for-cyber-attacks-hornetsecurity-survey-reveals-302160745.html

https://www.commsbusiness.co.uk/content/news/uk-smes-unaware-of-the-true-cost-of-cyberattacks

https://www.helpnetsecurity.com/2024/06/06/smbs-cyberattack-frequency/

https://www.grcworldforums.com/risk/major-cybercrime-networks-dismantled-in-us-and-europe-a-wake-up-call-for-businesses/9642.article

https://www.infosecurity-magazine.com/news/ransomware-rise-2023-mandiant/

https://www.insurancejournal.com/news/international/2024/06/06/778306.htm

https://www.techradar.com/pro/security/that-smart-tv-in-your-office-could-be-infecting-your-whole-business-with-malware

https://www.itpro.com/security/cisos-are-facing-a-tsunami-of-regulations-heres-why-its-crucial-they-focus-on-quantifying-cyber-risk

https://www.helpnetsecurity.com/2024/06/06/social-engineering-threats-video/

https://www.infosecurity-magazine.com/news/uk-businesses-recoveries-supply/

https://www.infosecurity-magazine.com/news/ato-outpace-ransomware-top/

https://www.techradar.com/pro/the-impact-of-legacy-vulnerabilities-in-todays-cybersecurity-landscape

https://www.infosecurity-magazine.com/news/ftse-100-exposed-third-fourth/

https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/

https://betanews.com/2024/06/03/97-percent-of-organizations-worried-about-ai-security-threats/

https://www.businesswire.com/news/home/20240605033270/en

https://www.computerweekly.com/microscope/news/366587132/Skills-shortages-exposing-MSPs-to-security-risks

https://www.bbc.co.uk/news/articles/c288n8rkpvno

https://securityaffairs.com/164142/cyber-crime/ransomware-attack-synnovis-london-hospitals.html


Governance, Risk and Compliance

78% of SMBs fear cyber attacks could shut down their business - Help Net Security

26% of organisations lack any form of IT security training - Help Net Security

Cyber attacks on financial services firms hit 20m people in 2023 - CIR Magazine

Small Firms Need to Stretch Security Budgets - Infosecurity Magazine (infosecurity-magazine.com)

CISOs are facing a ‘tsunami of regulations’ — here’s why it’s crucial they focus on quantifying cyber risk | ITPro

Microsoft: weak cyber defences set to hit economic growth (cityam.com)

How to Prove Security Effectiveness with a Cyber Security Board Report  - Security Boulevard

Skills shortages exposing MSPs to security risks | Microscope (computerweekly.com)

85% of Managed Service and Security Providers Face “Significant” Challenges Maintaining Security Compliance for Clients, Apptega Survey Finds | Business Wire

Urgent training gap exposed as a quarter of organisations unprepared for cyber attacks, Hornetsecurity survey reveals (prnewswire.com)

Is your workplace ‘cyber savvy’? (siliconrepublic.com)

Governance Essentials for Businesses in the AI Era | News | GRC World Forums

49% of organisations feel somewhat prepared to handle a breach | Security Magazine

UK Businesses Face Month-Long Recoveries from Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Mastering Cyber Risk Quantification Methods: A Strategic Approach - Security Boulevard

Deciding cyber security spend: how much is enough? | Propertymark

Effective Incident Response: A Cyber Security Playbook for Executives - Security Boulevard

1/3 of CISOs in the UK ignore NCSC cyber security guidance (verdict.co.uk)

4 communication mistakes to avoid during a data breach - PR Daily

80 percent of organisations not ready for CISA rules on security practices (betanews.com)


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Rises Despite Law Enforcement Takedowns - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools | Google Cloud Blog

Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down (therecord.media)

With over 1.7 million employees, the UK's NHS has become a 'rinse-and-repeat target' for cyber criminals—disrupting services and risking lives | Fortune Europe

Account Takeovers Outpace Ransomware as Top Security Concern - Infosecurity Magazine (infosecurity-magazine.com)

RansomHub extortion gang linked to now-defunct Knight ransomware (bleepingcomputer.com)

RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks (darkreading.com)

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out (bleepingcomputer.com)

New ransomware attack based on an evolutional generative adversarial network can evade security measures (techxplore.com)

Security industry has ransomware-as-a-service model wrong, says expert | SC Media (scmagazine.com)

Ransomware Ecosystem Transformed, New Groups “Changing the Rules” - Infosecurity Magazine (infosecurity-magazine.com)

'Fog' Ransomware Rolls in to Target Education, Recreation Sectors (darkreading.com)

New Gitloker attacks wipe GitHub repos in extortion scheme (bleepingcomputer.com)

Cyber insurance isn't the answer for ransom payments - Help Net Security

Linux version of TargetCompany ransomware focuses on VMware ESXi (bleepingcomputer.com)

What is ransomware? 7 things you must know before it's too late | PCWorld

Ransomware Victims

MediSecure in administration just weeks after confirming large cyber attack - ABC News

Former cyber security boss 'believes a Russian group' is behind the NHS 'major IT incident' (cityam.com)

A ransomware attack on Synnovis impacted several London hospitals (securityaffairs.com)

Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down (therecord.media)

Wrongful death lawsuit alleges baby dies as a result of Springhill Medical Center’s negligence during cyber attack (fox10tv.com)

Consulting Firm Greylock Hit With Ransomware Attack Class Action (bloomberglaw.com)

RansomHub gang claims the hack of Frontier Communications (securityaffairs.com)

Christie's avoids leak of stolen data, is sold instead • The Register

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out (bleepingcomputer.com)

Ransomware ravaged schools and cities in May | TechTarget

What If The Scathing UnitedHealth Cyber Rebuke Was Yours? (forbes.com)

Hack of UK Hospitals Highlights Growing Threat (itprotoday.com)

UK School Forced to Close Following Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Gang Leaks Data From Australian Mining Company - Security Week

Phishing & Email Based Attacks

90% of threats are social engineering - Help Net Security

AI Will Increase the Quantity—and Quality—of Phishing Scams - Schneier on Security

New V3B phishing kit targets customers of 54 European banks (bleepingcomputer.com)

AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)

Microsoft: The brand attackers love to imitate | CSO Online

AI fuels rise in attacks from ‘unsophisticated threat actors,’ federal cyber leaders say | FedScoop

Why your inbox is still so bad at blocking malware and spam - 9to5Mac

Phishing scams using QR codes are surging, here's what you should know | Tech News - Business Standard (business-standard.com)

The Art of Hooking the Phish: Educating Users Without Scaring Them (thefastmode.com)

BEC

90% of threats are social engineering - Help Net Security

US Authorities Attempting to Recover $5.3 Million Stolen in BEC Scam  - Security Week

Other Social Engineering

Have you answered a spam call by accident? Your next move is extremely important

Artificial Intelligence

"China, Russia, North Korea and Iran are leveraging ChatGPT for their needs" | Ctech (calcalistech.com)

OpenAI report reveals threat actors using ChatGPT in influence operations | SC Media (scmagazine.com)

AI Will Increase the Quantity—and Quality—of Phishing Scams - Schneier on Security

AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)

97% of security experts worry about AI-related security incidents | Security Magazine

Coinbase's top cyber exec warns deepfake threat is growing | Fortune Crypto

Five AI-based threats security pros need to understand | SC Media (scmagazine.com)

AI fuels rise in attacks from ‘unsophisticated threat actors,’ federal cyber leaders say | FedScoop

Forrester report highlights 2024 IAM trends & AI impact (securitybrief.co.nz)

ChatGPT privacy tips: Two important ways to limit the data you share with OpenAI | ZDNET

AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform (thehackernews.com)

2FA/MFA

Snowflake’s Lack of MFA Control Leaves Companies Vulnerable, Experts Say (informationweek.com)

What is MFA bombing? Apple users were targeted using this phishing technique (securitybrief.co.nz)

Security keys unlock nothing but inconvenience (techmonitor.ai)

Malware

Hundreds of Snowflake customer passwords found online are linked to info-stealing malware | TechCrunch

FlyingYeti APT Serves Up Cookbox Malware Using WinRAR (darkreading.com)

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (thehackernews.com)

Europol identifies 8 cyber criminals tied to malware loader botnets (bleepingcomputer.com)

Europol's Hunt Begins for Emotet Malware Mastermind (darkreading.com)

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware (thehackernews.com)

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks (thehackernews.com)

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File (darkreading.com)

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan (thehackernews.com)

Comms Business - Malware targeting endpoints on the rise, finds report

Non-mobile malware statistics, Q1 2024 | Securelist

Stealthier DarkGate malware campaign emerges | SC Media (scmagazine.com)

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (thehackernews.com)

Mobile

The NSA advises you to turn your phone off and back on once a week - here's why | ZDNET

In case you missed it: Bank info-stealing malware found in 90+ Android apps with 5.5M installs | Mashable

Hackers Targeting 1,500 Banks and Their Customers in Push To Drain Accounts Across 60 Countries: Report - The Daily Hodl

37 Vulnerabilities Patched in Android - Security Week

361 million account credentials leaked on Telegram: Are yours among them? - Help Net Security

Android malware and unwanted software statistics for Q1 2024 | Securelist

Denial of Service/DoS/DDOS

Conflicts Drive DDoS Attacks Surge in EMEA - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

Companies Need to Be Aware of Cyber Risks Related to Proliferation of IoT (insurancejournal.com)

That smart TV in your office could be infecting your whole business with malware | TechRadar

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours  (securityaffairs.com)

Data Breaches/Leaks

The Ticketmaster Data Breach May Be Just the Beginning | WIRED

Ticketmaster confirms massive breach after stolen data for sale online (bleepingcomputer.com)

Snowflake denies breach, blames data theft on poorly secured customer accounts - Help Net Security

Hundreds of Snowflake customer passwords found online are linked to info-stealing malware | TechCrunch

Snowflake account hacks linked to Santander, Ticketmaster breaches (bleepingcomputer.com)

Snowflake’s Lack of MFA Control Leaves Companies Vulnerable, Experts Say (informationweek.com)

The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever | WIRED

Santander hit by massive cyber attack: All staff and '30million' customers have personal data stolen by gang 'behind Ticketmaster hack' | Daily Mail Online

The Billericay School pupils have details exposed in cyber attack - BBC News

Crooks threaten to leak 2.9B records of personal info • The Register

Threat actor considers leaking 3B records from background check firm | SC Media (scmagazine.com)

Secrets Exposed in Hugging Face Hack - Security Week

Google's hidden logs detail thousands of privacy breaches - CyberGuy

Spanish police investigate whether hackers stole millions of drivers' data - CNA (channelnewsasia.com)

Blackbaud Class Action Lawsuit Denied by Federal Court | MSSP Alert

Ticketek customer details exposed in cyber security breach | Data and computer security | The Guardian

Club Penguin fans breached Disney Confluence server, stole 2.5GB of data (bleepingcomputer.com)

Check-in terminals used by thousands of hotels leak guest info (bleepingcomputer.com)

Debt Collector Data Breach Exposes Data on 3 Million+ Americans | PCMag

Nearly 400,000 affected by data breach at eye care management services company (therecord.media)

Over 2.5 billion free Android VPN users at risk of data leaks | TechRadar

Advance Auto Parts stolen data for sale after Snowflake attack (bleepingcomputer.com)

Organised Crime & Criminal Actors

Major Cyber Crime Networks Dismantled in US and Europe: A Wake-Up Call for Businesses | News | GRC World Forums

International Cyber Crime Ringleaders Arrested In Armenia, Ukraine – Eurasia Review

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet (thehackernews.com)

4 cuffed following probe into holiday scheme for cyber crooks • The Register

Security industry has ransomware-as-a-service model wrong, says expert | SC Media (scmagazine.com)

Ransomware Ecosystem Transformed, New Groups “Changing the Rules” - Infosecurity Magazine (infosecurity-magazine.com)

Why Hackers Love Logs - Security Week

Police dismantle pirated TV streaming network that made $5.7 million (bleepingcomputer.com)

Hacker ordered to pay Nintendo 25-30% of his salary for the rest of his life still hasn't got a full-time job

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Two 39-year-old Estonian men are the alleged kingpins behind a massive half billion fraud targeting thousands of US investors | Fortune

Hackers exploit Chrome plugin to steal millions from Binance accounts (cointelegraph.com)

Microsoft India’s X account hijacked in Roaring Kitty crypto scam (bleepingcomputer.com)

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers | Trend Micro (US)

Insider Risk and Insider Threats

4 Tips For Strengthening Data Security Through The Human Firewall (forbes.com)

Insurance

30% of Organisations with Cyber Insurance Implemented Additional Security Measures to Be Eligible for the Policy, up from 22% in 2023 (prnewswire.com)

Cyber insurance isn't the answer for ransom payments - Help Net Security

The top three cyber policy gaps - Insurance News | InsuranceNewsNet

Supply Chain and Third Parties

Hundreds of Snowflake customer passwords found online are linked to info-stealing malware | TechCrunch

Third-party vendors pose serious cyber security threat to national security - Help Net Security

London NHS hospitals revert to paper records after cyber attack | NHS | The Guardian

Software Supply Chain Attacks Have Increased Financial and Reputational Impacts on Companies Globally, New BlackBerry Research Reveals (prnewswire.com)

UK Businesses Face Month-Long Recoveries from Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Third-party software supply chain threats continue to plague CISOs | CSO Online

Nearly All of FTSE 100 Exposed to Third and Fourth-Party - Infosecurity Magazine (infosecurity-magazine.com)

Snowflake data breach claims spark war of words over culpability; researchers may have been trolled - DataBreaches.net

Ticketmaster Breach Showcases SaaS Data Security Risks (darkreading.com)

Ticketek customer details exposed in cyber security breach | Data and computer security | The Guardian

Basic cyber security can protect from rising supply chain attacks | TechRadar

Advance Auto Parts stolen data for sale after Snowflake attack (bleepingcomputer.com)

Cloud/SaaS

Snowflake denies breach, blames data theft on poorly secured customer accounts - Help Net Security

Snowflake account hacks linked to Santander, Ticketmaster breaches (bleepingcomputer.com)

Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access | CISA

2024-State-of-Multicloud-Security-Risk-Report.pdf (microsoft.com)

Shadow IT and Zombie Accounts: Sabotaging Your SaaS Security - Security Boulevard

Azure Service Tags tagged as security risk, Microsoft disagrees (bleepingcomputer.com)

Identity and Access Management

The Top Trends Shaping Identity And Access Management I... | Forrester

Why (and how) threat actors target your Active Directory (bleepingcomputer.com)

Encryption

WhatsApp encryption isn't the problem, metadata is | TechRadar

Using entangled particles to create unbreakable encryption (phys.org)

Linux and Open Source

CISA warns of actively exploited Linux privilege elevation flaw (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

Hundreds of Snowflake customer passwords found online are linked to info-stealing malware | TechCrunch

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (thehackernews.com)

Understanding Credential Phishing - Security Boulevard

Should Employee Password Management Be Mandatory? (forbes.com)

361 million account credentials leaked on Telegram: Are yours among them? - Help Net Security

Account Takeovers Outpace Ransomware as Top Security Concern - Infosecurity Magazine (infosecurity-magazine.com)

Prevent Account Takeover with Better Password Security (thehackernews.com)

Security keys unlock nothing but inconvenience (techmonitor.ai)

Social Media

Microsoft India’s X account hijacked in Roaring Kitty crypto scam (bleepingcomputer.com)

TikTok fixes zero-day bug used to hijack high-profile accounts (bleepingcomputer.com)

Donald Trump Joins TikTok, App He Tried to Ban as President (variety.com)

Malvertising

Google Chrome’s plan to limit ad blocking extensions kicks off next week | Ars Technica

Training, Education and Awareness

26% of organisations lack any form of IT security training - Help Net Security

Urgent training gap exposed as a quarter of organisations unprepared for cyber attacks, Hornetsecurity survey reveals (prnewswire.com)

Is your workplace ‘cyber savvy’? (siliconrepublic.com)

How to Change Security Behaviours Beyond Awareness Training - Infosecurity Magazine (infosecurity-magazine.com)

4 Tips For Strengthening Data Security Through The Human Firewall (forbes.com)

The Art of Hooking the Phish: Educating Users Without Scaring Them (thefastmode.com)

Regulations, Fines and Legislation

CISOs are facing a ‘tsunami of regulations’ — here’s why it’s crucial they focus on quantifying cyber risk | ITPro

104 EU Laws Have Different Definitions of Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

Here’s what a US surveillance law means for European data privacy | Euronews

80 percent of organisations not ready for CISA rules on security practices (betanews.com)

Data Protection

Here’s what a US surveillance law means for European data privacy | Euronews

Careers, Working in Cyber and Information Security

Narrowing the Stubborn Cyber Security Worker Gap - Security Boulevard

What is a typical day like as an SOC analyst? (siliconrepublic.com)

Law Enforcement Action and Take Downs

Major Cyber Crime Networks Dismantled in US and Europe: A Wake-Up Call for Businesses | News | GRC World Forums

Europol identifies 8 cyber criminals tied to malware loader botnets (bleepingcomputer.com)

Two 39-year-old Estonian men are the alleged kingpins behind a massive half billion fraud targeting thousands of US investors | Fortune

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet (thehackernews.com)

4 cuffed following probe into holiday scheme for cyber crooks • The Register

Police dismantle pirated TV streaming network that made $5.7 million (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

Poland Suspects Russia Behind False PAP Story on Mobilization (bloomberglaw.com)

Information Warfare: The Future Is Here | Proceedings - June 2024 Vol. 150/6/1,456 (usni.org)

Microsoft Security is warning of Russian misinformation campaigns during the 2024 Olympics - Neowin

Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op | CyberScoop


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Resilience isn't enough, NATO must be 'proactive' for cyber defence, warns official (therecord.media)

Information Warfare: The Future Is Here | Proceedings - June 2024 Vol. 150/6/1,456 (usni.org)

Conflicts Drive DDoS Attacks Surge in EMEA - Infosecurity Magazine (infosecurity-magazine.com)

Cyber Attacks and the Risk of Real War: A NATO Perspective - Defence News | The Financial Express

Nation State Actors

China

"China, Russia, North Korea and Iran are leveraging ChatGPT for their needs" | Ctech (calcalistech.com)

China outsourcing its cyber attacks to hackers-for-hire - Asia Times

Donald Trump Joins TikTok, App He Tried to Ban as President (variety.com)

Russia

"China, Russia, North Korea and Iran are leveraging ChatGPT for their needs" | Ctech (calcalistech.com)

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (thehackernews.com)

Europe subjected to multi-phase APT28 cyberespionage attacks | SC Media (scmagazine.com)

Poland Suspects Russia Behind False PAP Story on Mobilization (bloomberglaw.com)

FlyingYeti APT Serves Up Cookbox Malware Using WinRAR (darkreading.com)

European IT Coalition raises 58 million euros for Ukraine's IT, cyber security defence capabilities (kyivindependent.com)

Poland to spend almost $760 million to improve digital security following suspected Russian cyber attack (kyivindependent.com)

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File (darkreading.com)

Pro-Russia group claims responsibility for cyber attacks on first day of EU elections | Euronews

Poland sees ‘Russian cyber attack’ behind fake military draft report – Euractiv

Russia jams Elon Musk’s Starlink sats in Ukraine for the first time (interestingengineering.com)

Microsoft Security is warning of Russian misinformation campaigns during the 2024 Olympics - Neowin

Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op | CyberScoop

Olympics 2024: Cyber Attackers are Targeting Companies Associated With Paris Games (techrepublic.com)

Poland launches investigation into Russian, Belarusian political influence (voanews.com)

Polish government will spend more than $ 3 billion on cyber security - BiznesAlert EN

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan (thehackernews.com)

Russian hackers claim cyber attack on Spanish defence company | Reuters

Iran

"China, Russia, North Korea and Iran are leveraging ChatGPT for their needs" | Ctech (calcalistech.com)

North Korea

A US Company Enabled a North Korean Scam That Raised Money for WMDs | WIRED

"China, Russia, North Korea and Iran are leveraging ChatGPT for their needs" | Ctech (calcalistech.com)


Tools and Controls

26% of organisations lack any form of IT security training - Help Net Security

CISOs are facing a ‘tsunami of regulations’ — here’s why it’s crucial they focus on quantifying cyber risk | ITPro

How to Prove Security Effectiveness with a Cyber Security Board Report  - Security Boulevard

Mastering Cyber Risk Quantification Methods: A Strategic Approach - Security Boulevard

Should Employee Password Management Be Mandatory? (forbes.com)

Security challenges mount as companies handle thousands of APIs - Help Net Security

Comms Business - Malware targeting endpoints on the rise, finds report

Why Hackers Love Logs - Security Week

Security experts call for unity again... - Mobile World Live

The Top Trends Shaping Identity And Access Management I... | Forrester

Lawyers Ask Forensics Investigators for Help Outside Cyber Security (darkreading.com)

Why (and how) threat actors target your Active Directory (bleepingcomputer.com)

30% of Organisations with Cyber Insurance Implemented Additional Security Measures to Be Eligible for the Policy, up from 22% in 2023 (prnewswire.com)

How to Change Security Behaviours Beyond Awareness Training - Infosecurity Magazine (infosecurity-magazine.com)

4 Tips For Strengthening Data Security Through The Human Firewall (forbes.com)

The Art of Hooking the Phish: Educating Users Without Scaring Them (thefastmode.com)

Deciding cyber security spend: how much is enough? | Propertymark

Effective Incident Response: A Cyber Security Playbook for Executives - Security Boulevard

4 communication mistakes to avoid during a data breach - PR Daily

More Than One-Third of Healthcare Organisations Lack Cyber Security Response Plan | HealthLeaders Media





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 31 May 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Santander Staff and '30 million' Customers Hacked via Cloud Provider Breach

Hackers known as ShinyHunters claim to have stolen confidential data from Santander, affecting all staff globally and millions of customers in Chile, Spain, and Uruguay. The breach includes 30 million bank account details, 6 million account numbers and balances, and 28 million credit card numbers. Santander confirmed the theft but assured no transactional data or online banking credentials were compromised. The attack is linked to an ongoing hack of cloud storage company Snowflake, accessed through a former employee's demo account. Santander is proactively contacting affected individuals and continues to ensure secure transactions. ShinyHunters have this week also claimed responsibility for the massive Ticketmaster breach below.

Source: [BBC]

ABN Amro Disclose Data Breach Following an Attack on a Third-Party Provider

A recent disclosure by Dutch bank ABN Amro revealed a data breach due to a ransomware attack on their third-party service provider, AddComm. This attack potentially exposed data of some ABN Amro clients, prompting the bank to notify affected clients and the Dutch Data Protection Authority. AddComm has since contained the incident, restored affected systems, and is investigating the breach with external security experts. While there are no signs of misuse of client data, ABN Amro has ceased using AddComm's services and warned clients to remain vigilant against phishing attempts.

Source: [SecurityAffairs]

Ticketmaster Confirms Massive Breach of 560m Users After Stolen Data Offered for Sale Online

Live Nation has confirmed a data breach at Ticketmaster, attributed to unauthorised activity within a third-party cloud database, believed to be Snowflake. The breach, identified on May 20, 2024, exposed data of over 560 million users, including personal details and ticket information. A threat actor known as ShinyHunters, the same threat actor claiming responsibility for the Santander attack above, has been attempting to sell this data on the dark web for $500,000. Despite the severity, Live Nation stated the breach is not expected to materially impact business operations or financial condition. The company is working with law enforcement and notifying affected users and regulatory authorities

Source: [BleepingComputer]

Material Cyber Attacks a Concern Among Many CISOs, with Human Error Still Perceived as the Achilles’ Heel of Cyber Security

A recent survey from Proofpoint reveals that 70% of CISOs feel at risk of a significant cyber attack within the next 12 months, up from 68% last year and 48% in 2022. Despite this, only around half feel prepared for such an attack. Human error remains a key vulnerability, with 74% identifying it as the most significant risk. Notably, 87% of CISOs are deploying AI-powered solutions to mitigate these risks. The top concerns include ransomware (41%), malware (38%), and email fraud (36%), with a notable increase in ransomware threats.

Sources: [HelpNetSecurity] [SCMagazine]

Old But Gold: Why Shoulder Surfing is an Underacknowledged Cyber Threat

A recent incident in the UK has highlighted the persistent threat of shoulder surfing, a social engineering tactic where sensitive information is obtained by observing someone's device screen. On 22 May 2024, The Times reported that information from a private memo by British Cabinet Minister Johnny Mercer was leaked after a fellow train passenger photographed Mercer's laptop screen. The memo contained accusations against Downing Street officials and advisors, illustrating the ease with which malicious actors can access confidential information through simple observation. This event underscores the need for heightened awareness and protective measures to combat shoulder surfing, including being mindful of your surroundings and using privacy screen filters.

Source: [ITPro]

Hackers Phish Finance Orgs Using Trojanised Minesweeper Clone

A recent cyber security alert highlights that hackers are leveraging code from a clone of Microsoft's Minesweeper game to conceal malicious scripts in attacks targeting financial institutions in Europe and the US. The threat actor, identified as 'UAC-0188,' uses this legitimate code to hide Python scripts that install remote management software on compromised systems. At least five breaches have been identified across financial and insurance sectors. The attack initiates with an email from "support@patient-docs-mail.com," prompting recipients to download a malicious file from Dropbox, which includes both innocuous and malicious code to evade security detection.

Source: [BleepingComputer]

Deepfake Scams Have Robbed Companies of Millions. Experts Warn It Could Get Worse

A recent surge in deepfake scams has resulted in millions of dollars in losses for companies globally, with experts predicting an increase in such frauds as criminals leverage generative AI. In one major incident, a Hong Kong finance worker was deceived into transferring over $25 million to fraudsters using deepfake technology to impersonate senior executives on a video call. UK engineering firm Arup confirmed involvement in this case, though details remain under investigation. The accessibility of AI tools like OpenAI’s Chat GPT has lowered the entry barrier for cyber criminals, enhancing both the volume and sophistication of these types of scams.

Source: [CNBC]

Ransomware in the Finance Sector: Emerging threats

A recent analysis highlights ransomware as a critical threat, particularly to the financial services sector due to its integral role in the global economy and sensitive data handling. Cyber criminals have enhanced their tactics, including pre-emptive data exfiltration, to coerce victims into paying ransoms. Phishing emails remain the primary delivery method, exploiting user unawareness to execute these attacks. These emails allow attackers to reach numerous targets cost-effectively, increasing the likelihood of successful breaches. This evolution in ransomware strategies underscores the need for heightened cyber security measures across all sectors.

Source: [Verdict]

Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware

A coordinated law enforcement effort codenamed Operation Endgame led by Europol has dismantled the infrastructure of several malware loader operations, including IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot. The operation, conducted between May 27 and May 29, resulted in the takedown of over 100 servers worldwide and the arrest of four individuals in Armenia and Ukraine. Europol's actions targeted high-value criminal infrastructure, resulting in the seizure of more than 2,000 domains and the disruption of services used to facilitate ransomware and other malicious attacks. One suspect allegedly profited €69 million ($74.6 million) from renting out these criminal services.

Source: [TheHackerNews]

Hacktivist Attacks on Europe Have Doubled Since 2023, Top EU Cyber Security Official says: ‘This is Part of the Russian War of Aggression’

A recent surge in disruptive digital attacks, largely attributed to Russia-backed groups, has doubled within the European Union, targeting critical infrastructure and election-related services. Juhan Lepassaar, head of the European Union Agency for Cybersecurity (ENISA), reported a significant increase in hacktivist attacks since Russia's invasion of Ukraine, with methods often tested in Ukraine before extending to the EU. Upcoming elections in the EU and other countries have heightened security concerns. ENISA has been working to bolster the resilience of election agencies and noted a rise in ransomware targeting public institutions. The agency also warned of the growing threat of AI-enabled disinformation campaigns.

Source: [Fortune]

North Korean 'Moonstone Sleet' Threat Group Melds Espionage, Financial Goals - Microsoft

A recent report by Microsoft has uncovered the North Korean threat group "Moonstone Sleet," which engages in both espionage and financial cyber attacks. Initially overlapping with the DPRK's Diamond Sleet, Moonstone Sleet has since developed its own unique tactics, using techniques like fake job offers, custom ransomware, and trojanised software delivered via social media. The group has targeted aerospace, education, and software organisations by masquerading as legitimate companies such as "StarGlow Ventures" and "C.C. Waterfall." Their methods, including using trusted platforms like LinkedIn and Telegram, complicate defensive measures and exploit the inherent trust in these platforms.

Source: [DarkReading]

Europe on High Alert after Suspected Moscow-linked Arson and Sabotage

A recent spate of arson and sabotage attacks across Europe, potentially linked to Russian operatives, has heightened security concerns. Incidents include a fire at an Ikea in Lithuania, an arson attack in east London, antisemitic graffiti in Paris, and in Germany suspicions of foreign intelligence-driven attacks in addition to a wave of cyber-attacks in 2023 by a hacker group linked to Russian intelligence. Security services suspect these acts aim to destabilise the West amidst its support for Ukraine. Polish authorities have arrested nine individuals for alleged sabotage under Russian orders, while Estonia and Germany report similar threats. This issue, discussed at a Brussels summit, highlights the need for increased vigilance against hybrid attacks orchestrated by foreign entities.

Source: [TheGuardian]

Making the Case for 'Reasonable' Cyber Security

A recent white paper from the Center for Internet Security (CIS) discusses the concept of "reasonable cyber security" and its alignment with privacy laws. This standard, highlighted at the RSA Conference, is context-dependent and varies by industry. For instance, while the Payment Card Industry Data Security Standard (PCI DSS) prescribes specific controls, the GDPR emphasises transparency and good faith efforts. The importance of quantifying cyber risk was underscored by the US Federal Reserve emphasising improved data on cyber threats for better risk assessment. Implementing security frameworks like the NIST Cybersecurity Framework can help meet these evolving regulatory and insurance requirements

Source: [DarkReading]

Hundreds of Thousands of Internet Routers Destroyed in Attack on Telco

A significant cyber attack last October targeted a US telecoms company, disabling over 600,000 internet routers across multiple states, according to Lumen Technologies' Black Lotus Labs. The attack, undisclosed until recently, involved malicious firmware updates that rendered the routers inoperable. Researchers did not identify the hackers or the affected company. The malware, still circulating online, disrupted internet access from October 25 to 27. This attack is considered one of the most severe against the US telecommunications sector and illustrates the vulnerability of telecoms provided routers to these types of attacks.

Source: [YahooFinance]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Other Social Engineering

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence


Vulnerability Management

Vulnerabilities


Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More