Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Advisory 13 June 2024 – Microsoft Patches Critical RCE Flaw and Zero-Click Vulnerability
Black Arrow Cyber Advisory 13 June 2024 – Microsoft Patches Critical RCE Flaw and Zero-Click Vulnerability
Executive summary
Microsoft have released patches for a ‘critical’ remote code execution vulnerability (CVE-2024-30080) and a ‘high’ zero-click vulnerability (CVE-2024-30103) this week. The critical vulnerability allows an attacker to perform remote code execution by sending a specially crafted malicious Microsoft Message Queuing (MSMQ) technology packet to an MSMQ server. The zero-click vulnerability allows an attacker to bypass Outlook registry block lists and enable the creation of malicious files, which is initiated when an affected email is previewed in Outlook or opened.
What’s the risk to me or my business?
If the vulnerabilities are successfully exploited this will allow an attacker to perform arbitrary remote code execution, and the other will allow for malicious DLL files to be created. Both vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.
What can I do?
Black Arrow recommends applying the available patches for the vulnerability as soon as possible following their organisations update policies due to the severity.
Technical Summary
CVE-2024-30080 – This vulnerability allows an attacker to completely take over an affected server by sending a specially crafted malicious MSMQ packet to a MSMQ server, performing arbitrary remote code execution on the server side.
CVE-2024-30103 – This vulnerability allows an authenticated malicious actor using valid Exchange user credentials to bypass the Outlook registry block lists and enable the creation of malicious DLL files, allowing them to perform other malicious activities.
Further information on Microsoft Patches released this week can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun
Further information on the RCE vulnerability can be found here:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30080
Further information on the Zero-Click vulnerability can be found here:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30103
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Advisory 12 June 2024 – Fortinet FortiGate SSL VPN Vulnerability Leads to 20,000 Systems Being Breached by China Globally
Black Arrow Cyber Advisory 12 June 2024 – Fortinet FortiGate SSL VPN Vulnerability Leads to 20,000 Systems Being Breached by China Globally
Executive summary
The Dutch cyber security agency has recently State-sponsored threat actors backed by China have gained access to 20,000 Fortinet Fortigate systems globally between 2022 and 2023 through the Coathanger malware campaign. The vulnerability (CVE-2022-42475) allows a malicious actor to remotely execute malicious code. The Coathanger malware is persistent and remains on the devices even after reboots and firmware and software updates. While Fortinet silently released an update to fix this vulnerability in November 2022, they did not announce this until December 2022 in which during this time 14,000 devices were backdoored.
What’s the risk to me or my business?
The vulnerability in Fortinet’s products affected by this could pose a significant risk to your organisation. If exploited it could allow an attacker to remain in the product even after reboots and firmware updates. It also could allow an attacker to remotely execute malicious code. This could compromise the confidentiality, integrity, and availability of your organisation’s data
What can I do?
The vulnerability is difficult to identify and remove even if the patch has been installed to fix this vulnerability, indicators of compromise can be found in the link below. If you are unsure of what to do, please contact Black Arrow for further help and guidance.
Technical Summary
CVE-2022-42475: This is a heap-based buffer overflow vulnerability which may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
The affected products are:
· FortiOS version 7.2.0 through 7.2.2
· FortiOS version 7.0.0 through 7.0.8
· FortiOS version 6.4.0 through 6.4.10
· FortiOS version 6.2.0 through 6.2.11
· FortiOS version 6.0.0 through 6.0.15
· FortiOS version 5.6.0 through 5.6.14
· FortiOS version 5.4.0 through 5.4.13
· FortiOS version 5.2.0 through 5.2.15
· FortiOS version 5.0.0 through 5.0.14
· FortiOS-6K7K version 7.0.0 through 7.0.7
· FortiOS-6K7K version 6.4.0 through 6.4.9
· FortiOS-6K7K version 6.2.0 through 6.2.11
· FortiOS-6K7K version 6.0.0 through 6.0.14
· FortiProxy version 7.2.0 through 7.2.1
· FortiProxy version 7.0.0 through 7.0.7
· FortiProxy version 2.0.0 through 2.0.11
· FortiProxy version 1.2.0 through 1.2.13
· FortiProxy version 1.1.0 through 1.1.6
· FortiProxy version 1.0.0 through 1.0.7
Further information from the National Cyber Security Centre can be found here:
Further information on the FortiGuard Advisory can be found here:
https://www.fortiguard.com/psirt/FG-IR-22-398
Further information on the Indicators of compromise can be found here:
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Advisory 11 June 2024 – Active exploitation of Check Point Zero-Day Vulnerability
Black Arrow Cyber Advisory 11 June 2024 – Active exploitation of Check Point Zero-Day Vulnerability
Executive summary
Recent exploitation of Check Point VPN zero-days have been ramping up since the proof of concept was released to the public. The actively exploited zero-day (CVE2024-24919) has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog and could allow an attacker to access sensitive information on Check Point Security gateways and allow them to obtain admin privileges. Check Point have recently stated that it is thought exploitation to have begun in early April, however Checkpoint is not due to release any patches until 20 June.
What’s the risk to me or my business?
The vulnerability in Check Point’s products could pose a significant risk to your organisation. If exploited, it could potentially allow an attacker to access sensitive information from your Check Point Security Gateways. In some instances, the attacker might even gain domain admin privileges. This could compromise the confidentiality, integrity, and availability of your organisation’s data
What can I do?
Check Point have not released any patches for this vulnerability however they have released automatic interim preventative measures deployed through AutoUpdater utility. Black arrow recommends following Check Points advice, which can be found in their advisory linked below.
Technical Summary
CVE-2024-24919 - A path traversal vulnerability, which could allow an attacker to read any file on the system. No specific privilege level is required to exploit this vulnerability.
The affected products are:
· CloudGuard Network
· Quantum Maestro
· Quantum Scalable Chassis
· Quantum Security Gateways
· Quantum Spark Appliances
A security gateway is vulnerable if one of the configurations is applied:
· If the “IPSec VPN” blade has been enabled and the Security Gateway device is part of the “Remote Access” VPN community.
· If the “Mobile Access” blade has been enabled.
The advisory provided by Check Point can be found here:
https://support.checkpoint.com/results/sk/sk182336
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 07 June 2024
Black Arrow Cyber Threat Intelligence Briefing 07 June 2024:
-Urgent Training Gap Exposed as a Quarter of Organisations Provide No Cyber Training to End-Users
-UK SMEs Unaware of the True Cost of Cyber Attacks, Whilst 78% of SMBs Fear Cyber Attacks Could Shut Down Their Business
-Major Cyber Crime Networks Dismantled in US and Europe Deemed a Wake-Up Call for Businesses, Ransomware Rises Despite Law Enforcement Takedowns
-Companies Need to Be Aware of Cyber Risks Related to Proliferation of IoT, or How the Smart TV in your Office Could Infect Your Whole Business with Malware
-CISOs Are Facing a ‘Tsunami of Regulations’; Here’s Why It’s Crucial They Focus on Quantifying Cyber Risk
-90% of Threats are Social Engineering
-UK Businesses Faced with Month-Long Recoveries from Supply Chain Attacks
-Account Takeovers Outpace Ransomware as Top Security Concern
-The Impact of Legacy Vulnerabilities in Today's Cyber Security Landscape
-Nearly All FTSE 100 Companies Exposed to Third and Fourth-Party Breaches
-Snowflake Denies Breach, Blames Data Theft on Poorly Secured Customer Accounts
-97 percent of Security Experts Worry about AI Security Related Threats and Incidents
-85% of Managed Service and Security Providers Face “Significant” Challenges Maintaining Security Compliance for Clients
-Cyber Attack Causes Critical Incident in London Hospitals with Operations Cancelled and Emergency Patients Diverted
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Urgent Training Gap Exposed as a Quarter of Organisations Provide No Cyber Training to End-Users
A recent survey by Hornetsecurity highlights a concerning gap in IT security training among organisations, with 26% not providing any training to end-users. While 79% of organisations believe their training is moderately effective, 39% admit it fails to address recent AI-powered threats adequately. Notably, 31% of respondents found the training unengaging. The survey also revealed that 23% of organisations experienced a cyber security breach in the past year, leading 94% to implement additional controls. However, 52% of end-users often ignore identified threats, emphasising the need for ongoing, engaging, and adaptive training programmes.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
UK SMBs Unaware of True Cost of Cyber Attacks, 78% of SMBs Fear Cyber Attacks Could Shut Down Their Business
New research reveals that UK SMBs underestimate the financial impact of cyber attacks by nearly £85,000. SMBs that have not experienced an attack estimate losses at £39,633, while those that have suffered breaches report actual losses at £123,984.
A separate report by ConnectWise reveals that 94% of SMBs have experienced at least one cyber attack in the last year, up from 64% in 2019, highlighting a significant rise in cyber threats. The report shows that 76% of SMBs lack in-house cyber security skills, driving demand for externally sourced third party security experts. Additionally, 78% of SMBs fear a severe cyber attack could jeopardise their operations. The study found that 56% have faced a cyber attack so far this year, with 89% anticipating another within six months. 83% of SMBs plan to increase their cyber security budgets by an average of 19% over the next year to bolster defences.
Major Cyber Crime Networks Dismantled in US and Europe Deemed a Wake-Up Call for Businesses, Although Ransomware Rises Despite Law Enforcement Takedowns
The recent crackdown on cyber crime by the US and Europe underscores the critical need for robust cyber security measures for businesses. The US Department of Justice arrested Chinese national YunHe Wang, who allegedly compromised over 19 million devices, resulting in $5.9 billion in fraudulent claims. Europol simultaneously apprehended key figures in Armenia and Ukraine, dismantling ransomware networks extorting millions in cryptocurrency. Despite these efforts, a recent report from Mandiant reveals a 75% increase in ransomware activity in 2023, with nearly 1,400 victims across 110 countries.
Factors driving this resurgence include new ransomware entrants, partnerships between groups, and the use of remote management tools, which featured in 41% of intrusions. Established groups like ALPHV/BlackCat and LockBit were prominent, but the landscape also saw 50 new ransomware variants, with a trend towards updating existing families rather than creating new ones.
Businesses must adopt comprehensive security training, regular system updates, advanced threat detection, and incident response planning to mitigate these substantial threats.
Companies Need to Be Aware of Cyber Risks Related to Proliferation of IoT, or How the Smart TV in your Office Could Infect Your Whole Business with Malware
A recent report underscores the escalating cyber risks linked to the Internet of Things (IoT), especially for critical infrastructure. Vulnerable legacy IoT devices, often manually updated, pose significant security risks.
Additionally, there is now more malware specifically targeting IoT devices, such as the Pandoraspear malware, which targets smart TVs via free streaming sites accessed on smartphones. This malware turns TVs into part of a botnet for Distributed Denial of Service (DDoS) attacks. The botnet has compromised over 170,000 endpoints, with estimates suggesting it involves 1.3 million unique IP addresses.
These findings highlight the critical need for enhanced cyber security measures to safeguard against IoT threats, including changing default passwords, network isolation, encrypting data, and conducting regular software updates.
CISOs Are Facing a ‘Tsunami of Regulations’; Here’s Why It’s Crucial They Focus on Quantifying Cyber Risk
Recent discussions emphasise the challenges CISOs encounter when trying to quantify cyber risk in the face of an influx of new regulations such as NIS2 in Europe and SEC requirements in the US that are transforming the way security leaders handle risks. CISOs must translate diverse threats into simplified metrics to communicate effectively with boards. The importance of continuous assessment over annual checks to keep up with evolving vulnerabilities cannot be stressed enough. A mature approach involves visibility, prioritisation, communication, and quantification of risks. The focus should be on defending yourself against the attacker by maintaining credible controls, not on defending yourself against the regulator through a weak tick box exercise.
90% of Threats are Social Engineering
The Avast Q1 2024 Threat Report reveals that nearly 90% of threats were social engineering-based, with scams and phishing utilising deepfake technology and hijacked YouTube channels. Over 90% of mobile threats were scams, including adware and banker malware. YouTube was heavily exploited for phishing and crypto scams.
UK Businesses Faced with Month-Long Recoveries from Supply Chain Attacks
New research by BlackBerry shows that 38% of British organisations face month-long recovery times following software supply chain attacks. The survey, involving 200 IT decision-makers, found that 74% of UK IT leaders were notified of supply chain attacks or vulnerabilities in the past year. While regulatory requirements are encouraging proactive monitoring, a lack of technical knowledge and confidence to act on threats persists. Notably, only 22% of organisations perform real-time inventories of their software environment. The impacts of these attacks include financial loss (62%), data loss (59%), and reputational damage (57%).
Account Takeovers Outpace Ransomware as Top Security Concern
A recent survey by Abnormal Security highlights account takeover attacks as the primary threat to organisations. According to the 2024 State of Cloud Account Takeover Attacks Report, 83% of organisations experienced at least one such attack in the past year, with 77% of security leaders ranking them among their top four threats. Nearly half faced these attacks over five times annually, and 20% encountered more than ten incidents. Despite common defences like multi-factor authentication and strong password policies, 63% of respondents doubted MFA’s effectiveness. The survey emphasises the need for solutions offering cross-platform visibility and automated remediation to combat these pervasive threats effectively.
The Impact of Legacy Vulnerabilities in Today's Cyber Security Landscape
Research shows that the vulnerabilities most affecting small to medium sized businesses (SMBs) are older, known vulnerabilities rather than newer highly publicised zero-days. According to SonicWall’s data from January 2022 to March 2024, the top five network attacks included Log4j (43%) and Heartbleed (35%), both of which target vulnerabilities up to a decade old. Despite advancements in AI and novel threats, these older vulnerabilities remain significant risks due to their ease of exploitation and how widespread they continue to be. SMBs, especially in critical industries, are advised to utilise industry-leading tools and automated patches, ensuring robust cyber security measures against both old and new threats.
Nearly All FTSE 100 Companies Exposed to Third and Fourth-Party Breaches
A recent report by SecurityScorecard reveals that virtually all FTSE 100 companies had suppliers experiencing breaches in the past year. The UK Top 100 Companies: Cybersecurity Threat Report graded firms A-F based on factors predicting a security breach. While UK firms generally scored higher than their continental counterparts, 97% had breaches in their third-party ecosystem. This shows the increasing threat of supply chain attacks, with 97% also experiencing fourth-party breaches. Notably, the energy and basic materials sectors were the most secure, with only 12% and 16% reporting third-party breaches, respectively, while the communications sector had the lowest security posture.
Snowflake Denies Breach, Blames Data Theft on Poorly Secured Customer Accounts
Recent incidents involving cloud storage provider Snowflake highlights the risks associated with compromised credentials. A threat actor claimed to have breached Snowflake’s infrastructure, accessing data from Santander, Ticketmaster and others. However, Snowflake maintains that the theft resulted from stolen customer login details, not a vulnerability or misconfiguration in their system. Snowflake’s CISO clarified that a former employee's demo account was accessed, which was not protected by two-factor authentication (2FA). Santander confirmed a third-party database breach, and Ticketmaster identified unauthorised activity in a Snowflake-hosted database. Snowflake, alongside Crowdstrike and Mandiant, found no evidence implicating Snowflake's platform itself.
97 percent of Security Experts Worry about AI Security Related Threats and Incidents
A new report from Deep Instinct reveals that 97% of security professionals fear AI-generated security incidents, prompting 75% to alter their cyber security strategies over the past year, with 73% focusing more on prevention. The survey of 500 senior experts from large enterprises also shows a 61% rise in deepfake incidents, primarily targeting CEOs and C-suite members. Stress levels have increased for 66% of cyber security professionals due to these threats. Despite 41% relying on endpoint detection and response (EDR) solutions, only 31% plan to boost EDR investments, while 53% feel board pressure to adopt preventative tools against AI threats. This report highlights the need for predictive prevention to enhance resilience.
85% of Managed Service and Security Providers Face “Significant” Challenges Maintaining Security Compliance for Clients
Recent reports by Apptega and Sophos reveals that 85% of managed service providers (MSPs) face significant challenges in maintaining compliance for customers due to resource, expertise, and technology gaps. The MSP Perspectives 2024 survey reveals that MSPs struggle to keep pace with evolving threats and industry trends, with 91% of ransomware attacks occurring outside business hours.
Cyber Attack Causes Critical Incident in London Hospitals with Operations Cancelled and Emergency Patients Diverted
Major hospitals in London declared a critical incident earlier in the week after a cyber attack led to operations being cancelled and emergency patients being diverted elsewhere. It applies to hospitals partnered with Synnovis, a provider of pathology services which suffered a ransomware attack linked to Russian threat actors. King’s College Hospital, Guy’s and St Thomas’, the Royal Brompton and the Evelina London Children’s Hospital, as well as primary care services, were among those affected.
The incident has had a "major impact" on the delivery of services, especially blood transfusions and test results. Some procedures were cancelled or were redirected to other NHS providers as the hospitals tried to establish what work can be carried out safely.
Sources:
https://www.commsbusiness.co.uk/content/news/uk-smes-unaware-of-the-true-cost-of-cyberattacks
https://www.helpnetsecurity.com/2024/06/06/smbs-cyberattack-frequency/
https://www.infosecurity-magazine.com/news/ransomware-rise-2023-mandiant/
https://www.insurancejournal.com/news/international/2024/06/06/778306.htm
https://www.helpnetsecurity.com/2024/06/06/social-engineering-threats-video/
https://www.infosecurity-magazine.com/news/uk-businesses-recoveries-supply/
https://www.infosecurity-magazine.com/news/ato-outpace-ransomware-top/
https://www.techradar.com/pro/the-impact-of-legacy-vulnerabilities-in-todays-cybersecurity-landscape
https://www.infosecurity-magazine.com/news/ftse-100-exposed-third-fourth/
https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/
https://betanews.com/2024/06/03/97-percent-of-organizations-worried-about-ai-security-threats/
https://www.businesswire.com/news/home/20240605033270/en
https://www.bbc.co.uk/news/articles/c288n8rkpvno
https://securityaffairs.com/164142/cyber-crime/ransomware-attack-synnovis-london-hospitals.html
Governance, Risk and Compliance
78% of SMBs fear cyber attacks could shut down their business - Help Net Security
26% of organisations lack any form of IT security training - Help Net Security
Cyber attacks on financial services firms hit 20m people in 2023 - CIR Magazine
Small Firms Need to Stretch Security Budgets - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft: weak cyber defences set to hit economic growth (cityam.com)
How to Prove Security Effectiveness with a Cyber Security Board Report - Security Boulevard
Skills shortages exposing MSPs to security risks | Microscope (computerweekly.com)
Is your workplace ‘cyber savvy’? (siliconrepublic.com)
Governance Essentials for Businesses in the AI Era | News | GRC World Forums
49% of organisations feel somewhat prepared to handle a breach | Security Magazine
Mastering Cyber Risk Quantification Methods: A Strategic Approach - Security Boulevard
Deciding cyber security spend: how much is enough? | Propertymark
Effective Incident Response: A Cyber Security Playbook for Executives - Security Boulevard
1/3 of CISOs in the UK ignore NCSC cyber security guidance (verdict.co.uk)
4 communication mistakes to avoid during a data breach - PR Daily
80 percent of organisations not ready for CISA rules on security practices (betanews.com)
Threats
Ransomware, Extortion and Destructive Attacks
RansomHub extortion gang linked to now-defunct Knight ransomware (bleepingcomputer.com)
RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks (darkreading.com)
FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out (bleepingcomputer.com)
Security industry has ransomware-as-a-service model wrong, says expert | SC Media (scmagazine.com)
'Fog' Ransomware Rolls in to Target Education, Recreation Sectors (darkreading.com)
New Gitloker attacks wipe GitHub repos in extortion scheme (bleepingcomputer.com)
Cyber insurance isn't the answer for ransom payments - Help Net Security
Linux version of TargetCompany ransomware focuses on VMware ESXi (bleepingcomputer.com)
What is ransomware? 7 things you must know before it's too late | PCWorld
Ransomware Victims
MediSecure in administration just weeks after confirming large cyber attack - ABC News
A ransomware attack on Synnovis impacted several London hospitals (securityaffairs.com)
Consulting Firm Greylock Hit With Ransomware Attack Class Action (bloomberglaw.com)
RansomHub gang claims the hack of Frontier Communications (securityaffairs.com)
Christie's avoids leak of stolen data, is sold instead • The Register
FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out (bleepingcomputer.com)
Ransomware ravaged schools and cities in May | TechTarget
What If The Scathing UnitedHealth Cyber Rebuke Was Yours? (forbes.com)
Hack of UK Hospitals Highlights Growing Threat (itprotoday.com)
UK School Forced to Close Following Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware Gang Leaks Data From Australian Mining Company - Security Week
Phishing & Email Based Attacks
90% of threats are social engineering - Help Net Security
AI Will Increase the Quantity—and Quality—of Phishing Scams - Schneier on Security
New V3B phishing kit targets customers of 54 European banks (bleepingcomputer.com)
AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)
Microsoft: The brand attackers love to imitate | CSO Online
AI fuels rise in attacks from ‘unsophisticated threat actors,’ federal cyber leaders say | FedScoop
Why your inbox is still so bad at blocking malware and spam - 9to5Mac
The Art of Hooking the Phish: Educating Users Without Scaring Them (thefastmode.com)
BEC
90% of threats are social engineering - Help Net Security
US Authorities Attempting to Recover $5.3 Million Stolen in BEC Scam - Security Week
Other Social Engineering
Have you answered a spam call by accident? Your next move is extremely important
Artificial Intelligence
AI Will Increase the Quantity—and Quality—of Phishing Scams - Schneier on Security
AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)
97% of security experts worry about AI-related security incidents | Security Magazine
Coinbase's top cyber exec warns deepfake threat is growing | Fortune Crypto
Five AI-based threats security pros need to understand | SC Media (scmagazine.com)
AI fuels rise in attacks from ‘unsophisticated threat actors,’ federal cyber leaders say | FedScoop
Forrester report highlights 2024 IAM trends & AI impact (securitybrief.co.nz)
ChatGPT privacy tips: Two important ways to limit the data you share with OpenAI | ZDNET
AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform (thehackernews.com)
2FA/MFA
Snowflake’s Lack of MFA Control Leaves Companies Vulnerable, Experts Say (informationweek.com)
What is MFA bombing? Apple users were targeted using this phishing technique (securitybrief.co.nz)
Security keys unlock nothing but inconvenience (techmonitor.ai)
Malware
FlyingYeti APT Serves Up Cookbox Malware Using WinRAR (darkreading.com)
Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (thehackernews.com)
Europol identifies 8 cyber criminals tied to malware loader botnets (bleepingcomputer.com)
Europol's Hunt Begins for Emotet Malware Mastermind (darkreading.com)
Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware (thehackernews.com)
DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks (thehackernews.com)
Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File (darkreading.com)
Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan (thehackernews.com)
Comms Business - Malware targeting endpoints on the rise, finds report
Non-mobile malware statistics, Q1 2024 | Securelist
Stealthier DarkGate malware campaign emerges | SC Media (scmagazine.com)
Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (thehackernews.com)
Mobile
The NSA advises you to turn your phone off and back on once a week - here's why | ZDNET
37 Vulnerabilities Patched in Android - Security Week
361 million account credentials leaked on Telegram: Are yours among them? - Help Net Security
Android malware and unwanted software statistics for Q1 2024 | Securelist
Denial of Service/DoS/DDOS
Conflicts Drive DDoS Attacks Surge in EMEA - Infosecurity Magazine (infosecurity-magazine.com)
Internet of Things – IoT
Companies Need to Be Aware of Cyber Risks Related to Proliferation of IoT (insurancejournal.com)
That smart TV in your office could be infecting your whole business with malware | TechRadar
Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours (securityaffairs.com)
Data Breaches/Leaks
The Ticketmaster Data Breach May Be Just the Beginning | WIRED
Ticketmaster confirms massive breach after stolen data for sale online (bleepingcomputer.com)
Snowflake denies breach, blames data theft on poorly secured customer accounts - Help Net Security
Snowflake account hacks linked to Santander, Ticketmaster breaches (bleepingcomputer.com)
Snowflake’s Lack of MFA Control Leaves Companies Vulnerable, Experts Say (informationweek.com)
The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever | WIRED
The Billericay School pupils have details exposed in cyber attack - BBC News
Crooks threaten to leak 2.9B records of personal info • The Register
Threat actor considers leaking 3B records from background check firm | SC Media (scmagazine.com)
Secrets Exposed in Hugging Face Hack - Security Week
Google's hidden logs detail thousands of privacy breaches - CyberGuy
Blackbaud Class Action Lawsuit Denied by Federal Court | MSSP Alert
Club Penguin fans breached Disney Confluence server, stole 2.5GB of data (bleepingcomputer.com)
Check-in terminals used by thousands of hotels leak guest info (bleepingcomputer.com)
Debt Collector Data Breach Exposes Data on 3 Million+ Americans | PCMag
Nearly 400,000 affected by data breach at eye care management services company (therecord.media)
Over 2.5 billion free Android VPN users at risk of data leaks | TechRadar
Advance Auto Parts stolen data for sale after Snowflake attack (bleepingcomputer.com)
Organised Crime & Criminal Actors
International Cyber Crime Ringleaders Arrested In Armenia, Ukraine – Eurasia Review
Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet (thehackernews.com)
4 cuffed following probe into holiday scheme for cyber crooks • The Register
Security industry has ransomware-as-a-service model wrong, says expert | SC Media (scmagazine.com)
Why Hackers Love Logs - Security Week
Police dismantle pirated TV streaming network that made $5.7 million (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers exploit Chrome plugin to steal millions from Binance accounts (cointelegraph.com)
Microsoft India’s X account hijacked in Roaring Kitty crypto scam (bleepingcomputer.com)
Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers | Trend Micro (US)
Insider Risk and Insider Threats
4 Tips For Strengthening Data Security Through The Human Firewall (forbes.com)
Insurance
Cyber insurance isn't the answer for ransom payments - Help Net Security
The top three cyber policy gaps - Insurance News | InsuranceNewsNet
Supply Chain and Third Parties
Third-party vendors pose serious cyber security threat to national security - Help Net Security
London NHS hospitals revert to paper records after cyber attack | NHS | The Guardian
Third-party software supply chain threats continue to plague CISOs | CSO Online
Ticketmaster Breach Showcases SaaS Data Security Risks (darkreading.com)
Basic cyber security can protect from rising supply chain attacks | TechRadar
Advance Auto Parts stolen data for sale after Snowflake attack (bleepingcomputer.com)
Cloud/SaaS
Snowflake denies breach, blames data theft on poorly secured customer accounts - Help Net Security
Snowflake account hacks linked to Santander, Ticketmaster breaches (bleepingcomputer.com)
Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access | CISA
2024-State-of-Multicloud-Security-Risk-Report.pdf (microsoft.com)
Shadow IT and Zombie Accounts: Sabotaging Your SaaS Security - Security Boulevard
Azure Service Tags tagged as security risk, Microsoft disagrees (bleepingcomputer.com)
Identity and Access Management
The Top Trends Shaping Identity And Access Management I... | Forrester
Why (and how) threat actors target your Active Directory (bleepingcomputer.com)
Encryption
WhatsApp encryption isn't the problem, metadata is | TechRadar
Using entangled particles to create unbreakable encryption (phys.org)
Linux and Open Source
CISA warns of actively exploited Linux privilege elevation flaw (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (thehackernews.com)
Understanding Credential Phishing - Security Boulevard
Should Employee Password Management Be Mandatory? (forbes.com)
361 million account credentials leaked on Telegram: Are yours among them? - Help Net Security
Prevent Account Takeover with Better Password Security (thehackernews.com)
Security keys unlock nothing but inconvenience (techmonitor.ai)
Social Media
Microsoft India’s X account hijacked in Roaring Kitty crypto scam (bleepingcomputer.com)
TikTok fixes zero-day bug used to hijack high-profile accounts (bleepingcomputer.com)
Donald Trump Joins TikTok, App He Tried to Ban as President (variety.com)
Malvertising
Google Chrome’s plan to limit ad blocking extensions kicks off next week | Ars Technica
Training, Education and Awareness
26% of organisations lack any form of IT security training - Help Net Security
Is your workplace ‘cyber savvy’? (siliconrepublic.com)
4 Tips For Strengthening Data Security Through The Human Firewall (forbes.com)
The Art of Hooking the Phish: Educating Users Without Scaring Them (thefastmode.com)
Regulations, Fines and Legislation
Here’s what a US surveillance law means for European data privacy | Euronews
80 percent of organisations not ready for CISA rules on security practices (betanews.com)
Data Protection
Here’s what a US surveillance law means for European data privacy | Euronews
Careers, Working in Cyber and Information Security
Narrowing the Stubborn Cyber Security Worker Gap - Security Boulevard
What is a typical day like as an SOC analyst? (siliconrepublic.com)
Law Enforcement Action and Take Downs
Europol identifies 8 cyber criminals tied to malware loader botnets (bleepingcomputer.com)
Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet (thehackernews.com)
4 cuffed following probe into holiday scheme for cyber crooks • The Register
Police dismantle pirated TV streaming network that made $5.7 million (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Poland Suspects Russia Behind False PAP Story on Mobilization (bloomberglaw.com)
Information Warfare: The Future Is Here | Proceedings - June 2024 Vol. 150/6/1,456 (usni.org)
Microsoft Security is warning of Russian misinformation campaigns during the 2024 Olympics - Neowin
Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Information Warfare: The Future Is Here | Proceedings - June 2024 Vol. 150/6/1,456 (usni.org)
Conflicts Drive DDoS Attacks Surge in EMEA - Infosecurity Magazine (infosecurity-magazine.com)
Cyber Attacks and the Risk of Real War: A NATO Perspective - Defence News | The Financial Express
Nation State Actors
China
China outsourcing its cyber attacks to hackers-for-hire - Asia Times
Donald Trump Joins TikTok, App He Tried to Ban as President (variety.com)
Russia
Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (thehackernews.com)
Europe subjected to multi-phase APT28 cyberespionage attacks | SC Media (scmagazine.com)
Poland Suspects Russia Behind False PAP Story on Mobilization (bloomberglaw.com)
FlyingYeti APT Serves Up Cookbox Malware Using WinRAR (darkreading.com)
Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File (darkreading.com)
Pro-Russia group claims responsibility for cyber attacks on first day of EU elections | Euronews
Poland sees ‘Russian cyber attack’ behind fake military draft report – Euractiv
Russia jams Elon Musk’s Starlink sats in Ukraine for the first time (interestingengineering.com)
Microsoft Security is warning of Russian misinformation campaigns during the 2024 Olympics - Neowin
Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op | CyberScoop
Poland launches investigation into Russian, Belarusian political influence (voanews.com)
Polish government will spend more than $ 3 billion on cyber security - BiznesAlert EN
Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan (thehackernews.com)
Russian hackers claim cyber attack on Spanish defence company | Reuters
Iran
North Korea
A US Company Enabled a North Korean Scam That Raised Money for WMDs | WIRED
Tools and Controls
26% of organisations lack any form of IT security training - Help Net Security
How to Prove Security Effectiveness with a Cyber Security Board Report - Security Boulevard
Mastering Cyber Risk Quantification Methods: A Strategic Approach - Security Boulevard
Should Employee Password Management Be Mandatory? (forbes.com)
Security challenges mount as companies handle thousands of APIs - Help Net Security
Comms Business - Malware targeting endpoints on the rise, finds report
Why Hackers Love Logs - Security Week
Security experts call for unity again... - Mobile World Live
The Top Trends Shaping Identity And Access Management I... | Forrester
Lawyers Ask Forensics Investigators for Help Outside Cyber Security (darkreading.com)
Why (and how) threat actors target your Active Directory (bleepingcomputer.com)
4 Tips For Strengthening Data Security Through The Human Firewall (forbes.com)
The Art of Hooking the Phish: Educating Users Without Scaring Them (thefastmode.com)
Deciding cyber security spend: how much is enough? | Propertymark
Effective Incident Response: A Cyber Security Playbook for Executives - Security Boulevard
4 communication mistakes to avoid during a data breach - PR Daily
Reports Published in the Last Week
The Top Trends Shaping Identity And Access Management I... | Forrester
2024-State-of-Multicloud-Security-Risk-Report.pdf (microsoft.com)
Other News
Cyber attacks on financial services firms hit 20m people in 2023 - CIR Magazine
National infrastructure cyber attacks ‘have increased dramatically’ (power-technology.com)
What Cyber Security Memes Reveal About the Industry (itprotoday.com)
What Could Possibly Go Wrong?: New Study Examines Aftermath of Cyber Attacks | HealthLeaders Media
Security experts call for unity again... - Mobile World Live
Achieving Cyber Security in Finance Through Collaborative Efforts (finextra.com)
Lawyers Ask Forensics Investigators for Help Outside Cyber Security (darkreading.com)
Apple refused to pay bug bounty to Russian cyber security firm Kaspersky Lab (therecord.media)
A Major Industrial Cyber Security Threat: Living off the Land Attacks - Security Boulevard
Germany: Major hack targets center-right CDU party – DW – 06/01/2024
Public sector security debt is becoming a pervasive issue | ITPro
New Military Program Aids Cyber Defences in Latin America and the Caribbean | AFCEA International
Moldova Cracks Down On Interpol Evasion Scheme With Help From France, US, Britain (rferl.org)
Vulnerability Management
The impact of legacy vulnerabilities in today's cyber security landscape | TechRadar
NIST turns to IT consultants to help clear NVD backlog • The Register
Vulnerabilities
Exploitation of Recent Check Point VPN Zero-Day Soars - Security Week
CISA warns of actively exploited Linux privilege elevation flaw (bleepingcomputer.com)
Critical Apache Log4j2 flaw still threatens global finance - Security Affairs
FlyingYeti APT Serves Up Cookbox Malware Using WinRAR (darkreading.com)
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) - Help Net Security
Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions (thehackernews.com)
37 Vulnerabilities Patched in Android - Security Week
PoC Exploit Released for macOS Root Access Vulnerability (cybersecuritynews.com)
Cisco addressed Webex flaws used to compromise German government meetings (securityaffairs.com)
RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks (darkreading.com)
CISA says 'patch now' to 7-year-old Oracle WebLogic bug • The Register
Azure Service Tags tagged as security risk, Microsoft disagrees (bleepingcomputer.com)
Critical Progress Telerik vulnerability under attack | TechTarget
TikTok fixes zero-day bug used to hijack high-profile accounts (bleepingcomputer.com)
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 31 May 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Santander Staff and '30 million' Customers Hacked via Cloud Provider Breach
Hackers known as ShinyHunters claim to have stolen confidential data from Santander, affecting all staff globally and millions of customers in Chile, Spain, and Uruguay. The breach includes 30 million bank account details, 6 million account numbers and balances, and 28 million credit card numbers. Santander confirmed the theft but assured no transactional data or online banking credentials were compromised. The attack is linked to an ongoing hack of cloud storage company Snowflake, accessed through a former employee's demo account. Santander is proactively contacting affected individuals and continues to ensure secure transactions. ShinyHunters have this week also claimed responsibility for the massive Ticketmaster breach below.
Source: [BBC]
ABN Amro Disclose Data Breach Following an Attack on a Third-Party Provider
A recent disclosure by Dutch bank ABN Amro revealed a data breach due to a ransomware attack on their third-party service provider, AddComm. This attack potentially exposed data of some ABN Amro clients, prompting the bank to notify affected clients and the Dutch Data Protection Authority. AddComm has since contained the incident, restored affected systems, and is investigating the breach with external security experts. While there are no signs of misuse of client data, ABN Amro has ceased using AddComm's services and warned clients to remain vigilant against phishing attempts.
Source: [SecurityAffairs]
Ticketmaster Confirms Massive Breach of 560m Users After Stolen Data Offered for Sale Online
Live Nation has confirmed a data breach at Ticketmaster, attributed to unauthorised activity within a third-party cloud database, believed to be Snowflake. The breach, identified on May 20, 2024, exposed data of over 560 million users, including personal details and ticket information. A threat actor known as ShinyHunters, the same threat actor claiming responsibility for the Santander attack above, has been attempting to sell this data on the dark web for $500,000. Despite the severity, Live Nation stated the breach is not expected to materially impact business operations or financial condition. The company is working with law enforcement and notifying affected users and regulatory authorities
Source: [BleepingComputer]
Material Cyber Attacks a Concern Among Many CISOs, with Human Error Still Perceived as the Achilles’ Heel of Cyber Security
A recent survey from Proofpoint reveals that 70% of CISOs feel at risk of a significant cyber attack within the next 12 months, up from 68% last year and 48% in 2022. Despite this, only around half feel prepared for such an attack. Human error remains a key vulnerability, with 74% identifying it as the most significant risk. Notably, 87% of CISOs are deploying AI-powered solutions to mitigate these risks. The top concerns include ransomware (41%), malware (38%), and email fraud (36%), with a notable increase in ransomware threats.
Sources: [HelpNetSecurity] [SCMagazine]
Old But Gold: Why Shoulder Surfing is an Underacknowledged Cyber Threat
A recent incident in the UK has highlighted the persistent threat of shoulder surfing, a social engineering tactic where sensitive information is obtained by observing someone's device screen. On 22 May 2024, The Times reported that information from a private memo by British Cabinet Minister Johnny Mercer was leaked after a fellow train passenger photographed Mercer's laptop screen. The memo contained accusations against Downing Street officials and advisors, illustrating the ease with which malicious actors can access confidential information through simple observation. This event underscores the need for heightened awareness and protective measures to combat shoulder surfing, including being mindful of your surroundings and using privacy screen filters.
Source: [ITPro]
Hackers Phish Finance Orgs Using Trojanised Minesweeper Clone
A recent cyber security alert highlights that hackers are leveraging code from a clone of Microsoft's Minesweeper game to conceal malicious scripts in attacks targeting financial institutions in Europe and the US. The threat actor, identified as 'UAC-0188,' uses this legitimate code to hide Python scripts that install remote management software on compromised systems. At least five breaches have been identified across financial and insurance sectors. The attack initiates with an email from "support@patient-docs-mail.com," prompting recipients to download a malicious file from Dropbox, which includes both innocuous and malicious code to evade security detection.
Source: [BleepingComputer]
Deepfake Scams Have Robbed Companies of Millions. Experts Warn It Could Get Worse
A recent surge in deepfake scams has resulted in millions of dollars in losses for companies globally, with experts predicting an increase in such frauds as criminals leverage generative AI. In one major incident, a Hong Kong finance worker was deceived into transferring over $25 million to fraudsters using deepfake technology to impersonate senior executives on a video call. UK engineering firm Arup confirmed involvement in this case, though details remain under investigation. The accessibility of AI tools like OpenAI’s Chat GPT has lowered the entry barrier for cyber criminals, enhancing both the volume and sophistication of these types of scams.
Source: [CNBC]
Ransomware in the Finance Sector: Emerging threats
A recent analysis highlights ransomware as a critical threat, particularly to the financial services sector due to its integral role in the global economy and sensitive data handling. Cyber criminals have enhanced their tactics, including pre-emptive data exfiltration, to coerce victims into paying ransoms. Phishing emails remain the primary delivery method, exploiting user unawareness to execute these attacks. These emails allow attackers to reach numerous targets cost-effectively, increasing the likelihood of successful breaches. This evolution in ransomware strategies underscores the need for heightened cyber security measures across all sectors.
Source: [Verdict]
Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware
A coordinated law enforcement effort codenamed Operation Endgame led by Europol has dismantled the infrastructure of several malware loader operations, including IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot. The operation, conducted between May 27 and May 29, resulted in the takedown of over 100 servers worldwide and the arrest of four individuals in Armenia and Ukraine. Europol's actions targeted high-value criminal infrastructure, resulting in the seizure of more than 2,000 domains and the disruption of services used to facilitate ransomware and other malicious attacks. One suspect allegedly profited €69 million ($74.6 million) from renting out these criminal services.
Source: [TheHackerNews]
Hacktivist Attacks on Europe Have Doubled Since 2023, Top EU Cyber Security Official says: ‘This is Part of the Russian War of Aggression’
A recent surge in disruptive digital attacks, largely attributed to Russia-backed groups, has doubled within the European Union, targeting critical infrastructure and election-related services. Juhan Lepassaar, head of the European Union Agency for Cybersecurity (ENISA), reported a significant increase in hacktivist attacks since Russia's invasion of Ukraine, with methods often tested in Ukraine before extending to the EU. Upcoming elections in the EU and other countries have heightened security concerns. ENISA has been working to bolster the resilience of election agencies and noted a rise in ransomware targeting public institutions. The agency also warned of the growing threat of AI-enabled disinformation campaigns.
Source: [Fortune]
North Korean 'Moonstone Sleet' Threat Group Melds Espionage, Financial Goals - Microsoft
A recent report by Microsoft has uncovered the North Korean threat group "Moonstone Sleet," which engages in both espionage and financial cyber attacks. Initially overlapping with the DPRK's Diamond Sleet, Moonstone Sleet has since developed its own unique tactics, using techniques like fake job offers, custom ransomware, and trojanised software delivered via social media. The group has targeted aerospace, education, and software organisations by masquerading as legitimate companies such as "StarGlow Ventures" and "C.C. Waterfall." Their methods, including using trusted platforms like LinkedIn and Telegram, complicate defensive measures and exploit the inherent trust in these platforms.
Source: [DarkReading]
Europe on High Alert after Suspected Moscow-linked Arson and Sabotage
A recent spate of arson and sabotage attacks across Europe, potentially linked to Russian operatives, has heightened security concerns. Incidents include a fire at an Ikea in Lithuania, an arson attack in east London, antisemitic graffiti in Paris, and in Germany suspicions of foreign intelligence-driven attacks in addition to a wave of cyber-attacks in 2023 by a hacker group linked to Russian intelligence. Security services suspect these acts aim to destabilise the West amidst its support for Ukraine. Polish authorities have arrested nine individuals for alleged sabotage under Russian orders, while Estonia and Germany report similar threats. This issue, discussed at a Brussels summit, highlights the need for increased vigilance against hybrid attacks orchestrated by foreign entities.
Source: [TheGuardian]
Making the Case for 'Reasonable' Cyber Security
A recent white paper from the Center for Internet Security (CIS) discusses the concept of "reasonable cyber security" and its alignment with privacy laws. This standard, highlighted at the RSA Conference, is context-dependent and varies by industry. For instance, while the Payment Card Industry Data Security Standard (PCI DSS) prescribes specific controls, the GDPR emphasises transparency and good faith efforts. The importance of quantifying cyber risk was underscored by the US Federal Reserve emphasising improved data on cyber threats for better risk assessment. Implementing security frameworks like the NIST Cybersecurity Framework can help meet these evolving regulatory and insurance requirements
Source: [DarkReading]
Hundreds of Thousands of Internet Routers Destroyed in Attack on Telco
A significant cyber attack last October targeted a US telecoms company, disabling over 600,000 internet routers across multiple states, according to Lumen Technologies' Black Lotus Labs. The attack, undisclosed until recently, involved malicious firmware updates that rendered the routers inoperable. Researchers did not identify the hackers or the affected company. The malware, still circulating online, disrupted internet access from October 25 to 27. This attack is considered one of the most severe against the US telecommunications sector and illustrates the vulnerability of telecoms provided routers to these types of attacks.
Source: [YahooFinance]
Governance, Risk and Compliance
New KnowBe4 phishing report reveals top choices for phishing scams – PCR (pcr-online.biz)
Material cyber attacks a concern among many CISOs | SC Media (scmagazine.com)
The Link Between Cyber Security and Reputation Management for Executives - Security Boulevard
The SEC’s SolarWinds Case: What CISOs Should Do Now (darkreading.com)
Old but gold: Why shoulder surfing is an underacknowledged cyber threat | ITPro
70% of CISOs feel vulnerable to a material cyber attack in 2024 | Security Magazine
The evolution of security metrics for NIST CSF 2.0 - Help Net Security
Cyber security teams gear up for tougher challenges in 2024 - Help Net Security
4-Step Approach to Mapping and Securing Your Organisation's Most Critical Assets (thehackernews.com)
Cyber security Skills Shortage Is Ranked as the Biggest Risk (globenewswire.com)
How Corporate Boards Are Setting CEO’s Up For Cyber Security Failure (forbes.com)
CISO priorities must shift in a heightened threat landscape - Raconteur
Cyber security is the cause of all MSPs’ headaches • The Register
Bridging Cyber Security Expectations And Reality To Empower CISOs (forbes.com)
Making the Case for 'Reasonable' Cyber Security (darkreading.com)
Why cyber criminals and hackers are targeting small businesses - Marketplace
Widespread data silos slow down security response times - Help Net Security
Absolute Security Survey Reveals UK CISOs Ignore NCSC Guidance | Business Wire
Reducing CIO-CISO tension requires recognizing the signs | CIO
Threats
Ransomware, Extortion and Destructive Attacks
‘World’s largest botnet’ knocked offline after raking in billions | The Independent
Ransomware Networks Brought Down In Major Global Police Operation | HuffPost Latest News
Massive ransomware network taken down by ‘Endgame’ international police operation | Fortune Europe
Ransomware in the finance sector: Emerging threats - Verdict
New ShrinkLocker ransomware uses BitLocker to encrypt your files (bleepingcomputer.com)
Ransomware operators shift tactics as law enforcement disruptions increase - Help Net Security
6 Facts About How INTERPOL Fights Cyber crime (darkreading.com)
Potent youth cyber crime ring made up of 1,000 people, FBI official says | CyberScoop
LockBit Black Ransomware Bot Sprays “Millions of Messages” | MSSP Alert
Microsoft links North Korean hackers to new FakePenny ransomware (bleepingcomputer.com)
How to improve ransomware attack outcomes | SC Media (scmagazine.com)
Why healthcare data is often the target of ransomware attacks (techtarget.com)
Essential Strategies for Recovering from Ransomware Attacks - Security Boulevard
Ransomware Victims
Phishing & Email Based Attacks
New KnowBe4 phishing report reveals top choices for phishing scams – PCR (pcr-online.biz)
Phishing-as-a-service (PhaaS): What is it and How it work? (todayq.com)
Hackers phish finance orgs using trojanized Minesweeper clone (bleepingcomputer.com)
New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI (thehackernews.com)
LockBit Black Ransomware Bot Sprays “Millions of Messages” | MSSP Alert
Google: Stop Trying to Trick Employees With Fake Phishing Emails | PCMag
Free Piano phish targets American university students, staff (bleepingcomputer.com)
BEC
Other Social Engineering
Old but gold: Why shoulder surfing is an underacknowledged cyber threat | ITPro
No 10 neglecting popular MPs, laments minister in leaked memo (thetimes.co.uk)
Artificial Intelligence
Kroll cyber threat landscape report: AI assists attackers | CSO Online
'GODMODE GPT': Hacker releases jailbroken version of ChatGPT (newsbytesapp.com)
Critical Flaw in AI Platform Exposes Proprietary Data (darkreading.com)
NIST Releases Risk ‘Profile’ for Generative AI | Polsinelli - JDSupra
OODA Loop - The Cyber Arms Race Gives Way to AI Weaponization
Four Security Questions to Ask Your Enterprise Generative AI Provider (darkreading.com)
OpenAI sets up safety committee as it starts training new model | Reuters
Malware
‘World’s largest botnet’ knocked offline after raking in billions | The Independent
Over 100 malware servers shut down in 'largest ever' operation against botnets (therecord.media)
Ransomware Networks Brought Down In Major Global Police Operation | HuffPost Latest News
Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware (thehackernews.com)
Massive ransomware network taken down by ‘Endgame’ international police operation | Fortune Europe
Why cloud attacks no longer need malware [Q&A] (betanews.com)
Is Your Computer Part of ‘The Largest Botnet Ever?’ – Krebs on Security
Trio of Chinese botnet operators sanctioned by United States • The Register
macOS version of elusive 'LightSpy' spyware tool discovered (bleepingcomputer.com)
Cyber criminals pose as "helpful" Stack Overflow users to push malware (bleepingcomputer.com)
Law enforcement operation takes aim at an often-overlooked cyber crime linchpin | Ars Technica
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 (securityaffairs.com)
Pirated Microsoft Office delivers malware cocktail on systems (bleepingcomputer.com)
Mobile
Hacking phones is too easy. Time to make it harder (economist.com)
Privacy vs. Mobile Security: Why You Don’t Have to Choose | MSSP Alert
90+ Malicious Apps Totaling 5.5M Downloads Lurk on Google Play (darkreading.com)
Phones of journalists and activists in Europe targeted with Pegasus | CyberScoop
NSA Warns iPhone & Android Users To Turn It Off And On Again (forbes.com)
Denial of Service/DoS/DDOS
New DoS Attack ‘DNSBomb’ Exploiting DNS Queries & Responses (cybersecuritynews.com)
Internet Archive is continuing to face DDoS attacks after several days - Neowin
Internet of Things – IoT
These are the most insecure devices you might still have in your home (xda-developers.com)
Hundreds of thousands of US internet routers destroyed in newly discovered 2023 hack (yahoo.com)
Data Breaches/Leaks
ABN Amro discloses data breach following an attack on a third-party provider (securityaffairs.com)
Data breach exposes details of 25,000 current and former BBC employees | BBC | The Guardian
Dutch Social housing tenants' data may have been stolen after IT supplier hack | NL Times
Almost all citizens of city of Eindhoven have their personal data exposed (bitdefender.com)
Critical Flaw in AI Platform Exposes Proprietary Data (darkreading.com)
Cencora data breach exposes US patient info from 11 drug companies (bleepingcomputer.com)
400% rise in MoD data breaches fuels fear of cyber threat from Russia and China (inews.co.uk)
MITRE December 2023 attack: threat actors created rogue VMs to evade detection (securityaffairs.com)
Nearly 3 million affected by Sav-Rx data breach (therecord.media)
First American December data breach impacts 44,000 people (bleepingcomputer.com)
Hackers Claim Ticketmaster Data Breach: 560 Million Users' Info Up for Sale (hackread.com)
MPs email passwords exposed on the dark web, study suggests (cityam.com)
Everbridge warns of corporate systems breach exposing business data (bleepingcomputer.com)
FBCS Data Breach Impact Grows to 3.2 Million Individuals - SecurityWeek
Cooler Master hit by data breach exposing customer information (bleepingcomputer.com)
Spyware maker pcTattletale says it's 'out of business' and shuts down after data breach | TechCrunch
Organised Crime & Criminal Actors
Digital Arrests: The New Frontier of Cyber crime | MSSP Alert
Cyber crime study finds global human-initiated digital attack rate up 19% | Chain Store Age
Phishing-as-a-service (PhaaS): What is it and How it work? (todayq.com)
Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web (hackread.com)
Hacker defaces spyware app’s site, dumps database and source code (bleepingcomputer.com)
BreachForums returns just weeks after FBI-led takedown • The Register
6 Facts About How INTERPOL Fights Cyber Crime (darkreading.com)
Russian indicted for selling access to US corporate networks (bleepingcomputer.com)
Potent youth cyber crime ring made up of 1,000 people, FBI official says | CyberScoop
Cyber criminals pose as "helpful" Stack Overflow users to push malware (bleepingcomputer.com)
US arrests man allegedly behind enormous botnet that enabled cyber attacks and fraud - The Verge
Law enforcement operation takes aim at an often-overlooked cyber crime linchpin | Ars Technica
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Indian man stole $37 million in crypto using fake Coinbase Pro site (bleepingcomputer.com)
Former FTX executive Salame sentenced to over 7 years in prison - BBC News
Insider Risk and Insider Threats
Human error still perceived as the Achilles' heel of cyber security - Help Net Security
New Research Warns About Weak Offboarding Management and Insider Risks (thehackernews.com)
Insurance
Supply Chain and Third Parties
Cloud/SaaS
34% of organisations lack cloud cyber security skills - Help Net Security
Impact of Remote Work and Cloud Migrations on Security Perimeters (securityaffairs.com)
Why cloud attacks no longer need malware [Q&A] (betanews.com)
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Why strong passwords are still the first line of defence against cyber threats (securitybrief.co.nz)
Password auditing: Purge weak passwords from your organisation | ITPro
Enhancing cyber security with 'moving trees' (techxplore.com)
Malvertising
Training, Education and Awareness
Using Scary but Fun Stories to Aid Cyber Security Training - Security Boulevard
Beyond the Code: Modern Cyber Security Training for 2024 (informationweek.com)
Regulations, Fines and Legislation
New cyber attack reporting requirement for Swiss financial institutions (cms-lawnow.com)
The SEC’s SolarWinds Case: What CISOs Should Do Now (darkreading.com)
GDPR Turns Six: Reflecting on a Global Privacy Benchmark - IT Security Guru
The SEC's New Take on Cyber Security Risk Management (darkreading.com)
Models, Frameworks and Standards
The evolution of security metrics for NIST CSF 2.0 - Help Net Security
How NIST Cybersecurity Framework 2.0 Tackles Risk Management (securityintelligence.com)
Data Protection
Careers, Working in Cyber and Information Security
34% of organisations lack cloud cyber security skills - Help Net Security
Cyber security Skills Shortage Is Ranked as the Biggest Risk (globenewswire.com)
New cyber security school to pay students $4K monthly salary
Law Enforcement Action and Take Downs
‘World’s largest botnet’ knocked offline after raking in billions | The Independent
Over 100 malware servers shut down in 'largest ever' operation against botnets (therecord.media)
Ransomware Networks Brought Down In Major Global Police Operation | HuffPost Latest News
Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware (thehackernews.com)
Massive ransomware network taken down by ‘Endgame’ international police operation | Fortune Europe
BreachForums returns just weeks after FBI-led takedown • The Register
Indian man stole $37 million in crypto using fake Coinbase Pro site (bleepingcomputer.com)
Ransomware operators shift tactics as law enforcement disruptions increase - Help Net Security
6 Facts About How INTERPOL Fights Cyber crime (darkreading.com)
Russian indicted for selling access to US corporate networks (bleepingcomputer.com)
US arrests man allegedly behind enormous botnet that enabled cyber attacks and fraud - The Verge
Law enforcement operation takes aim at an often-overlooked cyber crime linchpin | Ars Technica
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
OODA Loop - The Cyber Arms Race Gives Way to AI Weaponization
Could the Next War Begin in Cyberspace? (informationweek.com)
Global stability issues alter cyber threat landscape, ESET reports | CSO Online
Cyber Psychological Warfare: Hacking Operational Technology (inforisktoday.com)
Negotiations over new NATO cyber centre still ongoing weeks from planned launch (therecord.media)
Nation State Actors
China
400% rise in MoD data breaches fuels fear of cyber threat from Russia and China (inews.co.uk)
Ongoing Chinese cyberespionage operation targets government orgs | SC Media (scmagazine.com)
Trio of Chinese botnet operators sanctioned by United States • The Register
Russia
400% rise in MoD data breaches fuels fear of cyber threat from Russia and China (inews.co.uk)
Putin hijacked Austria’s spy service. Now he’s going after its government – POLITICO
Map shows Russia's campaign of terror, sabotage and hacking in Europe | World News | Metro News
Critics of Putin and his allies targeted with spyware inside the EU | Hacking | The Guardian
FlyingYeti phishing crew grounded after failed Ukraine ops • The Register
Europe on high alert after suspected Moscow-linked arson and sabotage | Russia | The Guardian
German officer gave up secrets to Russia 'to prevent nuclear war'
Germany's cyber ambassador on the response to Russia: 'All of this takes time' (therecord.media)
FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine (thehackernews.com)
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 (securityaffairs.com)
Russia Has Figured Out How to Mess up Ukraine's Starlink Internet: NYT (businessinsider.com)
Surveillance Risk: Apple's Wi-Fi-Based Positioning System (govinfosecurity.com)
Major Russian delivery company down for three days due to cyber attack (therecord.media)
Russian indicted for selling access to US corporate networks (bleepingcomputer.com)
Most EU election interference domestic in origin, not Russian: Meta (therecord.media)
North Korea
Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group (thehackernews.com)
Global stability issues alter cyber threat landscape, ESET reports | CSO Online
Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals (darkreading.com)
New North Korean group tied to ransomware, gaming campaigns • The Register
Microsoft links North Korean hackers to new FakePenny ransomware (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
The Importance of Patching Vulnerabilities in Cyber Security - Security Boulevard
NIST expects to clear backlog in vulnerabilities database by end of fiscal year (therecord.media)
The most dangerous CVEs of 2023 and 2024: fix these today (kaspersky.co.uk)
NIST says NVD will be back on track by September 2024 - Help Net Security
59% of public sector apps carry long-standing security flaws - Help Net Security
NIST Getting Outside Help for National Vulnerability Database - SecurityWeek
An Argument for Coordinated Disclosure of New Exploits (darkreading.com)
Vulnerabilities
Cisco Releases May 2024 Cisco ASA, FMC, and FTD Software Security Publication | CISA
Critical Flaw in AI Platform Exposes Proprietary Data (darkreading.com)
High-severity flaw affects Cisco Firepower Management Center (securityaffairs.com)
Hackers target Check Point VPNs to breach enterprise networks (bleepingcomputer.com)
Exploit released for maximum severity Fortinet RCE bug, patch now (bleepingcomputer.com)
Check Point VPN zero-day exploited in attacks since April 30 (bleepingcomputer.com)
VMware Workstation and Fusion: Critical Security Flaws Fixed - Security Boulevard
Google fixes eighth actively exploited Chrome zero-day this year (bleepingcomputer.com)
An XSS flaw in GitLab allows attackers to take over accounts (securityaffairs.com)
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites (thehackernews.com)
The most dangerous CVEs of 2023 and 2024: fix these today (kaspersky.co.uk)
Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors - SecurityWeek
FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine (thehackernews.com)
Security flaw in this TP-Link Archer router receives 10 out of 10 severity rating | TechSpot
Tools and Controls
Why strong passwords are still the first line of defence against cyber threats (securitybrief.co.nz)
Microsoft battens security hatches on Windows admin accounts | PCWorld
34% of organisations lack cloud cyber security skills - Help Net Security
New DoS Attack ‘DNSBomb’ Exploiting DNS Queries & Responses (cybersecuritynews.com)
Farewell VBScript: Microsoft confirms plans to begin phasing out the programming language | ITPro
The evolution of security metrics for NIST CSF 2.0 - Help Net Security
4-Step Approach to Mapping and Securing Your Organisation's Most Critical Assets (thehackernews.com)
How to combat alert fatigue in cyber security - Help Net Security
Network Segmentation: Top Challenges And How To Solve Them (forbes.com)
New Research Warns About Weak Offboarding Management and Insider Risks (thehackernews.com)
Identity-related incidents becoming severe, costing organisations a fortune - Help Net Security
Password auditing: Purge weak passwords from your organisation | ITPro
Beyond the blind spots: why CISOs must embrace deep observability - Raconteur
How NIST Cybersecurity Framework 2.0 Tackles Risk Management (securityintelligence.com)
AI’s role in FS businesses’ cyber defence and risk assessment (finextra.com)
Report: The Dark Side of Phishing Protection (thehackernews.com)
Essential Strategies for Recovering from Ransomware Attacks - Security Boulevard
Reports Published in the Last Week
Other News
Why cyber criminals and hackers are targeting small businesses - Marketplace
Shell says 'potential cyber security incident' under investigation | CTV News
Defending Professional Sports Organisations Against Cyber Threats (forbes.com)
How Manufacturers Can Build Their Cyber Defence (forbes.com)
Manufacturing Is #1 in Cyber Attacks for Third Straight Year. What Can Be Done? | IndustryWeek
How Can Small Businesses Alleviate Cyber Risks? (forbes.com)
Cyber security is the cause of all MSPs’ headaches • The Register
Most EU election interference domestic in origin, not Russian: Meta (therecord.media)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.