Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 18th August 2023
Black Arrow Cyber Threat Intelligence Briefing 18 August 2023:
-Ransomware Group Targeting MSPs Worldwide in New Campaign
-As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
-Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
-Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
-Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
-LinkedIn Suffers Significant Wave of Account Hacks
-High Net-Worth Families are at Risk of Cyber Crime
-Cyber Attack Rule Raises Insurance Risks for Corporate Officers
-PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
-The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
-Why Are Phones a Cyber Security Weak Spot?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Group Targeting MSPs Worldwide in New Campaign
Russia-based cyber attackers called Play are evolving, with the ransomware group now using remote monitoring and management (RMM) tools at outsourced IT providers or managed service providers (MSPs) to gain access and hit downstream customers. A significant number of eventual targets are medium sized business. The group is also utilising intermittent encryption, where files are only partly encrypted, to avoid detection.
The attacks highlight the need for organisations to be aware of where they are in the supply chain and how they can be targeted through their supplier. It is not enough for an organisation to focus on its own security in isolation; organisations also need to have a way of effectively assessing their supply chain risk which includes their MSP.
Source [Dark Reading]
As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
Ransomware attacks continue to increase, with 1500 victims confirmed this year. It is likely this figure will continue to rise. In parallel, criminals are evolving and with that comes a rise in triple extortion; attackers are not just encrypting and exfiltrating an organisation’s data, but also using this data to blackmail employees and target third parties, hitting the supply chain.
Unfortunately for SMBs, they do not have the resources to keep up with such attacks, making them the most vulnerable. A report found that organisations that had 51 to 200 employees were the most targeted, followed by organisations with 11 to 50 employees. When it came to the types of organisations, the Financial Services sector placed first.
This should not mean SMBs should just accept this and wait to be attacked; on the contrary, their increased vulnerability means that SMBs need to effectively prioritise and allocate resources, and if necessary getting in specialist external help, to ensure their protections are the best that resources allow.
Sources [WWD] [InfoSecurity Magazine] [CRN]
Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
Cloudflare's 2023 Phishing Threats Report recorded a 17% spike in business email compromise (BEC) related financial losses between December 2021 and 2022, noting that threat actors are increasingly leaning on this attack method to target organisations. Additionally, across 2022 nearly three-quarters (71%) of respondents to the study said they experienced an attempted or successful BEC attack. The Cloudflare report found that the financial impact of BEC led to organisations suffering losses in excess of $2.7 billion, whereas ransomware caused losses of $34.3 million during the same period.
Source [ITPro]
Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
According to a report, phishing attacks were found to be the initial attack vector for nine in ten cyber attacks. The report found that the focus of a cyber criminal tended to be two objectives: achieving authenticity and getting victims to click. Worryingly, 89% of unwanted messages were found to have bypassed authentication checks, leaving people and procedures as the last line of defence in an organisation.
A separate study found that having the following traits made a user more susceptible to phishing: extroverted, agreeable, people-pleasing, quick to trust, fearful or respectful of authority, and poor self-control.
With employees playing such an important role in preventing phishing, organisations need to ensure that employees are aware of what to look for in a phishing email with regular training to account for evolving tactics. This training should be carried out by experts with experience of conducting phishing simulations, accompanied with the ability to educate users on how they can protect themselves from falling victim.
Sources [Tech Radar] [Makeuseof]
Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
In a recent survey, Gartner found that generative AI models such as ChatGPT were the second greatest emerging risk, with concerns around data privacy. This has led to organisations looking to ban such AI, with a separate report by Blackberry finding that ChatGPT faced banning from 75% of organisations.
Banning AI in the organisation is a short-term solution. The benefits of AI are clear and its usefulness in an organisation is significant, with reports finding 75% of IT leaders in favour. Organisations should instead look at how they can govern the usage of AI in their organisation, to reduce the risk of AI-related incidents and improve the effectiveness of work.
Sources [Security Magazine] [Analytics Insight] [IT Security Guru] [Decrypt]
LinkedIn Suffers Significant Wave of Account Hacks
LinkedIn users are reporting losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. LinkedIn is no stranger to being a target of cyber criminals; last year, the platform was deemed the most abused brand in phishing attempts likely due to its recognisability and widespread use in the corporate world. This extended as far as threat actors using fake LinkedIn profiles.
With the number of accounts being compromised, users need to be vigilant in their use of LinkedIn and be on the lookout for suspicious messages. Black Arrow recommends that users ensure they are using strong and unique passwords, combined with multi-factor authentication (MFA) to protect themselves.
Source [Dark Reading]
High Net-Worth Families are at Risk of Cyber Crime
A report found that high net-worth families have prioritised cyber security with a notable 77% of respondents stating they had a cyber security plan; however, 55% said their plan “could be better”.
A cyber security plan is not optional anymore. High net-worth families are at increased risk, with criminals cottoning on to the amount of information that is out there and the financial gain that can be made if that information is used effectively. Social media is just one of the things increasing the risk of cyber crime; unbeknownst to some families, their social media may be providing criminals a treasure trove of insight into a family’s wealth, real-time location and habits. Such information can be used by a cyber criminal to employ attacks.
Source [Campdenfb]
Cyber Attack Rule Raises Insurance Risks for Corporate Officers
The US Securities and Exchange Commission (SEC) recently issued rules that formally outlined directors’ responsibilities in cyber security governance for the first time, laying the groundwork for potential enforcement actions. The recently issued rules bring potential regulatory probes and shareholder legal class action alleging senior executives failed to supervise their businesses’ cyber security practices.
Although the practice is not yet universal, a growing number of director and officer (D&O) policies are being drafted with cyber related exclusions. Meanwhile, most cyber insurance policies exempt SEC enforcement actions and investor claims, but some cover allegations against a company’s executives over their cyber security roles.
Whilst this is only in the US at the moment, other developed nations are likely to follow suit.
Source [Bloomberg Law]
PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
The Police Service of Northern Ireland (PSNI) and the UK Electoral Commission both suffered cyber incidents on the same day. Whilst both incidents were different in how they happened, the result was the same: sensitive information had been leaked. In the case of the PSNI, the data was leaked through a response to a freedom of information (FOI) request, in which an Excel sheet was accidentally included by the PSNI. The Electoral Commission incident resulted from a cyber attack.
The incidents are a wake-up call for organisations. If you have not already done so, you need to put things in place to help protect your data from ending up online. The PSNI incident in particular highlights the need to ensure that data does not leave the organisation by accident.
Source [The Guardian]
The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
Cyber security has become an inescapable concern for organisations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is paramount that companies remain vigilant and prepared.
A key way to be prepared is through a tabletop exercise that simulates a hypothetical cyber security incident and helps organisations to practice and evaluate their response. One example scenario can be responding to a ransomware attack blocking access to the organisation's computers for a ransom. These exercises serve as a practical, engaging, and low-risk way for teams to identify vulnerabilities in current plans, improve coordination, and evaluate the decision-making process during a crisis and this is something that we do with our clients on a regular basis.
Source [JDSupra]
Why Are Phones a Cyber Security Weak Spot?
Mobile phones are more interconnected than ever, with their usage extending to the workplace. Despite this, they often enter the corporate environment with a lack of protection and oversight. When laptops are in the corporate environment they are often secured through methods such as encryption and often the organisation has a clear oversight of the applications and activity on the laptop. Mobile phones on the other hand, are often left unmonitored, despite the fact they can and often do carry sensitive information.
Mobile phones also carry additional risks; for a start, they are easier to lose, due to their size difference and the fact they are often out more. In addition, they may have more entry points. Internet of things (IoT) devices, such as smart appliances, are often controlled by phones, making them another entry point for an attacker.
Source [Tech Shout]
Governance, Risk and Compliance
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority - IT Security Guru
Cyber threat risks reach three-year high – Avast (securitybrief.co.nz)
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Why Finance Leaders In Midsize Businesses Are Stepping Up Cyber security Efforts (forbes.com)
Why are ultra-high-net-worth families at increased risk of cyber crime? | Campden FB
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
4 reasons to understand technology risks when buying a business (businessplus.ie)
Boards Don't Want Security Promises — They Want Action (darkreading.com)
Cyber attacks and data protection worries loom large | Natasha Doris | CDR Article (cdr-news.com)
How threats to mid-sized businesses impact us all - Help Net Security
7 Reasons People Don't Understand What You Tell Them (darkreading.com)
6 Cyber Threat Areas for Companies and Organisations to Prioritize (forbes.com)
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reported ransomware attacks doubled in key sectors (securitybrief.co.nz)
'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign (darkreading.com)
As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ | CRN
Triple Extortion Ransomware and the Cyber Crime Supply Chain (bleepingcomputer.com)
Companies are finding it harder to detect ransomware | TechRadar
Top 3 Ransomware Attack Vectors And How To Avoid Them (techtarget.com)
Knight ransomware distributed in fake Tripadvisor complaint emails (bleepingcomputer.com)
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Why Hospitals Are Being Increasingly Targeted by Cyber Attacks | Chicago News | WTTW
'Bulletproof' Lolekhosted ransomware hacker indicted (cnbc.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Monti ransomware targets VMware ESXi servers with new Linux locker (bleepingcomputer.com)
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands - SecurityWeek
Sophos: ‘Royal’ Is Trying to Make Itself the King of Ransomware (darkreading.com)
Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom (bleepingcomputer.com)
3 strategies that can help stop ransomware before it becomes a crisis | CSO Online
Latitude Financial takes profit hit from major cyber attack | The West Australian
Ransomware down 57%, Secureworks warns against complacency (securitybrief.co.nz)
Ransomware Diaries: Volume 3 – LockBit’s Secrets (databreaches.net)
HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware | WIRED
Ransomware Renaissance 2023: The Definitive Guide to Stay Safer (securityintelligence.com)
How to Create a Ransomware Incident Response Plan (techtarget.com)
Ransomware Victims
Several hospitals still counting the cost of widespread ransomware attack (malwarebytes.com)
Has leading UK jeweller been hit by BianLian ransomware gang? (techmonitor.ai)
Cyber attack on Bay area vendor cripples real estate industry (therealdeal.com)
Colorado warns 4 million of data stolen in IBM MOVEit breach (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
LockBit claims seven new victims in ransomware spree (techmonitor.ai)
Cyber attack strikes Prince George's County schools, district says - The Washington Post
Clorox Operations Disrupted By Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)
Inside Housing - News - Hackney to procure new IT system after cyber attack
Largest switching and terminal railroad in US investigating ransomware data theft (therecord.media)
Honor Among Cyber Criminals? Why a Canadian Firm Paid Ransom (inforisktoday.com)
Alberta dental benefits administrator hit by cyber attack | Edmonton Sun
Phishing & Email Based Attacks
Phishing remains most dominant, fastest growing internet crime (securitybrief.co.nz)
If You Have These 6 Personality Traits, You're More Vulnerable to Phishing Scams (makeuseof.com)
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reports show 62% jump in phishing attacks last year - The Hindu BusinessLine
Phishing Operators Make Ready Use of Abandoned Websites for Bait (darkreading.com)
3 Major Email Security Standards Prove Too Porous for the Task (darkreading.com)
Cyber Security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
As Phishing Gets Even Sneakier, Browser Security Needs to Step Up (darkreading.com)
Email security vendor leaves 2M domains open to phishing hacks, study finds (axios.com)
Cyber Criminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (thehackernews.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malicious QR code hacking campaign is targeting Microsoft credentials - SiliconANGLE
Phishing campaign steals accounts for Zimbra email servers worlwide (bleepingcomputer.com)
30% of phishing threats involve newly registered domains - Help Net Security
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Gone Phishing: An Analysis of a Targeted User Attack (huntress.com)
BEC – Business Email Compromise
Artificial Intelligence
Generative AI a Top Emerging Risk for Organisations: Gartner Survey - Decrypt
ChatGPT Faces Ban from 75% of Organisations: Blackberry Report (analyticsinsight.net)
AI Is Coming For Your Data: 6 Steps To Ensure Cyber Resilience (forbes.com)
New study by AMD finds nearly half of organisations are not ready for AI - IT Security Guru
Over 74% of organisations see a rise in AI use by cyber criminals | Security Magazine
Navigating generative AI risks and regulatory challenges - Help Net Security
Cyber security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Top 10 AI Security Risks According to OWASP (trendmicro.com)
AI 'evil twins' may already be manipulating human nature | SC Media (scmagazine.com)
Cyber security practitioners' generative AI dilemma (iapp.org)
People Coaxed AI Into Giving Wrong Math Answers, System Prone to Flaws (businessinsider.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)
2FA/MFA
How to prevent multifactor authentication fatigue attacks - SiliconANGLE
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Malware
Potent Trojans Targeting MacOS Users - Infosecurity Magazine (infosecurity-magazine.com)
Approximately 2000 Citrix NetScaler servers were backdoored in massive campaign-Security Affairs
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass | WIRED
Macs are getting compromised to act as proxy exit nodes - Help Net Security
Malware Dwell Time: Everything You Need to Know (makeuseof.com)
Gootloader SEO watering hole malware targets law firms | SC Media (scmagazine.com)
Raccoon Stealer malware returns with new stealthier version (bleepingcomputer.com)
Beware! Subscription malware arms hackers with tools to steal your private data | Laptop Mag
New Financial Malware 'JanelaRAT' Targets Latin American Users (thehackernews.com)
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (thehackernews.com)
North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)
Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (att.com)
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Users of cyber crime forums often fall victim to info-stealers, researchers find (therecord.media)
Turns out AI probably isn't very good at writing malware • The Register
Malware Turning Windows Machines Into Proxies (databreachtoday.co.uk)
Mobile
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
Does Turning Your Android Phone Off Protect You From Malware? (makeuseof.com)
3 Mobile or Client-Side Security Myths Debunked (darkreading.com)
Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (ic3.gov)
Threat actors use beta apps to bypass mobile app store security (bleepingcomputer.com)
FBI warns of money-stealing fake beta-release mobile apps • The Register
Three reasons why your smartphone needs security protection (securitybrief.co.nz)
Unsupported Compression Methods Enable Android Malware to Bypass Detection (zimperium.com)
This $70 device can spoof an Apple device and trick you into sharing your password | TechCrunch
Botnets
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Mirai Common Attack Methods Remain Consistent, Effective (darkreading.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Runaway Charger: The Major Threat Of Hacking EV Stations (slashgear.com)
Ford says cars with WiFi vulnerability still safe to drive (bleepingcomputer.com)
Data Breaches/Leaks
Electoral Commission had unpatched vulnerability on server • The Register
UK Police Data Breach Exposes Victim Information - Infosecurity Magazine (infosecurity-magazine.com)
UK govt contractor MPD FM leaks employee passport data-Security Affairs
Cumbria Police accidentally publish officers' names and salaries online (bitdefender.com)
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The most notable data breaches of 2023… So far | IT Reseller Magazine (itrportal.com)
Discord.io confirms breach after hacker steals data of 760K users (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
Man arrested in Northern Ireland police data leak • The Register
teiss - News - PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company
Here’s what you need to do after your personal data is breached (telegraph.co.uk)
Organised Crime & Criminal Actors
Meet the Most (In)Famous Hacking Groups Active Today (makeuseof.com)
Cyber security researchers become target of criminal hackers | Financial Times (ft.com)
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Who Are Script Kiddies? Are They a Threat to Your Security? (makeuseof.com)
Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)
File sharing site Anonfiles shuts down due to overwhelming abuse (bleepingcomputer.com)
How Innovation Accelerators Are at Work on the Dark Side (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
Web3 projects suffered from forty-two exploits within a week (coinpaper.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
UK gov keeps repeating its voter registration website is NOT a scam (bleepingcomputer.com)
“Grab hold and give it a wiggle” – ATM card skimming is still a thing – Naked Security (sophos.com)
Latin Americans Fall Prey to More Online Scams, Cyber Attacks (insurancejournal.com)
The road ahead for ecommerce fraud prevention - Help Net Security
A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight | WIRED
Insurance
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The cyber security insurance market is estimated at USD 14.4 (globenewswire.com)
Dark Web
Supply Chain and Third Parties
Building Cyber security into the supply chain is essential as threats mount (att.com)
Why the public sector still loves Capita (even though it got hacked) - Tech Monitor
Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (thehackernews.com)
PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks (darkreading.com)
Software Supply Chain
Cloud/SaaS
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Adapting to the Cloud Era of Cyber security: How CISO’s Priorities Are Evolving | Network Computing
Datacentre management vulnerabilities leave public clouds at risk | Computer Weekly
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
Containers
Encryption
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
WhatsApp is right to be angry about the UK’s encryption mess | The Spectator
Google adds post-quantum encryption key protection to Chrome • The Register
API
The Evolution of API: From Commerce to Cloud-Security Affairs
How financial services cyber regulations are hotting up for API security (betanews.com)
Open Source
Why a Software Bill of Materials Is Business-Critical - The Futurum Group
Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
6 best practices to defend against corporate account takeover attacks | CSO Online
What's the State of Credential theft in 2023? (thehackernews.com)
Building a secure future without traditional passwords - Help Net Security
Are browser-stored passwords secure? | Kaspersky official blog
Passwordless is more than a buzzword among cyber security pros - Help Net Security
More hardcoded credentials than ever, and sloppy coding is to blame | SC Media (scmagazine.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Social Media
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
LinkedIn accounts hacked in widespread hijacking campaign (bleepingcomputer.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malvertising
Adblock 360 Adware Extension: 3 Ways to Remove for Good - MSPoweruser
Malvertisers up their game against researchers (malwarebytes.com)
Training, Education and Awareness
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Navigating generative AI risks and regulatory challenges - Help Net Security
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
Breaking Down the New SEC Cyber security Rules | Epiq - JDSupra
Confusion Surrounds SEC's New Cyber security Material Rule (darkreading.com)
How financial services cyber regulations are hotting up for API security (betanews.com)
A closer look at the new TSA oil and gas pipeline regulations - Help Net Security
Models, Frameworks and Standards
Center for Internet Security announces secretive Microsoft partnership | StateScoop
What's New in the NIST Cyber security Framework 2.0 (darkreading.com)
Data Protection
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Careers, Working in Cyber and Information Security
650,000 cyber jobs are now vacant: How to tackle the risk (securityintelligence.com)
Effectively upskilling cyber security professionals to help close the skills gap | CSO Online
How to overcome the challenges of today's cyber security talent shortage - SiliconANGLE
Army struggling to hire cyber staff as attacks on Britain ramp up (telegraph.co.uk)
Vietnam admits massive shortage of infosec pros • The Register
Heavy workloads driving IT professionals to resign - Help Net Security
ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (prnewswire.com)
Law Enforcement Action and Take Downs
Polish police arrest five in swoop on Cyber Crime site - TVN24
Lapsus$ Report: Law Enforcement Battles Cyber Threats (beincrypto.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Sextortion suspects on trial after one victim dies • The Register
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Raccoon Stealer malware back with updated version following administrator arrest (therecord.media)
Man arrested in Northern Ireland police data leak • The Register
Privacy, Surveillance and Mass Monitoring
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries-Security Affairs
Russian spy agencies targeting Starlink with custom malware, Ukraine warns (telegraph.co.uk)
Russian-African Security Gathering Exposes Kremlin's Reduced Influence (darkreading.com)
Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps • Graham Cluley
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Suspected spies for Russia held in major UK security investigation - BBC News
Russia turning to sleeper cells and unofficial agents | Espionage | The Guardian
China
Top US cyber official warns of infrastructure attack risk if China tensions rise (nbcnews.com)
New Zealand says it is aware of China-linked intelligence activity in country | Reuters
China teases imminent exposé of seismic US spying scheme • The Register
Chinese Espionage Group Active Across Eastern Europe (inforisktoday.com)
15,000 cyber attacks detected per second in Taiwan: Software provider - Focus Taiwan
US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack | TechCrunch
Iran
German Intelligence Warns of Surge in Iranian Espionage (govinfosecurity.com)
Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks (thehackernews.com)
Iran and the Rise of Cyber Enabled Influence Operations (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Vulnerabilities
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks (thehackernews.com)
Patched Citrix NetScaler Devices Still Contain Backdoors (govinfosecurity.com)
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping (thehackernews.com)
Magento shopping cart attack targets critical vulnerability • The Register
New Python URL Parsing Flaw Enables Command Injection Attacks (thehackernews.com)
Data centers at risk due to flaws in power management software | CyberScoop
Bugs in transportation app Moovit gave hackers free rides | TechCrunch
Google Chrome 116: more Telemetry and 26 security patches - gHacks Tech News
Google Fixes 26 Bugs Amid Fake Update Warning - Infosecurity Magazine (infosecurity-magazine.com)
AMD has fixed its latest security flaw - but at the cost of massive slowdowns | TechRadar
Proxyjacking trend continues as attackers abuse years-old GitLab vulnerability | ITPro
Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica
Tools and Controls
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
AI-powered fraud detection: Strengthening security in fintech | The Financial Express
MaginotDNS attacks exploit weak checks for DNS cache poisoning (bleepingcomputer.com)
Evaluate the risks and benefits of AI in cyber security | TechTarget
How to Choose a Managed Detection and Response (MDR) Solution (darkreading.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Building a secure future without traditional passwords - Help Net Security
Passwordless is more than a buzzword among cyber security pros - Help Net Security
SEC cyber security rules shape the future of incident management - Help Net Security
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
Endpoint Management Statistics, Trends And Facts 2023 - Abdalslam
Why You Need Continuous Network Monitoring? (thehackernews.com)
CISA releases cyber defence plan for remote monitoring and management software - SiliconANGLE
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Other News
Healthcare incurs highest data breach costs – for the 13th year in a row | Healthcare IT News
Here's Why You Should Never Accept Unsolicited Tech by Post (makeuseof.com)
Government highlights cyber threat to health and social care | UKAuthority
Why is the Education Sector a Target for Cyber Attacks? | UpGuard
Cyber security in the Entertainment Industry: Risks and Solutions | UpGuard
What would an OT cyber attack really cost your organisation? | CSO Online
Education has had most cyber attacks, survey finds | Education Business (educationbusinessuk.net)
Cyber attacks Are On The Up: What Are The Risks & Remedies For Aviation? (simpleflying.com)
Bank of Ireland ATM Glitch Hands Out 'Free' Money (gizmodo.com)
Exclusive: 300 independent retailers affected by cyber attack | News | Retail Week (retail-week.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 August 2023
Black Arrow Cyber Threat Intelligence Briefing 11 August 2023:
-75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
-How an Eight-Character Password Could be Cracked in Just a Few Minutes
-Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
-How Executives’ Personal Devices Threaten Business Security
-77% of Financial Firms Saw an Increase in Cyber Attack Frequency
-Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
-Managing Human Cyber Risks Matters Now More Than Ever
-Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
-UK Shaken by Major Data Breaches
-Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
-Mac Users are Facing More Dangerous Security Threats Than Ever Before
-Cyber Attack to Cost Outsourcing Firm Capita up to £25m
-Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.
Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.
Source: [Dark Reading]
How an Eight-Character Password Could be Cracked in Just a Few Minutes
Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.
Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.
Source: [Techrepublic]
Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.
In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.
The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.
Source: [Dark Reading]
How Executives’ Personal Devices Threaten Business Security
Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.
A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.
Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.
Sources: [Help Net Security] [Security Affairs]
77% of Financial Firms Saw an Increase in Cyber Attack Frequency
According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).
Source: [SecurityMagazine]
Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.
Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.
Source: [Forbes]
Managing Human Cyber Risks Matters Now More Than Ever
As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.
A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.
Source: [Help Net Security]
Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.
The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.
Sources: [Help Net Security] [Security Affairs]
UK Shaken by Major Data Breaches
Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.
Sources: [Telegraph] [Tech Crunch]
Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.
Sources: [ITPro] [Infosecurity Magazine]
Mac Users are Facing More Dangerous Security Threats Than Ever Before
Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.
In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.
Source: [Techradar]
Cyber Attack to Cost Outsourcing Firm Capita up to £25m
Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.
The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.
Source: [Guardian]
Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.
Source: [Financial Express]
Governance, Risk and Compliance
Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)
Managing human cyber risks matters now more than ever - Help Net Security
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian
9 common risk management failures and how to avoid them | TechTarget
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
What happens if cyber insurance becomes unviable? - Raconteur
NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro
Cyber Security Must Focus on the Goals of Criminals (informationweek.com)
Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)
Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)
Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network
It's Time for Cyber security to Talk About Climate Change (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert
Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online
Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro
Data exfiltration is now the go-to cyber extortion strategy - Help Net Security
Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)
Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)
Recent ransomware attacks share curiously similar tactics - Help Net Security
Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)
Navigating the gray zone of ransomware payment practices - Help Net Security
Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)
Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
Best practices for reporting ransomware attacks | TechTarget
Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)
Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com
Ransomware Victims
Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)
Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)
Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)
Phishing & Email Based Attacks
Hackers are targeting top executives to steal their work logins | TechRadar
Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security
9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar
RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online
Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)
How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
White House offers prize money for hacker-thwarting AI (techxplore.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)
In the age of ChatGPT, Macs are under malware assault | Digital Trends
AI can now steal your passwords with almost 100% accuracy | Digital Trends
Microsoft AI Red Team building future of safer AI | Microsoft Security Blog
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
AI hacking gets White House backing; some already go rogue (9to5mac.com)
OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
2FA/MFA
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News
Malware
In the age of ChatGPT, Macs are under malware assault | Digital Trends
Mac users are facing more dangerous security threats than ever before | TechRadar
Threat intelligence's key role in mitigating malware threats - Help Net Security
This PowerPoint could help hackers empty your bank account | Digital Trends
Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)
Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)
CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)
Mobile
Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)
Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International
Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)
How executives' personal devices threaten business security - Help Net Security
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week
Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)
Botnets
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)
How to accelerate and access DDoS protection services using GRE - Help Net Security
Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica
Internet of Things – IoT
Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED
Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)
The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)
Data Breaches/Leaks
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)
UK Electoral Commission hacked by 'hostile actors' | Reuters
PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)
Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Organised Crime & Criminal Actors
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)
Cyber security Must Focus on the Goals of Criminals (informationweek.com)
How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
BlackBerry Discloses Major Crypto-Based Malware - The Tech Report
FBI warns of phishing scams and social media account hijackers (cointelegraph.com)
Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)
Insider Risk and Insider Threats
Managing human cyber risks matters now more than ever - Help Net Security
US Navy sailors charged with stealing secret info for China • The Register
Get consent before you monitor your staff, UK MPs suggest • The Register
Fraud, Scams & Financial Crime
Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly
Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Impersonation Attacks
Insurance
What happens if cyber insurance becomes unviable? - Raconteur
Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
Dark Web
Dark web activity targeting the financial sector - Help Net Security
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
Supply Chain and Third Parties
Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)
37% of third-party applications have high-risk permissions - Help Net Security
Software Supply Chain
Unravelling the importance of software supply chain security - Help Net Security
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
37% of third-party applications have high-risk permissions - Help Net Security
Cloud/SaaS
Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Managing and Securing Distributed Cloud Environments - Security Week
Microsoft 365 guests + Power Apps = security nightmare • The Register
Containers
Identity and Access Management
CrowdStrike observes massive spike in identity-based attacks | TechTarget
Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)
Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)
91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Encryption
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)
Open Source
Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Kemba Walden: We need to secure open source software | TechTarget
Passwords, Credential Stuffing & Brute Force Attacks
How an 8-character password could be cracked in just a few minutes (techrepublic.com)
AI can now steal your passwords with almost 100% accuracy | Digital Trends
US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)
Biometrics
Social Media
Malvertising
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News
Training, Education and Awareness
Managing human cyber risks matters now more than ever - Help Net Security
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Travel
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro
The Problem With Cyber security (and AI Security) Regulation (darkreading.com)
CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week
The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)
America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Models, Frameworks and Standards
NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST
Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru
5 steps to ensure HIPAA compliance on mobile devices | TechTarget
Data Protection
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Careers, Working in Cyber and Information Security
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)
Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security
Law Enforcement Action and Take Downs
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
Privacy, Surveillance and Mass Monitoring
Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update
China drafts rules for using facial recognition data - Japan Today
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
SpaceX's private control of satellite internet concerns military leaders | Space
Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR
Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop
Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)
Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop
US, Ukraine cyber leaders talk resilience, collaboration | TechTarget
Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
China
China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)
Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)
UK security must not be sacrificed to net zero (telegraph.co.uk)
Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia
China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget
Why the China cyber threat demands an airtight public-private response (federaltimes.com)
China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW
China drafts rules for using facial recognition data - Japan Today
US Navy sailors charged with stealing secret info for China • The Register
RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)
US Navy sailors charged with stealing secret info for China • The Register
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Iran
North Korea
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
Misc/Other/Unknown
Vulnerability Management
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week
Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online
Microsoft hits back at Tenable’s criticism of its infosec • The Register
The Four Pillars of Vulnerability Management - GovInfoSecurity
Has Microsoft cut security corners once too often? | Computerworld
Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)
The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)
Vulnerabilities
Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs
Microsoft, Intel lead this month's security fix emissions • The Register
Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)
Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register
Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)
New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)
Google Chrome will get weekly security updates - gHacks Tech News
Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week
Adobe Releases Security Updates for Multiple Products | CISA
New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week
Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)
Tools and Controls
Managing human cyber risks matters now more than ever - Help Net Security
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)
MDR: Empowering Organisations with Enhanced Security (thehackernews.com)
9 common risk management failures and how to avoid them | TechTarget
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)
Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)
Managing and Securing Distributed Cloud Environments - Security Week
How to handle API sprawl and the security threat it poses - Help Net Security
Threat intelligence's key role in mitigating malware threats - Help Net Security
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)
Other News
UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)
Budget constraints threaten cybersecurity in government bodies - Help Net Security
Threat of cyber attacks to national security compared to that of chemical weapons | ITPro
Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News
Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore
Cyber Security Threats From Online Gaming – Analysis – Eurasia Review
Cyber attack cost Interserve more than £11m | News | Building
Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 4th August 2023
Black Arrow Cyber Threat Intelligence Briefing 04 August 2023:
-Top 12 Exploited Vulnerabilities List Highlights Troubling Reality: Many Organisations Still Are Not Patching
-67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
-Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
-The Generative AI War Between Companies and Hackers is Starting
-Spend to Save: The CFO’s Guide to Cyber Security Investment
-Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
-How the Talent Shortage Impacts Cyber Security Leadership
-Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
-Cyber Insurance and the Ransomware Challenge
-Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
-66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
-Startups Should Move Fast and Remember Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching
A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.
This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.
Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]
67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.
A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.
The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Source: [Security Intelligence]
Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.
Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.
Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]
The Generative AI War Between Companies and Hackers is Starting
To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.
A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.
Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.
Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]
Spend to Save: The CFO’s Guide to Cyber Security Investment
As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.
The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.
It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.
Source: [Security Intelligence]
Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.
There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.
Source [CSO Online]
How the Talent Shortage Impacts Cyber Security Leadership
The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.
Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.
The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.
Source: [Security Intelligence]
Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.
Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.
Source: [Security Brief]
Cyber Insurance and the Ransomware Challenge
The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.
While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.
Sources: [RUSI] [Dark Reading]
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.
"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."
Source: [TheHackerNews]
66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.
In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.
Source: [ITSecurityWire]
UK legal Sector at Risk, National Cyber Security Centre Warns
Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.
The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.
Sources: [Todays Conveyancer] [Infosecurity Magazine]
Startups Should Move Fast and Remember Cyber Security
The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.
The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.
Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]
Governance, Risk and Compliance
Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
CISOs Need Backing to Take Charge of Security (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Threats
Ransomware, Extortion and Destructive Attacks
67% of data breaches start with a single click - Help Net Security
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
The race against time in ransomware attacks - Help Net Security
As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)
Ransomware gang increases attacks on insecure MSSQL servers | CSO Online
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber criminals pivot away from ransomware encryption | Computer Weekly
Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Ransomware Victims
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)
Scottish university UWS targeted by cyber attackers - BBC News
Tempur Sealy isolated tech system to contain cyber burglary • The Register
US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)
Phishing & Email Based Attacks
67% of data breaches start with a single click - Help Net Security
Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
UK calls artificial intelligence a “chronic risk” to its national security | CSO Online
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)
Intersection of generative AI, cyber security and digital trust | TechTarget
Hackers are using AI to create vicious malware, says FBI | Digital Trends
The generative A.I. war between companies and hackers is starting (cnbc.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
OWASP Top 10 for LLM applications is out! - Security Affairs
Think tank wants monitoring of China's AI-enabled products • The Register
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica
Organisations want stronger AI regulation amid growing concerns - Help Net Security
Malware
Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)
Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)
Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)
New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security
MacOS malware discovered on Russian dark web forum | Security Magazine
Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)
Mobile
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)
New smartphone vulnerability could allow hackers to track user location (techxplore.com)
Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
Botnets
Denial of Service/DoS/DDOS
Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)
Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)
Russian hackers crash Italian bank websites, cyber agency says | Reuters
"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Cyber security breaches exposed 146 million records - ITSecurityWire
Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)
Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)
Organised Crime & Criminal Actors
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
How Hackers Trick You With Basic Sales Techniques (makeuseof.com)
Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register
Insider Risk and Insider Threats
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
US military battling cyber threats from within and without • The Register
Deepfakes
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
AML/CFT/Sanctions
Insurance
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Dark Web
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Supply Chain and Third Parties
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Software Supply Chain
Cloud/SaaS
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek
Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop
Identity and Access Management
Encryption
Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)
SCARF cipher sets new standards in protecting sensitive data - Help Net Security
Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post
Open Source
Open-source security challenges and complexities - Help Net Security
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
Social media giants on notice over foreign cyber threat (themandarin.com.au)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Travel
Regulations, Fines and Legislation
Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)
CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch
What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget
Organizations want stronger AI regulation amid growing concerns - Help Net Security
Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)
Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra
Models, Frameworks and Standards
OWASP Top 10 for LLM applications is out! - Security Affairs
Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru
What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget
Careers, Working in Cyber and Information Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek
Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru
White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)
Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW
Law Enforcement Action and Take Downs
Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update
FBI: Without Section 702, we can't ID cyber criminals • The Register
Privacy, Surveillance and Mass Monitoring
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica
Tor’s shadowy reputation will only end if we all use it | Engadget
After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)
Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)
Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent
Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times
Russian hackers crash Italian bank websites, cyber agency says | Reuters
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
China
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica
US senator victim-blames Microsoft for Chinese hack • The Register
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)
US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)
Think tank wants monitoring of China's AI-enabled products • The Register
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
US military battling cyber threats from within and without • The Register
Iran
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Relying on CVSS alone is risky for vulnerability management - Help Net Security
40% of Log4j Downloads Still Vulnerable (securityintelligence.com)
What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)
Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)
Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica
Vulnerabilities
Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek
Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)
New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek
Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK
US fears attacks will continue against Ivanti MDM installs • The Register
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)
Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)
Firefox 116: improved upload performance and security fixes - gHacks Tech News
Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop
Tools and Controls
Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek
Data stolen from millions via missing web app access checks • The Register
Keeping the cloud secure with a mindset shift - Help Net Security
Strengthening security in a multi-SaaS cloud environment | TechCrunch
5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)
AI has a place in cyber, but needs effective evaluation | Computer Weekly
Top 5 benefits of SASE to enhance network security | TechTarget
MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert
What is Data Security Posture Management (DSPM)? (thehackernews.com)
Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)
What is an ISMS (Information Security Management System)? | UpGuard
VPNs remain a risky gamble for remote access - Help Net Security
Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Reports Published in the Last Week
Other News
UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)
Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)
How local governments can combat cyber crime - Help Net Security
Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)
Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)
Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek
80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28th July 2023
Black Arrow Cyber Threat Briefing 28 July 2023:
-Half of UK businesses Struggle to Fill Cyber Security Skills Gap as Companies Encounter Months-long Delays in Filling Critical Security Positions
-Deloitte Joins fellow Big Four MOVEit victims PWC, EY as MOVEit Victims Exceeds 500
-Why Cyber Security Should Be Part of Your ESG Strategy
-Lawyers Take Frontline Role in Business Response to Cyber Attacks
-Organisations Face Record $4.5M Per Data Breach Incident
-Cryptojacking Soars as Cyber Attacks Diversify
-Ransomware Attacks Skyrocket in 2023
-Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk
-Protect Your Data Like Your Reputation Depends on It (Because it Does)
-Why CISOs Should Get Involved with Cyber Insurance Negotiation
-Companies Must Have Corporate Cyber Security Experts, SEC Says
-Over 400,000 Corporate Credentials Stolen by Info-stealing Malware
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Half of UK Businesses Struggle to Fill Cyber Security Skills Gap
Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.
In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.
With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725
https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/
Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500
The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.
Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.
https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/
https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/
Why Cyber Security Should Be Part of Your ESG Strategy
Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.
Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.
https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy
Lawyers Take Frontline Role in Business Response to Cyber Attacks
Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.
In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.
https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331
Organisations Face Record $4.5M Per Data Breach Incident
In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.
https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident
Cryptojacking Soars as Cyber Attacks Diversify
According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.
Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.
https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/
Ransomware Attacks Skyrocket in 2023
Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.
The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.
https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/
Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk
Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.
Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.
https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/
https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt
https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/
Protect Your Data Like Your Reputation Depends on It (Because it Does)
Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.
It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.
Why CISOs Should Get Involved with Cyber Insurance Negotiation
Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.
Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.
Companies Must Have Corporate Cyber Security Experts, SEC Says
A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.
The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.
The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.
Over 400,000 Corporate Credentials Stolen by Info-stealing Malware
Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.
With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.
https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023
Governance, Risk and Compliance
Data Breaches Cost Businesses $4.5M on Average (darkreading.com)
Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)
SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)
Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)
Companies encounter months-long delays in filling critical security positions - Help Net Security
Enterprises should layer-up security to avoid legal repercussions - Help Net Security
Explaining risk maturity models and how they work | TechTarget
Why cyber security should be part of your ESG strategy | Computer Weekly
The old “trust but verify” adage should be the motto for every CISO | CSO Online
Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security
Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security
The critical cyber security backup plan too many companies are ignoring (cnbc.com)
Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)
Why Computer Security Advice Is More Confusing Than It Should Be (darkreading.com)
Why whistleblowers in cyber security are important and need support | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Clop now leaks data stolen in MOVEit attacks on clearweb sites (bleepingcomputer.com)
MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method (kroll.com)
Clop Could Make $100m from MOVEit Campaign - Infosecurity Magazine (infosecurity-magazine.com)
The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)
Millions of people's healthcare files accessed by Clop gang • The Register
Ransomware Attacks Skyrocket in Q2 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Local Governments Targeted for Ransomware – How to Prevent Falling Victim (thehackernews.com)
New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)
Dozens of Organisations Targeted by Akira Ransomware - SecurityWeek
The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop
Risk & Repeat: Are data extortion attacks ransomware? | TechTarget
ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)
Ransomware: Sophos says most universities pay | Times Higher Education (THE)
Ransomware Victims
PwC has data leaked on the clear web - Cyber Security Connect
Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews
DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek
Millions of people's healthcare files accessed by Clop gang • The Register
Tampa General Hospital Says Patient Information Stolen in Ransomware Attack - SecurityWeek
Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (therecord.media)
Phishing & Email Based Attacks
Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Stolen Microsoft key may have opened up more than inboxes • The Register
The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)
How to avoid LinkedIn phishing attacks in the enterprise | TechTarget
BEC – Business Email Compromise
Artificial Intelligence
Blocking access to ChatGPT is a short term solution to mitigate risk - Help Net Security
UN Security Council to hold first talks on AI risks | Reuters
Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security
ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation (darkreading.com)
Lots of sensitive data is still being posted to ChatGPT | TechRadar
Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)
Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop
The Good, the Bad and the Ugly of Generative AI - SecurityWeek
OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop
Intel's deepfake detector tested on real and fake videos - BBC News
How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)
Malware
Over 400,000 corporate credentials stolen by info-stealing malware (bleepingcomputer.com)
Infostealer incidents more than doubled in Q1 2023 | SC Media (scmagazine.com)
The Alarming Rise of Infostealers: How to Detect this Silent Threat (thehackernews.com)
Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks (thehackernews.com)
Rust-based malware used to hack both Windows and Linux servers - Neowin
Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)
FIN8 is rewriting its backdoor malware to avoid detection | SC Media (scmagazine.com)
New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)
New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software (thehackernews.com)
Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security
Mobile
Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert
Spyhide stalkerware is spying on tens of thousands of phones | TechCrunch
Botnets
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek
Denial of Service/DoS/DDOS
Critical UK Infrastructures in the crosshairs of DDoS attacks (link11.com)
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)
BYOD
Internet of Things – IoT
Peloton Bugs Expose Enterprise Networks to IoT Attacks (darkreading.com)
Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)
Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats - SecurityWeek
Data Breaches/Leaks
Capita breach class action nears 1,000 sign-ups • The Register
VirusTotal: We're sorry for mistake that exposed 5,000 users • The Register
Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews
NATO investigating apparent breach of unclassified information sharing platform | CyberScoop
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
Nice Suzuki, sport: shame dealer left your data up for grabs - Security Affairs
Johns Hopkins hit with class action lawsuit connected to data breach - CBS Baltimore (cbsnews.com)
Organised Crime & Criminal Actors
The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptojacking soars as cyber attacks increase, diversify - Help Net Security
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)
New Realst macOS malware steals your cryptocurrency wallets (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)
Consumers demand more from businesses when it comes to security - Help Net Security
CISOs gear up to combat the rising threat of B2B fraud - Help Net Security
MPs launch inquiry into prosecution of Norton Motorcycles pension fraud | Crime | The Guardian
Insurance
Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)
Brave New World of Cyber Insurance Meets Old-World Contract Principles | New Jersey Law Journal
Dark Web
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)
Supply Chain and Third Parties
Capita breach class action nears 1,000 sign-ups • The Register
DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)
The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek
Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)
Strengthening the weakest links in the digital supply chain - Help Net Security
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
Supply Chain Attack Hits NHS Ambulance Trusts - Infosecurity Magazine (infosecurity-magazine.com)
Software Supply Chain
Cloud/SaaS
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps (darkreading.com)
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)
Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)
Shadow IT
Encryption
Hacking police radios: 30-year-old crypto flaws in the spotlight – Naked Security (sophos.com)
Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (vice.com)
API
Open Source
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)
Rust-based malware used to hack both Windows and Linux servers - Neowin
Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)
New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)
Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
How to avoid LinkedIn phishing attacks in the enterprise | TechTarget
Stanford researchers find Mastodon has a massive child abuse material problem - The Verge
Training, Education and Awareness
Travel
Parental Controls and Child Safety
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
Stanford researchers find Mastodon has a massive child abuse material problem - The Verge
Regulations, Fines and Legislation
SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)
Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop
Data Protection
More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)
Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)
Careers, Working in Cyber and Information Security
Companies encounter months-long delays in filling critical security positions - Help Net Security
Bridging the cyber security skills gap through cyber range training - Help Net Security
Overcoming the cyber security talent shortage with upskilling initiatives - Help Net Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
Companies Need to Prove They Can Be Trusted with Technology (hbr.org)
Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)
Russian court jails cyber security executive for 14 years in treason case | Reuters
Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian
69% of Russian gamers are pirating after Ukraine invasion pushback | Ars Technica
China
Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Stolen Microsoft key may have opened up more than inboxes • The Register
Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)
The Chinese groups accused of hacking the US and others | Reuters
Industrial Organisations in Eastern Europe Targeted by Chinese Cyber spies - SecurityWeek
Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert
China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)
China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)
US Senator Wyden Accuses Microsoft of ‘Cyber security Negligence’ - SecurityWeek
North Korea
North Korean Cyber spies Target GitHub Developers (darkreading.com)
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
GitHub warns of Lazarus hackers targeting devs with malicious projects (bleepingcomputer.com)
Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)
Misc/Other/Unknown
Vulnerability Management
Google: 41 zero-day vulnerabilities exploited in 2022 | TechTarget
CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem (darkreading.com)
Want to live dangerously? Try running Windows XP in 2023 • The Register
A step-by-step guide for patching software vulnerabilities - Help Net Security
Vulnerabilities
Over 20,000 Citrix Appliances Vulnerable to New Exploit - SecurityWeek
A flaw in OpenSSH forwarded ssh-agent allows remote code execution-Security Affairs
Apple fixes new zero-day used in attacks against iPhones, Macs (bleepingcomputer.com)
Ivanti patches MobileIron zero-day bug exploited in attacks (bleepingcomputer.com)
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica
Apache OpenMeetings Wide Open to Account Takeover, Code Execution (darkreading.com)
Super Admin elevation bug puts 900,000 MikroTik devices at risk (bleepingcomputer.com)
Norwegian government IT systems hacked using zero-day flaw (bleepingcomputer.com)
VMware fixes bug exposing CF API admin credentials in audit logs (bleepingcomputer.com)
Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required (thehackernews.com)
Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)
Atlassian RCE Bugs Plague Confluence, Bamboo (darkreading.com)
Zenbleed attack leaks sensitive data from AMD Zen2 processors (bleepingcomputer.com)
Microsoft shares fix for some Outlook hyperlinks not opening (bleepingcomputer.com)
China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)
Study reveals silent Python package security fixes • The Register
Windows 10 KB5028244 update released with 19 fixes, improved security (bleepingcomputer.com)
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek
Zimbra patches zero-day vulnerability exploited in XSS attacks (bleepingcomputer.com)
WordPress Ninja Forms plugin flaw lets hackers steal submitted data (bleepingcomputer.com)
Two flaws in Linux Ubuntu affect 40% of Ubuntu users - Security Affairs
Tools and Controls
Why cyber security should be part of your ESG strategy | Computer Weekly
Lawyers take frontline role in business response to cyber attacks | Financial Times (ft.com)
Explaining risk maturity models and how they work | TechTarget
Microsoft enhances Windows 11 Phishing Protection with new features (bleepingcomputer.com)
Shadow Coding Is An Intoxicating Shortcut—And A Security Landmine (forbes.com)
Zero trust rated as highly effective by businesses worldwide - Help Net Security
50% of Zero Trust Programs Risk Failure According to PlainID Survey (darkreading.com)
Google Chrome to offer 'Link Previews' when hovering over links (bleepingcomputer.com)
Why are computer security guidelines so confusing? - Help Net Security
Threat Intelligence Is Growing — Here's How SOCs Can Keep Up (darkreading.com)
Designing a Security Strategy for Defending Multicloud Architectures (darkreading.com)
Converging networking and security with SASE - Help Net Security
Artificial Intelligence Continues To Revolutionize Cyber security (forbes.com)
Key factors for effective security automation - Help Net Security
Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)
CISOs consider zero trust a hot security ticket - Help Net Security
How a Cyber Security Platform Addresses the 3 “S” (trendmicro.com)
Reports Published in the Last Week
Other News
Maritime Cyber attack Database Launched by Dutch University - SecurityWeek
Google’s new security pilot program will ban employee Internet access | Ars Technica
macOS Under Attack: Examining the Growing Threat and User Perspectives (thehackernews.com)
Why whistleblowers in cyber security are important and need support | CSO Online
World's most internetty firm tries life off the net • The Register
Exam board cyber attack investigation: Teenager arrested (schoolsweek.co.uk)
Companies Need to Prove They Can Be Trusted with Technology (hbr.org)
Heart monitor manufacturer hit by cyber attack, takes systems offline (bitdefender.com)
Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 July 2023
Black Arrow Cyber Threat Briefing 21 July 2023:
-Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
-MOVEit Body Count Closes in on 400 orgs, 20M+ Individuals
-IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
-Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
-Risk is Driving Medium-Sized Business Decisions
-Talent and Governance, Not Technology, are Key to Drive Change around Cyber Security
-Hybrid Work, Digital Transformation can Exploit Security Gaps
-Human Cyber-Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
-AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
-Pro-Russian Hacktivists Increase Focus on Western Targets
-Infosec Doesn't Know What AI Tools Orgs Are Using
-Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
-Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years
The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.
A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.
https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/
MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals
The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.
The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.
https://www.theregister.com/2023/07/20/moveit_victim_count/
IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer
28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.
Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.
Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs
In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.
A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.
Risk is Driving Medium-Sized Business Decisions
Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.
In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.
Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security
For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.
However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.
This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.
Hybrid Work, Digital Transformation can Exploit Security Gaps
A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.
The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.
Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training
The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.
What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.
AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.
https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/
https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html
Pro-Russian Hacktivists Increase Focus on Western Targets
‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.
The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.
https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/
Infosec Doesn't Know What AI Tools Organisations Are Using
With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.
Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.
https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using
Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk
In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.
Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.
https://www.theregister.com/2023/07/19/google_cuts_internet/
Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset
Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.
The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023
Governance, Risk and Compliance
Risk is Driving Small and Medium-Sized Businesses (SMB) Decisions - MSSP Alert
Stabilising The Cyber security Landscape: The Rise Of vCISOs (forbes.com)
Talent and Governance, not Technology, are Key to Drive Change around Cyber Security - TechNative
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
CISOs are making cyber security a business problem - Help Net Security
Top Information Security Threats for Businesses 2023 (cybersecuritynews.com)
Best practices for an effective cyber security strategy | CSO Online
Exploring the macro shifts in enterprise security - Help Net Security
Google Cloud CISO Phil Venables On Cyber security, Cloud Adoption And The Boardroom (forbes.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro
Ransomware attacks are on the rise—and so are ransom payments (fastcompany.com)
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Cyber security firm Sophos impersonated by new SophosEncrypt ransomware (bleepingcomputer.com)
Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net SecurityFIN8 deploys ALPHV ransomware using Sardonic malware variant (bleepingcomputer.com)
Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security (yahoo.com)
SophosEncrypt Ransomware Fools Security Researchers (darkreading.com)
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks (thehackernews.com)
New Ransomware With RAT Capabilities Impersonating Sophos - SecurityWeek
Google’s Bard poses ransomware risk, say researchers | Cybernews
FIN8 Group spotted delivering the BlackCat Ransomware - Security Affairs
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Ransomware Victims
MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register
Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward | TechCrunch
MOVEit Transfer vulnerability: New Cl0p 'victims' include Discovery (techmonitor.ai)
BlackCat and Clop gangs both claim cyber attack on Estée Lauder | Computer Weekly
Iron ore giant Fortescue Metals targeted by Russian ransomware group | Cybercrime | The Guardian
Russian medical lab suspends some services after ransomware attack (therecord.media)
Recycling Giant Tomra Takes Systems Offline Following Cyber attack - SecurityWeek
Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)
Phishing & Email Based Attacks
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 - MSSP Alert
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | CISA
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
BEC – Business Email Compromise
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT rival WormGPT with ‘no ethical boundaries’ sold to hackers on dark web | The Independent
Infosec Doesn't Know What AI Tools Orgs Are Using (darkreading.com)
AI models must be reconciled with data protection laws • The Register
1 in 4 Brits play with generative AI and some believe it too • The Register
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
AI must have better security, says top cyber official - BBC News
Google Categorises 6 Real-World AI Attacks to Prepare for Now (darkreading.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Google’s Bard poses ransomware risk, say researchers | Cybernews
Malware
Microsoft: Hackers turn Exchange servers into malware control centers (bleepingcomputer.com)
Malicious USB Drives Targeting Global Targets with SOGU and SNOWYDRIVE Malware (thehackernews.com)
Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Hackers Target Gamers With Microsoft-Signed Rootkit (darkreading.com)
Source code of the BlackLotus UEFI Bootkit was leaked on GitHub - Security Affairs
Are Viruses Still a Threat to Cyber security? (makeuseof.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Pernicious Rootkits Pose Growing Blight On Threat Landscape (darkreading.com)
Mobile
Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps (thehackernews.com)
Meta confirms WhatsApp is down worldwide (bleepingcomputer.com)
Botnets
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Denial of Service/DoS/DDOS
Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months | CyberScoop
Attackers intensify DDoS attacks with new tactics - Help Net Security
Internet of Things – IoT
How your internet-connected domestic devices can be a critical tool of cyber attack (mid-day.com)
US preparing Cyber Trust Mark for more secure smart devices (bleepingcomputer.com)
Seven new gadgets added to riskiest connected devices list | SC Media (scmagazine.com)
Data Breaches/Leaks
MOVEit Hack: Number of Impacted Organisations Exceeds 340 - SecurityWeek
Data compromises on track to set a new record - Help Net Security
Virustotal data leak exposed data of some registered customers - Security Affairs
What to do (and what not to do) after a data breach - Help Net Security
Thousands of images on Docker Hub leak auth secrets, private keys (bleepingcomputer.com)
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
LastPass: The lessons we learnt from our devastating breach | TechRadar
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Rogue Azure AD Guests Can Steal Data via Power Apps (darkreading.com)
FIA World Endurance Championship driver passports leaked - Security Affairs
Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)
Colorado State University says data breach impacts students, staff (bleepingcomputer.com)
Organised Crime & Criminal Actors
Only a handful of hackers are responsible for all email extortion attacks | TechRadar
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat - SecurityWeek
Go Beyond the Headlines for Deeper Dives into the Cyber criminal Underground (thehackernews.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)
Former contractor accused of remotely accessing town's water treatment facility | Tripwire
Insider Risk Management Starts With SaaS Security (darkreading.com)
Fraud, Scams & Financial Crime
Growing scam activity linked to social media and automation - Help Net Security
A fresh look at the current state of financial fraud - Help Net Security
Tech support scammers now accepting cash via snail mail • The Register
Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
AML/CFT/Sanctions
Insurance
Cyber insurers adapting to data-centric ransomware threats | TechTarget
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Dark Web
Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)
OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)
Supply Chain and Third Parties
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Supply chain executives unaware of growing customer trust issues - Help Net Security
Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad (trendmicro.com)
Cloud/SaaS
Microsoft makes cloud security logs available for free • The Register
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Hybrid/Remote Working
Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert
Securing The Hybrid Workforce Begins With Browsing (forbes.com)
Attack Surface Management
Identity and Access Management
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
The rise of hassle-free and secure authentication | CyberScoop
Encryption
Real-world examples of quantum-based attacks - Help Net Security
EU Urged to Prepare for Quantum Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Signal president rejects ‘mass surveillance’ UK law | Fortune
API
Docker Leaks API Secrets & Private Keys, as Cyber criminals Pounce (darkreading.com)
API keys: Weaknesses and security best practices | TechTarget
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass: The lessons we learnt from our devastating breach | TechRadar
Millions of Keyboard Walk Patterns Found in Compromised Passwords - IT Security Guru
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)
Social Media
Growing scam activity linked to social media and automation - Help Net Security
Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard
Training, Education and Awareness
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
Companywide Cyber security Training: 20 Tips To Make It ‘Stick’ (forbes.com)
Digital Transformation
Travel
The cruel new holiday scams you need to know about | This is Money
Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)
Regulations, Fines and Legislation
AI models must be reconciled with data protection laws • The Register
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Career Benefits of Learning Ethical Hacking (analyticsinsight.net)
Should You Be Using a Cyber security Careers Framework? (darkreading.com)
Law Enforcement Action and Take Downs
Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek
Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)
Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)
Ukraine's cyber police dismantled a massive bot farm - Security Affairs
Privacy, Surveillance and Mass Monitoring
Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR
Gamaredon hackers start stealing data 30 minutes after a breach (bleepingcomputer.com)
Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog
Microsoft Exchange servers compromised by Turla APT - Help Net Security
Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. | CyberScoop
Elon Musk’s Starlink is putting our soldiers at risk, Ukraine warns (telegraph.co.uk)
Thousands of Russian officials to give up iPhones over US spying fears | Financial Times (ft.com)
Ukraine innovates on cyber defence | Financial Times (ft.com)
China
Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop
China Espionage Operatives Left Empty Handed in Email Heist, White House Official Says - MSSP Alert
Xi wants to make the Great Firewall of China even greater • The Register
North Korea
JumpCloud breach traced back to North Korean state hackers (bleepingcomputer.com)
North Korean hackers breached a US tech company to steal crypto | Reuters
Misc/Other/Unknown
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica
APT Protection: The Key to Safeguarding Your Business (ts2.space)
How to Secure Your OT Network Against Advanced Persistent Threats (APTs) (ts2.space)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
What is Vulnerability Assessment In Cyber security? (gbhackers.com)
Vulnerabilities
Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits (forbes.com)
Microsoft still unsure how hackers stole Azure AD signing key (bleepingcomputer.com)
Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog
New critical Citrix ADC and Gateway flaw exploited as zero-day (bleepingcomputer.com)
OpenSSH Addresses Remote Code Execution Vulnerability: CVE-2023-38408 - VULNERA
Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)
Cisco fixed a critical flaw in SD-WAN vManage - Security Affairs
Hacking campaign targets sites using WordPress WooCommerce Payments Plugin - Security Affairs
Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security (sophos.com)
5 Major Takeaways From Microsoft's July Patch Tuesday (darkreading.com)
Two Jira Plugin Vulnerabilities in Attacker Crosshairs - SecurityWeek
Google says Apple employee found a zero-day but did not report it | TechCrunch
Tools and Controls
Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat
Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)
Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defences (darkreading.com)
A Few More Reasons Why RDP is Insecure (Surprise!) (thehackernews.com)
Enterprise communication security a growing risk, priority | TechTarget
MIT’s Cyber security Metior: A Secret Weapon Against Side-Channel Attacks (scitechdaily.com)
NCSC Shares Alternatives to Using a SOC - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft's security roadmap: Protect Azure DevOps secrets • The Register
CISA shares free tools to help secure data in the cloud (bleepingcomputer.com)
What is the new Enhanced Safe Browsing for Gmail (and should you enable it)? | ZDNET
Insider Risk Management Starts With SaaS Security (darkreading.com)
67% of daily security alerts overwhelm SOC analysts - Help Net Security
Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)
Microsoft makes cloud security logs available for free • The Register
Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek
API keys: Weaknesses and security best practices | TechTarget
Other News
Google restricting internet access to some employees for security (cnbc.com)
Enterprise communication security a growing risk, priority | TechTarget
Healthcare organisations in the crosshairs of cyber attackers - Help Net Security
Broadband consumers demand security and sustainability - Help Net Security
Microsoft Exchange Online hit by new outage blocking emails (bleepingcomputer.com)
Cyber security measures SMBs should implement - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 14 July 2023
Black Arrow Cyber Threat Briefing 14 July 2023:
-Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves
-Helping Boards Understand Cyber Risks
-Enterprise Risk Management Should Inform Cyber Risk Strategies
-Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention
-20% of Malware Attacks Bypass Antivirus Protection
-Ransomware Payments and Extortion Spiked Compared to 2022
-AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers
-Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available
-Scam Page Volumes Surge 304% Annually
-Financial Industry Faces Soaring Ransomware Threat
-The Need for Risk-Based Vulnerability Management to Combat Threats
-Government Agencies Breached in Microsoft 365 Email Attacks
-Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China
-Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves
The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.
Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.
Helping Boards Understand Cyber Risks
A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.
It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.
Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.
https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/
Enterprise Risk Management Should Inform Cyber Risk Strategies
While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.
Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.
Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention
Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.
This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.
The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.
https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/
20% of Malware Attacks Bypass Antivirus Protection
In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.
The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).
Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.
https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/
Ransomware Payments and Extortion Spiked Compared to 2022
A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.
It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.
https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/
AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers
Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.
The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.
Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available
Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.
An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.
https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/
Scam Page Volumes Surge 304% Annually
Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.
It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.
https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/
Financial Industry Faces Soaring Ransomware Threat
The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.
https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/
The Need for Risk-Based Vulnerability Management to Combat Threats
Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.
By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.
Government Agencies Breached in Microsoft 365 Email Attacks
Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.
Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.
Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China
Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.
Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years
Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.
https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/
Governance, Risk and Compliance
CISO perspective on why boards don't fully grasp cyber attack risks - Help Net Security
Top Takeaways From Table Talks With Fortune 100 CISOs (darkreading.com)
AI, trust, and data security are key issues for finance firms and their customers | ZDNET
Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves (darkreading.com)
Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)
Enterprise risk management should inform cyber-risk strategies | TechTarget
Threats
Ransomware, Extortion and Destructive Attacks
Cl0p Hackers Hit Three of the Biggest US Law Firms in Large Ransomware Attack - MSSP Alert
UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach | TechCrunch
Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day | SC Media (scmagazine.com)
Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch
Cyber Extortion Cases Surge 39% Annually - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware payments on record-breaking trajectory for 2023 (bleepingcomputer.com)
Beware of Big Head Ransomware: Spreading Through Fake Windows Updates (thehackernews.com)
Deutsche Bank confirms provider breach exposed customer data (bleepingcomputer.com)
BigHead and RedEnergy ransomware, more MOVEIt problems (cisoseries.com)
Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs
Same code, different ransomware? Leaks kick-start myriad of new variants - Help Net Security
Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley
BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days (thehackernews.com)
Ransomware Victims
Capita admits hackers also stole staff’s personal details (thetimes.co.uk)
Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch
Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)
Barts NHS hack leaves folks on tenterhooks over extortion • The Register
Scottish university cyber attack under investigation | The National
Phishing & Email Based Attacks
New Phishing Attack Spoofs Microsoft 365 Authentication System (hackread.com)
Number of email-based phishing attacks surges 464% - Help Net Security
Chinese hackers compromised emails of US Government agencies- -Security Affairs
Microsoft: Government agencies breached in email attacks | TechTarget
RomCom hackers target NATO Summit attendees in phishing attacks (bleepingcomputer.com)Facebook and Microsoft remain prime targets for spoofing - Help Net Security
Top 10 Email Security Best Practices in 2023 (gbhackers.com)
Other Social Engineering; Smishing, Vishing, etc
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)
Evil QR - A new QR Jacking Attack to Take Over User Accounts (cybersecuritynews.com)
How hackers are now targeting your voice and how to protect yourself | Fox News
Artificial Intelligence
How the EU AI Act Will Affect Businesses, Cyber Security (darkreading.com)
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)
ChatGPT and Cyber Security : 5 Cyber Security Risks of ChatGPT (gbhackers.com)
WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)
How to Safely Architect AI in Your Cyber Security Programs (darkreading.com)
ChatGPT users drop for the first time as people turn to uncensored chatbots | Ars Technica
Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop
Civil society, labor and rights groups express concerns about AI at White House meeting | CyberScoop
2FA/MFA
Malware
20% of malware attacks bypass antivirus protection - Help Net Security
Malware delivery to Microsoft Teams users made easy - Help Net Security
WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)
Truebot Malware Variants Abound, According to CISA Advisory (darkreading.com)
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)
USB drive malware attacks spiking again in first half of 2023 (bleepingcomputer.com)
Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)
Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign (darkreading.com)
Over 100 malicious signed Windows drivers blocked by Microsoft - NotebookCheck.net News
New 'ShadowVault' macOS malware steals passwords, crypto, credit card data | Macworld
BlackLotus UEFI Bootkit Source Code Leaked on GitHub - SecurityWeek
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)
AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)
Serious Security: Rowhammer returns to gaslight your computer – Naked Security (sophos.com)
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)
Mobile
Crooks Evolve Antidetect Tooling for Mobile OS-Based Fraud-Security Affairs
The FCC aims to stop SIM swappers with new rules - The Verge
Google Play will enforce business checks to curb malware submissions (bleepingcomputer.com)
Clever Letscall vishing malware targets Android phones | SC Media (scmagazine.com)
Denial of Service/DoS/DDOS
Industry responses and strategies for navigating the tides of DDoS attacks - Help Net Security
Archive Of Our Own Down: AO3 DDoS Attack Explained - Dataconomy
Internet of Things – IoT
Data Breaches/Leaks
So you gave personal info to a company caught in a data breach. Now what? | CBC News
HCA confirms breach after hacker steals data of 11 million patients (bleepingcomputer.com)
US on Track For Record Number of Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Twitter User Exposes Nickelodeon Data Leak - Infosecurity Magazine (infosecurity-magazine.com)
Capita attackers reportedly stole data from pension fund • The Register
Twenty Manx public authorities reprimanded for data breach - BBC News
Bangladesh government website leaked data of millions of citizens-Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cyber security professional accused of stealing $9M in crypto | TechCrunch
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)
Insider Risk and Insider Threats
How To Protect Your Business From The Security Risks Freelancers Pose (forbes.com)
Former employee charged for attacking water treatment plant (bleepingcomputer.com)
Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley
Fraud, Scams & Financial Crime
E-commerce Fraud Surges By Over 50% Annually - Infosecurity Magazine (infosecurity-magazine.com)
Scam Page Volumes Surge 304% Annually - Infosecurity Magazine (infosecurity-magazine.com)
The FCC aims to stop SIM swappers with new rules - The Verge
Insurance
Dark Web
Supply Chain and Third Parties
Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)
Capita attackers reportedly stole data from pension fund • The Register
MOVEit: Testing the Limits of Supply Chain Security - SecurityWeek
Cloud/SaaS
Only 45% of cloud data is currently encrypted - Help Net Security
Microsoft alleges China behind attack on Exchange Online • The Register
For stronger public cloud data security, use defence in depth | TechTarget
Silentbob Campaign: Cloud-Native Environments Under Attack (thehackernews.com)
Global Retailers Must Keep an Eye on Their SaaS Stack (thehackernews.com)
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)
Decentralized storage emerging as solution to cloud-based attacks | Cybernews
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)
less than half of SMBs use Privileged Access Management- IT Security Guru
Encryption
API
Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)
API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek
Open Source
Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)
The EU’s Product Liability Directive could kill open source | TechRadar
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)
AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek
Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? (darkreading.com)
Travel
Regulations, Fines and Legislation
How the EU AI Act Will Affect Businesses, Cyber security (darkreading.com)
A Cyber Security Wish List Ahead of NATO Summit - SecurityWeek
The EU’s Product Liability Directive could kill open source | TechRadar
Microsoft and AWS caution Ofcom against referring UK cloud market over to CMA | Computer Weekly
Models, Frameworks and Standards
How to map security gaps to the Mitre ATT&CK framework | TechTarget
Get started: Threat modeling with the Mitre ATT&CK framework | TechTarget
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog
Russia-based actor exploited unpatched Office zero day | TechTarget
SolarWinds Attackers Dangle BMWs to Spy on Diplomats (darkreading.com)
Russian state hackers lure Western diplomats with BMW car ads (bleepingcomputer.com)
Killnet Tries Building Russian Hacktivist Clout With Media Stunts (darkreading.com)
Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs
Killer ‘tracked Russian sub commander using Strava jogging app’ (thetimes.co.uk)
Inside the murky world accelerating Russia’s economic meltdown (telegraph.co.uk)
Cyber attacks Against Ukrainians Adjoin NATO Summit in Lithuania - MSSP Alert
Russian Hackers Find Sneaky Way to Infiltrate Embassy Networks in Kyiv (kyivpost.com)
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)
China
Chinese hackers compromised emails of US Government agencies-Security Affairs
UK has ‘no strategy’ to tackle China threat as spies target Britain, report warns | The Independent
Cabinet tensions emerge over labelling China a threat to UK national security (inews.co.uk)
Iran
North Korea
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)
Creating a Patch Management Playbook: 6 Key Questions (darkreading.com)
Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)
Vulnerabilities
MOVEit Transfer customers warned to patch new critical flaw (bleepingcomputer.com)
After Zero-Day Attacks, MOVEit Turns to Security Service Packs - SecurityWeek
Microsoft Warns of Office Zero-Day Attacks, No Patch Available - SecurityWeek
Juniper Networks Patches High-Severity Vulnerabilities in Junos OS - SecurityWeek
Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)
SonicWall warns admins to patch critical auth bypass bugs immediately (bleepingcomputer.com)
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (bleepingcomputer.com)
Russia-based actor exploited unpatched Office zero day | TechTarget
Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems (thehackernews.com)
Raising concerns over Google Authenticator’s new features | TechRadar
Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)
VMware warns of exploit available for critical vRealize RCE bug (bleepingcomputer.com)
Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion - SecurityWeek
Zimbra urges customers to manually fix actively exploited zero-day-Security Affairs
Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek
New StackRot Linux kernel flaw allows privilege escalation (bleepingcomputer.com)
Exploit Code Published for Remote Root Flaw in VMware Logging Software - SecurityWeek
API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek
Experts released PoC exploit for Ubiquiti EdgeRouter flaw-Security Affairs
Critical RCE found in popular Ghostscript open-source PDF library (bleepingcomputer.com)
Citrix fixed a critical flaw in Secure Access Client for Ubuntu-Security Affairs
OT/ICS Vulnerabilities
Tools and Controls
The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)
less than half of SMBs use Privileged Access Management- IT Security Guru
Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)
Enterprise risk management should inform cyber-risk strategies | TechTarget
Infrastructure upgrades alone won't guarantee strong security - Help Net Security
What is a Network Intrusion Protection System (NIPS)? | Definition from TechTarget
Overcoming user resistance to passwordless authentication - Help Net Security
Zero Trust Keeps Digital Attacks From Entering the Real World (darkreading.com)
3 Strategies For Simplifying And Strengthening Your Data Security (forbes.com)
The history, evolution and current state of SIEM | TechTarget
Attack Surface Management: Identify and protect the unknown - Help Net Security
How to Put Generative AI to Work in Your Security Operations Center (darkreading.com)
Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)
Platform Approach to Cyber Security: The New Paradigm (trendmicro.com)
Intrusion Detection & Prevention Systems Guide (trendmicro.com)
Decentralized storage emerging as solution to cloud-based attacks | Cybernews
Wi-Fi AP placement best practices and security policies | TechTarget
For stronger public cloud data security, use defence in depth | TechTarget
Other News
White House Urged to Quickly Nominate National Cyber Director (darkreading.com)
The rise of cyber threats in a digital dystopia | Mint #AskBetterQuestions (livemint.com)
Building the right collective defence against cyber attacks for critical infrastructure | CyberScoop
Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security
White House publishes National Cyber Security Strategy Implementation Plan - Help Net Security
Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 07 July 2023
Black Arrow Cyber Threat Briefing 07 July 2023:
-Cyber Attacks Against Mobile Devices Growing Fast
-One Third of Security Breaches Go Unnoticed by Security Professionals
-Cyber Security Experts Have Become Targets for Board Seats
-Phishing Attack Prevention as Email Attacks Surge Over 450%
-Outsmarting Business Email Compromise Scammers
-Small Organisations Face Security Threats on a Limited Budget
-Cloud Security: Sometimes the Risks May Outweigh the Rewards
-Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks
-75% of Consumers Prepared to Ditch Brands Hit by Ransomware
-Scammers Using AI Voice Technology to Commit Crimes
-What are the Causes of Data Loss and What it the Impact on Your Organisation?
-Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Against Mobile Devices Growing Fast
A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year. The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.
It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.
https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users
One Third of Security Breaches Go Unnoticed by Security Professionals
While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.
The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.
https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/
Cyber Security Experts Have Become Targets for Board Seats
The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.
The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.
CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.
https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html
Phishing Attack Prevention as Email Attacks Surge Over 450%
A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.
In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.
https://cybersecuritynews.com/phishing-attack-prevention-checklist/
Outsmarting Business Email Compromise (BEC) Scammers
Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.
There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.
https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers
Small Organisations Face Security Threats on a Limited Budget
Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.
The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.
https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/
Cloud Security: Sometimes the Risks May Outweigh the Rewards
Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.
Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.
https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/
https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/
Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks
A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.
From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.
https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks
75% of Consumers Prepared to Ditch Brands Hit by Ransomware
As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.
While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.
https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/
Scammers Using AI Voice Technology to Commit Crimes
The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.
The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.
https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/
What are the Causes of Data Loss and What it the Impact on Your Organisation?
In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.
It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.
https://securityaffairs.com/148086/security/impacts-of-data-loss.html
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.
One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.
Governance, Risk and Compliance
Cyber Security experts have become targets for board seats (cnbc.com)
The Impacts of Data Loss on Your Organisation -Security Affairs
One third of security breaches go unnoticed by security professionals - Help Net Security
Small organisations face security threats on a limited budget - Help Net Security
How to cultivate a culture of continuous cyber Security improvement - Help Net Security
CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (darkreading.com)
Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)
Cyber Security's Future Hinges on Stronger Public-Private Partnerships (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of consumers prepared to ditch brands hit by ransomware - Help Net Security
More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)
Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks (darkreading.com)
Encryption-less ransomware: Warning issued over emerging attack method for threat actors | ITPro
Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)
8Base ransomware group leaks data of 67 victim organisations - Help Net Security
Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)
Seven ways to prepare for double extortion ransomware | SC Media (scmagazine.com)
The rise in cyber extortion attacks and its impact on business security - Help Net Security
University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online
Ransomware Criminals Are Dumping Kids' Private Files Online After School Hacks - SecurityWeek
Ransomware accounts for 54% of cyber threats in the health sector- Security Affairs
Avast released a free decryptor for Windows version of Akira ransomware- Security Affairs
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
How ransomware impacts the healthcare industry - Help Net Security
June saw flurry of ransomware attacks on education sector | TechTarget
Decryption tool for Akira ransomware available for free | Tripwire
Japanese Port of Nagoya Resumes Operations After 2-Day Russian Ransomware Attack - MSSP Alert
Ransomware Victims
Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data - SecurityWeek
Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)
Japan’s largest port stops operations after ransomware attack (bleepingcomputer.com)
Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)
8Base ransomware group leaks data of 67 victim organisations - Help Net Security
Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
MOVEit Hacks Ensnare US Department of Health and Human Services - Bloomberg
UCLA among victims of worldwide cyber attack – NBC Los Angeles
BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg
Chipmaker TSMC says supplier targeted in cyber Attack | Reuters
MOVEit hack impacts US financial services provider for academics | SC Media (scmagazine.com)
Phishing & Email Based Attacks
Email Cyber Attacks Spiked Nearly 500% in First Half of 2023, Acronis Reports - MSSP Alert
Phishing Attack Prevention Checklist - A Detailed Guide (cybersecuritynews.com)
African Nations Face Escalating Phishing & Compromised Password Cyber Attacks (darkreading.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Quishing on the rise: How to prevent QR code phishing | TechTarget
Why cyberpsychology is such an important part of effective cyber Security | CSO Online
Artificial Intelligence
Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register
Cyber Criminals can break voice authentication with 99% success rate - Help Net Security
Dutch counterterrorism agency says Generative AI is posing new cyber threats | NL Times
AI-generated attack vectors cyber Security should watch for (fastcompany.com)
OpenAI Pauses ChatGPT's 'Browse With Bing' as Users Bypass Paywalls (gizmodo.com)
Promoting responsible AI: Balancing innovation and regulation - Help Net Security
GPT-4 is great at infuriating telemarketing scammers • The Register
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)
Malware
Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)
Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)
CISA: Truebot malware infecting networks in US, Canada | TechTarget
Mockingjay - A New Injection Technique to Bypass EDR (cybersecuritynews.com)
Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)
Mobile
Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek
Mobile Cyber Attacks Soar, Especially Against Android Users (darkreading.com)
Android users at risk as banking trojan targets more apps | Fox News
Cyber Attacks Against Mobile Devices Growing Fast - MSSP Alert
We can’t trust the Government to protect your privacy, says boss of Signal (telegraph.co.uk)
Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)
Botnets
Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)
Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)
Denial of Service/DoS/DDOS
CISA issues DDoS warning after attacks hit multiple US orgs (bleepingcomputer.com)
Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)
Data Breaches/Leaks
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
Microsoft denies data breach, theft of 30 million customer accounts (bleepingcomputer.com)
Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En
The Impacts of Data Loss on Your Organisation- Security Affairs
Nickelodeon investigates breach after leak of 'decades old’ data (bleepingcomputer.com)
OpenAI lawsuit reignites privacy debate over data scraping | CyberScoop
28,000 Impacted by Data Breach at Pepsi Bottling Ventures - SecurityWeek
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Meduza Stealer targets tens of crypto wallers and pwd managers- Security Affairs
$7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Google Searches for 'USPS Package Tracking' Leads to Banking Theft (darkreading.com)
Support from British businesses crucial in removing over... - NCSC.GOV.UK
GPT-4 is great at infuriating telemarketing scammers • The Register
Ex-Amazon manager who stole $9m+ gets 16 years in prison • The Register
$7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)
Deepfakes
Scammers using AI voice technology to commit crimes - Help Net Security
Cyber Criminals can break voice authentication with 99% success rate - Help Net Security
AML/CFT/Sanctions
Insurance
University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online
Find A Cyber Insurance Policy That Fits Your Small Business Budget (forbes.com)
Cyber insurance rates drop 10% in June, report says | Reuters
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)
How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)
Dark Web
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)
Deep Web vs Dark Web: What’s the Difference? - Keeper (keepersecurity.com)
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)
Japan rebukes Fujitsu for cloud security fails • The Register
IT leaders believe hybrid cloud solutions are the future of IT - Help Net Security
Microsoft investigates Outlook.com bug breaking email search (bleepingcomputer.com)
11 best practices for securing data in the cloud | Microsoft Security Blog
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)
Attack Surface Management
Encryption
Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)
Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
High school changes every student’s password to ‘Ch@ngeme!’ | TechCrunch
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets (thehackernews.com)
Social Media
Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)
EU Court Deals Blow to Meta in German Data Case - SecurityWeek
Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek
EU Court Deals Blow to Meta in German Data Case - SecurityWeek
Promoting responsible AI: Balancing innovation and regulation - Help Net Security
European companies slam the EU’s incoming AI regulations in open letter - The Verge
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Crack the Code: How to Secure Your Dream Cyber Security Career - IT Security Guru
3 Ways to Build a More Skilled Cyber Security Workforce (darkreading.com)
Make Diversity the 'How,' Not the 'What,' of Cyber Security Success (darkreading.com)
CISO Speaks: Resilience and Avoiding Burnout - IT Security Guru
Top 5 Free Online Cyber Security Courses in 2023 (analyticsinsight.net)
ISACA joins ECSO to strengthen cyber Security and digital skills in Europe - Help Net Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
Satellite system used by Russian military is hacked - The Washington Post
Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)
Russian railway site allegedly taken down by Ukrainian hackers (therecord.media)
China
US authorities warn on China’s new counter-espionage la' • The Register
Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research
Chinese threat actor attacks diplomats across Europe • The Register
Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)
Iran
Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools (darkreading.com)
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)
North Korea
Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs
North Korean satellite had no military utility for spying • The Register
Misc/Other/Unknown
Vulnerability Management
Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)
Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)
Vulnerabilities
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug (bleepingcomputer.com)
Microsoft puts out Outlook fire, downplays Teams flaw • The Register
WordPress plugin lets users become admins – Patch early, patch often! – Naked Security (sophos.com)
Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)
Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities - SecurityWeek
Microsoft fixes bug behind Windows LSA protection warnings, again (bleepingcomputer.com)
Cisco warns of bug that lets attackers break traffic encryption (bleepingcomputer.com)
StackRot Linux Kernel Bug Has Exploit Code on the Way (darkreading.com)
Tools and Controls
Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)
Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online
VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek
Small organisations face security threats on a limited budget - Help Net Security
11 best practices for securing data in the cloud | Microsoft Security Blog
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)
How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)
Reports Published in the Last Week
Other News
Foreign spies hacked government 20 years ago (thetimes.co.uk)
GCHQ Reveals Details of State-Backed Breach - Infosecurity Magazine (infosecurity-magazine.com)
Police investigate stolen exam papers after cyber attack (schoolsweek.co.uk)
VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek
Why Schools are Low-Hanging Fruit for Cyber Criminals - IT Security Guru
Hacks targeting British exam boards raise fears of students cheating (therecord.media)
Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En
Is your browser betraying you? Emerging threats in 2023 - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 June 2023
Black Arrow Cyber Threat Briefing 30 June 2023:
-Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible
-Employees Worry Less About Cyber Security Best Practices in the Summer
-Businesses are Ignoring Third-Party Security Risks
-Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back
-Over 130 Organisations and Millions of Individuals Believed to Be Impacted by MOVEit Hack, it Keeps Growing
-Widespread BEC Attacks Threaten European Organisations
-Lloyd’s Syndicates Sued Over Cyber Insurance
-95% Fear Inadequate Cloud Security Detection and Response
-The Growing Use of Generative AI and the Security Risks They Pose
-The CISO’s Toolkit Must Include Political Capital Within The C-Suite
-Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime
-SMBs Plagued by Exploits, Trojans and Backdoors
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible
Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.
The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.
https://cybernews.com/zurich-insurance-data-leak/
Employees Worry Less About Cyber Security Best Practices in the Summer
IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.
In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.
https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/
https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/
Businesses are Ignoring Third-Party Security Risks
With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.
https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/
Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back
When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.
When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.
Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing
The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.
Widespread BEC Attacks Threaten European Organisations
Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.
BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?
This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.
https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/
Lloyd’s Syndicates Sued Over Cyber Insurance
The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.
UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.
95% Fear Inadequate Cloud Security Detection and Response
A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.
It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.
https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/
The Growing Use of Generative AI and the Security Risks They Pose
A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.
Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.
The CISO’s Toolkit Must Include Political Capital Within The C-Suite
Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime
Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.
This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.
https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah
https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html
SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics
Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.
This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.
The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.
https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors
Governance, Risk and Compliance
Businesses are ignoring third-party security risks - Help Net Security
Employees worry less about cyber security best practices in the summer - Help Net Security
Digital-First Economy Has Transformed Role of CISO- IT Security Guru
SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
NCSC Launches Cyber Risk Management Toolbox - Infosecurity Magazine (infosecurity-magazine.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit hackers may have found simpler business model beyond ransomware | SC Media (scmagazine.com)
Dozens of Businesses Hit Recently by '8Base' Ransomware Gang - SecurityWeek
UK cyber spies warn ransomware criminals targeting law firms • The Register
Cl0p in Your Network? Here's How to Find Out (darkreading.com)
July is Ransomware Month: Reminder to Prepare, Defend Against Hijackers - MSSP Alert
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)
Ransomware Victims
Casualties keep growing in this month’s mass exploitation of MOVEit 0-day | Ars Technica
8 Tech And IT Companies Targeted In The MOVEit Attacks | CRN
MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed (bleepingcomputer.com)
Clop names PWC, Ernst & Young, and Sony in MOVEit hack | Cybernews
UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks (darkreading.com)
Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack - SecurityWeek
10 banks alleged victims of ransomware attacks on file transfer software | American Banker
Almost 770,000 Calpers members hit by cyber attack | Financial Times (ft.com)
Ransomware and phishing attacks continue to plague businesses in Singapore | ZDNET
K-12 schools are revisiting their cyber strategies after year of ransomware attacks (axios.com)
Phishing & Email Based Attacks
Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
How a Layered Security Approach Can Minimise Email Threats - MSSP Alert
Less than half of UK banks implement most secure DMARC level | CSO Online
BEC – Business Email Compromise
Widespread BEC attacks threaten European organisations - Help Net Security
The Current State of Business Email Compromise Attacks (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)
Artificial Intelligence
Sharing Your Business’ Data With ChatGPT: How Risky Is It? - MSSP Alert
OpenAI lawsuit: Maker of ChatGPT sued over alleged data usage | CNN Business
Lawyers who cited fake cases invented by ChatGPT must pay • The Register
Generative AI Projects Pose Major Cyber security Risk to Enterprises (darkreading.com)
How to Deploy Generative AI Safely and Responsibly (trendmicro.com)
Generative-AI apps & ChatGPT: Potential risks and mitigation strategies (thehackernews.com)
Does the world need an arms control treaty for AI? | CyberScoop
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)
AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)
2FA/MFA
Malware
SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)
Hackers Use Weaponized PDF Files to Attack Organisations (cybersecuritynews.com)
New Mockingjay Process Injection Technique Could Let Malware Evade Detection (thehackernews.com)
Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online
NSA warns of ‘false sense of security’ against BlackLotus malware (therecord.media)
Trojanized Super Mario Bros game spreads malware- - Security Affairs
New PindOS JavaScript dropper deploys Bumblebee, IcedID malware (bleepingcomputer.com)
NPM Plagued with ‘Manifest Confusion’ Malware-Hiding Weakness (darkreading.com)
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data (thehackernews.com)
North Korean Andariel APT used a new malware named EarlyRat - Security Affairs
Mobile
Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge
Anatsa Android trojan now steals banking info from users in US, UK (bleepingcomputer.com)
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes (thehackernews.com)
Denial of Service/DoS/DDOS
Global rise in DDoS attacks threatens digital infrastructure - Help Net Security
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)
Internet of Things – IoT
Someone sent mysterious smartwatches to US Military personnel - Security Affairs
The tech flaw that lets hackers control surveillance cameras - BBC News
Data Breaches/Leaks
Latitude hit with $1 million lawsuit over data breach (9news.com.au)
Recruitment portal exposes data of US pilot candidates • The Register
3 Steps to Successfully & Ethically Navigate a Data Breach (darkreading.com)
Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek
US Patent Office Data Spill Exposes Trademark Applications (darkreading.com)
Organised Crime & Criminal Actors
2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek
Security analyst wanted by both Russia and the US • The Register
Former Group-IB manager has been arrested in Kazahstan - Security Affairs
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)
JOKERSPY used to target a cryptocurrency exchange in Japan - Security Affairs
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)
Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)
This Chatbot Gives Phone Call Scammers a Taste of Their Own Medicine (pcmag.com)
The robotic falcon maker who was targeted by cyber criminals - BBC News
Deepfakes
Insurance
University of California Sues Lloyd’s Syndicates Over Cyber Insurance - WSJ
Insurance companies using AI for underwriting and due diligence amid cyber threats | Fox Business
How Big Is the Cyber Insurance Market? Can It Keep Growing? | Lawfare (lawfaremedia.org)
Dark Web
Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs
Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities (bleepingcomputer.com)
Supply Chain and Third Parties
Cloud/SaaS
95% fear inadequate cloud security detection and response - Help Net Security
Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online
5 Pitfalls in Cloud Cyber security’s Shared Responsibility Model - MSSP Alert
Uncovering attacker tactics through cloud honeypots - Help Net Security
How hardening Microsoft 365 tenants mitigates potential cloud attacks - Help Net Security
Outlook for the web outage impacts users across America (bleepingcomputer.com)
3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)
Identity and Access Management
Encryption
Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge
Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer
How to stop quantum computers from breaking the internet’s encryption (sciencenews.org)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Travel
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)
US firm 'breached GDPR' by reputation-scoring EU citizens • The Register
JP Morgan accidentally deletes 47 million comms records • The Register
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
SEC notice to SolarWinds CISO and CFO roils cyber security industry | CSO Online
Skill gap plagues cyber security industry as jobs go unfilled | Mint (livemint.com)
Law Enforcement Action and Take Downs
Hacker responsible for 2020 Twitter breach sentenced to prison | TechCrunch
Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs
2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers (thehackernews.com)
Russian Spies, War Ministers Reliant on Cyber Crime in Pariah State (darkreading.com)
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)
Microsoft hackers say they work for Sudan, not Russia | Fortune
'Chinese spy balloon' was 'crammed' with US hardware • The Register
Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group | CyberScoop
China
China's 'Volt Typhoon' APT Now Exploits Zoho ManageEngine (darkreading.com)
'Chinese spy balloon' was 'crammed' with US hardware • The Register
Iran
The potent cyber adversary threatening to further inflame Iranian politics | CyberScoop
From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon (thehackernews.com)
Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer
North Korea
Misc/Other/Unknown
Vulnerability Management
SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)
Remediation Ballet Is a Pas de Deux of Patch and Performance (darkreading.com)
Micropatches: What they are and how they work - Help Net Security
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)
It's 2023 and out-of-bounds write bugs are still number one • The Register
Vulnerabilities
VMware fixed five memory corruption issues in vCenter Server - Security Affairs
US Cyber security Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog (thehackernews.com)
CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks - SecurityWeek
Serious IDOR Vulnerability Found In Microsoft Teams (latesthackingnews.com)
Fortinet fixes critical FortiNAC RCE, install updates asap - Security Affairs
Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain - SecurityWeek
Critical flaw in VMware Aria Operations for Networks sees mass exploitation | CSO Online
Internet Systems Consortium (ISC) fixed three DoS flaw in BIND - Security Affairs
Chrome 114 Update Patches High-Severity Vulnerabilities - SecurityWeek
Grafana warns of critical auth bypass due to Azure AD integration (bleepingcomputer.com)
The tech flaw that lets hackers control surveillance cameras - BBC News
Exploit released for new Arcserve UDP auth bypass vulnerability (bleepingcomputer.com)
Tools and Controls
95% fear inadequate cloud security detection and response - Help Net Security
How a Layered Security Approach Can Minimize Email Threats - MSSP Alert
ITDR Combines and Refines Familiar Cyber security Approaches (darkreading.com)
Uncovering attacker tactics through cloud honeypots - Help Net Security
10 things every CISO needs to know about identity and access management (IAM) | VentureBeat
FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise (darkreading.com)
3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)
Other News
Businesses count the cost of network downtime - Help Net Security
Exploring the persistent threat of cyber attacks on healthcare - Help Net Security
How Can Manufacturers Stop Being The Top Target For Cyber Crime? (informationsecuritybuzz.com)
Ex-FBI employee jailed for mishandling classified material • The Register
Rapid7: Japan Threat Landscape Takes on Global Significance - SecurityWeek
Over 1500 gas stations disrupted in Canada, after energy giant hacked (bitdefender.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23rd June 2023
Black Arrow Cyber Threat Briefing 23 June 2023:
-How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools
-Attackers Discovering Exposed Cloud Assets Within Minutes
-Majority of Users Neglect Best Password Practices
-One in Three Workers Susceptible to Phishing
-Ransomware Misconceptions Abound, to the Benefit of Attackers
-Threat Actors Scale and Commoditise Uncommon Tools and Techniques
-Goodbyes are Difficult, IT Offboarding Processes Make Them Harder
-Security Budget Hikes are Missing the Mark, CISOs Say
-Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security
-Emerging Ransomware Group 8Base Releasing Data on SMBs Globally
-Cyber Security Industry Still Fighting to Recruit and Retain Talent
-Financial Firms to Build Resilience in Face of Growing Cyber-Threats
-Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Security Industry Still Fighting to Recruit and Retain Talent
Cyber security teams are struggling to find the right talent, with the right skills, and to retain experienced employees. The situation is only likely to worsen, as inflation and a tight labour market push up wages. Universities produce graduates with a strong focus on technical knowledge, but not always the broader skills they need to operate in a business environment. This includes the lack of communications skills, understanding of how businesses operate and even emotional intelligence. One solution is to outsource to a corporate cyber security provider or outsource to infill shortages whilst trying to recruit permanent staff.
https://www.infosecurity-magazine.com/news/cybersecurity-industry-recruit/
How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools
The world of managed file transfer (MFT) software has become a lucrative target for ransom-seeking hackers, with significant breaches including those of Accellion Inc's File Transfer Appliance in 2021 and Fortra's GoAnywhere MFT earlier this year. These MFT programs, corporate versions of popular file sharing programs like Dropbox or WeTransfer, are highly desirable to hackers for the sensitive data they often transfer between organisations and partners. The recent mass compromise tied to Progress Software Corp's MOVEit transfer product has prompted governments and companies worldwide to scramble in response.
Hackers are shifting their tactics, with an increasing focus on MFT programs which typically face the open internet, making them more vulnerable to breaches. Once inside these file transfer points, hackers have direct access to a wealth of data. In addition, there's a noticeable shift from ransomware groups encrypting a company's network and demanding payment to unscramble it, to a simpler tactic of pure extortion by threatening to leak the data.
Attackers Discovering Exposed Cloud Assets within Minutes
The shift to cloud services, increased remote work, and reliance on third-parties has led to widespread use of Software-as-a-Service (SaaS) applications. This has also opened avenues for attackers to exploit weak security configurations and identities. Over the past year, attackers have intercepted authorisation tokens, bypassed multifactor authentication, and exploited misconfigured systems, targeting critical applications like GitHub, Microsoft 365, Google Workspace, Slack, and Okta. A study revealed alarmingly fast rates of breach discovery and compromise of exposed cloud assets, with assets being discovered within as little as two minutes for some and others within an hour.
https://www.darkreading.com/dr-tech/growing-saas-usage-means-larger-attack-surface
Majority of Users Neglect Best Password Practices
The latest Password Management Report by Keeper Security has shed light on the concerning state of password security practices. The survey found that only 25% of respondents used solid and unique passwords. In comparison, 34% admitted to using repeat variations of passwords, and 30% still relied on simple and easily guessable passwords. The survey also found that 44% of individuals who claimed to have well-managed passwords still admitted to using repeated variations, while 20% acknowledged having had at least one password involved in a data breach or available on the dark web. The document also revealed that 35% of respondents feel overwhelmed when it comes to improving their cyber security. Furthermore, 10% admitted to neglecting password management altogether. More generally, Keeper Security said the survey’s findings highlight a significant gap between perception and reality regarding password security.
https://www.infosecurity-magazine.com/news/users-neglect-best-password/
One in Three Workers Susceptible to Phishing
More than one in three workers in the UK and Ireland are susceptible to falling for phishing attacks, according to the new 2023 Phishing by Industry Benchmarking Report by KnowBe4. The study found that 35% of users who had received no security training were prone to clicking on suspicious links or engaging in fraudulent actions. Regular training and continual reinforcement can get this figure down but even with training very few organisations ever get click rates down to zero, and you only need one person to click to cause potentially devastating consequences.
Globally, ransomware was responsible for 24% of all data breaches in 2023, with human error accounting for 74% of these incidents. Phishing attacks can often lead to significant reputational damage, financial loss and disruption to business operations.
https://www.infosecurity-magazine.com/news/one-in-three-phishing/
Ransomware Misconceptions Abound, to the Benefit of Attackers
There is a common ransomware misperception that there's no capability to fight this all too common hostage taking of business data. This is not true. Proactive organisations are increasingly making more strategic use of threat intelligence to prevent or disrupt attacks.
Ransomware has evolved into a massive, often state-sponsored, industry where operators buy, develop, and resell ransomware code, infiltrate networks, and collect ransoms. The perception that a speedy response is critical to prevent data encryption and loss is outdated; attackers now focus on data exfiltration, using ransomware as a distraction. They often target smaller organisations that are linked to larger ones through supply chains, using them as stepping stones. It is important to use in-depth defence measures, including email security to prevent phishing and efficient detection and response systems to identify and recover from changes.
Threat Actors Scale and Commoditise Uncommon Tools and Techniques
Proofpoint’s 2023 Human Factor report highlights significant developments in the cyber attack landscape in 2022. Following two years of pandemic-induced disruption, cyber criminals returned to their usual operations, honing their social engineering skills and commoditising once sophisticated attack techniques. There was a noticeable increase in brute-force and targeted attacks on cloud tenants, conversational smishing attacks, and multifactor authentication (MFA) bypasses. Microsoft 365 formed a large part of organisations' attack surfaces and faced broad abuse, from Office macros to OneNote documents.
Despite some advances in security controls, threat actors continue to innovate and scale their bypasses. Techniques like MFA bypass and telephone-oriented attack delivery are now commonplace. Attackers consistently exploit people, who remain the most critical variable in the attack chain.
Goodbyes are Difficult, IT Offboarding Processes Make Them Harder
A recent survey found that 68% of organisations recognise the offboarding process as a major cyber security risk, but only 36% have adequate controls in place to secure data access when employees depart. The study revealed that 60% of organisations have discovered former employees still had access to corporate applications after leaving, and 52% have had security incidents linked to former employees. Interestingly, IT professionals are not always alerted when employees leave, leading to access not being revoked and IT assets being mishandled 34% of the time.
https://www.helpnetsecurity.com/2023/06/19/it-offboarding-processes/
Security Budget Hikes are Missing the Mark, CISOs Say
Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. A recent report found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defences. This lack of understanding shows that a lot of work needs to be done to ensure that information security receives the attention it deserves, especially in the boardroom.
The report found that just 9% of CISOs said information security is always in the top three priorities on the boardroom’s meeting agenda, and less than a quarter (22%) of CISOs are actively participating in business strategy and decision-making processes. Talking to the board about cyber security in a way that is productive can be a significant challenge for CISOs, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organisation.
https://www.csoonline.com/article/3700073/security-budget-hikes-are-missing-the-mark-cisos-say.html
https://www.helpnetsecurity.com/2023/06/22/average-cybersecurity-budget-increase/
Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security
In today’s interconnected world, the threat of cyber attacks is a constant concern for organisations of all sizes and across all industries. Cyber resilience entails not only making it difficult for attackers to infiltrate your systems but also ensuring that your organisation can bounce back quickly and continue operations successfully.
Cyber resilience offers a holistic approach to cyber security, emphasising the ability to withstand and recover from cyber attacks. By adopting the right mindset, leveraging advanced technology, addressing cyber hygiene, and measuring key metrics, organisations can enhance their cyber resilience. Additionally, collaboration within industries and proactive board engagement are crucial for effective risk management. As cyber threats continue to evolve, organisations must prioritise cyber resilience as an ongoing journey, continuously adapting and refining their strategies to stay ahead of malicious actors.
Emerging Ransomware Group 8Base Releasing Confidential Data from SMBs Globally
A ransomware group that operated under the radar for over a year has come to light in recent weeks, thanks to a series of business data leaks on the Dark Web. Since at least April 2022, 8base has been conducting double-extortion attacks against small and midsized businesses (SMBs). It all came to a head in May, when the group dumped data belonging to 67 organisations on the cyber underground.
Not much is known yet about the group's tactics, techniques, and procedures (TTPs), likely due to the low profile of their victims. The victims span science and technology, manufacturing, retail, construction, healthcare, and more, with victims from as far afield as India, Peru, Madagascar and Brazil, amongst others.
https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally
Financial Firms to Build Resilience in Face of Growing Cyber-Threats
Cyber resilience is now a key component of operational resilience for the UK’s financial markets, according to a Bank of England official. Cyber attacks have increased by 38% in 2022, and the range of firms and organisations being impacted seems to grow broader and broader.
Regulators want to see how financial firms will cope with an attack, and its impact on the wider financial services ecosystem. Similar work is being done at an international level by the G7, which has its own cyber expert group. In the UK, the main tools for improving resilience are threat intelligence sharing, better coordination between firms, regulators, the Bank and the Treasury, and penetration testing including CBEST. Financial services firms should have scenario specific playbooks, to set out how to contain intruders and stop them spreading to clients and counterparties. In the past, simulation exercises have been used to model terrorist incidents and pandemics and they are now being used to model cyber attacks.
https://www.infosecurity-magazine.com/news/financial-firms-to-build-resilience/
Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level
The US Securities and Exchange Commission (SEC) is expected to introduce a rule requiring demonstration of cyber security expertise at the board level for public companies. A recent study found that currently up to 90% of companies in the Russell 3000 lack even a single director with the necessary cyber expertise. The simplest and speediest solution would be to promote the existing CISO, provided they have the appropriate qualities and experience, to the board but that would require transplanting a focused operational executive into a strategic business advisory role. A credible alternative is to bring in a cyber focused Non-Executive Director with the appropriate skills and experience.
Governance, Risk and Compliance
Why assessing third parties for security risk is still an unsolved problem | CSO Online
Navigating the Complex World of Cyber security Compliance - MSSP Alert
Security budget hikes are missing the mark, CISOs say | CSO Online
How to Weather the Coming Cyber security Storm - Infosecurity Magazine (infosecurity-magazine.com)
Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)
Increased spending doesn't translate to improved cyber security posture - Help Net Security
Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)
CISOs’ New Stressors Brought on by Digitalization: Report - SecurityWeek
Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek
From details to big picture: how to improve security effectiveness | CIO
IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters
Ransomware Misconceptions Abound, to the Benefit of Attackers (darkreading.com)
US Offers $10m Reward For MOVEit Attackers - Infosecurity Magazine (infosecurity-magazine.com)
Data leak at Australian law firm spooks government, business • The Register
Fresh Ransomware Gangs Emerge As Market Leaders Decline (darkreading.com)
Emerging Ransomware Group 8Base Doxxes SMBs Globally (darkreading.com)
A Russian national charged for committing LockBit Ransomware attacks - Security Affairs
Rorschach Ransomware: What You Need to Know (darkreading.com)
Ransomware is only getting faster: Six steps to a stronger defence (bleepingcomputer.com)
Ransomware gang preys on cancer centers, triggers alert | SC Media (scmagazine.com)
Ransomware attacks pose communications dilemmas for local governments | CSO Online
LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems (darkreading.com)
Ransomware Victims
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek
Hackers threaten to release photos of Beverly Hills plastic surgery patients (bitdefender.com)
Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack - SecurityWeek
BlackCat gang threatens to leak plastic surgery photos • The Register
Reddit confirms BlackCat ransomware gang stole its data • The Register
Adur and Worthing Councils investigating after contractor data breach | The Argus
Iowa’s largest school district confirms ransomware attack, data theft (bleepingcomputer.com)
Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)
USDA is investigating a 'possible data breach' related to global Russian cyber criminal hack | CNN
Avast, Norton Parent Latest Victim of MOVEit Ransomware Attacks (darkreading.com)
MOVEit Vulnerability Breaches Targeted Fed Agencies (trendmicro.com)
Phishing & Email Based Attacks
Cyber crime: what does psychology have to do with phishing? – podcast | Science | The Guardian
Hackers Will Be Quick to Bypass Gmail's Blue Check Verification System (darkreading.com)
UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)
Insurance companies neglect basic email security - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
How generative AI is creating new classes of security threats | VentureBeat
Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces (thehackernews.com)
‘With hackers adopting AI, it’s a cat-and-mouse game’ | Mint (livemint.com)
ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security
Google Tells Employees to Stay Away from Its Bard Chatbot (gizmodo.com)
Malware
Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)
Hackers use fake OnlyFans pics to drop info-stealing malware (bleepingcomputer.com)
Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems (thehackernews.com)
Mysterious Mystic Stealer Spreads Like Wildfire in Mere Months (darkreading.com)
Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)
To kill BlackLotus malware, patching is a good start, but... • The Register
Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)
APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)
USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)
NSA shares tips on blocking BlackLotus UEFI malware attacks (bleepingcomputer.com)
Chinese malware accidentally infects networked storage • The Register
ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)
Mobile
SMS delivery reports can be used to infer recipient's location (bleepingcomputer.com)
Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)
Android spyware camouflaged as VPN, chat apps on Google Play (bleepingcomputer.com)
Botnets
Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online
New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)
Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)
New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)
Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)
Internet of Things – IoT
Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online
Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)
Security for embedded devices is ignored by too many companies, expert says | Fierce Electronics
Our cities are becoming increasingly automated—and we’re not ready (fastcompany.com)
US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)
Data Breaches/Leaks
Data leak at Australian law firm spooks government, business • The Register
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek
Mondelez says crooks stole staff data in security breach • The Register
UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)
Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)
Australia Inc roiled by raft of cyber attacks since late 2022 - The Economic Times (indiatimes.com)
SSD missing from SAP datacenter turns up on eBay • The Register
Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)
Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)
Organised Crime & Criminal Actors
Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)
Cyber attackers Got More Creative Post-Pandemic, Proofpoint Study Finds - MSSP Alert
The Great Exodus to Telegram: A Tour of the New Cyber crime Underground (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)
Blockchain security: Everything you should know for safe use | TechTarget
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Influencers in firing line as France tackles scams - BBC News
Keep Job Scams From Hurting Your Organisation (darkreading.com)
Impersonation Attacks
AML/CFT/Sanctions
Dark Web
Supply Chain and Third Parties
Capita faces first legal Letter of Claim over mega breach • The Register
Why assessing third parties for security risk is still an unsolved problem | CSO Online
Mondelez says crooks stole staff data in security breach • The Register
Untangling the web of supply chain security with Tony Turner - Help Net Security
Software Supply Chain
Cloud/SaaS
Growing SaaS Usage Means Larger Attack Surface (darkreading.com)
Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters
A new threat to financial stability lurks in the cloud | Financial Times (ft.com)
Cloud CISO Perspectives: Early June 2023 | Google Cloud Blog
Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek
Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)
Attackers discovering exposed cloud assets within minutes | TechTarget
Cloud-native security hinges on open source - Help Net Security
Hybrid Microsoft network/cloud legacy settings may impact your future security posture | CSO Online
US cyber ambassador says China can win on AI, cloud • The Register
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
Quantum hacking alert: Critical vulnerabilities found in quantum key distribution (techxplore.com)
The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica
Physics - Long-Range Quantum Cryptography Gets Simpler (aps.org)
API
Open Source
Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)
Cloud-native security hinges on open source - Help Net Security
ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
The future of passwords and authentication - Help Net Security
These are the most hacked passwords. Is yours on the list? | ZDNET
Social Media
Influencers in firing line as France tackles scams - BBC News
Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)
Training, Education and Awareness
Digital Transformation
Regulations, Fines and Legislation
ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security
Bill allowing CISA to assist foreign governments passes Senate committee | SC Media (scmagazine.com)
Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek
Models, Frameworks and Standards
The significance of CIS Control mapping in the 2023 Verizon DBIR - Help Net Security
What is PCI Compliance? 12 Requirements and More Explained | Definition from TechTarget
Secure Disposal
Data Protection
ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security
Consumer Data: The Risk and Reward for Manufacturing Companies (darkreading.com)
IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)
Careers, Working in Cyber and Information Security
8 notable entry-level cyber security career and skills initiatives in 2023 | CSO Online
UK military is struggling to recruit tech experts, says report | Financial Times (ft.com)
Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)
Google announces $20 million investment for cyber clinics | CyberScoop
Law Enforcement Action and Take Downs
Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)
Megaupload duo will go to prison at last, but Kim Dotcom fights on… – Naked Security (sophos.com)
A Russian national charged for committing LockBit Ransomware attacks - Security Affairs
Privacy, Surveillance and Mass Monitoring
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Killnet Threatens Imminent SWIFT, World Banking Attacks (darkreading.com)
A Newly Named Group of GRU Hackers is Wreaking Havoc in Ukraine | WIRED
Russia sent its reserve team to wipe Ukrainian hard drives • The Register
Russian APT Group Caught Hacking Roundcube Email Servers - SecurityWeek
Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)
Russian APT28 hackers breach Ukrainian govt email servers (bleepingcomputer.com)
Strategies for staying ahead of modern cyber warfare - CyberTalk
German intelligence services point to increased hybrid security threats – EURACTIV.com
Nation State Actors
Microsoft Pins Early June DDoS Attacks on Russian-linked Cyber Crew - MSSP Alert
US DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors - SecurityWeek
US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek
USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)
CISA orders govt agencies to patch bugs exploited by Russian hackers (bleepingcomputer.com)
US Cyber Ambassador says China can win on AI, cloud • The Register
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
The Israeli weapons and spyware falling into the hands of despots | Financial Times (ft.com)
The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica
Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times
A Russian national charged for committing LockBit Ransomware attacks - Security Affairs
Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)
APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)
20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks (darkreading.com)
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)
North Korean APT targets defectors, activists with infostealer malware | SC Media (scmagazine.com)
China-sponsored APT group targets government ministries in the Americas | CSO Online
Chinese malware accidentally infects networked storage • The Register
Trellix Detects Leading Threat Actor Countries Behind Nation-State Activity - MSSP Alert
Vulnerability Management
Guess what happened to this US agency that didn't patch? • The Register
EU Council mulls pan-European platform to handle cyber vulnerabilities – EURACTIV.com
Vulnerabilities
VMware warns of critical vRealize flaw exploited in attacks (bleepingcomputer.com)
Microsoft Teams Vulnerability: The GIFShell Attack (latesthackingnews.com)
Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild (darkreading.com)
Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices - Security Affairs
Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)
Chrome and Its Vulnerabilities - Is the Web Browser Safe to Use? - SecurityWeek
Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites - SecurityWeek
SMB Edge Devices Walloped With Asus, Zyxel Patch Warnings (darkreading.com)
VMware fixes vCenter Server bugs allowing code execution, auth bypass (bleepingcomputer.com)
Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands (darkreading.com)
Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek
Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks | TechTarget
ASUS warns router customers: Patch now, or block all inbound requests – Naked Security (sophos.com)
Firmware Backdoor Discovered in Gigabyte Motherboards, Hundreds of Models Affected - CPO Magazine
Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)
A (cautionary) tale of two patched bugs, both under exploit • The Register
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say (bleepingcomputer.com)
Windows 11 KB5027231 also breaks Chrome for Cisco, WatchGuard EDR users (bleepingcomputer.com)
Gaps in Azure Service Fabric’s Security Call for User Vigilance (trendmicro.com)
Tools and Controls
Getting Over the DNS Security Awareness Gap (darkreading.com)
Zscaler CEO: Firewalls Are Going The Way Of The Mainframe | CRN
The future of passwords and authentication - Help Net Security
Increased spending doesn't translate to improved cyber security posture - Help Net Security
Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)
Security investments that help companies navigate the macroeconomic climate - Help Net Security
Reports Published in the Last Week
Other News
Boris Johnson’s notebooks cause national security alarm (thetimes.co.uk)
Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation - SecurityWeek
Cyber attacks on OT, ICS Lay Groundwork for Kinetic Warfare (darkreading.com)
Why CISOs should be concerned about space-based attacks | CSO Online
Legal firms urged to strengthen cyber defences with latest... - NCSC.GOV.UK
GCHQ’s top hacker James Babbage quits to join NCA in blow to UK cyber force (telegraph.co.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 31 March 2023
Black Arrow Cyber Threat Briefing 31 March 2023:
-Phishing Emails Up a Whopping 569% in 2022
-The End User Password Mistakes Putting Your Organisation at Risk
-Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse
-71% of Employees Keep Work Passwords on Personal Devices
-Cyber Crime Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe
-Security Flaws Cost Fifth of Executive’s Businesses
-Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats
-Only 10% of Workers Remember All Their Cyber Security Training
-Silence Gets You Nowhere in a Data Breach
-Just 1% of Cloud Permissions are Actively Used
-Dangerous Misconceptions About Emerging Cyber Threats
-‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Phishing Emails Up a Whopping 569% in 2022
The volume of phishing emails sent in 2022 spiked by a jaw-dropping 569% according to a new report. Based on data from 35 million users, the report details the astronomical rise of email phishing as a tactic among threat actors in 2022. Key findings from the report include the number of credential phishing emails sent spiked by 478% and, for the eighth consecutive year, business email compromise (BEC) ranked as the top cyber crime.
https://www.darkreading.com/attacks-breaches/phishing-emails-up-whopping-569-percent-2022
The End User Password Mistakes Putting Your Organisation at Risk
Businesses rely on their end users, but those same users often don't follow the best security practices. Without the right password security policies, a single end user password mistake can be a costly breach of your organisation's defences. End users want to do their work quickly and efficiently, but sharing, reusing and weak passwords can put your organisation at risk so having the right policies in place is essential for security.
Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse
The risk score for the average company worsened in the past year as companies fail to adapt to data exfiltration techniques and adequately protect web applications. Companies' effective data-exfiltration risk increased to 44 out of 100 (with 100 indicating the riskiest posture) in 2022, from an average score of 30 in the previous year, indicating that the overall risk of data being compromised has increased. That's according to rankings by Cymulate, who crunched data on 1.7 million hours of offensive cyber security testing. The research noted that while many companies are improving the adoption of strict network and group policies, attackers are adapting to sidestep such protections. They also found that four of the top-10 CVEs (known vulnerabilities) identified in customer environments were more than two years old.
https://www.darkreading.com/cloud/millions-pen-tests-companies-security-posture-getting-worse
71% of Employees Keep Work Passwords on Personal Devices
71% of employees store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work, according to a new mobile bring your own device (BYOD) security report this week, with the report also suggesting 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps. With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information. The use of personal devices and personal apps was the direct cause of many high-profile corporate breaches and this is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals as threat actors know there are fewer security controls on personal mobile devices than on corporate ones.
https://www.infosecurity-magazine.com/news/70-employees-keep-work-passwords/
Cyber Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe
More than a year into the war in Ukraine, hackers have extended the cyber battleground to Eastern and Northern Europe with the number of incidents in those geographies spiking noticeably. A new report shows that cyber warfare inside the conflict has “clearly moved on” from the beginnings of the war. Over the last 12 months, the research reports that the majority of incidents only affecting Ukraine in the first quarter of 2022 (50.4%) sank to 28.6% in the third period. But European Union countries have seen a spike in incidents related to the war in the past six months from 9.8% to 46.5%. Indeed, the number of attacks on EU countries in the third quarter of 2022 totalled just slightly less than those in the Ukraine. And, in the first quarter of this year, more than 80% of incidents occurred inside the European Union. Cyber is now a crucial weapon in the arsenal of new instruments of war, alongside disinformation, manipulation of public opinion, economic warfare, sabotage and guerrilla tactics. With the lateralisation of the conflict from Ukraine to the rest of Europe, Western Europe should be wary of possible attacks on critical infrastructure in the short term if the conflict continues to accelerate.
Security Flaws Cost Fifth of Executives New Business
Boards continue to under-appreciate the value of cyber security to the business, despite acknowledging its critical role in winning new business and talent, according to Trend Micro. The security giant polled 2,718 business decision makers globally to compile its Risky Rewards study and it found that half (51%) believe cyber security is a necessary cost but not a revenue contributor. 48% argue that its value is limited to threat prevention and two-fifths (38%) see security as a barrier rather than a business enabler. That’s despite a fifth (19%) acknowledging that poor security posture has already impacted their ability to win new business, and 57% thinking there is a strong connection between cyber and client acquisition.
https://www.infosecurity-magazine.com/news/fifth-execs-security-flaws-cost/
Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats
Insider risk is emerging as one of the most challenging threats for organisations to detect, mitigate and manage, Code42 Software said in its annual Data Exposure Report for 2023. To compile data for the study they surveyed some 700 cyber security leaders, managers and practitioners and whilst more than 72% of companies indicated they have an insider risk management (IRM) program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%. 71% of respondees expect data loss from insider events to increase in the next 12 months. Insider incidents are costing organisations $16 million per incident on average, and chief information security officers (CISOs) say that insider risks are the most challenging type of threat to detect. Data loss from insiders is not a new problem but it has become more complex with workforce turnover and cloud adoption.
Only 10% of Workers Remember All Their Cyber Security Training
New research has found that only 10% of workers remember all their cyber security training. Furthermore, only half of employees are undergoing regular training, and a quarter aren’t receiving any training at all. Organisations should look to carry out effective and regular training that is tailored to their employees to increase the chance of training content being retained, with a programme of ongoing continual reinforcement.
Silence Gets You Nowhere in a Data Breach
In cyber security, the phrase “what they don’t know won’t hurt them” is not only wrong, it’s dangerous. Despite this, it’s a motto that remains in many organisations’ PR playbooks, as demonstrated by the recent LastPass and Fortra data breaches. Smaller companies, too, are employing a silent-treatment approach to data breaches, and cyber attacks are now a fact of doing business with almost half of US organisations having suffered a cyber attack in 2022. Attackers are increasingly targeting smaller businesses due to the fact they are seen as easier targets than large companies.
https://techcrunch.com/2023/03/29/silence-gets-you-nowhere-in-a-data-breach/
Just 1% of Cloud Permissions are Actively Used
According to Microsoft, a surge in workload identities, super admins and “over-permissioning” is driving the increase in cyber risk for organisations. Just 1% of users are using the permissions granted to them for day-to-day work. Worryingly, this leaves a significant number of unnecessary permissions which could be used by an attacker to elevate their privileges.
https://www.infosecurity-magazine.com/news/just-1-of-cloud-permissions-used/
Dangerous Misconceptions About Emerging Cyber Threats
Organisations are leaving common attack paths exposed in their quest to combat emergent threats, according to a new report that delves into the efficacy of different security controls, the most concerning threats as tested by organisations worldwide, and top cyber security best practices for 2023. One of the key findings of the report is that many organisations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats, and whilst this is good, it should not take away from assessing threats and exposures that are more likely actively targeting the business.
https://www.helpnetsecurity.com/2023/03/30/misconceptions-emerging-cyber-threats/
‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
Europol has warned that criminals are set to take advantage of artificial intelligence to commit fraud and other crimes. Europol highlighted that ChatGPT could be used to speed up criminal research, impersonate speech styles for phishing and write code. Furthermore, despite ChatGPT having safeguards, Europol note that these can be circumvented.
https://www.securityweek.com/grim-criminal-abuse-of-chatgpt-is-coming-europol-warns/
Threats
Ransomware, Extortion and Destructive Attacks
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO
Clop Keeps Racking Up Ransomware Victims With GoAnywhere Flaw (darkreading.com)
New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)
Publicly disclosed US ransomware attacks in 2023 | TechTarget
Virgin Group added to Cl0p gang’s victim leak site | Cybernews
New York law firm coughs up $200k after hospital data stolen • The Register
Telecom giant Lumen suffered a ransomware attack-Security Affairs
Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity | Ars Technica
DarkBit puts data from Israel’s Technion university on sale | CSO Online
Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News
Children’s data feared stolen in Fortra ransomware attack | TechCrunch
Phishing & Email Based Attacks
Phishing Emails Up a Whopping 569% in 2022 (darkreading.com)
IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)
These next-level phishing scams use PayPal or Google Docs to steal your data | TechRadar
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)
BEC – Business Email Compromise
BEC scammers are after physical goods, the FBI warns - Help Net Security
Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)
New BEC Tactics Enable Fake Asset Purchases - Infosecurity Magazine (infosecurity-magazine.com)
FBI: Business email compromise tactics used to defraud US vendors (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)
MacStealer macOS malware appears in cyber crime underground--Security Affairs
Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert
Microsoft confirms Defender has gone rogue as it's flagging legit links as malware - Neowin
North Korean malware-spreading, crypto-stealing gang named • The Register
Malware disguised as Tor browser steals $400k in cryptocash • The Register
NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)
Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Realtek and Cacti flaws now actively exploited by malware botnets (bleepingcomputer.com)
AlienFox malware caught in the cloud hen house • The Register
Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)
IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)
Mobile
Android-based banking Trojan Nexus now available as malware-as-a-service | CSO Online
Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)
Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)
Android app from China executed 0-day exploit on millions of devices | Ars Technica
Google again accused of destroying evidence in Android case • The Register
Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)
Samsung keeps ignoring a huge security flaw in millions of Galaxy phones - SamMobile
iOS Vs. Android – Which Is The More Secure Platform? (informationsecuritybuzz.com)
Botnets
Denial of Service/DoS/DDOS
Internet of Things – IoT
Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)
This devious cyber attack can target all your smart speakers without you realizing | TechRadar
Gone in 120 seconds: Tesla Model 3 child's play for hackers • The Register
Data Breaches/Leaks
Fortra told breached companies their data was safe | TechCrunch
Procter & Gamble confirms data theft via GoAnywhere zero-day (bleepingcomputer.com)
New York law firm coughs up $200k after hospital data stolen • The Register
Toyota scrambles to patch customer data leak-Security Affairs
500k Impacted by Data Breach at Debt Buyer NCB - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Malware disguised as Tor browser steals $400k in cryptocash • The Register
NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)
Insider Risk and Insider Threats
Only 10% of workers remember all their cyber security training - IT Security Guru
Data loss from insider events increase despite IRM programs, says study | CSO Online
Stop Blaming the End User for Security Risk (darkreading.com)
Fraud, Scams & Financial Crime
Visa fraud expert outlines the many faces of payment ecosystem fraud - Help Net Security
Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert
Deepfakes
AML/CFT/Sanctions
Insurance
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)
Supply Chain and Third Parties
Hackers compromise 3CX desktop app in a supply chain attack (bleepingcomputer.com)
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)
Cloud/SaaS
Just 1% of Cloud Permissions Are Actively Used - Infosecurity Magazine (infosecurity-magazine.com)
Where SSO Falls Short in Protecting SaaS (thehackernews.com)
CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)
Balancing security risks and innovation potential of shadow IT teams - Help Net Security
AlienFox malware caught in the cloud hen house • The Register
Hybrid/Remote Working
Cyber security focus in second Digital Europe work programme – EURACTIV.com
More companies are watching their remote workers WFH on camera | Fortune
Shadow IT
Identity and Access Management
Encryption
API
Passwords, Credential Stuffing & Brute Force Attacks
The End-User Password Mistakes Putting Your Organisation at Risk (bleepingcomputer.com)
New Research Examines Traffers and the Business of Stolen Credentials - IT Security Guru
Social Media
Training, Education and Awareness
The era of passive cyber security awareness training is over - Help Net Security
Only 10% of workers remember all their cyber security training - IT Security Guru
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
Cyber security vs. Everyone: From Conflict to Collaboration (darkreading.com)
Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)
How cyber security decision-makers perceive cyber resilience - Help Net Security
NCSC issues revised security Board Toolkit for business leaders | Computer Weekly
The CISO Mantra: Get Ready to Do More With Less (darkreading.com)
Models, Frameworks and Standards
Backup and Recovery
Law Enforcement Action and Take Downs
FBI confirms access to Breached cyber crime forum database (bleepingcomputer.com)
UK creates fake DDoS-for-hire sites to identify cyber criminals (bleepingcomputer.com)
Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)
20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison (thehackernews.com)
Privacy, Surveillance and Mass Monitoring
UK Introduces Mass Surveillance With Online Safety Bill - SecurityWeek
FBI Spent Tens of Thousands of Dollars on Bulk Data Collection (gizmodo.com)
Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News
More companies are watching their remote workers WFH on camera | Fortune
Artificial Intelligence
'Grim' Criminal Abuse of ChatGPT is Coming, Europol Warns - SecurityWeek
In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT | WIRED
Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT - SecurityWeek
AI-fuelled search gives more power to the bad guys | CSO Online
Hacker demonstrates security flaws in GPT-4 just one day after launch | VentureBeat
Godfather of AI Says There's a Minor Risk It'll Eliminate Humanity (futurism.com)
Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News
AI has figured out how to draw deepfake hands | The Independent
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Putin and Xi’s plot to control the internet will leave the West in the dust (telegraph.co.uk)
In A Surprise, China-Linked TikTok Grabs Power Norway Needs To Make Ammo (forbes.com)
Cyber crime Front Lines in Russia-Ukraine War Move to Eastern and Northern Europe - MSSP Alert
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
'Bitter' espionage hackers target Chinese nuclear energy orgs (bleepingcomputer.com)
Earth Preta’s Cyber Espionage Campaign Hits Over 200 (trendmicro.com)
Biden White House Issues Executive Order on Commercial Spyware (gizmodo.com)
North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations (thehackernews.com)
Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)
Over 200 Organisations Targeted in Chinese Cyber Espionage Campaign - SecurityWeek
Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits (darkreading.com)
Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Pro-Russian hackers target elected US officials supporting Ukraine | Ars Technica
Russian spies more effective than army, say experts - BBC News
Cyber warfare leaks show Russian army is adopting mindset of secret police | Cyberwar | The Guardian
Nation State Actors
Uncle Sam sent cyber-soldiers to Albania to combat Iran • The Register
Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)
Android app from China executed 0-day exploit on millions of devices | Ars Technica
China urges Apple to improve security and privacy • The Register
North Korean malware-spreading, crypto-stealing gang named • The Register
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Vulnerability Management
What you need before the next vulnerability hits - Help Net Security
Vulnerability management vs. risk management, compared | TechTarget
Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report - SecurityWeek
Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)
Ignoring network automation is a ticking time bomb for security - Help Net Security
Vulnerabilities
Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April - SecurityWeek
Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)
Apple patches everything, including a zero-day fix for iOS 15 users – Naked Security (sophos.com)
QNAP fixed Sudo privilege escalation bug in NAS devices-Security Affairs
Patch Now: Cyber criminals Set Sights on Critical IBM File Transfer Bug (darkreading.com)
Super FabriXss flaw in Microsoft Azure SFX could lead to RCE-Security Affairs
OpenAI quickly fixed account takeover bugs in ChatGPT-Security Affairs
Tools and Controls
Even with defence tools, CISOs say cyber attacks are ‘inevitable’ (techrepublic.com)
The era of passive cyber security awareness training is over - Help Net Security
Only 10% of workers remember all their cyber security training - IT Security Guru
Prioritizing data security amid workforce disruptions - Help Net Security
Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)
For database security it's down to people, not tech fixes • The Register
Known unknowns: Refining your approach to uncategorized web traffic - Help Net Security
Understanding adversaries through dark web intelligence - Help Net Security
Where SSO Falls Short in Protecting SaaS (thehackernews.com)
How Does Data Literacy Enhance Data Security? (darkreading.com)
CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)
With Security Copilot, Microsoft brings the power of AI to cyber defence - Stories
Compare breach and attack simulation vs. penetration testing | TechTarget
Ignoring network automation is a ticking time bomb for security - Help Net Security
Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches | WIRED
Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo (thehackernews.com)
Diagnose your SME’s Cyber security and Scan for Recommendations — ENISA (europa.eu)
Protect your entire business with the right authentication method - Help Net Security
Microsoft Defender is flagging legit URLs as malicious • The Register
Managing security in the cloud through Microsoft Intune | CSO Online
Top 5 SD-WAN Challenges and How to Prepare for Them | TechTarget
Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)
The best defence against cyber threats for lean security teams - Help Net Security
Overcoming obstacles to introduce zero-trust security in established systems - Help Net Security
The foundation of a holistic identity security strategy - Help Net Security
The CISO Mantra: Get Ready to Do More With Less (darkreading.com)
Other News
Hackers changed tactics, went cross-platform in 2022, says Trend Micro | CSO Online
WiFi protocol flaw allows attackers to hijack network traffic (bleepingcomputer.com)
Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)
How CISOs Can Reduce the Danger of Using Data Brokers (darkreading.com)
How Does Data Literacy Enhance Data Security? (darkreading.com)
Microsoft uses carrot and stick with Exchange Online admins • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 March 2023
Black Arrow Cyber Briefing 03 March 2023:
-It’s Time to Evaluate Your Security Education Plan Amongst the Rise in Social Engineering Attacks
-Mobile Users are More Susceptible to Phishing Attacks
-Phishing as a Service Stimulates Cyber Crime
-Attacker Breakout Time Drops to Just 84 Minutes
-Attackers are Developing and Deploying Exploits Faster Than Ever
-Old Vulnerabilities are Haunting Organisations and Aiding Attackers
-Scams Drive Nearly $9bn Fraud Surge in 2022
-Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This
-Cyber Security in This Era of Polycrisis
-Russian Ransomware Projects Rebranded to Avoid Western Sanctions
-Ransomware Attacks Ravaged Big Names in February
-Firms Who Pay Ransom Subsidise New Attacks
-How the Ukraine War Opened a Fault Line in Cyber Crime
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
It’s Time to Evaluate Your Security Education Plan with the Rise in Social Engineering Attacks
Security provider Purplesec found 98% of attacks in 2022 involved an element of social engineering. Social engineering attacks can take many forms including phishing, smishing, vishing and quishing and it’s vital to educate your organisation on how to best prepare for these. Education plans should focusing on educating all levels of users, including those at the top. These plans should also be tested to allow organisations to assess where they are at and identify where they can improve.
Mobile Users are More Susceptible to Phishing Attacks
A report conducted by mobile security provider Lookout focused on the impact of mobile phishing. Some of the key findings from the report included that more than 50% of personal devices were exposed to a mobile phishing attack every quarter, the percentage of users falling for multiple mobile phishing links increasing and an increased targeting of highly regulated industries such as insurance, banking and financial services. It is likely that this has resulted from the increase in relaxed bring your own device (BYOD) policies.
Phishing as a Service Stimulates Cyber Crime
Phishing attacks are at an all-time high and the usage of Phishing as a Service (PaaS) opens this attack technique to virtually anyone. The sale of “phishing kits” and usage of artificial intelligence has further increased the availability of this attack technique. In response, organisations should look to improve their email security, cloud security and education programs for employees.
https://www.trendmicro.com/en_us/ciso/23/c/phishing-as-a-service-phaas.html
Attacker Breakout Time Drops to Just 84 Minutes
The average time it takes for a threat actor to move laterally from a compromised host within an organisation dropped 14% between 2012 and 2022 down to 84 minutes, according to a report by security provider Crowdstrike. With the reduction in time it takes a threat actor to move across systems, organisations have even less time to enact their incident response plans and contain breaches effectively, putting further pressure on the incident response team. By responding quickly, organisations can minimise the cost and damage of a breach. The report from Crowdstrike found that organisations were facing increasing difficulty in detecting suspicious activity as attackers are choosing to use valid organisation credentials rather than malware, to gain access to an organisation’s systems.
https://www.infosecurity-magazine.com/news/attacker-breakout-time-drops-just/
Attackers are Developing and Deploying Exploits Faster Than Ever
A report from security provider Rapid7 found that over 56% of vulnerabilities were exploited within seven days of public disclosure. Worryingly, the median time for exploitation in 2022 was just one day. The finding from the report highlights the need for organisations to not only conduct threat intelligence to be aware of vulnerabilities but to also look to employ patches where possible in a timely manner.
https://www.helpnetsecurity.com/2023/03/03/attackers-developing-deploying-exploits/
Old Vulnerabilities are Haunting Organisations and Aiding Attackers
Known vulnerabilities, vulnerabilities for which patches have already been made available, are one of the primary attack vectors for threat actors. Vulnerability management vendor Tenable found that the top exploited vulnerabilities were originally disclosed as far back as 2017 and organisations that had not applied these patches were at increased risks of attack.
https://www.helpnetsecurity.com/2023/03/03/known-exploitable-vulnerabilities/
Scams Drive Nearly $9bn Fraud Surge in 2022
Americans lost $8.8 billion to fraud last year, with imposter scams responsible for $2.8 billion of that amount, according to the Federal Trade Commission (FTC). Losses to business imposters were particularly damaging, climbing to $660 million from the previous year. Interestingly, the FTC found that younger people reported losing money to fraud the most often.
https://www.infosecurity-magazine.com/news/investment-scams-drive-9bn-in/
Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This
The World Economic Forum’s recent report found that 93% of cyber security leaders and 86% of business leaders think it is moderately or very likely that global geopolitical instability will lead to a catastrophic cyber event in the next two years. Reinforcing this, a report from (ISC)² found that 80% of business executives believe a weakening economy will increase cyber threats and a recession will only amplify this.
Cyber Security in this Era of Polycrisis
A year since Russia invaded Ukraine, the geopolitical context is increasingly tense and volatile. The world faces several major crises in what has been coined a 'polycrisis,' a cluster of global shocks with compounding effects. This, along with increasing geopolitical tensions causes a rise in risk from cyber attacks. In fact, the European Union Agency for Cyber Security (ENISA) recently issued an alert regarding actors conducting malicious cyber activities against businesses and governments in the European Union and findings from Google show a 300% increase in state-sponsored cyber attacks targeting users in NATO countries.
https://www.weforum.org/agenda/2023/02/cybersecurity-in-an-era-of-polycrisis/
Russian Ransomware Projects Rebranded to Avoid Western Sanctions
Research provider TRM labs found that some major Russian-linked ransomware crime gangs have rebranded their activities in 2022 to avoid sanctions. To strengthen their anonymity, two major ransomware crime gangs LockBit and Conti restructured their activities. Conti is reported to have restructured into three smaller groups named Black Besta, BlackByte, Karakurt. LockBit on the other hand launched LockBit 3.0, which is focused on monetary gain. Additionally, the report found that Russian-speaking darknet markets had amassed over $130 million in sales.
https://cryptopotato.com/russian-ransomware-projects-rebranded-to-avoid-western-sanctions-report/
Ransomware Attacks Ravaged Big Names in February
Despite the apparent slight drop in ransomware activity last month, several high profile targets of various industries were hit; this ranges from the likes of the US Marshal Service, retailer WH Smith, satellite provider Dish and many more. These attacks reinforce the concept that any organisation can be a victim, regardless of industry.
Firms Who Pay Ransoms Subsidise New Attacks
A report from security provider Trend Micro found that whilst only a relatively small number of ransomware victims pay their extorters, those that do pay are effectively funding 6-10 new attacks. The report also found that attackers are aware of which industries and countries pay ransoms more often, so organisations belonging to those industries and countries may find themselves an even more attractive target.
https://www.infosecurity-magazine.com/news/firms-pay-ransom-subsidise-10/
How the Ukraine War Opened a Fault Line in Cyber Crime
A report from threat intelligence provider Recorded Future has highlighted the impact that the Russian invasion of Ukraine has had on cyber. Recorded Future explain how a number of threat actor groups fled during the war and in addition to differing political views between groups, there has been a disruption to the cyber environment. In fact, Recorded Future found that Russian-language dark web marketplaces have taken a major hit and the prediction is that the epicentre of cyber crime may shift to English-speaking dark web forums, shops and marketplaces.
https://www.darkreading.com/analytics/ukraine-war-fault-line-cybercrime-forever
Threats
Ransomware, Extortion and Destructive Attacks
Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online
Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Ransomware Attacks: Don’t Let Your Guard Down - SecurityWeek
Ransomware attacks ravaged big names in February | TechTarget
Cyber Insurance Market Back From Brink After Onslaught of Ransomware Attacks (insurancejournal.com)
Royal Mail schools LockBit in leaked negotiation (malwarebytes.com)
'Ethical hacker' among ransomware suspects arrested • The Register
Wiper malware goes global, destructive attacks surge - Help Net Security
A Deep Dive into the Evolution of Ransomware Part 3 (trendmicro.com)
New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware (bleepingcomputer.com)
PureCrypter malware hits govt orgs with ransomware, info-stealers (bleepingcomputer.com)
Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain (thehackernews.com)
Dish Network confirms ransomware attack behind multi-day outage (bleepingcomputer.com)
US Marshals Ransomware Hit Is 'Major' Incident (darkreading.com)
The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)
Vice Society publishes data stolen during Vesuvius ransomware attack • Graham Cluley
US Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities (thehackernews.com)
Phishing & Email Based Attacks
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert
Phishing as a Service Stimulates Cyber crime (trendmicro.com)
BEC – Business Email Compromise
New cyber attack tactics rise up as ransomware payouts increase | CSO Online
Expert strategies for defending against multilingual email-based attacks - Help Net Security
Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan (darkreading.com)
The Top 5 New Social Engineering Attacks in 2023 - (ISC)² Blog (isc2.org)
How to Prevent Callback Phishing Attacks on Your Organization (bleepingcomputer.com)
2FA/MFA
Malware
RIG Exploit Kit still infects enterprise users via Internet Explorer (bleepingcomputer.com)
Exfiltrator-22 Post-Exploitation Toolkit Nips At Cobalt Strike's Heels (darkreading.com)
Malicious package flood on PyPI might be sign of new attacks to come | CSO Online
Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)
It's official: BlackLotus malware can bypass secure boot • The Register
Threat actors target law firms with GootLoader and SocGholish--Security Affairs
Mobile
Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert
Mobile Banking Trojans Surge, Doubling in Volume (darkreading.com)
Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News
Don't be fooled by a pretty icon, malicious apps hide in plain sight - Help Net Security
Denial of Service/DoS/DDOS
Data Breaches/Leaks
LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)
Stanford University discloses data breach affecting PhD applicants (bleepingcomputer.com)
Threat actors leak Activision employee data on hacking forum--Security Affairs
10 US states that suffered the most devastating data breaches in 2022 - Help Net Security
Australian orgs lodged 497 data breach notices in back half of 2022 - Security - iTnews
Hatch Bank discloses data breach after GoAnywhere MFT hack (bleepingcomputer.com)
GunAuction site was hacked and data of 565k accounts were exposed--Security Affairs
Chick-fil-A confirms accounts hacked in months-long "automated" attack (bleepingcomputer.com)
What GoDaddy's Years-Long Breach Means for Millions of Clients (darkreading.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptocurrency Bitcoin mining rig found in school crawlspace • The Register
Highly evasive cryptocurrency miner targets macOS--Security Affairs
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Investment Scams Drive $9bn Fraud Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)
FTC reveals alarming increase in scam activity, costing consumers billions - Help Net Security
Resecurity identified the investment scam network Digital Smoke - Help Net Security
Pig butchering scam explained: Everything you need to know (techtarget.com)
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
Third-party risks overwhelm traditional ERM setups - Help Net Security
Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
Software Supply Chain
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
SBOM is a 'massive galaxy of mess' for supply chain security • The Register
IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)
Cloud/SaaS
How to Tackle the Top SaaS Challenges of 2023 (thehackernews.com)
Cloud incident response: Frameworks and best practices | TechTarget
Security teams have no control over risky SaaS-to-SaaS connections - Help Net Security
It only takes one over-privileged identity to do major damage to a cloud - Help Net Security
SCARLETEEL hackers use advanced cloud skills to steal source code, data (bleepingcomputer.com)
Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)
Google Cloud Platform allows data exfiltration without a (forensic) trace - Help Net Security
What Happened in That Cyber attack? With Some Cloud Services, You May Never Know (darkreading.com)
New Report: Inside the High Risk of Third-Party SaaS Apps (darkreading.com)
Containers
Hybrid/Remote Working
Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)
How to work from home securely, the NSA way (malwarebytes.com)
Encryption
API
Open Source
Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)
Should organisations swear off open-source software altogether? | VentureBeat
IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek
Critical Vulnerabilities Allowed Booking.com Account Takeover - SecurityWeek
Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (darkreading.com)
Social Media
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO
TikTok answers three big cyber-security fears about the app - BBC News
Meta says $725M deal ends all Cambridge Analytica claims; one state disagrees | Ars Technica
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)
Cyber resilience in focus: EU act to set strict standards - Help Net Security
Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)
ML practitioners push for mandatory AI Bill of Rights - Help Net Security
Governance, Risk and Compliance
Third-party risks overwhelm traditional ERM setups - Help Net Security
CISOs Share Their 3 Top Challenges for Cybersecurity Management (darkreading.com)
The Importance of Recession-Proofing Security Operations (darkreading.com)
Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert
CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles - SecurityWeek
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Gartner Prediction: Nearly Half of Cybersecurity Pros Will Change Jobs by 2025 - MSSP Alert
Growing Demand For Skilled Cybersecurity Workforce In Digital Age (informationsecuritybuzz.com)
Partnering With a Cybersecurity Vendor Can Help You Recruit Top Talent - MSSP Alert
CISOs Are Stressed Out and It's Putting Companies at Risk (thehackernews.com)
Law Enforcement Action and Take Downs
'Ethical hacker' among ransomware suspects arrested • The Register
The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)
Privacy, Surveillance and Mass Monitoring
UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)
Press greets Home Office redraft of national security bill with scepticism | Media | The Guardian
The Air Force Is Now Using Facial Recognition Drones (gizmodo.com)
How dog tracker apps are snooping on humans, according to cyber security experts (telegraph.co.uk)
Artificial Intelligence
Generative AI Changes Everything We Know About Cyber attacks (darkreading.com)
ChatGPT is bringing advancements and challenges for cybersecurity - Help Net Security
How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)
ML practitioners push for mandatory AI Bill of Rights - Help Net Security
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)
How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)
Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)
CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
Russian charged with smuggling US counterintel tech • The Register
Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online
China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)
'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek
China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian
Nation State Actors
Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)
How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)
Hacker group defaces Russian websites to display the Kremlin on fire | TechCrunch
Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)
CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)
White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek
Russian charged with smuggling US counterintel tech • The Register
Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online
EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO
China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)
'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek
China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian
TikTok answers three big cyber-security fears about the app - BBC News
Russia bans foreign messaging apps in government organisations (bleepingcomputer.com)
Chinese hackers use new custom backdoor to evade detection (bleepingcomputer.com)
Vulnerability Management
Vulnerabilities
A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica
Hackers are actively exploiting Zoho ManageEngine flaw-Security Affairs
All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million (searchenginejournal.com)
CISA warns of hackers exploiting ZK Java Framework RCE flaw (bleepingcomputer.com)
Cisco patches critical Web UI RCE flaw in multiple IP phones (bleepingcomputer.com)
Aruba Networks fixes six critical vulnerabilities in ArubaOS (bleepingcomputer.com)
Microsoft releases Windows security updates for Intel CPU flaws (bleepingcomputer.com)
Tools and Controls
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)
Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online
The Future of Network Security: Predictive Analytics and ML-Driven Solutions (thehackernews.com)
Microsoft announces automatic BEC, ransomware attack disruption capabilities - Help Net Security
How to use zero trust and IAM to defend against cyber attacks in an economic downturn | VentureBeat
Pentesting No Longer Driven by Regulatory Compliance, New Study Finds - MSSP Alert
Application Security vs. API Security: What is the difference? (thehackernews.com)
Accurately assessing the success of zero-trust initiatives | TechTarget
Other News
Attackers are developing and deploying exploits faster than ever - Help Net Security
Attacker Breakout Time Drops to Just 84 Minutes - Infosecurity Magazine (infosecurity-magazine.com)
Moving target defence must keep cyber attackers guessing - Help Net Security
Covert cyber attacks on the rise as attackers shift tactics for maximum impact - Help Net Security
Dormant accounts are a low-hanging fruit for attackers - Help Net Security
Dish Network goes offline after likely cyber attack, employees cut off (bleepingcomputer.com)
News Corp says state hackers were on its network for two years (bleepingcomputer.com)
UK won the Military Cyberwarfare exercise Defence Cyber Marvel-Security Affairs
To Safeguard Critical Infrastructure, Go Back to Basics (darkreading.com)
Feds accuse Google of destroying evidence in antitrust case • The Register
Microsoft recommending you scan more Exchange server files • The Register
CISA director urges tech sector to stop shipping unsafe products | CyberScoop
Developers can make a great extension of your security team - Help Net Security
2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots (thehackernews.com)
Uncovering the most pressing cybersecurity concerns for SMBs - Help Net Security
Wiz execs: Most overhyped security tool is technology itself • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 February 2023
Black Arrow Cyber Briefing 24 February 2023:
-Employees Bypass Cyber Security Guidance to Achieve Business Objectives
-Three Quarters of Businesses Braced for Serious Email Attack this Year
-The Cost of Living Crisis is Triggering a Wave of Workplace Crime
-Fighting Ransomware with Cyber Security Audits
-Record Levels of Fraud Impacting 90% of Payment Compliance Teams
-CISOs Struggle with Stress and Limited Resources
-Cyber Threats and Regulations Mount for Financial Industry
-HardBit Ransomware Wants Insurance Details to Set the Perfect Price
-Social Engineering is Becoming Increasingly Sophisticated
-A Fifth of Brits Have Fallen Victim to Online Scammers
-Cyber Attacks Hit Data Centres to Steal Information From Companies
-Phishing Fears Ramp Up on Email, Collaboration Platforms
-The War in Ukraine has Shaken up the Cyber Criminal Eco-system
-Police Bust €41m Email Scam Gang
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Employees Bypass Cyber Security Guidance to Achieve Business Objectives
Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.
https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/
Three Quarters of Businesses Braced for Serious Email Attack this Year
According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.
The Cost of Living Crisis is Triggering a Wave of Workplace Crime
Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000. Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.
Fighting Ransomware with Cyber Security Audits
With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.
https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html
Record Levels of Fraud Impacting 90% of Payment Compliance Teams
New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.
CISOs Struggle with Stress and Limited Resources
A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.
https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/
Cyber Threats and Regulations Mount for Financial Industry
Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.
https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry
HardBit Ransomware Wants Insurance Details to Set the Perfect Price
Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.
Social Engineering is Becoming Increasingly Sophisticated
The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.
https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html
A Fifth of Brits Have Fallen Victim to Online Scammers
Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.
https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/
Cyber Attacks Hit Data Centres to Steal Information from Companies
Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.
Phishing Fears Ramp Up on Email, Collaboration Platforms
Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.
The War in Ukraine has Shaken up the Cyber Criminal Eco-System
One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.
Police Bust €41m Email Scam Gang
A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.
https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/
Threats
Ransomware, Extortion and Destructive Attacks
HardBit ransomware wants insurance details to set the perfect price (bleepingcomputer.com)
An Overview of the Global Impact of Ransomware Attacks (bleepingcomputer.com)
Fight Ransomware with a Cyber security Audit (trendmicro.com)
Time to Deploy Ransomware Drops 94% - Infosecurity Magazine (infosecurity-magazine.com)
Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)
A Deep Dive into the Evolution of Ransomware Part 1 (trendmicro.com)
A Deep Dive into the Evolution of Ransomware Part 2 (trendmicro.com)
Guardian staff forced to work out of former brewery after ransomware attack (telegraph.co.uk)
Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers (trendmicro.com)
Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)
GoAnywhere zero-day opened door to Clop ransomware (malwarebytes.com)
Derivatives market still hit by fallout from Ion Markets cyber attack | Financial Times (ft.com)
Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)
IBM: Ransomware defenders showing signs of improvement | TechTarget
ESXiArgs Ransomware Has Spread to 500 New Targets in Europe. Will there be More? - MSSP Alert
Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED
Food giant Dole hit by ransomware, halts North American production temporarily (bitdefender.com)
Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)
Trellix Report: LockBit 3.0 Ransomware "Most Aggressive" with Demands - MSSP Alert
Israel's Top Tech University Targeted by DarkBit Ransomware (darkreading.com)
Lockbit gang hit Portuguese municipal water utility Aguas do Porto-Security Affairs
Student Medical Records Exposed After LAUSD Breach (darkreading.com)
Phishing & Email Based Attacks
Three-quarters of businesses braced for ‘serious’ email attack this year | CSO Online
Phishing Fears Ramp Up on Email, Collaboration Platforms (darkreading.com)
Big rise in 'email thread hijacking' by cyber criminals (rte.ie)
Smishing, vishing and whaling: How phishing scams are evolving | The Star
Microsoft Outlook flooded with spam due to broken email filters (bleepingcomputer.com)
Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek
BEC – Business Email Compromise
Google Translate Helps BEC Groups Scam Companies in Any Language (darkreading.com)
Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering; Smishing, Vishing, etc
Social engineering, deception becomes increasingly sophisticated-Security Affairs
Smishing, vishing and whaling: How phishing scams are evolving | The Star
Coinbase cyber attack targeted employees with fake SMS alert (bleepingcomputer.com)
2FA/MFA
Malware
Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)
Researchers unearth Windows backdoor that’s unusually stealthy | Ars Technica
Researchers warn of 'Havoc' command and control tool • The Register
New WhiskerSpy malware delivered via trojanized codec installer (bleepingcomputer.com)
Frebniis malware abuses Microsoft IIS feature to create a backdoor-Security Affairs
New Stealc malware emerges with a wide set of stealing capabilities (bleepingcomputer.com)
Experts Warn of RambleOn Android Malware Targeting South Korean Journalists (thehackernews.com)
Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)
Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (darkreading.com)
Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (darkreading.com)
Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)
Russian national accused of developing, selling malware appears in US. court | CyberScoop
Defenders on high alert as backdoor attacks become more common - Help Net Security
Mobile
Five easy steps to keep your smartphone safe from hackers | ZDNET
Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities - SecurityWeek
Accidental WhatsApp account takeovers? It's a thing • The Register
Google will boost Android security through firmware hardening (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Sensitive US military emails exposed by unsecured Azure server • The Register
DNA testing firm inks settlement after forgotten DB break-in • The Register
Activision did not notify employees of data breach for months | TechCrunch
GoDaddy blasted for breach response | SC Media (scmagazine.com)
TELUS investigating leak of stolen source code, employee data (bleepingcomputer.com)
Organised Crime & Criminal Actors
The war in Ukraine has shaken up the cyber criminal ecosystem, Google says | ZDNET
Russian cyber crime alliances upended by Ukraine invasion • The Register
Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Norwegian police recover $5.9m crypto stolen by North Korea • The Register
Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek
Coinbase breached by social engineers, employee data stolen – Naked Security (sophos.com)
‘Nevada Group’ hackers target thousands of computer networks | Financial Times (ft.com)
Pirated Final Cut Pro infects your Mac with cryptomining malware (bleepingcomputer.com)
SBF faces four additional charges in FTX collapse case • The Register
Insider Risk and Insider Threats
Employees bypass cyber security guidance to achieve business objectives - Help Net Security
Insider Threats Don't Mean Insiders Are Threatening (darkreading.com)
Insider threats must be top-of-mind for organisations facing layoffs - Help Net Security
Fraud, Scams & Financial Crime
The cost of living crisis is triggering a wave of workplace crime - here's how | UK News | Sky News
FTC: Americans lost $8.8 billion to fraud in 2022 after 30% surge (bleepingcomputer.com)
Europol busts ‘CEO fraud’ gang that stole €38M in a few days (bleepingcomputer.com)
Criminals are flooding the internet with fake advice scams and adware, so watch out | TechRadar
City Fund Managers Jailed for £8m Fraud - Infosecurity Magazine (infosecurity-magazine.com)
Scammers Mimic ChatGPT to Steal Business Credentials (darkreading.com)
SBF faces four additional charges in FTX collapse case • The Register
Insurance
Supply Chain and Third Parties
Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)
3 Steps to Automate Your Third-Party Risk Management Program (thehackernews.com)
Software Supply Chain
Cloud/SaaS
Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat
Four steps SMBs can take to close SaaS security gaps - Help Net Security
Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? (darkreading.com)
Four Reasons Why Web Security is as Important as Endpoint Security for MSSP Clients - MSSP Alert
Containers
Encryption
Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)
7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media (darkreading.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
Malvertising
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Employees bypass cyber security guidance to achieve business objectives - Help Net Security
The financial system is alarmingly vulnerable to cyber attack | Financial Times (ft.com)
Cyber threats, Regulations Mount for Financial Industry (darkreading.com)
Fight Ransomware with a Cyber security Audit (trendmicro.com)
Evolving Threat Landscape Leading to Cyber security Pro “Burnout,” Study Says - MSSP Alert
Benchmarking your cyber security budget in 2023 | VentureBeat
7 reasons to avoid investing in cyber insurance | CSO Online
5 top threats from 2022 most likely to strike in 2023 | CSO Online
Cyber arms race, economic headwinds among top macro cyber security risks for 2023 | CSO Online
Malicious actors push the limits of attack vectors - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
CISOs struggle with stress and limited resources - Help Net Security
Complexity, volume of cyber attacks lead to burnout in security teams - Help Net Security
Law Enforcement Action and Take Downs
Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek
Russian national accused of developing, selling malware appears in US. court | CyberScoop
Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
MLOps Security AI power analysis breaks post-quantum security algorithm ... (eenewseurope.com)
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek
Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs
Russian cybercrime alliances upended by Ukraine invasion • The Register
Musk restricts Starlink for Ukraine, cites World War III | Fortune
America Loves Spying by Balloon, Just Like China (gizmodo.com)
How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek
Russia blames 'hackers' for fake missile strike alerts • The Register
Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
British Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)
Nation State Actors
ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs
The war in Ukraine has shaken up the cybercriminal ecosystem, Google says | ZDNET
Russian cybercrime alliances upended by Ukraine invasion • The Register
Norwegian police recover $5.9m crypto stolen by North Korea • The Register
America Loves Spying by Balloon, Just Like China (gizmodo.com)
EU Organisations Warned of Chinese APT Attacks - SecurityWeek
How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek
Earth Zhulong Familiar Patterns Target Southeast Asian Firms (trendmicro.com)
Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack (trendmicro.com)
Putin Speech Broadcast Temporarily Stopped By DDoS Attack (informationsecuritybuzz.com)
Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED
Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (thehackernews.com)
Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
Vulnerability Management
CVSS system criticized for failure to address real-world impact | The Daily Swig (portswigger.net)
Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)
At least one open source vulnerability found in 84% of code bases: Report | CSO Online
Vulnerabilities
US Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog (thehackernews.com)
SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities - SecurityWeek
A New Kind of Bug Spells Trouble for iOS and macOS Security | WIRED
VMware Patches Critical Vulnerability in Carbon Black App Control Product (thehackernews.com)
PoC exploit code for critical Fortinet FortiNAC bug released online-Security Affairs
Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks - SecurityWeek
Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (bleepingcomputer.com)
Exploitation attempts observed against Fortinet FortiNAC flaw | TechTarget
Researchers find hidden vulnerabilities in hundreds of Docker containers - Help Net Security
Tools and Controls
Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)
Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat
10 Best Network Security Solutions & Providers - 2023 (cybersecuritynews.com)
Why privileged access management should be critical to your security strategy | VentureBeat
The battle for data security now falls on developers; here’s how they can win | VentureBeat
Zero trust, XDR prominent in Gartner’s Hype Cycle for Endpoint Security | VentureBeat
Advantages of the AWS Security Maturity Model (trendmicro.com)
Other News
Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)
NSA shares guidance on how to secure your home network (bleepingcomputer.com)
Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)
Malicious actors push the limits of attack vectors - Help Net Security
Researchers Hijack Popular NPM Package with Millions of Downloads (thehackernews.com)
Justice Department Debuts 'Disruptive Technology Strike Force' (gizmodo.com)
How to Detect New Threats via Suspicious Activities (thehackernews.com)
At least one open source vulnerability found in 84% of code bases: Report | CSO Online
Microsoft urges Exchange admins to remove some antivirus exclusions (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 February 2023
Black Arrow Cyber Threat Briefing 17 February 2023:
-High Risk Users May be Few, but the Threat They Pose is Huge
-The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously
-Cyber Attacks Worldwide Increased to an All-Time Record Breaking High
-Most Organisations Make Cyber Security Decisions Without Insights
-Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities
-Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think
-Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks
-EU Countries Told to Step up Defence Against State Hackers
-Cyber Criminals Exploit Fear and Urgency to Trick Consumers
-How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore
-Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets
-5 Biggest Risks of Using Third Party Managed Service Providers
-Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
High Risk Users May be Few, but the Threat They Pose is Huge
High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.
https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/
The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously
State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.
Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows
According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.
Most Organisations Make Cyber Security Decisions Without Insights
A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.
Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities
Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities. A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.
Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think
Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.
Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks
Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.
https://www.infosecurity-magazine.com/news/bec-groups-multilingual/
EU Countries Told to Step up Defence Against State Hackers
European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.
Cyber Criminals Exploit Fear and Urgency to Trick Consumers
Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.
https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/
How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore
Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.
https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/
Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets
Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.
5 Biggest Risks of Using Third Party Managed Service Providers
As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.
Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands
Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.
https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat
US, UK slap sanctions on Russians linked to Conti and more • The Register
Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (bleepingcomputer.com)
Members of Russian cyber crime network unmasked by US and UK authorities - The Verge
Over 500 ESXiArgs Ransomware infections in one day in Europe-Security Affairs
New ESXi ransomware strain spreads, foils decryption tools | TechTarget
North Korea Using Healthcare Ransomware To Fund More Hacking (informationsecuritybuzz.com)
Cisco Talos spots new MortalKombat ransomware attacks | TechTarget
Hackers Target Israel’s Technion Demanding Huge Sum In Bitcoin - I24NEWS
City of Oakland systems offline after ransomware attack (bleepingcomputer.com)
MTU cyber breach: Probe after ransomware attacks 'like a murder investigation' (irishexaminer.com)
MTU data appears on dark web after cyber attack – The Irish Times
Oakland City Services Struggle to Recover From Ransomware Attack (darkreading.com)
Ransomware gang uses new zero-day to steal data on 1 million patients | TechCrunch
City of Oakland issued state of emergency after ransomware attack-Security Affairs
Glasgow Arnold Clark customers at risk after major cyber attack | HeraldScotland
No relief in sight for ransomware attacks on hospitals | TechTarget
Burton Snowboards cancels online orders after 'cyber incident' (bleepingcomputer.com)
Dallas Central Appraisal District paid $170,000 to ransomware attackers (bitdefender.com)
Phishing & Email Based Attacks
NameCheap's email hacked to send Metamask, DHL phishing emails (bleepingcomputer.com)
Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)
BEC – Business Email Compromise
2FA/MFA
Malware
Experts Warn of Surge in Multipurpose Malware - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft OneNote Abuse for Malware Delivery Surges - Security Week
New TA886 group targets companies with Screenshotter malware-Security Affairs
Novel phishing campaign takes screenshots ahead of payload delivery | SC Media (scmagazine.com)
Great, hackers are now using ChatGPT to generate malware | Digital Trends
Devs targeted by W4SP Stealer malware in malicious PyPi packages (bleepingcomputer.com)
Pepsi distributor blames info-stealing malware for breach • The Register
Malware that can do anything and everything is on the rise - Help Net Security
New stealthy 'Beep' malware focuses heavily on evading detection (bleepingcomputer.com)
Thousands of WordPress sites have been infected by a mystery malware | TechRadar
Beep: New Evasive Malware That Can Escape Under The Radar (informationsecuritybuzz.com)
Hackers start using Havoc post-exploitation framework in attacks (bleepingcomputer.com)
Malware authors leverage more attack techniques that enable lateral movement | CSO Online
Mobile
Botnets
Denial of Service/DoS/DDOS
Cloudflare blocks record-breaking 71 million RPS DDoS attack (bleepingcomputer.com)
87% of largest DDoS attacks in Q4 targeted telecoms: Lumen (fiercetelecom.com)
The Tor network hit by wave of DDoS attacks for at least 7 months-Security Affairs
Internet of Things – IoT
Digital burglaries: The threat from your smart home devices | Fox News
Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs
New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)
Data Breaches
MP’s laptop and iPad stolen from pub in 'worrying' security breach | Metro News
Reddit was hit with a phishing attack. How it responded is a lesson for everyone | ZDNET
Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)
Highmark data breach affecting about 300,000 members exposed personal information to hackers – WPXI
Gulp! Pepsi hack sees personal information stolen by data-stealing malware (bitdefender.com)
Nearly 50 million Americans impacted by health data breaches in 2022 (chiefhealthcareexecutive.com)
My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)
After apparent hack, data from Australian tech giant Atlassian dumped online | CyberScoop
Atlassian: Leaked Data Stolen via Third-Party App (darkreading.com)
Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica
Scandinavian Airlines says cyber attack caused passenger data leak (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cyber crime as a Service: A Subscription-based Model in The Wrong Hands | Splunk
A Hacker’s Mind — how the elites exploit the system | Financial Times (ft.com)
Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)
Russian hacker convicted of $90 million hack-to-trade charges (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (thehackernews.com)
Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)
451 PyPI packages install Chrome extensions to steal crypto (bleepingcomputer.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Russian IT biz owner made $90M from stolen financial info • The Register
Refund and Invoice Scams Surge in Q4 - Infosecurity Magazine (infosecurity-magazine.com)
Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)
Romance scam targets security researcher, hilarity ensues • The Register
10 signs that scammers have you in their sights | WeLiveSecurity
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
How to manage third-party cyber security risks that are too costly to ignore | TechCrunch
5 biggest risks of using third-party services providers | CSO Online
Cloud/SaaS
Cloud security: Where do CSP and client responsibilities begin and end? | VentureBeat
Application and cloud security is a shared responsibility - Help Net Security
Attack Surface Management
Open Source
Configuration Issues in SaltStack IT Tool Put Enterprises at Risk (darkreading.com)
Solving open-source security — from Alpha to Omega | SC Media (scmagazine.com)
New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Eek! You Can Steal Passwords From This Password Manager Using the Notepad App | PCMag
Eurostar forces 'password resets' — then fails and locks users out (bleepingcomputer.com)
My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)
Social Media
Metaverse Adds New Dimensions to Web 3.0 Cyber security | TechRepublic
Elon Musk Seems to Think His Own Employees Are Shadowbanning Him (gizmodo.com)
Malvertising
Training, Education and Awareness
High-risk users may be few, but the threat they pose is huge - Help Net Security
Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)
Regulations, Fines and Legislation
The Online Safety Bill: An attack on encryption (element.io)
As regulations skyrocket, is compliance even possible anymore? - Help Net Security
Governance, Risk and Compliance
Security buyers lack insight into threats, attackers, report finds | Computer Weekly
Cyber attacks Worldwide Increased to an All-Time High, Check Point Research Reveals - MSSP Alert
Actionable intelligence is the key to better security outcomes - Help Net Security
Build Cyber Resiliency With These Security Threat-Mitigation Considerations (darkreading.com)
Evolving cyber attacks, alert fatigue creating DFIR burnout, regulatory risk | CSO Online
As regulations skyrocket, is compliance even possible anymore? - Help Net Security
Storage security for compliance and cyberwar in 2023 • The Register
Backup and Recovery
Careers, Working in Cyber and Information Security
Get hired in cyber security: Expert tips for job seekers - Help Net Security
3 Ways CISOs Can Lead Effectively and Avoid Burnout (darkreading.com)
Cyber security Jobs Remain Secure Despite Recession Fears (darkreading.com)
Law Enforcement Action and Take Downs
Members of Russian cyber crime network unmasked by US and UK authorities - The Verge
Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET
Cyber criminals Bypass ChatGPT Restrictions to Generate Malicious Content - Check Point Software
Great, hackers are now using ChatGPT to generate malware | Digital Trends
Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED
A.I. in the military could be a game changer in warfare | Fortune US issues declaration on responsible use of AI in the military | Reuters
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
EU countries told to step up defence against state hackers | Reuters
Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent
Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | Cyber scoop
Google: Russia continues to set cyber sights on NATO nations | TechTarget
US shoots down ‘high-altitude object’ above Alaska | Financial Times (ft.com)
Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - security Week
SpaceX curbed Ukraine's use of Starlink terminals - Militarnyi
US shoots down ‘octagonal’ flying object near military sites in Michigan | US news | The Guardian
Six companies join US entity list after Chinese spy balloon • The Register
How Alan Turing still casts his genius in the age of cyberwar | Metro News
US warns its citizens in Russia to get out immediately over security fears | Euronews
Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)
Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)
Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED
Albanian gangs set up hundreds of spy cameras to keep ahead of police | Financial Times (ft.com)
A.I. in the military could be a game changer in warfare | Fortune
Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian
China-based cyber espionage actor seen targeting South America | CSO Online
The Lessons From Cyberwar, Cyber-in-War and Ukraine - security Week
Storage security for compliance and cyberwar in 2023 • The Register
Nation State Actors
EU countries told to step up defence against state hackers | Reuters
Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent
Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | CyberScoop
Google: Russia continues to set cyber sights on NATO nations | TechTarget
Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - Security Week
MagicWeb Mystery Highlights Nobelium Attacker's Sophistication (darkreading.com)
Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET
Six companies join US entity list after Chinese spy balloon • The Register
Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)
Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad (thehackernews.com)
Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)
Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian
China-based cyber espionage actor seen targeting South America | CSO Online
UK Policing Riddled with Chinese CCTV Cameras - Infosecurity Magazine (infosecurity-magazine.com)
A new operating system has been released in Russia! (gizchina.com)
Vulnerability Management
Vulnerabilities
Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs – Naked Security (sophos.com)
Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps - Security Week
Adobe Plugs Critical Security Holes in Illustrator, After Effects Software - Security Week
Apple releases new fix for iPhone zero-day exploited by hackers | TechCrunch
Firefox Updates Patch 10 High-Severity Vulnerabilities - Security Week
Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software (thehackernews.com)
Microsoft says Intel driver bug crashes apps on Windows PCs (bleepingcomputer.com)
Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug – Naked Security (sophos.com)
Splunk Enterprise Updates Patch High-Severity Vulnerabilities - Security Week
Dozens of Vulnerabilities Patched in Intel Products - Security Week
High-severity DLP flaw impacts Trellix for Windows | SC Media (scmagazine.com)
Critical Vulnerability Patched in Cisco Security Products - Security Week
Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica
Tools and Controls
A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)
Combining identity and security strategies to mitigate risks - Help Net Security
Defending against attacks on Azure AD: Goodbye firewall, hello identity protection | CSO Online
Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps (thehackernews.com)
Attack surface management (ASM) is not limited to the surface - Help Net Security
How to filter Security log events for signs of trouble | TechTarget
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Black Arrow Cyber Threat Briefing 10 February 2023
Black Arrow Cyber Threat Briefing 10 February 2023:
-Companies Banned from Paying Hackers After Attacks on Royal Mail and Guardian
-Fraud Set to Be Upgraded as a Threat to National Security
-98% of Attacks are Not Reported by Employees to their Employers
-UK Second Most Targeted Nation Behind America for Ransomware
-Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks
-An Email Attack Can End Up Costing You Over $1 Million
-Cyber Crime Shows No Signs of Slowing Down
-Surge of Swatting Attacks Targets Corporate Executive and Board Members
-Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom
-Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn
-Crypto Investors Lost Nearly $4 Billion to Hackers in 2022
-PayPal and Twitter Abused in Turkey Relief Donation Scams
-Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian
British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.
UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.
Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.
The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.
Fraud Set to Be Upgraded as a Threat to National Security
Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.
It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.
It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.
https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/
98% of Attacks are Not Reported by Employees to their Employers
Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.
UK Second Most Targeted Nation Behind America for Ransomware
Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.
Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks
This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.
An Email Attack Can End Up Costing You Over $1 Million
According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.
https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/
Cyber Crime Shows No Signs of Slowing Down
Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.
https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down
Surge of Swatting Attacks Targets Corporate Executive and Board Members
Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.
Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom
Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.
https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead
Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn
A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.
https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks
Crypto Investors Lost Nearly $4 Billion to Hackers in 2022
Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.
PayPal and Twitter Abused in Turkey Relief Donation Scams
Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.
Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers
For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.
Threats
Ransomware, Extortion and Destructive Attacks
UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online
US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek
UK second most targeted nation behind America for Ransomware - IT Security Guru
Hackers who breached ION say ransom paid; company declines comment | Reuters
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (bleepingcomputer.com)
Royal Ransomware adds support for encrypting Linux, VMware ESXi systems-security affairs
Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualisation Risks (darkreading.com)
Lessons Learned on Ransomware Prevention from the Rackspace Attack (bleepingcomputer.com)
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek
Ransomware Revolution: 4 Types of Cyber Risks in 2023 (trendmicro.com)
Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget
Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)
Nevada Ransomware has released upgraded locker - Help Net Security
Italy, France and Singapore Warn of a Spike in ESXI Ransomware-security affairs
Massive ransomware attack targets VMware ESXi servers worldwide | CSO Online
LockBit ransomware gang claims Royal Mail cyber ttack (bleepingcomputer.com)
Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)
New Linux variant of Clop Ransomware uses a flawed encryption-security affairs
After Hive takedown, could the LockBit ransomware crew be the next to fall? | CyberScoop
Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack (gizmodo.com)
Largest Canadian bookstore Indigo shuts down site after cyber ttack (bleepingcomputer.com)
Hackers hit Vesuvius, UK engineering company shuts down affected systems • Graham Cluley
MKS Instruments falls victim to ransomware attack | CSO Online
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | CyberScoop
Phishing & Email Based Attacks
Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)
Employees Fail to Report 98% of Email Cyber Hacks To Security Teams, Study Finds - MSSP Alert
An email attack can end up costing you over $1 million - Help Net Security
What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)
How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)
Cyber criminals exploit volatile job market for targeted email attacks - Help Net Security
'Phishing-as-a-service' kits drive uptick in theft: One business owner's story (cnbc.com)
Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)
NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)
BEC – Business Email Compromise
Malware
Hacker develops new 'Screenshotter' malware to find high-value targets (bleepingcomputer.com)
Threat group targets over 1,000 companies with screenshotting and infostealing malware | CSO Online
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek
Android mobile devices from top vendors in China have pre-installed malware-security affairs
Hackers backdoor Windows devices in Sliver and BYOVD attacks (bleepingcomputer.com)
GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (thehackernews.com)
Novel Banking Trojan 'PixPirate' Targets Brazil - Infosecurity Magazine (infosecurity-magazine.com)
New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)
Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (thehackernews.com)
Mobile
Android mobile devices from top vendors in China have pre-installed malware-security affairs
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek
Android phones from Chinese vendors share private data • The Register
'Money Lover' Finance App Exposes User Data (darkreading.com)
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
Android 14 to block malware from abusing sensitive permissions (bleepingcomputer.com)
UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)
Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek
Denial of Service/DoS/DDOS
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
Tor and I2P networks hit by wave of ongoing DDoS attacks (bleepingcomputer.com)
Experts published a list of proxy IPs used by the group Killnet-security affairs
Internet of Things – IoT
Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)
Security manufacturer’s smart cameras went dark for two hours (mybroadband.co.za)
Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek
NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)
Data Breaches/Leaks
Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)
Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (bleepingcomputer.com)
20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder - SecurityWeek
Over 12% of analysed online stores expose private data, backups (bleepingcomputer.com)
'Money Lover' Finance App Exposes User Data (darkreading.com)
Reddit Suffers Security Breach Exposing Internal Documents and Source Code (thehackernews.com)
Organised Crime & Criminal Actors
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)
Minister: Cyber crimes Now 20% of Spain’s Registered Offenses - SecurityWeek
Finland’s Most-Wanted Hacker Nabbed in France – Krebs on Security
Australian Man Sentenced for Scam Related to Optus Hack - SecurityWeek
Bungling Optus scammer was no criminal mastermind • Graham Cluley
Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto investors lost nearly $4 billion to hackers in 2022 (cnbc.com)
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)
Avraham Eisenberg in court accused of crypto exchange crash • The Register
Crypto Drainers Are Ready to Ransack Investor Wallets (darkreading.com)
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
FTX Being Advised by Cyber security Firm Sygnia on Hack Inquiry, CEO Ray Says (coindesk.com)
Scammers steal $4 million in crypto during in-person meeting • The Register
Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs (trendmicro.com)
Insider Risk and Insider Threats
Another RAC staffer nabbed for sharing road accident data • The Register
Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (bitdefender.com)
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Fraud, Scams & Financial Crime
PayPal and Twitter abused in Turkey relief donation scams (bleepingcomputer.com)
Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)
Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
As V-Day nears: Romance scams cost victims $1.3B last year • The Register
What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)
Father killed himself after falling victim to romance scam | News | The Times
'Brushing' scams send people free items, but could be a warning sign about a data breach - ABC News
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
Banks leave doors open for scammers with flaws in online security | This is Money
Trio Arrested in COVID PPE Fraud Probe - Infosecurity Magazine (infosecurity-magazine.com)
Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs
Impersonation Attacks
What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)
HTML smuggling campaigns impersonate well-known brands to deliver malware | CSO Online
AML/CFT/Sanctions
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online
US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek
Insurance
Tackling the New Cyber Insurance Requirements: Can Your Organisation Comply? (thehackernews.com)
How to Optimise Your Cyber Insurance Coverage (darkreading.com)
Dark Web
BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow (informationsecuritybuzz.com)
Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Supply Chain and Third Parties
Have we learnt nothing from SolarWinds supply chain attacks? • The Register
Vulnerability Provided Access to Toyota Supplier Management Network - SecurityWeek
Software Supply Chain
Cloud/SaaS
Cloud Apps Still Demand Way More Privileges Than They Use (darkreading.com)
Amazon S3 to apply security best practices for all new buckets - Help Net Security
Why Some Cloud Services Vulnerabilities Are So Hard to Fix (darkreading.com)
Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)
7 Critical Cloud Threats Facing the Enterprise in 2023 (darkreading.com)
Hybrid/Remote Working
Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)
Predictions For Securing Today's Hybrid Workforce (darkreading.com)
Identity and Access Management
Encryption
It Isn't Time to Worry About Quantum Computing Just Yet (darkreading.com)
UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)
API
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis? (darkreading.com)
Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs
Malvertising
Training, Education and Awareness
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Infosec Launches New Office Comedy Themed Security Awareness Training Series (darkreading.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)
While governments pass privacy laws, companies struggle to change - Help Net Security
Prioritising Cyber security Regulation Harmonisation (darkreading.com)
Governance, Risk and Compliance
Quarter of CFOs Have Suffered $1m+ Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)
Trends that impact on organisations' 2023 security priorities - Help Net Security
With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)
Optimising Cyber security Investments in a Constrained Spending Environment (darkreading.com)
Surge of swatting attacks targets corporate executives and board members | CSO Online
Lessons From the Cold War: How Quality Trumps Quantity in Cyber security (darkreading.com)
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Models, Frameworks and Standards
Data Protection
Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)
While governments pass privacy laws, companies struggle to change - Help Net Security
Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)
Law Enforcement Action and Take Downs
European Police Arrest 42 After Cracking Covert App - SecurityWeek
Eurocops shut down Exclu encrypted messaging app • The Register
Finnish psychotherapy extortion suspect arrested in France – Naked Security (sophos.com)
Privacy, Surveillance and Mass Monitoring
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
Steps To Planning And Implementation Of Data Privacy (informationsecuritybuzz.com)
ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica
Artificial Intelligence
Adversaries Using OpenAI’s ChatGPT Chatbot for Cyber Attacks? Here are Some Clues - MSSP Alert
Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)
IT Leaders Reveal Cyber Fears Around ChatGPT - Infosecurity Magazine (infosecurity-magazine.com)
How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)
ChatGPT's potential to aid attackers puts IT pros on high alert - Help Net Security
Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica
ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica
Jailbreak Trick Breaks ChatGPT Content Safeguards (darkreading.com)
Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)
Google's Bard AI bot mistake wipes $100bn off shares - BBC News
$120bn wiped off Google after Bard AI chatbot gives wrong answer (telegraph.co.uk)
Why ChatGPT Isn't a Death Sentence for Cyber Defenders (darkreading.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Pro-Russian hacktivist group Killnet could just be getting started (axios.com)
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
Android mobile devices from top vendors in China have pre-installed malware-security affairs
China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
What is hybrid warfare? Inside the centre dealing with modern threats - BBC News
DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)
Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)
The impact of Russia's Ukraine invasion on digital threats - Help Net Security
Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)
Spies, Hackers, Informants: How China Snoops on the US - SecurityWeek
US teases new China tech sanctions to deflate balloon-makers • The Register
Nation State Actors
Pro-Russian hacktivist group Killnet could just be getting started (axios.com)
With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
Android mobile devices from top vendors in China have pre-installed malware-security affairs
China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)
Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op - SecurityWeek
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
Android phones from Chinese vendors share private data • The Register
DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)
SNP MP Stewart McDonald's emails hacked by Russian group - BBC News
Australia to remove Chinese surveillance cameras amid security fears - BBC News
Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
UN Experts: North Korean Hackers Stole Record Virtual Assets - SecurityWeek
Mysterious Russian satellites are now breaking apart in low-Earth orbit | Ars Technica
The impact of Russia's Ukraine invasion on digital threats - Help Net Security
Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)
Experts published a list of proxy IPs used by the group Killnet-security affairs
NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)
US teases new China tech sanctions to deflate balloon-makers • The Register
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | Cyber scoop
Vulnerability Management
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition | CSO Online
Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)
Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget
How to fix the top 5 cyber security vulnerabilities | TechTarget
20 Powerful Vulnerability Scanning Tools In 2023 (informationsecuritybuzz.com)
Vulnerabilities
High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)
GoAnywhere MFT Users Warned of Zero-Day Exploit - SecurityWeek
Serious security hole plugged in infosec tool binwalk | The Daily Swig (portswigger.net)
Cisco fixed command injection bug in IOx Application Hosting Environment-security affairs
Vulnerability In F5 BIG-IP May Cause DoS And Code Execution (informationsecuritybuzz.com)
GoAnywhere MFT zero-day flaw actively exploited-security affairs
Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release-security affairs
Critical vulnerability patched in Jira Service Management Server and Data Center | CSO Online
Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (thehackernews.com)
Exploit released for actively exploited GoAnywhere MFT zero-day (bleepingcomputer.com)
Patch Released for Actively Exploited GoAnywhere MFT Zero-Day - SecurityWeek
Unpatched Security Flaws Disclosed in Multiple Document Management Systems (thehackernews.com)
SonicWall warns web content filtering is broken on Windows 11 22H2 (bleepingcomputer.com)
OpenSSL Fixes Multiple New Security Flaws with Latest Update (thehackernews.com)
Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek
Tools and Controls
Other News
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
How to Think Like a Hacker and Stay Ahead of Threats (thehackernews.com)
Surge of swatting a attacks targets corporate executives and board members | CSO Online
Bermuda: Major Internet And Power Outage Strikes (informationsecuritybuzz.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 February 2023
Black Arrow Cyber Threat Briefing 03 February 2023:
-Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief
-Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks
-The Corporate World is Losing its Grip on Cyber Risk
-Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks
-Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023
-The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will come from the Inside
-98% of Organisations Have a Supply Chain Relationship That Has Been Breached
-New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
-Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation
-Financial Services Targeted in 28% of UK Cyber Attacks Last Year
-Phishing Attacks are Getting Scarily Sophisticated. Here’s what to Watch Out For
-City of London on High Alert After Ransomware Attack
-Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk
-JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief
Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC). Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.
Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject. When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks
Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.
"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.
BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.
The Corporate World is Losing its Grip on Cyber Risk
Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.
But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.
But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”
The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.
https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906
Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks
Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.
Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.
Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.
Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.
Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk
With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.
Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk. The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.
Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023
Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year.
In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.
The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside
A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training.
98% of Organisations Have a Supply Chain Relationship That Has Been Breached
A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.
In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.
Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation
The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.
The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable. It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.
Financial Services Targeted in 28% of UK Cyber Attacks Last Year
Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.
https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/
Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For
Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.
The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.
City of London on High Alert After Ransomware Attack
A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.
https://www.infosecurity-magazine.com/news/city-of-london-high-alert/
JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack
Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.
JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.
https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79
Threats
Ransomware, Extortion and Destructive Attacks
City Of London Traders Hit By Russia-Linked Cyber Attack (informationsecuritybuzz.com)
New Nevada Ransomware targets Windows and VMware ESXi systems (bleepingcomputer.com)
US puts a $10m bounty on Hive while Russia shuts down access • The Register
Copycat Criminals mimicking Lockbit gang in northern Europe security affairs
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
Cyber Attack Hits Derivatives Unit of Trading Software Firm ION - Bloomberg
Regulators weigh in on ION attack as LockBit takes credit • The Register
New Mimic Ransomware Abuses Windows Search Engine (cyber securitynews.com)
Stratford University discloses ransomware attack — but which ransomware attack? (databreaches.net)
Schools don't pay, but ransomware attacks still increasing | TechTarget
Poser Hackers Impersonate LockBit in SMB Cyber attacks (darkreading.com)
Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget
Nevada Ransomware Has Released Upgraded Locker security affairs
LockBit Green ransomware variant borrows code from Conti one security affairs
Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com)
Ransomware attacks on public sector persist in January | TechTarget
Ransomware attack on data firm ION could take days to fix -sources | Reuters
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online
Phishing & Email Based Attacks
Phishing attacks are getting scarily sophisticated. Here's what to watch out for | ZDNET
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status (darkreading.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
How Can Disrupting DNS Communications Thwart a Malware Attack? (darkreading.com)
Hackers use new IceBreaker malware to breach gaming companies (bleepingcomputer.com)
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)
PoS malware can block contactless payments to steal credit cards (bleepingcomputer.com)
HeadCrab malware targets Redis to mine cryptocurrency | TechTarget
Malvertising attacks are distributing .NET malware loaders • The Register
Hackers weaponize Microsoft Visual Studio add-ins to push malware (bleepingcomputer.com)
Mobile
Google Fi data breach let hackers carry out SIM swap attacks (bleepingcomputer.com)
Over 1,800 Android phishing forms for sale on cyber crime market (bleepingcomputer.com)
Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News
Botnets
Denial of Service/DoS/DDOS
Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)
New DDoS-as-a-Service platform used in recent attacks on hospitals (bleepingcomputer.com)
Internet of Things – IoT
IoT, connected devices biggest contributors to expanding application attack surface | CSO Online
European IoT Manufacturers Lag in Vulnerability Disclosure (databreachtoday.co.uk)
Anker finally comes clean about its Eufy security cameras - The Verge
Data Breaches/Leaks
JD Sports warns data of 10mn customers put at risk in cyber attack | Financial Times (ft.com)
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)
Planet Ice hacked! 240,000 skating fans' details stolen (bitdefender.com)
Organised Crime & Criminal Actors
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
Cyber crime Ecosystem Spawns Lucrative Underground Gig Economy (darkreading.com)
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert
Report on hackers' salaries shows poor wages for developers • The Register
6 Examples of the Evolution of a Scam Site (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
HeadCrab malware targets Redis to mine cryptocurrency | TechTarget
Insider Risk and Insider Threats
Insider attacks becoming more frequent, more difficult to detect - Help Net Security
Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)
The next cyber threat may come from within - Help Net Security
Insider threats: The cyber risks lurking in the dark (betanews.com)
Former Ubiquiti dev pleads guilty to data theft, extortion • The Register
Fraud, Scams & Financial Crime
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Russian Millionaire on Trial in Hack, Insider Trade Scheme - SecurityWeek
6 Examples of the Evolution of a Scam Site (darkreading.com)
Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank | Tripwire
Romance Fraudsters Have Stolen £65m From Brits Since 2020 (informationsecuritybuzz.com)
Impersonation Attacks
AML/CFT/Sanctions
Insurance
Dark Web
There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert
Report on hackers' salaries shows poor wages for developers • The Register
Supply Chain and Third Parties
98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis - SecurityWeek
Cyber attack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? - MSSP Alert
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs | CSO Online
CISA to Open Supply Chain Risk Management Office (darkreading.com)
Cloud/SaaS
Misconfiguration and vulnerabilities biggest risks in cloud security: Report | CSO Online
Hybrid cloud storage security challenges - Help Net Security
Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security
Containers
Encryption
Serious Security: The Samba logon bug caused by outdated crypto – Naked Security (sophos.com)
Encryption Explained: At Rest, In Transit & End-To-End Encryption | Splunk
Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse - SecurityWeek
API
The emergence of trinity attacks on APIs - Help Net Security
API management (APIM): What It Is and Where It’s Going security affairs
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Bitwarden Password Manager users are being targeted by phishing ads on Google- gHacks Tech News
KeePass disputes vulnerability allowing stealthy password theft (bleepingcomputer.com)
Social Media
Inside TikTok’s proposal to address US national security concerns | CyberScoop
Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Regulators weigh in on ION attack as LockBit takes credit • The Register
New UN cyber crime convention has a long way to go in a tight timeframe | CSO Online
Governance, Risk and Compliance
Business leaders need hands-on approach to stop cyber crime, says spy chief (telegraph.co.uk)
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)
70% of CIOs anticipate their involvement in cyber security to increase - Help Net Security
Cyber security Budgets Are Going Up. So Why Aren't Breaches Going Down? (thehackernews.com)
The corporate world is losing its grip on cyber risk | Financial Times (ft.com)
Careers, Working in Cyber and Information Security
The Effect of Cyber security Layoffs on Cyber security Recruitment - SecurityWeek
Economic headwinds could deepen the cyber security skills shortage | CSO Online
Law Enforcement Action and Take Downs
7 Ways Hive Ransomware Gang Caused Chaos Before FBI Hacked It (gizmodo.com)
US puts a $10m bounty on Hive while Russia shuts down access • The Register
Hacker accused of having stolen personal data of all Austrians security affairs
Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget
Privacy, Surveillance and Mass Monitoring
On Data Privacy Day, Organisations Fail Data Privacy Expectations (darkreading.com)
Hacker accused of having stolen personal data of all Austrians security affairs
Enterprises Need to Do More to Assure Consumers About Privacy (darkreading.com)
Artificial Intelligence
Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online
OpenAI releases tool to detect AI-written text (bleepingcomputer.com)
Reality check: Is ChatGPT really the next big cyber security threat? | CyberScoop
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek
Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)
Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)
Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert
Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online
Nation State Actors
Nation State Actors – Russia
Russian Nuisance Hacking Group KillNet Targets Germany (govinfosecurity.com)
Russian hackers launch cyber attack on Germany in Leopard retaliation | Euronews
Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)
A Link to News Site Meduza Can (Technically) Land You in Russian Prison | WIRED
Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)
Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert
Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)
Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)
IT Army of Ukraine gained access to 1.5GB archive from Gazprom security affairs
There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)
Nation State Actors – China
Google deletes 50,000 pro-China fake-news vids and blogs • The Register
TikTok CEO to testify before US. Congress over security concerns | Reuters
Nation State Actors – North Korea
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
The future of vulnerability management and patch compliance - Help Net Security
What is the CVSS (Common Vulnerability Scoring System)? (techtarget.com)
Vulnerabilities
Researchers to release VMware vRealize Log RCE exploit, patch now (bleepingcomputer.com)
Patch management is crucial to protect Exchange servers, Microsoft warns security affairs
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (thehackernews.com)
Over 29,000 QNAP devices unpatched against new critical flaw (bleepingcomputer.com)
Firmware Flaws Could Spell 'Lights Out' for Servers (darkreading.com)
Why you might not be done with your January Microsoft security patches | CSO Online
HPE, NetApp warn of critical open-source bug | SC Media (scmagazine.com)
High-severity bug in F5 BIG-IP can lead to code execution and DoS security affairs
Cisco fixes bug allowing backdoor persistence between reboots (bleepingcomputer.com)
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (thehackernews.com)
Threat activity increasing around Fortinet VPN vulnerability | TechTarget
Remote code execution exploit chain available for VMware vRealize Log Insight | CSO Online
Tools and Controls
Other News
We can't rely on goodwill to protect our critical infrastructure - Help Net Security
Playing Military Sim War Thunder May Get You Classed as a National Security Risk
Cyber attacks in space: How safe are our satellites? | Metro News
Massive Microsoft 365 outage caused by WAN router IP change (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 January 2023
Black Arrow Cyber Threat Briefing 27 January 2023:
-Supply Chain Attacks Caused More Data Compromises Than Malware
-What Makes Small and Medium-Sized Businesses Vulnerable to BEC Attacks
-Understanding Your Attack Surface Makes It Easier to Prioritise Technologies and Systems
-Cyber Security Pros Sound Alarm Over Insider Threats
-Ransomware Attack Hit KFC and Pizza Hut Stores in the UK
-Forthcoming SEC Rules Will Trigger ‘Tectonic Shift’ in How Corporate Boards Treat Cyber Security
-Why CISOs Make Great Board Members
-View From Davos: The Changing Economics of Cyber Crime
-Cloud Based Networks Under Increasing Attack, Report Finds
-GoTo Admits: Customer Cloud Backups Stolen Together with Decryption Key
-State-Linked Hackers in Russia and Iran are Targeting UK Groups, NCSC Warns
-3.7 Million Customers’ Data of Hilton Hotels Put Up For Sale
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Supply Chain Attacks Caused More Data Compromises Than Malware
According to the Identity Theft Resource Center, data compromises steadily increased in the second half of 2022 and cyber attacks remained the primary source of data breaches.
The number of data breaches resulting from supply chain attacks exceeded malware related compromises in 2022 by 40%. According to the report, more than 10 million people were impacted by supply chain attacks targeting 1,743 entities. By comparison, 70 malware-based cyber attacks affected 4.3 million people.
https://www.helpnetsecurity.com/2023/01/26/data-compromises-2022/
What Makes Small and Medium-Sized Businesses Vulnerable to BEC Attacks
According to the United States’ FBI’s 2021 Internet Crime Report, business email compromise (BEC) accounted for almost a third of the country’s $6.9 billion in cyber losses that year – around $2.4 billion. In surprisingly sharp contrast, ransomware attacks accounted for only $50 million of those losses.
Small and medium-sized businesses (SMBs) are especially vulnerable to this form of attack and BEC’s contribution to annual cyber losses not only makes sense but is also likely underreported.
In stark contrast to highly disruptive ransomware attacks, BEC is subversive and is neither technically complicated nor expensive to deploy. In the case of large organisations, the financial fallout of BEC is almost negligible. That’s not the case for small and medium-sized businesses, which often lack the means to absorb similar financial losses.
BEC’s simplicity gives more credence for attackers to target smaller organisations, and because of that, it’s doubly essential for SMBs to be vigilant.
Understanding Your Attack Surface Makes It Easier to Prioritise Technologies and Systems
It has been observed that attackers will attempt to start exploiting vulnerabilities within the first fifteen minutes of their disclosure. As the time to patch gets shorter, organisations need to be more pragmatic when it comes to remediating vulnerabilities, particularly when it comes to prioritisation.
Attack surfaces constantly evolve and change as new applications are developed, old systems are decommissioned, and new assets are registered. Also, more and more organisations are moving towards cloud-hosted infrastructure, which changes the risk and responsibility for securing those assets. Therefore, it is essential to carry out continuous or regular assessments to understand what systems are at risk, instead of just taking a point-in-time snapshot of how the attack surface looks at that moment.
The first step would be to map “traditional” asset types – those easily associated with an organisation and easy to monitor, such as domains and IP addresses. Ownership of these assets can be easily identified through available information (e.g., WHOIS data). The less traditional asset types (such as GitHub repositories) aren’t directly owned by the organisation but can also provide high-value targets or information for attackers.
It’s also important to understand which technologies are in use to make sound judgements based on the vulnerabilities relevant to the organisation. For example, out of one hundred vulnerabilities released within one month only 20% might affect the organisation’s technologies.
Once organisations have a good understanding of which assets might be at risk, context and prioritisation can be applied to the vulnerabilities affecting those assets. Threat intelligence can be utilised to determine which vulnerabilities are already being exploited in the wild.
What is then the correct answer for this conundrum? The answer is that there is no answer! Instead, organisations should consider a mindset shift and look towards preventing issues whilst adopting a defence-in-depth approach; focus on minimising impact and risk by prioritising assets that matter the most and reducing time spent on addressing those that don’t. This can be achieved by understanding your organisation’s attack surface and prioritising issues based on context and relevance.
https://www.helpnetsecurity.com/2023/01/24/understanding-your-attack-surface/
Cyber Security Pros Sound Alarm Over Insider Threats
Gurucul, a security information and event management (SIEM) solution provider, and Cyber security Insiders, a 600,000-plus member online community for information security professionals, found in their annual 2023 Insider Threat Report that only 3% of respondents surveyed are not concerned with insider risk.
Among all potential insiders, cyber security professionals are most concerned about IT users and admins with far-reaching access privileges (60%). This is followed by third-party contractors (such as MSPs and MSSPs) and service providers (57%), regular employees (55%), and privileged business users (53%).
The research also found that more than half of organisations in the study had been victimised by an insider threat in the past year. According to the data, 75% of the respondents believe they are moderately to extremely vulnerable to insider threats, an 8% spike from last year. That coincided with a similar percentage who said attacks have become more frequent, with 60% experiencing at least one attack and 25% getting hit by more than six attacks.
Ransomware Attack Hit KFC and Pizza Hut Stores in the UK
Nearly 300 fast food restaurants, including branches of KFC and Pizza Hut, were forced to close following a ransomware attack against parent company Yum! Brands. In a statement dated 18 January 2023, Yum! confirmed that unnamed ransomware had impacted some of its IT infrastructure, and that data had been exfiltrated by hackers from its servers. However, although an investigation into the security breach continues, the company said that it had seen no evidence that customer details had been exposed.
What has not yet been made public, and may not even be known to those investigating the breach, is how long hackers might have had access to the company's IT infrastructure, and how they might have been able to gain access to what should have been a secure system. Yum! has also not shared whether it has received a ransom demand from its attackers, and if it did how much ransom was demanded, and whether it would be prepared to negotiate with its extortionists.
Forthcoming SEC Rules Will Trigger ‘Tectonic Shift’ in How Corporate Boards Treat Cyber Security
Under rules first proposed in 2022 but expected to be finalised as soon as April 2023, publicly traded companies in the US that determine a cyber incident has become “material”, meaning it could have a significant impact on the business, must disclose details to the SEC and investors within four business days. That requirement would also apply “when a series of previously undisclosed, individually immaterial cyber security incidents has become material in the aggregate.
The SEC’s rules will also require the boards of those companies to disclose significant information on their security governance, such as how and when it exercises oversight on cyber risks. That info includes identifying who on the board (or which subcommittee) is responsible for cyber security and their relevant expertise. Required disclosures will also include how often and by which processes board members are informed and discuss cyber risk. The former cyber adviser to the SEC commented that “The problem we have with the current cyber security ecosystem is that it’s very focused on technical mitigation measures and does not contemplate these business, operational, [or] financial factors.”
Whilst this only impacts US firms, we can expect other jurisdictions to follow suit.
Why CISOs Make Great Board Members
Cyber security-related risk is a top concern, so boards need to know they have the proper oversight in place. The past three years created a perfect storm situation with lasting consequences for how we think about cyber security, and as a result cyber security technologies and teams have shifted from being viewed as a cost centre to a business enabler.
Gartner predicts that by 2025, 40% of companies will have a dedicated cyber security committee. Who is better suited than a CISO to lead that conversation? Cyber security-related risk is a top concern, so boards need to know they have the proper oversight in place. CISOs can provide advice on moving forward with digital change initiatives and help companies prepare for the future. They can explain the organisation’s risk posture, including exposure related to geopolitical conflict as well as to new business initiatives and emerging threats, and what can be done to mitigate risk.
Lastly, the role of the CISO has evolved from being a risk metrics presenter to a translator of risk to the business. Therefore, the expertise CISOs have developed in recent years in how to explain risk to the board makes them valuable contributors to these conversations. They can elevate the discussion to ensure deep understanding of the trade-offs between growth and risk, enable more informed decision-making, and serve as guardrails for total business alignment.
https://www.securityweek.com/why-cisos-make-great-board-members/
View From Davos: The Changing Economics of Cyber Crime
Cyber crime is a risk created by humans, driven by the economic conditions of high profit and easy opportunity. Ransomware is the most recent monetisation of these motives and opportunities, and it has evolved from simple malware to advanced exploits and double or triple extortion models.
The motive for cyber crime is clear: to steal money, but the digital nature of cyber crime makes the opportunity uniquely attractive, due to the following:
· Cryptocurrency makes online extortion, trading illicit goods and services, and laundering fraudulent funds highly anonymous and usually beyond the reach of financial regulators or inspection
· There isn't enough fear of getting caught for cyber crime.
· With the explosion in spending on digital transformation, data is the new gold and it is incredibly easy to steal, due to lapses in basic hygiene like encrypting data-at-rest and in-transit or limiting access to only authorised users.
· Paying extortion through extensive cyber insurance policies only feeds the ransomware epidemic by incentivising further crime, as noted by the FBI.
Fighting cyber crime is a team sport, and to succeed, we must adopt this framework of cyber resilience that integrates the technical, policy, behavioural, and economic elements necessary to manage the reality of ever-growing cyber crime as a predictable and manageable cyber risk.
https://www.darkreading.com/edge-articles/view-from-davos-the-changing-economics-of-cybercrime
Cloud Based Networks Under Increasing Attack, Report Finds
As enterprises around the world continue to move to the cloud, cyber criminals are following right behind them. There was a 48 percent year-over-year jump in 2022 in cyber attacks on cloud-based networks, and it comes at a time when 98 percent of global organisations use cloud services, according to Check Point. The increases in cyber attacks were experienced in various regions, including Asia (with a 60 percent jump), Europe (50 percent), and North America (28 percent) according to a report by Checkpoint last week.
Check Point explained that "The rise in attacks on the cloud was driven both by an overall increase in cyber attacks globally (38 percent overall in 2022, compared to 48 percent in the cloud) and also by the fact that it holds much more data and incorporates infrastructure and services from large amounts of potential victims, so when exploited the attacks could have a larger impact,". Later, Checkpoint highlighted that human error is a significant factor in the vulnerability of cloud-based networks.
The report highlighted the need for defence capabilities in the cloud to improve. According to Check Point, this means adopting zero-trust cloud network security controls, incorporating security and compliance earlier in the development lifecycle, avoiding misconfigurations, and using tools such as an intrusion detection and prevention systems and next-generation web application firewalls. As commented by Check Point “it is still up to the network and security admins to make sure all their infrastructure is not vulnerable.
https://www.theregister.com/2023/01/20/cloud_networks_under_attack/
GoTo Admits: Customer Cloud Backups Stolen Together with Decryption Key
On 2022-11-30, GoTo informed customers that it had suffered “a security incident”, summarising the situation as follows:
“Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. The third-party cloud storage service is currently shared by both GoTo and its affiliate, LastPass.”
Two months later, GoTo has come back with an update, and the news isn’t great:
“[A] threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.”
The company also noted that although MFA settings for some Rescue and GoToMyPC customers were stolen, their encrypted databases were not.
State-Linked Hackers in Russia and Iran are Targeting UK Groups, NCSC Warns
Russian and Iranian state-linked hackers are increasingly targeting British politicians, journalists and researchers with sophisticated campaigns aimed at gaining access to a person’s email, Britain’s online security agency warned on Thursday. The National Cyber Security Centre (NCSC) issued an alert about two groups from Russia and Iran, warning those in government, defence, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues.
Both groups have been active for some years, but it is understood they have recently stepped up their activities in the UK as the war in Ukraine continues, as well as operating in the US and other NATO countries.
The hackers typically seek to gain confidence of a target by impersonating somebody likely to make contact with them, such as by falsely impersonating a journalist, and ultimately luring them to click on a malicious link, sometimes over the course of several emails and other online interactions.
NCSC encourages people to use strong email passwords. One technique is to use three random words, and not replicate it as a login credential on other websites. It recommends people use two-factor authentication, using a mobile phone as part of the log on process, ideally by using a special authenticator app.
The cyber agency also advises people exercise particular caution when receiving plausible sounding messages from strangers who rely on Gmail, Yahoo, Outlook or other webmail accounts, sometimes impersonating “known contacts” of the target culled from social media.
3.7 Million Customers’ Data of Hilton Hotels Put Up For Sale
A member of a hacker forum going by the name IntelBroker, has offered a database allegedly containing the personal information of 3.7 million people participating in the Hilton Hotels Honors program. According to the actor, the data in question includes personally identifying information such as name, address and Honors IDs. According to the Hilton Hotel, no guest login credentials, contacts, or financial information have been leaked.
https://informationsecuritybuzz.com/3-7-millions-customers-data-hilton-hotel-up-for-sale/
Threats
Ransomware, Extortion and Destructive Attacks
Rebranded Ransomware Crews Spike Number of Hijacking Incidents in Q4 2022 - MSSP Alert
The Unrelenting Menace of the LockBit Ransomware Gang | WIRED
Ransomware access brokers use Google ads to breach your network (bleepingcomputer.com)
FBI hacked into Hive ransomware gang, disrupted operations | TechTarget
Ransomware victims are refusing to pay, tanking attackers’ profits | Ars Technica
Vice Society Ransomware Group Targets Manufacturing Companies (trendmicro.com)
New Mimic ransomware abuses ‘Everything’ Windows search tool (bleepingcomputer.com)
Contractor error led to Baltimore schools ransomware attack | TechTarget
LAUSD says Vice Society ransomware gang stole contractors’ SSNs (bleepingcomputer.com)
Riot Games receives ransom demand from hackers, refuses to pay (bleepingcomputer.com)
Phishing & Email Based Attacks
State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian
ChatGPT is a bigger threat to cyber security than most realize - Help Net Security
Yahoo Most Faked Brand Name in Phishing Attempts by Threat Actors in Q4 2022 - MSSP Alert
SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK
Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)
New 'Blank Image' attack hides phishing scripts in SVG files (bleepingcomputer.com)
Hackers now use Microsoft OneNote attachments to spread malware (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Malware
BlackBerry: Threat Actors Launch A Unique Malware Sample Every Minute - MSSP Alert
Consumers Face Greater Risks from Malware but Many are Unprepared and Vulnerable - MSSP Alert
New 'Blank Image' attack hides phishing scripts in SVG files (bleepingcomputer.com)
ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn (darkreading.com)
Hackers now use Microsoft OneNote attachments to spread malware (bleepingcomputer.com)
ChatGPT Can Write Polymorphic Malware to Infect Your Computer (gizmodo.com)
Microsoft plans to kill malware delivery via Excel XLL add-ins (bleepingcomputer.com)
Hackers use Golang source code interpreter to evade detection (bleepingcomputer.com)
Emotet Malware Makes a Comeback with New Evasion Techniques (thehackernews.com)
'DragonSpark' Malware: East Asian Cyber Attackers Create an OSS Frankenstein (darkreading.com)
Malware exploited critical Realtek SDK bug in millions of attacks (bleepingcomputer.com)
Mobile
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps (thehackernews.com)
New 'Hook' Android malware lets hackers remotely control your phone (bleepingcomputer.com)
Pair of Galaxy App Store Bugs Offer Cyber Attackers Mobile Device Access (darkreading.com)
Google to phase out legacy apps with Android 14 to improve security - GSMArena.com news
Botnets
Denial of Service/DoS/DDOS
Why a hybrid approach can help mitigate DDoS attacks | SC Media
Russia’s largest ISP says 2022 broke all DDoS attack records (bleepingcomputer.com)
Internet of Things – IoT
Nice smart device – how long does it get software updates? • The Register
Why British homes are at risk from ‘Trojan Horse’ smart devices (telegraph.co.uk)
Why most IoT cyber security strategies give zero hope for zero trust - Help Net Security
Data Breaches/Leaks
Companies impacted by Mailchimp breach warn their customers - Security Affairs
LastPass owner GoTo says hackers stole customers’ backups | TechCrunch
GoTo warns customers of crypto key and backup heist • The Register
3.7 Million Customers Data Of Hilton Hotels Put Up For Sale (informationsecuritybuzz.com)
QUT confirms personal data of thousands of staff compromised in cyber attack - ABC News
Riot Games hacked, now it faces problems to release content - Security Affairs
ICE releases asylum seekers after exposing their data • The Register
Hacker Gets Hands on No-Fly List of Alleged Terrorist Suspects (gizmodo.com)
Risk & Repeat: Breaking down the LastPass breach | TechTarget
T-Mobile Cyber Attack Spurs Law Firm Investigation - MSSP Alert
Risk & Repeat: Another T-Mobile data breach disclosed | TechTarget
Entire US "No Fly List" Exposed Online Via Unsecured Server (informationsecuritybuzz.com)
Near-Record Year for US Data Breaches in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Zacks data breach impacted hundreds of thousands of customers - Security Affairs
French rugby club Stade Français leaks source code - Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Inside the crypto ‘prisons’ scamming Britons out of their life savings (telegraph.co.uk)
Hackers Take Over Robinhood Twitter Account To Promote Scam - Decrypt
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Inside the crypto ‘prisons’ scamming Britons out of their life savings (telegraph.co.uk)
P-to-P fraud most concerning cyber threat in 2023: CSI | CSO Online
Hackers Take Over Robinhood Twitter Account To Promote Scam - Decrypt
Insurance
4 tips to find cyber insurance coverage in 2023 | TechTarget
Insurers in talks on adding state-backed cyber to UK reinsurance scheme | Financial Times (ft.com)
Cyber Security Posture & Insurance Outlook with Advisen (trendmicro.com)
Dark Web
Software Supply Chain
Cloud/SaaS
Report: Cloud-based networks under growing attack • The Register
Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts (darkreading.com)
Attack Surface Management
Encryption
API
Passwords, Credential Stuffing & Brute Force Attacks
Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)
Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)
Social Media
Malvertising
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps (thehackernews.com)
Google Ads invites being abused to push spam, adult sites (bleepingcomputer.com)
Ransomware access brokers use Google ads to breach your network (bleepingcomputer.com)
Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages (thehackernews.com)
Training, Education and Awareness
Regulations, Fines and Legislation
Governance, Risk and Compliance
View from Davos: The Changing Economics of Cyber Crime (darkreading.com)
Awareness Training Must Change | CSA (cloudsecurityalliance.org)
Despite Slowing Economy, Demand for Cyber Security Workers Remains Strong (darkreading.com)
Organisations Must Brace for Privacy Impacts This Year (darkreading.com)
Data Protection
Ireland’s data protection watchdog fines WhatsApp €5.5m • The Register
ICO Offers Data Protection Advice to SMBs - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
Despite Slowing Economy, Demand for Cyber Security Workers Remains Strong (darkreading.com)
Can't Fill Open Positions? Rewrite Your Minimum Requirements (darkreading.com)
Veterans bring high-value, real-life experience as potential cyber security employees | CSO Online
Dozens of Cyber Security Companies Announced Layoffs in Past Year - SecurityWeek
Law Enforcement Action and Take Downs
FBI hacked into Hive ransomware gang, disrupted operations | TechTarget
Dutchman Detained for Dealing Details of Tens of Millions of People (darkreading.com)
Dutch suspect locked up for alleged personal data megathefts – Naked Security (sophos.com)
Privacy, Surveillance and Mass Monitoring
Organisations Must Brace for Privacy Impacts This Year (darkreading.com)
Scientists use Wi-Fi routers to see humans through walls | ZDNET
Most consumers would share anonymised personal data to improve AI products - Help Net Security
Artificial Intelligence
ChatGPT is a bigger threat to cyber security than most realize - Help Net Security
Learning to Lie: AI Tools Adept at Creating Disinformation - SecurityWeek
FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com
ChatGPT Can Write Polymorphic Malware to Infect Your Computer (gizmodo.com)
Chat Cyber Security: AI Promises a Lot, but Can It Deliver? (darkreading.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian
UK authorities warn of phishing from Iran, Russia • The Register
Armis State of Cyberwarfare and Trends Report - IT Security Guru
SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK
Gamaredon Group Launches Cyber Attacks Against Ukraine Using Telegram (thehackernews.com)
Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)
FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com
“Pegasus” lifts the lid on a sophisticated piece of spyware | The Economist
North Korea-linked TA444 turns to credential harvesting activity - Security Affairs
Nation State Actors
Nation State Actors – Russia
State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian
UK authorities warn of phishing from Iran, Russia • The Register
SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK
Gamaredon Group Launches Cyber Attacks Against Ukraine Using Telegram (thehackernews.com)
Russia’s largest ISP says 2022 broke all DDoS attack records (bleepingcomputer.com)
Nation State Actors – China
Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)
FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerability Management
Extent of reported CVEs overwhelms critical infrastructure asset owners - Help Net Security
Log4j Vulnerabilities Are Here to Stay — Are You Prepared? (darkreading.com)
Trained developers get rid of more vulnerabilities than code scanning tools - Help Net Security
New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch - SecurityWeek
Halo Security unveils KEV feature to improve attack surface visibility - Help Net Security
Vulnerabilities
Crims can still exploit this NSA-discovered Microsoft bug • The Register
75k WordPress sites impacted by critical online course plugin flaws (bleepingcomputer.com)
Log4j Vulnerabilities Are Here to Stay — Are You Prepared? (darkreading.com)
Chrome 109 update addresses six security vulnerabilities - Security Affairs
Microsoft urges admins to patch on-premises Exchange servers (bleepingcomputer.com)
Drupal Patches Vulnerabilities Leading to Information Disclosure | SecurityWeek.Com
Critical Vulnerabilities Patched in OpenText Enterprise Content Management System | SecurityWeek.Com
Around 19,500 end-of-life Cisco routers exposed to hack - Security Affairs
In-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences | SecurityWeek.Com
Apple patches are out – old iPhones get an old zero-day fix at last! – Naked Security (sophos.com)
Apple Patches WebKit Code Execution in iPhones, MacBooks - SecurityWeek
Crooks are already exploiting this bug in old iPhones • The Register
Logfile nightmare deepens thanks to critical VMware flaws • The Register
Malware exploited critical Realtek SDK bug in millions of attacks (bleepingcomputer.com)
Realtek SDK flaw CVE-2021-35394 actively exploited in the wild- Security Affairs
Lexmark warns of RCE bug affecting 100 printer models, PoC released (bleepingcomputer.com)
Crims can still exploit this NSA-discovered Microsoft bug • The Register
Tools and Controls
Is Once-Yearly Pen Testing Enough for Your Organisation? (thehackernews.com)
LastPass owner GoTo says hackers stole customers’ backups | TechCrunch
Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)
Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)
Companies Struggle With Zero Trust as Attackers Adapt to Get Around It (darkreading.com)
Federal Agencies Infested by Cyber Attackers via Legit Remote Management Systems (darkreading.com)
Why a hybrid approach can help mitigate DDoS attacks | SC Media
Steps To Planning And Implementation Of Endpoint Protection (informationsecuritybuzz.com)
Other News
Hackers can make computers destroy their own chips with electricity | New Scientist
Scientists use Wi-Fi routers to see humans through walls | ZDNET
Microsoft 365 outage takes down Teams, Exchange Online, Outlook (bleepingcomputer.com)
Lessons Learned from the Windows Remote Desktop Honeypot Report (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 20 January 2023
Black Arrow Cyber Threat Briefing 20 January 2023:
-Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'
-Cost of Data Breaches to Global Businesses at Five-Year High
-European Data Protection Authorities Issue Record €2.92 Billion In GDPR Fines, an Increase of 168%
-PayPal Accounts Breached in Large-Scale Credential Stuffing Attack
-Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack
-Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program
-EU Cyber Resilience Regulation Could Translate into Millions in Fines
-Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes
-New Report Reveals CISOs Rising Influence
-ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks
-Mailchimp Discloses a New Security Breach, the Second One in 6 Months
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'
As economic and geopolitical instability spills into the new year, experts predict that 2023 will be a consequential year for cyber security. The developments, they say, will include an expanded threat landscape and increasingly sophisticated cyber attacks.
"There's a gathering cyber storm," Sadie Creese, a Professor of Cyber Security at the University of Oxford, said during an interview at the World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. "This storm is brewing, and it's really hard to anticipate just how bad that will be."
Already, cyber attacks such as phishing, ransomware and distributed denial-of-service (DDoS) attacks are on the rise. Cloudflare, a major US cyber security firm that provides protection services for over 30% of Fortune 500 companies, found that DDoS attacks—which entail overwhelming a server with a flood of traffic to disrupt a network or webpage—increased last year by 79% year-over-year.
"There's been an enormous amount of insecurity around the world," Matthew Prince, the CEO of Cloudflare, stated during the Annual Meeting. "I think 2023 is going to be a busy year in terms of cyber attacks."
https://www.weforum.org/agenda/2023/01/cybersecurity-storm-2023-experts-davos23/
Cost of Data Breaches to Global Businesses at Five-Year High
Research from business insurer Hiscox shows that the cost of dealing with cyber events for businesses has more than tripled since 2018. The study, which collated data from the organisation’s previous five annual Cyber Readiness reports, has revealed that:
Since 2018 the median IT budgets for cyber security more than tripled.
Between 2020 and 2022 cyber-attacks increased by over a quarter.
Businesses are increasing their cyber security budgets year-on-year.
In the Hiscox 2022 Cyber Readiness report, the financial toll of cyber incidents, including data breaches, was estimated to be $16,950 (£15,265) on average. As the cost of cyber crime grew, so did organisations’ cyber security budgets – average spending on cyber security tripled from 2018 to 2022, rocketing from $1,470,196 (£1,323,973) to $5,235,162 (£4,714,482).
Hiscox has also revealed that half of all companies surveyed suffered at least one cyber attack in 2022, up 11% from 2020. Financial Services, as well as Technology, Media and Telecom (TMT) sectors even reported a minimum of one attack for three consecutive years. Financial Services firms, however, seemed to be hit the hardest, with 66% reporting being impacted by cyber attacks in 2021-2022.
Cyber risk has risen to the same strategic level as traditional financial and operational risks, thanks to a growing realisation by businesses that the impact can be just as severe.
European Data Protection Authorities Issue Record €2.92 Billion in GDPR Fines, an Increase of 168%
European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That’s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year’s biggest fine of €405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for alleged failures to protect children’s personal data. The Irish DPC also fined Meta €265 million for failing to comply with the GDPR obligation for Data Protection by Design and Default. Both fines are currently under appeal.
Despite the overall increase in fines since January 28, 2022, the fine of €746 million that Luxembourg authorities levied against Amazon last year remains the biggest to be issued by an EU-based data regulator to date (though the retail giant is still believed to be appealing).
The report also revealed a notable increase in focus by supervisory authorities on the use of artificial intelligence (AI), while the volume of data breaches reported to regulators decreased slightly against the previous year’s total.
PayPal Accounts Breached in Large-Scale Credential Stuffing Attack
PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.
Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites. This type of attack relies on an automated approach with bots running lists of credentials to "stuff" into login portals for various services. Credential stuffing targets users that employ the same password for multiple online accounts, which is known as "password recycling."
PayPal explains that the credential stuffing attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time but also started an internal investigation to find out how the hackers obtained access to the accounts. By December 20, 2022, PayPal concluded its investigation, confirming that unauthorised third parties logged into the accounts with valid credentials. The electronic payments platform claims that this was not due to a breach on its systems and has no evidence that the user credentials were obtained directly from them.
According to the data breach reporting from PayPal, 34,942 of its users have been impacted by the incident. During the two days, hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers. Transaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.
Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack
Royal Mail’s chief executive faced questions from MPs last week over the Russia-linked ransomware attack that caused international deliveries to grind to a halt.
Simon Thompson, chief executive of Royal Mail, was asked about the recent cyber attack when he appeared before the Commons Business Select Committee to discuss Royal Mail’s response to the cyber attack at the evidence session on Tuesday Jan 17.
A Royal Mail spokesman said: “Royal Mail has been subject to a cyber incident that is affecting our international export service. We are focused on restoring this service as soon as we are able.”
Royal Mail was forced to suspend all outbound international post after machines used for printing customs dockets were disabled by the Russia-linked Lockbit cyber crime gang. Lockbit’s attackers used ransomware, malicious software that scrambles vital computer files before the gang demands payment to unlock them again. The software also took over printers at Royal Mail’s international sorting offices and caused ransom notes to “spout” from them, according to reports.
Cyber security industry sources cautioned that while Lockbit is known to be Russian in origin, it is not known whether a stolen copy of the gang’s signature ransomware had been deployed by rival hackers.
Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program
Ensuring risk caused by third parties does not occur to your organisation is becoming increasingly difficult. Every business outsources some aspects of its operations, and ensuring these external entities are a strength and not a weakness isn’t always a straightforward process.
In the coming years we’ll see organisations dedicate more time and resources to developing detailed standards and assessments for potential third-party vendors. Not only will this help to mitigate risk within their supply chain network, it will also provide better security.
As demand for third-party risk management (TPRM) grows, there are key reasons why we believe 2023 could be pivotal for the future of your organisation’s TPRM program, cyber risk being principal amongst them.
Forrester predicted that 60% of security incidents in 2022 would stem from third parties. In 2021 there was a 300% increase in supply chain attacks, a trend that has continued to increase over the past 12 months also. For example, Japanese car manufacturer Toyota was forced to completely shut down its operations due to a security breach with a third-party plastics supplier.
It’s not only the frequency of third-party attacks that has increased, but also the methods that cyber criminals are using are becoming increasingly sophisticated. For example, the SolarWinds cyber breach in 2020 was so advanced that Microsoft estimated it took over a thousand engineers to stop the impact of the attack.
As the sophistication and frequency of supply chain attacks increases, the impact they have on businesses reputations and valuations is also becoming apparent. There is a need for organisations to conduct thorough due diligence of the third parties they choose to work with, otherwise the consequences could be disastrous.
Remember always that cyber security should be a non-negotiable feature of all business transactions.
EU Cyber Resilience Regulation Could Translate into Millions in Fines
The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures require special protection.
According to the European Union, there is currently a ransomware attack every eleven seconds. In the last few weeks alone, among others, a leading German children’s food manufacturer and a global Tier1 automotive supplier headquartered in Germany were hit, with the latter becoming the victim of a massive ransomware attack. Such an attack even led to insolvency at the German manufacturer Prophete in January 2023. To press manufacturers, distributors and importers into action, they face significant penalties if security vulnerabilities in devices are discovered and not properly reported and closed.
“The pressure on the industry – manufacturers, distributors and importers – is growing immensely. The EU will implement this regulation without compromise, even though there are still some work packages to be done, for example regarding local country authorities,” says Jan Wendenburg, CEO, ONEKEY.
The financial fines for affected manufacturers and distributors are therefore severe: up to 15 million euros or 2.5 percent of global annual revenues in the past fiscal year – the larger number counts. “This makes it absolutely clear: there will be substantial penalties on manufacturers if the requirements are not implemented,” Wendenburg continues.
Manufacturers, distributors and importers are required to notify ENISA – the European Union’s cyber security agency – within 24 hours if a security vulnerability in one of their products is exploited. Exceeding the notification deadlines is already subject to sanctions.
https://www.helpnetsecurity.com/2023/01/19/eu-cyber-resilience-regulation-fines/
Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes
Russian cyber-criminals have been observed on dark web forums trying to bypass OpenAI’s API restrictions to gain access to the ChatGPT chatbot for nefarious purposes.
Various individuals have been observed, for instance, discussing how to use stolen payment cards to pay for upgraded users on OpenAI (thus circumventing the limitations of free accounts). Others have created blog posts on how to bypass the geo controls of OpenAI, and others still have created tutorials explaining how to use semi-legal online SMS services to register to ChatGPT.
“Generally, there are a lot of tutorials in Russian semi-legal online SMS services on how to use it to register to ChatGPT, and we have examples that it is already being used,” wrote Check Point Research (CPR). “It is not extremely difficult to bypass OpenAI’s restricting measures for specific countries to access ChatGPT,” said Check Point. “Right now, we are seeing Russian hackers already discussing and checking how to get past the geofencing to use ChatGPT for their malicious purposes.”
They added that they believe these hackers are most likely trying to implement and test ChatGPT in their day-to-day criminal operations. “Cyber-criminals are growing more and more interested in ChatGPT because the AI technology behind it can make a hacker more cost-efficient,” they explained.
Case in point, just last week, Check Point Research published a separate advisory highlighting how threat actors had already created malicious tools using ChatGPT. These included infostealers, multi-layer encryption tools and dark web marketplace scripts.
More generally, the cyber security firm is not the only one believing ChatGPT could democratise cyber crime, with various experts warning that the AI bot could be used by potential cyber-criminals to teach them how to create attacks and even write ransomware.
https://www.infosecurity-magazine.com/news/russian-hackers-to-bypass-chatgpt/
New Report Reveals CISOs Rising Influence
Cyber security firm Coalfire this week unveiled its second annual State of CISO Influence report, which explores the expanding influence of Chief Information Security Officers (CISOs) and other security leaders.
The report revealed that the CISO role is maturing quickly, and the position is experiencing more equity in the boardroom. In the last year alone, there was a 10-point uptick in CISOs doing monthly reporting to the board. These positive outcomes likely stem from the increasingly metrics-driven reporting CISOs provide, where data is more effectively leveraged to connect security outcomes to business objectives.
An especially promising development in this year's report is how security teams are being looped into corporate projects. Of the security leaders surveyed, 78% say they are consulted early in project development when business objectives are first identified, and two-thirds are now making presentations to the highest levels of enterprise authority. 56% of CISOs present security metrics to their CEOs, up from 43% in 2021.
Cloud migration was universally identified as one of those top business objectives. The move to the cloud saddles CISOs with many challenges. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing, and new compliance requirements — all within constrained budgets. In fact, 43% of security leaders said their budgets remained static or were reduced following business migration to the cloud.
Given these challenges, leading CISOs are transforming their approaches. To address multiple cloud compliance requirements, security leaders are focusing on the most onerous set of rules and creating separate environments for different requirements. Risk assessments were identified as the key tool used to secure funding for these and other cyber initiatives and to set top priorities.
"Costs and risks are up, while at the same time, cyber budgets are trending flat or down," said Colefire. "Cyber security has historically been lower in priority for organisations, but we are witnessing a big shift in enterprise cyber expectations. CISOs are rising to meet those expectations, speaking to the business, and as a result, solidifying their role in the C-suite."
https://www.darkreading.com/threat-intelligence/new-coalfire-report-reveals-cisos-rising-influence
ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks
As a form of OpenAI technology, ChatGPT has the ability to mimic natural language and human interaction with remarkable efficiency. However, from a cyber security perspective, this also means it can be used in a variety of ways to lower the bar for threat actors.
One key method is the ability for ChatGPT to draft cunning phishing emails en masse. By feeding ChatGPT with minimal information, it can create content and entire emails that will lure unsuspecting victims to provide their passwords. With the right API setup, thousands of unique, tailored, and sophisticated phishing emails can be sent almost simultaneously.
Another interesting capability of ChatGPT is the ability to write malicious code. While OpenAI has put some controls in place to prevent ChatGPT from creating malware, it is possible to convince ChatGPT to create ransomware and other forms of malware as code that can be copied and pasted into an integrated development environment (IDE) and used to compile actual malware. ChatGPT can also be used to identify vulnerabilities in code segments and reverse engineer applications.
ChatGPT will expedite a trend that is already wreaking havoc across sectors – lowering the bar for less sophisticated threat actors, enabling them to conduct attacks while evading security controls and bypassing advanced detection mechanisms. And currently, there is not much that organisations can do about it. ChatGPT represents a technological marvel that will usher in a new era, not just for the cyber security space.
https://www.calcalistech.com/ctechnews/article/sj0lfp11oi
Mailchimp Discloses a New Security Breach, the Second One in 6 Months
The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company; the incident exposed the data of 133 customers.
Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool.
“On January 11, the Mailchimp Security team identified an unauthorised actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.” reads the notice published by the company. “Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts.”
The malicious activity was discovered on January 11, 2023; in response to the intrusion the company temporarily suspended access for impacted accounts. The company also notified the primary contacts for all affected accounts less than 24 hours after the initial discovery.
https://securityaffairs.com/140997/data-breach/mailchimp-security-breach.html
Threats
Ransomware, Extortion and Destructive Attacks
Yum Brands says nearly 300 restaurants in UK impacted due to cyber attack | Reuters
Royal Mail boss to face MPs’ questions over Russian ransomware attack (telegraph.co.uk)
What is LockBit ransomware and how does it operate? | Royal Mail | The Guardian
How cyber-attack on Royal Mail has left firms in limbo - BBC News
Royal Mail restarts limited overseas post after cyber-attack - BBC News
How Royal Mail’s hacker became the world’s most prolific ransomware group | Financial Times (ft.com)
Ransomware Trends In Q4 2022: Key Findings And Recommendations (informationsecuritybuzz.com)
Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw (bleepingcomputer.com)
Microsoft retracts its report on Mac ransomware (techrepublic.com)
Ransomware Dips During 2022: Are Cyber attacks Slowing or Just a Blip? - MSSP Alert
Up to 1,000 ships affected by DNV ransomware attack - Splash247
Avast releases free BianLian ransomware decryptor (bleepingcomputer.com)
Vice Society ransomware leaks University of Duisburg-Essen’s data (bleepingcomputer.com)
Ransomware attack cuts 1,000 ships off from on-shore servers • The Register
Royal Mail promises ‘workarounds’ to restore services after ransomware attack | Computer Weekly
Cyber-crime gangs' earnings slide as victims refuse to pay - BBC News
Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner (bleepingcomputer.com)
Phishing & Email Based Attacks
How AI chatbot ChatGPT changes the phishing game | CSO Online
The big risk in the most-popular, and aging, big tech email programs (cnbc.com)
Why encrypting emails isn't as simple as it sounds - Help Net Security
Fake DHL emails allow hackers to breach Microsoft 365 accounts (msn.com)
Other Social Engineering; Smishing, Vishing, etc
Techniques that attackers use to trick victims into visiting malicious content - Help Net Security
As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)
2FA/MFA
CircleCI's hack caused by malware stealing engineer's 2FA-backed session (bleepingcomputer.com)
The Importance of Multi-Factor Authentication (MFA) - MSSP Alert
Malware
New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild (thehackernews.com)
Experts spotted a backdoor that borrows code from CIA's Hive malware - Security Affairs
ChatGPT Creates Polymorphic Malware - Infosecurity Magazine (infosecurity-magazine.com)
Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)
Malicious ‘Lolip0p’ PyPi packages install info-stealing malware (bleepingcomputer.com)
Hackers exploit Cacti critical bug to install malware, open reverse shells (bleepingcomputer.com)
Hackers can use GitHub Codespaces to host and deliver malware (bleepingcomputer.com)
Hackers turn to Google search ads to push info-stealing malware (bleepingcomputer.com)
How to spot a cyberbot – five tips to keep your device safe (theconversation.com)
Mobile
New 'Hook' Android malware lets hackers remotely control your phone (bleepingcomputer.com)
Roaming Mantis’ Android malware adds DNS changer to hack WiFi routers (bleepingcomputer.com)
Botnets
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
6,000+ Customer Accounts Breached, NortonLifeLock Alert Users (informationsecuritybuzz.com)
1.7 TB of data from digital intelligence firm Cellebrite leaked online - Security Affairs
LastPass faces mounting criticism over recent breach | TechTarget
Mailchimp discloses a new incident, the second one in 6 months - Security Affairs
PayPal Breach Exposed PII of Nearly 35K Accounts (darkreading.com)
T-Mobile US says hacker accessed personal data of 37 million customers • TechCrunch
Twitter says leaked emails not hacked from its systems - BBC News
Hacked! My Twitter user data is out on the dark web -- now what? | ZDNET
Twitter sued over data leak that it denied was caused by a flaw | Business
Nissan North America data breach caused by vendor-exposed database (bleepingcomputer.com)
18k Nissan Customers Affected by Data Breach at Third-Party Software Developer | SecurityWeek.Com
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto exchanges freeze accounts tied to North Korea • The Register
Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs
FTX Says $415 Million Of Its Crypto Assets Was Hacked (informationsecuritybuzz.com)
Google Ads-delivered malware drains NFT influencer’s entire crypto wallet (cointelegraph.com)
Bitcoin is a ‘hyped-up fraud’, says JP Morgan chief (telegraph.co.uk)
International Arrests Over 'Criminal' Crypto Exchange | SecurityWeek.Com
Fraud, Scams & Financial Crime
Hacker stole credit cards from Canada alcohol retailer LCBO - Security Affairs
Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs
New York man defrauded thousands using credit cards sold on dark web (bleepingcomputer.com)
FTX Says $415 Million Of Its Crypto Assets Was Hacked (informationsecuritybuzz.com)
The US Has a Massive Money Transfer Surveillance Apparatus (gizmodo.com)
The threat of location spoofing and fraud - Help Net Security
HUMAN Security Stops VASTFLUX Digital Ad Fraud Operation - MSSP Alert
International Arrests Over 'Criminal' Crypto Exchange | SecurityWeek.Com
Insurance
Dark Web
New York man defrauded thousands using credit cards sold on dark web (bleepingcomputer.com)
Illegal Solaris darknet market hijacked by competitor Kraken (bleepingcomputer.com)
Supply Chain and Third Parties
Cloud/SaaS
The Dangers of Default Cloud Configurations (darkreading.com)
Report: Cloud-based networks under growing attack • The Register
Data Security in Multicloud: Limit Access, Increase Visibility (darkreading.com)
Hybrid/Remote Working
Encryption
Vulnerabilities in cryptographic libraries found through modern fuzzing - Help Net Security
teiss - Cyber Threats - Managing the treat from quantum computers
Threats Of Quantum: The Solution Lies In Quantum Cryptography (informationsecuritybuzz.com)
Why encrypting emails isn't as simple as it sounds - Help Net Security
TLS Connection Cryptographic Protocol Vulnerabilities (trendmicro.com)
Passwords, Credential Stuffing & Brute Force Attacks
Compromise of employee device, credentials led to CircleCI breach | SC Media (scmagazine.com)
PayPal accounts breached in large-scale credential stuffing attack (bleepingcomputer.com)
NortonLifeLock: threat actors breached Norton Password Manager accounts - Security Affairs
Social Media
Twitter says leaked emails not hacked from its systems - BBC News
Hacked! My Twitter user data is out on the dark web -- now what? | ZDNET
French CNIL fined Tiktok $5.4 Million for violating cookie laws - Security Affairs
Malvertising
Hackers turn to Google search ads to push info-stealing malware (bleepingcomputer.com)
Google Ads-delivered malware drains NFT influencer’s entire crypto wallet (cointelegraph.com)
HUMAN Security Stops VASTFLUX Digital Ad Fraud Operation - MSSP Alert
Training, Education and Awareness
Training, endpoint management reduce remote working cyber security risks - Help Net Security
As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)
Regulations, Fines and Legislation
GDPR Fines Surge 168% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
European data protection authorities issue record €2.92 billion in GDPR fines | CSO Online
How data protection is evolving in a digital world - Help Net Security
EU cyber resilience regulation could translate into millions in fines - Help Net Security
Online safety bill: Attempt to jail tech bosses ‘could backfire’ | News | The Times
Culture secretary examines plans to punish tech bosses over online harms | Financial Times (ft.com)
French CNIL fined Tiktok $5.4 Million for violating cookie laws - Security Affairs
State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop
How Would the FTC Rule on Noncompetes Affect Data Security? (darkreading.com)
The US Has a Massive Money Transfer Surveillance Apparatus (gizmodo.com)
Governance, Risk and Compliance
Technology is a fragile machine that seems to power everything | Android Central
Training, endpoint management reduce remote working cyber security risks - Help Net Security
New Coalfire Report Reveals CISOs Rising Influence (darkreading.com)
Cost of data breaches to global businesses at five-year high- IT Security Guru
Experts at Davos 2023 sound the alarm on cyber security | World Economic Forum (weforum.org)
Why Mean Time to Repair Is Not Always A Useful Security Metric (darkreading.com)
Why are there so many cyber attacks lately? An explainer on the rising trend | Globalnews.ca
How To Build A Network Of Security Champions In Your Organisation (forbes.com)
EU cyber resilience regulation could translate into millions in fines - Help Net Security
What is Business Attack Surface Management? (trendmicro.com)
How to build a cyber-resilience culture in the enterprise | TechTarget
Why Businesses Need to Think Like Hackers This Year (darkreading.com)
How to prioritize resilience in the face of cyber-attacks | World Economic Forum (weforum.org)
Cyber-attack contributes to major Harrogate district firm posting £4.1m loss - The Stray Ferret
Data Protection
GDPR Fines Surge 168% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
European data protection authorities issue record €2.92 billion in GDPR fines | CSO Online
How data protection is evolving in a digital world - Help Net Security
State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop
Careers, Working in Cyber and Information Security
New Coalfire Report Reveals CISOs Rising Influence (darkreading.com)
IT Burnout may be Putting Your Organisation at Risk (bleepingcomputer.com)
Sophos Joins List of Cyber security Companies Cutting Staff | SecurityWeek.Com
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
UK supermarket uses facial recognition tech to track shoppers - Coda Story
State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop
Artificial Intelligence
How AI chatbot ChatGPT changes the phishing game | CSO Online
ChatGPT and its perilous use as a "Force Multiplier" for cyber attacks | Ctech (calcalistech.com)
Potential threats and sinister implications of ChatGPT - Help Net Security
Criminals seek OpenAI guardrail bypass, use ChatGPT for evil • The Register
ChatGPT Creates Polymorphic Malware - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Putin’s Russian cyber attacks could target UK’s infrastructure | News | The Times
Industrial espionage: How China sneaks out America's technology secrets - BBC News
Ukraine blames Russia for most of over 2,000 cyber attacks in 2022 | Reuters
Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware (thehackernews.com)
Is Elon Musk’s Starlink winning the war for Ukraine? | World | The Sunday Times (thetimes.co.uk)
Pro-Russia Hacktivist Group NoName057(16) Strikes Again (informationsecuritybuzz.com)
Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)
Ukraine links data-wiping attack on news agency to Russian hackers (bleepingcomputer.com)
Russian hackers target Ukrainian press briefing about cyber attacks (axios.com)
Chinese hackers targeted Iranian government entities for months: Report | CSO Online
Nation State Actors
Nation State Actors – Russia
Putin’s Russian cyber attacks could target UK’s infrastructure | News | The Times
Ukraine blames Russia for most of over 2,000 cyber attacks in 2022 | Reuters
Is Elon Musk’s Starlink winning the war for Ukraine? | World | The Sunday Times (thetimes.co.uk)
Pro-Russia Hacktivist Group NoName057(16) Strikes Again (informationsecuritybuzz.com)
Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)
Ukraine links data-wiping attack on news agency to Russian hackers (bleepingcomputer.com)
Russian hackers target Ukrainian press briefing about cyber attacks (axios.com)
Russians say they can download software from Intel again • The Register
Nation State Actors – China
Industrial espionage: How China sneaks out America's technology secrets - BBC News
Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)
China wants 30 percent CAGR for its infosec industry • The Register
Chinese hackers targeted Iranian government entities for months: Report | CSO Online
Nation State Actors – North Korea
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
The Top 10 Vulnerabilities of 2022: Mastering Vulnerability Management - Security Boulevard
3 Lessons Learned in Vulnerability Management (darkreading.com)
Vulnerabilities
Cisco won’t fix critical flaw in small business routers • The Register
Unpatched Zoho ManageEngine Products Under Active Cyber attack (darkreading.com)
Oracle's First Security Update for 2023 Includes 327 New Patches | SecurityWeek.Com
Why it's time to review your on-premises Microsoft Exchange patch status | CSO Online
Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)
Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability (thehackernews.com)
PoC exploits released for critical bugs in popular WordPress plugins (bleepingcomputer.com)
Vulnerabilities in cryptographic libraries found through modern fuzzing - Help Net Security
Microsoft: Exchange Server 2013 reaches end of support in 90 days (bleepingcomputer.com)
Hackers are using this old trick to dodge security protections | ZDNET
Attackers deploy sophisticated Linux implant on Fortinet network security devices | CSO Online
Researchers to release PoC exploit for critical Zoho RCE bug, patch now (bleepingcomputer.com)
MSI accidentally breaks Secure Boot for hundreds of motherboards (bleepingcomputer.com)
Microsoft fixes SSRF vulnerabilities found in Azure services | TechTarget
Over 4,000 Sophos Firewall devices vulnerable to RCE attacks (bleepingcomputer.com)
Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers (thehackernews.com)
Exploited Control Web Panel Flaw Added to CISA 'Must-Patch' List | SecurityWeek.Com
Two critical flaws discovered in Git system - Security Affairs
Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability | SecurityWeek.Com
Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM | SecurityWeek.Com
CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability | Rapid7 Blog
Critical Microsoft Azure RCE flaw impacted multiple services - Security Affairs
New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks (thehackernews.com)
Tools and Controls
Training, endpoint management reduce remote working cyber security risks - Help Net Security
Why encrypting emails isn't as simple as it sounds - Help Net Security
As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)
Zero trust network access for Desktop as a Service - Help Net Security
How to prioritize resilience in the face of cyber-attacks | World Economic Forum (weforum.org)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 13 January 2023
Black Arrow Cyber Threat Briefing 13 January 2023:
-Quarter of UK SMBs Hit by Ransomware in 2022
-Global Cyber Attack Volume Surges 38% in 2022
-1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite the Majority of Employees Having Access to Critical Data
-AI-Generated Phishing Attacks Are Becoming More Convincing
-Customer and Employee Data the Top Prize for Hackers
-Royal Mail hit by Ransomware Attack, Causes ‘Severe Disruption’ to Services
-The Guardian Confirms Personal Information Compromised in Ransomware Attack
-Ransomware Gang Releases Info Stolen from 14 UK Schools, Including Passport Scans
-The Dark Web’s Criminal Minds See Internet of Things as Next Big Hacking Prize
-Corrupted File to Blame for Computer Glitch which Grounded Every US Flight
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Quarter of UK SMBs Hit by Ransomware in 2022
Over one in four (26%) British SMBs have been targeted by ransomware over the past year, with half (47%) of those compromised paying their extorters, according to new data from anti-virus provider Avast. The security vendor polled 1000 IT decision makers from UK SMBs back in October, to better understand the risk landscape over the previous 12 months.
More than two-thirds (68%) of respondents said they are more concerned about being attacked since the start of the war in Ukraine, fuelling concerns that have led to half (50%) investing in cyber-insurance. They’re wise to do so, considering that 41% of those hit by ransomware lost data, while 34% lost access to devices, according to Avast.
Given that SMBs comprise over 99% of private sector businesses in the country, it’s reassuring that cyber is now being viewed as a major business risk. Nearly half (48%) ranked it as one of the biggest threats they currently face, versus 66% who cited financial risk stemming from surging operational cost. More respondents cited cyber as a top threat than did physical security (35%) and supply chain disruption (33%).
Avast argued that SMBs are among the groups most vulnerable to cyber-threats as they often have very limited budget and resources, and many don’t have somebody on staff managing security holistically. As a result, not only are SMB’s lacking in their defence, but they’re also slower and less able to react to incidents.
https://www.infosecurity-magazine.com/news/quarter-of-uk-smbs-hit-ransomware/
Global Cyber Attack Volume Surges 38% in 2022
The number of cyber attacks recorded last year was nearly two-fifths (38%) greater than the total volume observed in 2021, according to Check Point.
The security vendor claimed the increase was largely due to a surge in attacks on healthcare organisations, which saw the largest year-on-year (YoY) increase (74%), and the activities of smaller, more agile hacking groups.
Overall, attacks reached an all-time high in Q4 with an average of 1168 weekly attacks per organisation. The average weekly figures for the year were highest for education sector organisations (2314), government and military (1661) and healthcare (1463).
Threat actors appear to have capitalised on gaps in security created by the shift to remote working. The ransomware ecosystem is continuing to evolve and grow with smaller, more agile criminal groups that form to evade law enforcement. Hackers are also now increasingly widening their aim to target business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits. These make for a rich source of sensitive data given that most organisations’ employees continue to work remotely.
It is predicted that AI tools like ChatGPT would help to fuel a continued surge in attacks in 2023 by making it quicker and easier for bad actors to generate malicious code and emails.
Recorded cyber-attacks on US organisations grew 57% YoY in 2022, while the figure was even higher in the UK (77%). This chimes with data from UK ISP Beaming, which found that 2022 was the busiest year on record for attacks. It recorded 687,489 attempts to breach UK businesses in 2022 – the equivalent of one attack every 46 seconds.
https://www.infosecurity-magazine.com/news/global-cyberattack-volume-surges/
1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite the Majority of Employees Having Access to Critical Data
New research from cyber security provider Hornetsecurity has found that 33% of companies are not providing any cyber security awareness training to users who work remotely.
The study also revealed nearly three-quarters (74%) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.
Despite the current lack of training and employees feeling ill-equipped, almost half (44%) of respondents said their organisation plans to increase the percentage of employees that work remotely. The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe.
Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk.
The independent survey, which quizzed 925 IT professionals from a range of business types and sizes globally, highlighted the security management challenges and employee cyber security risk when working remotely. The research revealed two core problems causing risk: employees having access to critical data, and not enough training being provided on how to manage cyber security or how to reduce the risk of a cyber-attack or breach.
AI-Generated Phishing Attacks Are Becoming More Convincing
It's time for you and your colleagues to become more sceptical about what you read.
That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harass, and spread fake news.
Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed. Amongst the use cases explored by the research were the use of GPT-3 models to create:
Phishing content – emails or messages designed to trick a user into opening a malicious attachment or visiting a malicious link
Social opposition – social media messages designed to troll and harass individuals or to cause brand damage
Social validation – social media messages designed to advertise or sell, or to legitimise a scam
Fake news – research into how well GPT-3 can generate convincing fake news articles of events that weren’t part of its training set
All of these could, of course, be useful to cyber criminals hell-bent on scamming the unwary or spreading unrest.
Customer and Employee Data the Top Prize for Hackers
The theft of customer and employee data accounts for almost half (45%) of all stolen data between July 2021 and June 2022, according to a new report from cyber security solution provider Imperva.
The data is part of a 12-month analysis by Imperva Threat Research on the trends and threats related to data security in its report “More Lessons Learned from Analysing 100 Data Breaches”.
Their analysis found that theft of credit card information and password details dropped by 64% compared to 2021. The decline in stolen credit card and password data pointing to the uptake of basic security tactics like multi-factor authentication (MFA). However, in the long term, PII data is the most valuable data to cyber-criminals. With enough stolen PII, they can engage in full-on identity theft which is hugely profitable and very difficult to prevent. Credit cards and passwords can be changed the second there is a breach, but when PII is stolen, it can be years before it is weaponised by hackers.
The research also revealed the root causes of data breaches, with social engineering (17%) and unsecured databases (15%) two of the biggest culprits. Misconfigured applications were only responsible for 2% of data breaches, but Imperva said that businesses should expect this figure to rise in the near future, particularly with cloud-managed infrastructure where configuring for security requires significant expertise.
It’s really concerning that a third (32%) of data breaches are down to unsecured databases and social engineering attacks, since they’re both straightforward to mitigate. A publicly open database dramatically increases the risk of a breach and, all too often, they are left like this not out of a failure of security practices but rather the total absence of any security posture at all.
https://www.infosecurity-magazine.com/news/customer-employee-data-hackers/
Royal Mail hit by Ransomware Attack, Causes ‘Severe Disruption’ to Services
Royal Mail experienced “severe service disruption” to its international export services following a ransomware attack, the company has announced. A statement said it was temporarily unable to despatch export items including letters and parcels to overseas destinations.
Royal Mail said: “We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue” and advising that “Some customers may experience delay or disruption to items already shipped for export.”
The attack was later attributed to LockBit, a prolific ransomware gang with close ties to Russia. Both the NCSC and the NCA were involved in responding to the incident.
https://www.independent.co.uk/business/royal-mail-cyber-attack-exports-b2260308.html
The Guardian Confirms Personal Information Compromised in Ransomware Attack
British news organisation The Guardian has confirmed that personal information was compromised in a ransomware attack in December 2022.
The company fell victim to the attack just days before Christmas, when it instructed staff to work from home, announcing network disruptions that mostly impacted the print newspaper.
Right from the start, the Guardian said it suspected ransomware to have been involved in the incident, and this week the company confirmed that this was indeed the case. In an email to staff on Wednesday, The Guardian Media Group’s chief executive and the Guardian’s editor-in-chief said that the sophisticated cyber attack was likely the result of phishing.
They also announced that the personal information of UK staff members was compromised in the attack, but said that reader data and the information of US and Australia staff was not impacted. “We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely,” the Guardian representatives said. While the attack forced the Guardian staff to work from home, online publishing has been unaffected, and production of daily newspapers has continued as well.
“We believe this was a criminal ransomware attack, and not the specific targeting of the Guardian as a media organisation,” the Guardian said.
The company continues to work on recovery and estimates that critical systems would be restored in the next two weeks. Staff, however, will continue to work from home until at least early February. “These attacks have become more frequent and sophisticated in the past three years, against organisations of all sizes, and kinds, in all countries,” the Guardian said.
https://www.securityweek.com/guardian-confirms-personal-information-compromised-ransomware-attack
Ransomware Gang Releases Info Stolen from 14 UK Schools, Including Passport Scans
Another month, another release of personal information stolen from a school system. This time, it's a group of 14 schools in the United Kingdom.
Once again, the perpetrator appears to be Vice Society, which is well known for targeting educational systems in the US. As the Cybersecurity and Infrastructure Security Agency (CISA) pointed out in a bulletin from Sept. 6, "K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers."
The UK hack may have turned up even more confidential information than the Los Angeles school system breach last year. As the BBC reported on Jan. 6, "One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions."
Some prominent school cyber attacks in the US include public school districts in Chicago, Baltimore, and Los Angeles. A new study from digital learning platform Clever claims that one in four schools experienced a cyber-incident over the past year, and according to a new report from security software vendor Emsisoft, at least 45 school districts and 44 higher learning institutions suffered ransomware attacks in 2022.
Schools are an attractive target as they are typically data-rich and resource-poor. Without proper resources in terms of dedicated staffing and the necessary tools and training to protect against cyber-attacks, schools can be a soft target. Many of the 14 schools hit by this latest leak are colleges and universities, but primary and secondary schools were also hit, according to the BBC's list.
The Dark Web’s Criminal Minds See Internet of Things as Next Big Hacking Prize
Cyber security experts say 2022 may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.
Criminal groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when they realise that it works to do damage or to get people to pay. Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.
For the past decade, manufacturers, software companies and consumers have been rushing to the promise of Internet of Things devices. Now there are an estimated 17 billion in the world, from printers to garage door openers, each one packed with software (some of it open-source software) that can be easily hacked.
What many experts are anticipating is the day enterprising criminals or hackers affiliated with a nation-state figure out an easy-to-replicate scheme using IoT devices at scale. A group of criminals, perhaps connected to a foreign government, could figure out how to take control of many things at once – like cars, or medical devices. There have already been large-scale attacks using IoT, in the form of IoT botnets. In that case, actors leveraging unpatched vulnerabilities in IoT devices used control of those devices to carry out denial of service attacks against many targets. Those vulnerabilities are found regularly in ubiquitous products that are rarely updated.
In other words, the possibility already exists. It’s only a question of when a criminal or a nation decides to act in a way that targets the physical world at a large scale. There are a handful of companies, new regulatory approaches, a growing focus on cars as a particularly important area, and a new movement within the software engineering world to do a better job of incorporating cyber security from the beginning.
Corrupted File to Blame for Computer Glitch which Grounded Every US Flight
A corrupted file has been blamed for a glitch on the Federal Aviation Administration's computer system which saw every flight grounded across the US.
All outbound flights were grounded until around 9am Eastern Time (2pm GMT) on Wednesday as the FAA worked to restore its Notice to Air Missions (NOTAM) system, which alerts pilots of potential hazards along a flight route.
On Wednesday 4,948 flights within, into or out of the US had been delayed, according to flight tracker FlightAware.com, while 868 had been cancelled. Most delays were concentrated along the East Coast. Normal air traffic operations resumed gradually across the US following the outage to the NOTAM system that provides safety information to flight crews.
A corrupted file affected both the primary and the backup systems, a senior government official told NBC News on Wednesday night, adding that officials continue to investigate. Whilst Government officials said there was no evidence of a cyber attack, it shows the real world impacts that an outage or corrupted file can cause.
Threats
Ransomware, Extortion and Destructive Attacks
Royal Mail unable to despatch items abroad after 'cyber incident' | UK News | Sky News
Lorenz ransomware gang plants backdoors to use months later (bleepingcomputer.com)
Quarter of UK SMBs Hit by Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Worldwide Ransomware Attacks Trend (informationsecuritybuzz.com)
LastPass Faces Class-Action Lawsuit Over Password Vault Breach (pcmag.com)
Rackspace: Ransomware actor accessed 27 customers' data | TechTarget
Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)
Risk & Repeat: Analysing the Rackspace ransomware attack | TechTarget
Guardian confirms it was hit by ransomware attack | The Guardian | The Guardian
Post-ransomware attack, The Guardian warns staff their personal data was accessed • Graham Cluley
The Guardian Confirms Personal Information Compromised in Ransomware Attack | SecurityWeek.Com
Royal Mail cyber attack linked to LockBit ransomware operation (bleepingcomputer.com)
Hive Ransomware leaked 550 GB stolen from Consulate Health Care - Security Affairs
Iowa’s largest school district cancels classes after cyber attack (bleepingcomputer.com)
Hackers leak sensitive files after attack on San Francisco transit police (nbcnews.com)
Vice Society ransomware claims attack on Australian firefighting service (bleepingcomputer.com)
Ransomware attack at Hope Sentamu Learning Trust in York | York Press
Phishing & Email Based Attacks
AI-generated phishing emails just got much more convincing • The Register
Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)
AI-generated phishing attacks are becoming more convincing | Tripwire
Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED
Phishing campaign targets government institution in Moldova - Security Affairs
Malware
Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)
Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED
ChatGPT Used to Develop New Malicious Tools - Infosecurity Magazine (infosecurity-magazine.com)
Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly
Many of 13 New Mac Malware Families Discovered in 2022 Linked to China | SecurityWeek.Com
Dridex Malware Now Attacking macOS Systems with Novel Infection Method (thehackernews.com)
Over 1,300 fake AnyDesk sites push Vidar info-stealing malware (bleepingcomputer.com)
Attackers abuse business-critical cloud apps to deliver malware - Help Net Security
New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors (thehackernews.com)
6 PyPI Packages Detour Firewall Using Cloudflare Tunnels (informationsecuritybuzz.com)
Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL (bleepingcomputer.com)
Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls (bleepingcomputer.com)
Gootkit Loader Actively Targets Australian Healthcare Industry (trendmicro.com)
Android TV box on Amazon came pre-installed with malware (bleepingcomputer.com)
VLC media player is being hiajcked to send out malware | TechRadar
RAT malware campaign tries to evade detection using polyglot files (bleepingcomputer.com)
Italian Users Warned of Malware Attack Targeting Sensitive Information (thehackernews.com)
Hackers push fake Pokemon NFT game to take over Windows devices (bleepingcomputer.com)
How to protect yourself from bot-driven account fraud - Help Net Security
Mobile
Android spyware strikes again targeting financial institutions and your money | Fox News
Messenger billed as better than Signal is riddled with vulnerabilities | Ars Technica
StrongPity hackers target Android users via trojanized Telegram app (bleepingcomputer.com)
Threema claims encryption flaws never had a real-world impact (bleepingcomputer.com)
Latest Firmware Flaws in Qualcomm Snapdragon Need Attention (darkreading.com)
Threat actors claim access to Telegram servers through insiders - Security Affairs
$20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)
Denial of Service/DoS/DDOS
The most significant DDoS attacks in the past year - Help Net Security
Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)
Internet of Things – IoT
The dark web's criminal minds see IoT as the next big hacking prize (cnbc.com)
Android TV box on Amazon came pre-installed with malware (bleepingcomputer.com)
Hackers can trick Wi-Fi devices into draining their own batteries | New Scientist
Data Breaches/Leaks
Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED
14 UK schools hit by cyber attack and documents leaked - BBC News
Air France and KLM notify customers of account hacks (bleepingcomputer.com)
Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans (darkreading.com)
Twitter's mushrooming data breach crisis could prove costly | CSO Online
Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (thehackernews.com)
CircleCI – code-building service suffers total credential compromise – Naked Security (sophos.com)
Aflac's Japan says US partner leaked cancer customer info • The Register
Data leak exposes information of 10,000 French social security beneficiaries | CSO Online
Chick-fil-A investigates reports of hacked customer accounts (bleepingcomputer.com)
Organised Crime & Criminal Actors
JP Morgan must face suit over $272m cybertheft • The Register
Cyber criminals are already using ChatGPT to own you | SC Media (scmagazine.com)
Russian Cyber Crew Targets Ukraine Financial Sector Via Infected USB Drives - MSSP Alert
2022 Was the Biggest Year Yet for Crypto, if You're a Crook (gizmodo.com)
Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
2022 Was the Biggest Year Yet for Crypto, if You're a Crook (gizmodo.com)
European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)
European cops shut down fake crypto call centres • The Register
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL (thehackernews.com)
Fraud, Scams & Financial Crime
European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)
Nationwide warns ‘checking is important’ as thousands targeted in online scam | Personal Finance |
How to protect yourself from bot-driven account fraud - Help Net Security
Insurance
Insurance Co. Beazley Launches $45M 'Cyber Catastrophe Bond' (gizmodo.com)
Insurer Beazley launches first catastrophe bond for cyber threats | Financial Times (ft.com)
4 Cyber Insurance Requirement Predictions for 2023 (trendmicro.com)
Dark Web
Threat actors claim access to Telegram servers through insiders - Security Affairs
$20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)
Pakistan tells government agencies to avoid the dark web • The Register
Software Supply Chain
Cloud/SaaS
Attackers abuse business-critical cloud apps to deliver malware - Help Net Security
Top SaaS Cyber security Threats in 2023: Are You Ready? (thehackernews.com)
Why Do User Permissions Matter for SaaS Security? (thehackernews.com)
Attack Surface Management
Why the atomized network is growing, and how to protect it - Help Net Security
Web 3.0 Shifts Attack Surface and Highlights Need for Continuous Security (darkreading.com)
Identity and Access Management
Encryption
RSA crypto cracked? Or perhaps not! – Naked Security (sophos.com)
What is Triple DES and why is it being disallowed? | TechTarget
Passwords, Credential Stuffing & Brute Force Attacks
A fifth of passwords used by federal agency cracked in security audit | Ars Technica
Why FIDO and passwordless authentication is the future - Help Net Security
'Copyright Infringement' Lure Used for Facebook Credential Harvesting (darkreading.com)
Why it might be time to consider using FIDO-based authentication devices | CSO Online
Social Media
Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED
Twitter's mushrooming data breach crisis could prove costly | CSO Online
Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (thehackernews.com)
If governments are banning TikTok, why is it still on your corporate devices? | CSO Online
'Copyright Infringement' Lure Used for Facebook Credential Harvesting (darkreading.com)
Training, Education and Awareness
Regulations, Fines and Legislation
Governance, Risk and Compliance
US cyber security director: The tech ecosystem has ‘become really unsafe’ (yahoo.com)
Global Cyber-Attack Volume Surges 38% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Global Risks Report: Understand the risk landscape in 2023 and beyond - Help Net Security
Why Analysing Past Incidents Helps Teams More Than Usual Security Metrics (darkreading.com)
Cyber security spending and economic headwinds in 2023 | CSO Online
Practical Risk Management - Beyond Certification (informationsecuritybuzz.com)
Vulnerable software, low incident reporting raises risks | TechTarget
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
European cops shut down fake crypto call centres • The Register
European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
AI-generated phishing emails just got much more convincing • The Register
ChatGPT: The infosec assistant that is jack of all trades, master of none - Help Net Security
Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)
VALL-E AI can mimic a person’s voice from a 3-second snippet • The Register
ChatGPT Artificial Intelligence: An Upcoming Cyber security Threat? (darkreading.com)
Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware (hackread.com)
Cyber criminals are already using ChatGPT to own you | SC Media (scmagazine.com)
Trojan Puzzle attack trains AI assistants into suggesting malicious code (bleepingcomputer.com)
ChatGPT Used to Develop New Malicious Tools - Infosecurity Magazine (infosecurity-magazine.com)
DHS, CISA plan AI-based cyber security analytics sandbox • The Register
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED
Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly
Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters
Russian cyber attacks on Ukraine halved with help from Amazon and Microsoft (telegraph.co.uk)
New Dark Pink APT group targets govt and military with custom malware (bleepingcomputer.com)
Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)
Phishing campaign targets government institution in Moldova - Security Affairs
Russian and Belarusian men charged with spying for Russian GRU - Security Affairs
Nation State Actors
Nation State Actors – Russia
Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED
Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly
Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters
Russian cyber attacks on Ukraine halved with help from Amazon and Microsoft (telegraph.co.uk)
How Elon Musk’s Starlink has changed warfare | The Economist
Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)
Phishing campaign targets government institution in Moldova - Security Affairs
Russian and Belarusian men charged with spying for Russian GRU - Security Affairs
Musk's Starlink Satellite's Role In Ukraine War Inspires Taiwan To Thwart Potential China Attack
Nation State Actors – China
Many of 13 New Mac Malware Families Discovered in 2022 Linked to China | SecurityWeek.Com
If governments are banning TikTok, why is it still on your corporate devices? | CSO Online
Musk's Starlink Satellite's Role In Ukraine War Inspires Taiwan To Thwart Potential China Attack
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
Patch Where it Hurts: Effective Vulnerability Management in 2023 (thehackernews.com)
70% of apps contain at least one security flaw after 5 years in production - Help Net Security
Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)
Does a hybrid model for vulnerability management make sense? • Graham Cluley
Vulnerabilities
Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day | SecurityWeek.Com
Microsoft plugs actively exploited zero-day hole (CVE-2023-21674) - Help Net Security
The Roadmap to Secure Access Service Edge (SASE) - MSSP Alert
Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica
Cyber criminals bypass Windows security with driver-vulnerability exploit | CSO Online
Attackers target govt networks exploiting Fortinet SSL-VPN CVE-2022-42475 - Security Affairs
Adobe Plugs Security Holes in Acrobat, Reader Software | SecurityWeek.Com
Zoom Patches High Risk Flaws on Windows, MacOS Platforms | SecurityWeek.Com
Cisco warns of auth bypass bug with public exploit in EoL routers (bleepingcomputer.com)
Swiss Threema messaging app found to have vulnerabilities • The Register
Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica
Critical bug in Cisco Small Business Routers will receive no patch - Security Affairs
Severe Vulnerabilities Allow Hacking of Asus Gaming Router | SecurityWeek.Com
JsonWebToken Security Bug Opens Servers to RCE (darkreading.com)
Latest Firmware Flaws in Qualcomm Snapdragon Need Attention (darkreading.com)
Tools and Controls
How to prevent and detect lateral movement attacks | TechTarget
Data Loss Prevention Capability Guide (informationsecuritybuzz.com)
4 key shifts in the breach and attack simulation (BAS) market - Help Net Security
How to prioritize effectively with threat modeling • The Register
XDR and the Age-old Problem of Alert Fatigue | SecurityWeek.Com
Why FIDO and passwordless authentication is the future - Help Net Security
Why it might be time to consider using FIDO-based authentication devices | CSO Online
DHS, CISA plan AI-based cyber security analytics sandbox • The Register
ChatGPT: The infosec assistant that is jack of all trades, master of none - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 06 January 2023
Black Arrow Cyber Threat Briefing 06 January 2023:
-Cyber War in Ukraine, Ransomware Fears Drive Surge in Demand for Threat Intelligence Tools
-Cyber Premiums Holding Firms to Ransom
-Ransomware Ecosystem Becoming More Diverse For 2023
-Attackers Evolve Strategies to Outmanoeuvre Security Teams
-Building a Security-First Culture: The Key to Cyber Success
-Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of Known Exploited Vulnerabilities Catalogue
-First LastPass, Now Slack and CircleCI. The Hacks Go On (and will likely worsen)
-Data of 235 Million Twitter Users Leaked Online
-16 Car Makers, including BMW, Ferrari, Ford, Honda, Kia, Land Rover, Mercedes and Toyota, and Their Vehicles Hacked via Telematics, APIs, Infrastructure
-Ransomware Gang Apologizes, Gives SickKids Hospital Free Decryptor
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber War in Ukraine, Ransomware Fears Drive 2022 Surge in Demand for Threat Intelligence Tools
Amid the heightened fear of ransomware in 2022, threat intelligence emerged as a core requirement of doing business in a world gone mad.
A sizable amount of interest in the historically tech-centric discipline was fuelled in part by fear of cyber attacks tied to the war between Russia and Ukraine. In one example, the Ukrainian government warned the world that the Russian military was planning for multi-pronged attacks targeting the energy sector. Other nation-state cyber attack operations also contributed to the demand, including one June 2022 incident were Iran’s Cobalt Mirage exploited PowerShell vulnerabilities to launch ransomware attacks.
And of course, headlines of data breaches tied to vulnerabilities that organisations did not even know existed within their networks caught the attention not just of security teams, but the C-Suite and corporate board. A misconfigured Microsoft server, for example, wound up exposing years of sensitive data for tens of thousands of its customers, including personally identifiable information, user data, product and project details and intellectual property.
Indeed, according to 183 security pros surveyed by CyberRisk Alliance Business Intelligence in June 2022, threat intelligence has become critical in arming their security operations centres (SOCs) and incident response teams with operational data to help them make timely, informed decisions to prevent system downtime, thwart the theft of confidential data, and protect intellectual property.
Threat intelligence has emerged as a useful tool for educating executives. Many also credited threat intelligence for helping them protect their company and customer data — and potentially saving their organisation's reputation.
Cyber Premiums Holding Firms to Ransom
Soaring premiums for cyber security insurance are leaving businesses struggling to pay other bills, a key industry player has warned.
Mactavish, which buys insurance policies on behalf of companies, said that more than half of big businesses that had bought cyber security insurance had been forced to make cuts elsewhere to pay for it.
In a survey of 200 companies with a turnover above £10 million, Mactavish found that businesses were reducing office costs and staff bonuses and were cutting other types of insurance to meet the higher payments.
Last month Marsh, an insurance broker, revealed that costs for cyber insurance had increased by an average of 66 per cent in the third quarter compared with last year.
Meanwhile, the risk to businesses from hackers continues to rise. A government report on digital threats, published this month, showed the proportion of businesses experiencing cyber security incidents at least monthly had increased from 53 per cent to 60 per cent in the past year. Uber, Cisco and InterContinental Hotels Group were among high-profile targets this year.
https://www.thetimes.co.uk/article/cyber-safety-premiums-hold-firms-to-ransom-tnrsz3vs2
Ransomware Ecosystem Becoming More Diverse for 2023
The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratisation of ransomware is bad news for organisations because it also brought in a diversification of tactics, techniques, and procedures (TTPs), more indicators of compromise (IOCs) to track, and potentially more hurdles to jump through when trying to negotiate or pay ransoms.
Since 2019 the ransomware landscape has been dominated by big and professionalised ransomware operations that constantly made the news headlines and even looked for media attention to gain legitimacy with potential victims. We've seen ransomware groups with spokespeople who offered interviews to journalists or issued "press releases" on Twitter and their data leak websites in response to big breaches.
The DarkSide attack against Colonial Pipeline that led to a major fuel supply disruption along the US East Coast in 2021 highlighted the risk that ransomware attacks can have against critical infrastructure and led to increased efforts to combat this threat at the highest levels of government. This heightened attention from law enforcement made the owners of underground cyber crime forums reconsider their relationship with ransomware groups, with some forums banning the advertising of such threats. DarkSide ceased operations soon thereafter and was followed later in the year by REvil, also known as Sodinokibi, whose creators were indicted and one was even arrested. REvil was one of the most successful ransomware groups since 2019.
Russia's invasion of Ukraine in February 2022 quickly put a strain on the relationship between many ransomware groups who had members and affiliates in both Russia and Ukraine, or other former USSR countries. Some groups, such as Conti, rushed to take sides in the war, threatening to attack Western infrastructure in support of Russia. This was a departure from the usual business-like apolitical approach in which ransomware gangs had run their operations and drew criticism from other competing groups.
This was also followed by a leak of internal communications that exposed many of Conti's operational secrets and caused uneasiness with its affiliates. Following a major attack against the Costa Rican government the US State Department put up a reward of $10 million for information related to the identity or location of Conti's leaders, which likely contributed to the group's decision to shut down operations in May.
Conti's disappearance led to a drop in ransomware activity for a couple of months, but it didn't last long as the void was quickly filled by other groups, some of them newly set up and suspected to be the creation of former members of Conti, REvil and other groups that ceased operations over the past two years.
Attackers Evolve Strategies to Outmanoeuvre Security Teams
Attackers are expected to broaden their targeting strategy beyond regulated verticals such as financial services and healthcare. Large corporations (41%) will be the top targeted sector for cyber attacks in 2023, favoured over financial institutions (36%), government (14%), healthcare (9%), and education (8%), according to cyber security solution provider Titaniam.
The fast pace of change has introduced new vulnerabilities into corporate networks, making them an increasingly attractive target for cyber attackers. To compete in the digital marketplace, large companies are adopting more cloud services, aggregating data, pushing code into production faster, and connecting applications and systems via APIs.
As a result, misconfigured services, unprotected databases, little-tested applications, and unknown and unsecured APIs abound, all of which can be exploited by attackers.
The top four threats in 2022 were malware (30%), ransomware and extortion (27%), insider threats (26%), and phishing (17%).
The study found that enterprises expected malware (40%) to be their biggest challenge in 2023, followed by insider threats (26%), ransomware and related extortion (21%), and phishing (16%).
Malware, however, has more enterprises worried for 2023 than it did for 2022. It is important to note that these threats can overlap, where insiders can have a hand in ransomware attacks, phishing can be a source of malware, etc.
Attackers are evolving their strategies to surprise and outmanoeuvre security teams, which have hardened ransomware defences and improved phishing detection. They’re using new malware, such as loaders, infostealers, and wipers to accelerate attacks, steal sensitive data and create mayhem.
They’re also buying and stealing employee credentials to walk in through the front door of corporate networks.
https://www.helpnetsecurity.com/2023/01/04/attackers-evolve-strategies-outmaneuver-security-teams/
Building a Security-First Culture: The Key to Cyber Success
Everyone has heard a car alarm go off in the middle of the night, but how often does that notification actually lead to action? Most people will hear the alarm, glance in its direction and then hope the owner will quickly remedy the situation.
Cars alarms often fail because they go off too often, leading to apathy and annoyance instead of being a cause for emergency. For many, cyber security has also become this way. While we see an increase in the noise surrounding the need for organisations to improve the security skillset and knowledge base of employees, there continues to be little proactive action on this front. Most organisations only provide employees with elementary-grade security training, often during their initial onboarding process or as part of a standard training requirement.
At the same time, many organisations also make the grave mistake of leaving all of their security responsibilities and obligations in the hands of IT and security teams. Time and time again, this approach has proven to be highly ineffective, especially as cyber criminals refine their social engineering tactics and target user accounts to execute their attacks.
Alarmingly, recent research found that 30% of employees do not think that they play a role in maintaining their company’s cyber security posture. The same report also revealed that only 39% of employees say they are likely to report a security incident.
As traditional boundaries of access disintegrate and more employees obtain permissions to sensitive company data and systems to carry out their tasks, business leaders must change the mindset of their employees when it comes to the role they play in keeping the organisation safe from cyber crime. The key is developing an integrated cyber security strategy that incorporates all aspects—including all stakeholders—of the organisation. This should be a strategy that breaks down departmental barriers and creates a culture of security responsibility where every team member plays a part.
Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of Known Exploited Vulnerabilities Catalogue
Back in November 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) published the Known Exploited Vulnerabilities (KEV) Catalogue to help federal agencies and critical infrastructure organisations identify and remediate vulnerabilities that are actively being exploited. CISA added 548 new vulnerabilities to the catalogue across 58 updates from January to end of November 2022, according to cyber security solution provider Grey Noise in its first-ever "GreyNoise Mass Exploits Report."
Including the approximately 300 vulnerabilities added in November and December 2021, CISA listed approximately 850 vulnerabilities in the first year of the catalogue's existence.
Actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products accounted for over half of the updates to the KEV catalogue in 2022, Grey Noise found. Seventy-seven percent of the updates to the KEV catalogue were older vulnerabilities dating back to before 2022. Many of these vulnerabilities have been around for two decades.
Several of the vulnerabilities in the KEV catalogue are from products that have already entered end-of-life (EOL) and end-of-service-life (EOSL), according to an analysis by a team from cyber security solution provider Cyber Security Works. Even though Windows Server 2008 and Windows 7 are EOSL products, the KEV catalogue lists 127 Server 2008 vulnerabilities and 117 Windows 7 vulnerabilities.
Even though the catalogue was originally intended for critical infrastructure and public-sector organisations, it has become the authoritative source on which vulnerabilities are – or have been – exploited by attackers. This is key because the National Vulnerability Database (NVD) assigned Common Vulnerabilities and Exposures (CVE) identifiers for over 12,000 vulnerabilities in 2022, and it would be unwieldy for enterprise defenders to assess every single one to identify the ones relevant to their environments. Enterprise teams can use the catalogue's curated list of CVEs under active attack to create their priority lists.
First LastPass, Now Slack and CircleCI. The Hacks Go On (and will likely worsen)
In the past week, the world has learned of serious breaches hitting chat service Slack and software testing and delivery company CircleCI, though giving the companies' opaque wording—“security issue” and “security incident,” respectively—you'd be forgiven for thinking these events were minor.
The compromises—in Slack’s case, the theft of employee token credentials and for CircleCI, the possible exposure of all customer secrets it stores—come two weeks after password manager LastPass disclosed its own security failure: the theft of customers’ password vaults containing sensitive data in both encrypted and clear text form. It’s not clear if all three breaches are related, but that’s certainly a possibility.
The most concerning of the two new breaches is the one hitting CircleCI. The company reported a “security incident” that prompted it to advise customers to rotate “all secrets” they store on the service. The alert also informed customers that it had invalidated their Project API tokens, an event requiring them to go through the hassle of replacing them.
CircleCI says it’s used by more than 1 million developers in support of 30,000 organisations and runs nearly 1 million daily jobs. The potential exposure of all those secrets—which could be login credentials, access tokens, and who knows what else—could prove disastrous for the security of the entire Internet.
It’s possible that some or all of these breaches are related. The Internet relies on a massive ecosystem of content delivery networks, authentication services, software development tool makers, and other companies. Threat actors frequently hack one company and use the data or access they obtain to breach that company's customers or partners. That was the case with the August breach of security provider Twilio. The same threat actor targeted 136 other companies. Something similar played out in the last days of 2020 when hackers compromised Solar Winds, gained control of its software build system, and used it to infect roughly 40 Solar Winds customers.
For now, people should brace themselves for additional disclosures from companies they rely on. Checking internal system logs for suspicious entries, turning on multifactor authentication, and patching network systems are always good ideas, but given the current events, those precautions should be expedited. It’s also worth checking logs for any contact with the IP address 54.145.167.181, which one security practitioner said was connected to the CircleCI breach.
Data of 235 Million Twitter Users Leaked Online
A data leak containing email addresses for 235 million Twitter users has been published on a popular hacker forum. Many experts have immediately analysed it and confirmed the authenticity of many of the entries in the huge leaked archive.
In January 2022, a report claimed the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options. The vulnerability was exploited by multiple threat actors to scrape Twitter user profiles containing both private (phone numbers and email addresses) and public data, and was present within the social media platforms application programming interface (API) from June 2021 until January 2022.
At the end of July 2022, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting the forementioned, now-fixed vulnerability in the popular social media platform. The scraped data was then put up for sale on various online cyber crime marketplaces. In August, Twitter confirmed that the data breach was caused by a now-patched zero-day flaw.
In December another Twitter data leak made the headlines, a threat actor obtained data of 400,000,000 Twitter users and attempted to sell it. The seller claimed the database is private, and he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more. The seller, who is a member of a popular data breach forum, claimed the data was scraped via a vulnerability. The database includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of special usernames.
https://securityaffairs.com/140352/data-breach/twitter-data-leak-235m-users.html
16 Car Makers, including BMW, Ferrari, Ford, Honda, Kia, Land Rover, Mercedes and Toyota, and Their Vehicles Hacked via Telematics, APIs, and Infrastructure
A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car functions and start or stop the engine.
Multiple other security defects, the researchers say, allowed them to access a car maker’s internal applications and systems, leading to the exposure of personally identifiable information (PII) belonging to customers and employees, and account takeover, among others. The hacks targeted telematic systems, automotive APIs, and infrastructure.
Impacted car models include Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, and Toyota. The vulnerabilities were identified over the course of 2022. Car manufacturers were informed about the security holes and they released patches.
According to the researchers, they were able to send commands to Acura, Genesis, Honda, Hyundai, Kia, Infiniti, Nissan, and Porsche vehicles.
Using only the VIN (vehicle identification number), which is typically visible on the windshield, the researchers were able to start/stop the engine, remotely lock/unlock the vehicle, flash headlights, honk vehicles, and retrieve the precise location of Acura, Honda, Kia, Infiniti, and Nissan cars.
They could also lock users out of remote vehicle management and could change car ownership.
https://www.securityweek.com/16-car-makers-and-their-vehicles-hacked-telematics-apis-infrastructure
Ransomware Gang Apologises, and Gives SickKids Hospital Free Decrypter
The LockBit ransomware gang has released a free decrypter for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organisation. SickKids is a teaching and research hospital in Toronto that focuses on providing healthcare to sick children.
On December 18th, the hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website. While the attack only encrypted a few systems, SickKids stated that the incident caused delays in receiving lab and imaging results and resulted in longer patient wait times.
On December 29th, SickKids announced that it had restored 50% of its priority systems, including those causing diagnostic or treatment delays. Two days after SickKids' latest announcement, the LockBit ransomware gang apologised for the attack on the hospital and released a decrypter for free.
“We formally apologise for the attack on sikkids.ca and give back the decrypter for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate programme," stated the ransomware gang.
Threats
Ransomware, Extortion and Destructive Attacks
Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (darkreading.com)
Rackspace: Customer email data accessed in ransomware attack (bleepingcomputer.com)
Ransomware gang cloned victim’s website to leak stolen data (bleepingcomputer.com)
Rackspace identifies hacking group responsible for early December ransomware attack | TPR
Ransomware ecosystem becoming more diverse for 2023 | CSO Online
Rackspace Sunsets Email Service Downed in Ransomware Attack (darkreading.com)
December ransomware disclosures reveal high-profile victims | TechTarget
The Guardian ransomware attack hits week two as staff WFH • The Register
Unraveling the techniques of Mac ransomware - Microsoft Security Blog
Bitdefender releases free MegaCortex ransomware decryptor (bleepingcomputer.com)
Ransomware Research: More than 200 US Infrastructure Organisations Attacked in 2022 - MSSP Alert
Ransomware impacts over 200 govt, edu, healthcare orgs in 2022 (bleepingcomputer.com)
Guardian ransomware attack: Staff told work from home to 23 Jan (pressgazette.co.uk)
Rail giant Wabtec discloses data breach after Lockbit ransomware attack (bleepingcomputer.com)
Christmas Eve 'cyber attack' forced Arnold Clark's network down | STV News
Royal ransomware claims attack on Queensland University of Technology (bleepingcomputer.com)
LockBit: Sorry for SickKids, but not housing authority • The Register
Canadian mining firm shuts down mill after ransomware attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Data of 235 million Twitter users leaked online - Security Affairs
Is NHS The Most Impersonated UK Government "Brand"? (informationsecuritybuzz.com)
The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)
Ongoing Flipper Zero phishing attacks target infosec community (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe (thehackernews.com)
Hackers abuse Windows error reporting tool to deploy malware (bleepingcomputer.com)
New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)
Bluebottle hackers used signed Windows driver in attacks on banks (bleepingcomputer.com)
Dridex Returns, Targets MacOS Using New Entry Method (trendmicro.com)
New Linux malware uses 30 plugin exploits to backdoor WordPress sites (bleepingcomputer.com)
PyTorch discloses malicious dependency chain compromise over holidays (bleepingcomputer.com)
WordPress Sites Under Attack from Newly Found Linux Trojan (darkreading.com)
Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (thehackernews.com)
Raspberry Robin Worm Hatches a Highly Complex Upgrade (darkreading.com)
The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley
Five Guys Data Breach Puts HR Data Under a Heat Lamp (darkreading.com)
Analysis Of Top 10 Countries Mostly Targeted By Data Breaches (informationsecuritybuzz.com)
I bought a $15 router at Goodwill — and found a millionaire's dirty secrets (nypost.com)
Critical flaws found in Ferrari, BMW, Porsche, and other carmakers - Security Affairs
Toyota, Mercedes, BMW API flaws exposed owners’ personal info (bleepingcomputer.com)
Threat actors stole Slack private source code repositories - Security Affairs
Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley
Organised Crime & Criminal Actors
Threat Actors Evade Detection Through Geofencing & Fingerprinting (darkreading.com)
Attackers create 130K fake accounts to abuse limited-time cloud computing resources | CSO Online
Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Software engineer busted after being inspired by Office Space scam | PC Gamer
Are Meta and Twitter Ushering in a New Age of Insider Threats? (darkreading.com)
Ex-GE engineer sentenced for stealing turbine tech for China • The Register
Fraud, Scams & Financial Crime
Avast: Expect Cyber crime "Scamdemic" to Continue in 2023 - MSSP Alert
Software engineer busted after being inspired by Office Space scam | PC Gamer
US regulators warn banks over cryptocurrency risks - BBC News
RedZei Chinese Scammers Targeting Chinese Students in the UK (thehackernews.com)
Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)
Impersonation Attacks
AML/CFT/Sanctions
Insurance
Cyber safety premiums holding firms to ransom | Business | The Times
How can businesses decrease cyber insurance premiums while maintaining coverage? - Help Net Security
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Encryption
API
Car companies massively exposed to web vulnerabilities | The Daily Swig (portswigger.net)
16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure | SecurityWeek.Com
What Are Some Ways to Make APIs More Secure? (darkreading.com)
Critical flaws found in Ferrari, BMW, Porsche, and other carmakers - Security Affairs
Open Source
New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)
New Linux malware uses 30 plugin exploits to backdoor WordPress sites (bleepingcomputer.com)
Social Media
Data of 235 million Twitter users leaked online - Security Affairs
The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)
Are Meta and Twitter Ushering in a New Age of Insider Threats? (darkreading.com)
Meta fined €390m over use of data for targeted ads - BBC News
More Political Storms for TikTok After US Government Ban | SecurityWeek.Com
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Cyber safety premiums holding firms to ransom | Business | The Times
Attackers never let a critical vulnerability go to waste - Help Net Security
Attackers evolve strategies to outmanoeuvre security teams - Help Net Security
How to start planning for disaster recovery - Help Net Security
Building A Security-First Culture: The Key To Cyber Success (forbes.com)
Data backup is no longer just about operational fallback - Help Net Security
Threat Actors Evade Detection Through Geofencing & Fingerprinting (darkreading.com)
How can businesses decrease cyber insurance premiums while maintaining coverage? - Help Net Security
Secure Disposal
Backup and Recovery
Data Protection
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
National security fears over police using Chinese tech | News | The Times
Meta fined €390m over use of data for targeted ads - BBC News
Artificial Intelligence
ChatGPT: An Easy Cyber crime Target For Cyber attacks (informationsecuritybuzz.com)
OpenAI's ChatGPT previews how AI can help hackers breach more networks (axios.com)
NATO tests AI’s ability to protect critical infrastructure against cyber attacks | CSO Online
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
War and Geopolitical Conflict: The New Battleground for DDoS Attacks (darkreading.com)
Cyber attacks against governments jumped 95% in last half of 2022, CloudSek says | CSO Online
It's time to focus on information warfare's hard questions (cyberscoop.com)
National security fears over police using Chinese tech | News | The Times
Ex-GE engineer sentenced for stealing turbine tech for China • The Register
Pro-Russia cyber attacks aim at destabilizing Poland - Security Affairs
Poland warns of attacks by Russia-linked Ghostwriter hacking group (bleepingcomputer.com)
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
National security fears over police using Chinese tech | News | The Times
Ex-GE engineer sentenced for stealing turbine tech for China • The Register
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog (darkreading.com)
Attackers never let a critical vulnerability go to waste - Help Net Security
Vulnerabilities
Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks (bleepingcomputer.com)
Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog (darkreading.com)
Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (darkreading.com)
Zoho urges admins to patch severe ManageEngine bug immediately (bleepingcomputer.com)
Android's First Security Updates for 2023 Patch 60 Vulnerabilities | SecurityWeek.Com
Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities (thehackernews.com)
Qualcomm, Lenovo flag multiple high impact firmware vulnerabilities | SC Media (scmagazine.com)
Netgear Wi-Fi routers need to be patched immediately | TechRadar
Other News
The cyber security industry will undergo significant changes in 2023 - Help Net Security
SecurityAffairs Top 10 cybersecurity posts of 2022 - Security Affairs
BleepingComputer's most popular cybersecurity stories of 2022
WordPress Security: 22 Ways To Protect Your Website (informationsecuritybuzz.com)
Cyber attacks against governments jumped 95% in last half of 2022, CloudSek says | CSO Online
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 December 2022
Black Arrow Cyber Threat Briefing 30 December 2022:
-Cyber Attacks Set to Become ‘Uninsurable’, Says Zurich Chief
-Your Business Should Compensate for Modern Ransomware Capabilities Right Now
-Reported Phishing Attacks Have Quintupled
-Ransomware, DDoS See Major Upsurge Led by Upstart Hacker Group
-Videoconferencing Worries Grow, With SMBs in Cyber Attack Crosshairs
-Will the Crypto Crash Impact Cyber Security in 2023? Maybe.
-The Worst Hacks of 2022
-Geopolitical Tensions Expected to Further Impact Cyber Security in 2023
-Fraudsters’ Working Patterns Have Changed in Recent Years
-Hacktivism is Back and Messier Than Ever
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Set to Become ‘Uninsurable’, Says Zurich Chief
The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow.
Insurance executives have been increasingly vocal in recent years about systemic risks, such as pandemics and climate change, that test the sector’s ability to provide coverage. For the second year in a row, natural catastrophe-related claims are expected to top $100bn.
But Mario Greco, chief executive at insurer Zurich, told the Financial Times that cyber was the risk to watch. “What will become uninsurable is going to be cyber,” he said. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” Recent attacks that have disrupted hospitals, shut down pipelines and targeted government departments have all fed concern about this expanding risk among industry executives. Focusing on the privacy risk to individuals was missing the bigger picture, Greco added: “First off, there must be a perception that this is not just data . . . this is about civilisation. These people can severely disrupt our lives.”
Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are exemptions written into policies for certain types of attacks. In 2019, Zurich initially denied a $100mn claim from food company Mondelez, arising from the NotPetya attack, on the basis that the policy excluded a “warlike action”. The two sides later settled. In September, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks.
https://www.ft.com/content/63ea94fa-c6fc-449f-b2b8-ea29cc83637d
Your Business Should Compensate for Modern Ransomware Capabilities Right Now
The “if, not when” mentality surrounding ransomware may be the biggest modern threat to business longevity. Companies of all sizes and across all industries are increasingly common targets for ransomware attacks, and we know that 94% of organisations experienced a cyber security incident last year alone. Yet, many enterprises continue to operate with decades-old security protocols that are unequipped to combat modern ransomware. Leaders have prioritised improving physical security measures in light of the pandemic — so why haven’t ransomware protections improved?
Maybe it’s the mistaken notion that ransomware attacks are declining. In reality, Q1 of 2022 saw a 200% YoY increase in ransomware incidents. Meanwhile, the rise in Ransomware as a Service (RaaS) offerings suggests that cyber threats have become a commodity for bad actors.
The RaaS market presents a new and troubling trend for business leaders and IT professionals. With RaaS — a subscription ransomware model that allows affiliates to deploy malware for a fee — the barrier to entry for hackers is lower than ever. The relatively unskilled nature of RaaS hackers may explain why the average ransomware downtime has plummeted to just 3.85 days (compared to an average attack duration of over two months in 2019).
While the decrease in attack duration is promising, the rise of RaaS still suggests an inconvenient truth for business leaders: All organisations are at risk. And in time, all organisations will become a target, which is why it’s time for IT and business leaders to implement tough cyber security protocols.
Reported Phishing Attacks Have Quintupled
In the third quarter of 2022, the international Anti-Phishing Working Group (APWG) consortium observed 1,270,883 total phishing attacks; the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to APWG.
Over recent years, reported phishing attacks submitted to APWG have more than quintupled since the first quarter of 2020, when APWG observed 230,554 attacks. The rise in Q3 2022 was attributable, in part, to increasing numbers of attacks reported against several specific targeted brands. These target companies and their customers suffered from large numbers of attacks from persistent phishers.
Threat researchers at the cyber security solution provider Fortra noted a 488 percent increase in response-based email attacks in Q3 2022 compared to the prior quarter. While every subtype of these attacks increased compared to Q2, the largest increase was in Advance Fee Fraud schemes, which rose by a staggering 1,074 percent.
In the third quarter of 2022, APWG founding member OpSec Security found that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against social media services fell to 11 percent of the total, down from 15.3 percent.
Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — fell from 4.5 percent of all phishing attacks in Q2 2022 to 2 percent in Q3. This mirrored the fall in value of many cryptocurrencies since mid-year.
https://www.helpnetsecurity.com/2022/12/28/reported-phishing-attacks-quintupled/
Ransomware, DDoS See Major Upsurge Led by Upstart Hacker Group
Cyber threat actors Cuba and Royal are driving a 41% boom in ransomware and other attacks hitting industry and consumer goods and services.
According to the Global Threat Intelligence team of information assurance firm NCC Group, November saw a 41% increase in ransomware attacks from 188 incidents to 265. In its most recent Monthly Threat Pulse, the group reported that the month was the most active for ransomware attacks since April this year.
Key takeaways from the study:
Ransomware attacks rose by 41% in November.
Threat group Royal (16%) was the most active, replacing LockBit as the worst offender for the first time since September 2021.
Industrials (32%) and consumer cyclicals (44%) remain the top two most targeted sectors, but technology experienced a large 75% increase over the last month.
Regional data remains consistent with last month — North America (45%), Europe (25%) and Asia (14%)
DDoS attacks continue to increase.
Recent examples in the services sector include the Play ransomware group’s claimed attack of the German H-Hotels chain, resulting in communications outages. This attack reportedly uses a vulnerability in Microsoft Exchange called ProxyNotShell, which as the name implies, has similarities to the ProxyShell zero-day vulnerability revealed in 2021.
Also, back on the scene is the TrueBot malware downloader (a.k.a., the silence.downloader), which is showing up in an increasing number of devices. TrueBot Windows malware, designed by a Russian-speaking hacking group identified as Silence, has resurfaced bearing Ransom.Clop, which first appeared in 2019. Clop ransomware encrypts systems and exfiltrates data with the threat that if no ransom is forthcoming, the data will show up on a leak site.
https://www.techrepublic.com/article/ransomware-ddos-major-upsurge-led-upstart-hacker-group/
Videoconferencing Worries Grow, With SMBs in Cyber Attack Crosshairs
Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.
It's no secret that the acceleration of work-from-home and distributed workforce trends — infamously spurred on by the pandemic — has occurred in tandem with the rise of video communications and collaboration platforms, led by Zoom, Microsoft, and Cisco.
But given that videoconferencing now plays a critical role in how businesses interact with their employees, customers, clients, vendors, and others, these platforms carry significant potential security risks, researchers say.
Organisations use videoconferencing to discuss M&A, legal, military, healthcare, intellectual property and other topics, and even corporate strategies. A loss of that data could be catastrophic for a company, its employees, its clients, and its customers.
However, a recent report on videoconferencing security showed that 93% of IT professionals surveyed acknowledged security vulnerabilities and gaping risks in their videoconferencing solutions.
Among the most relevant risks is the lack of controlled access to conversations that could result in disruption, sabotage, compromise, or exposure of sensitive information, while use of nonsecure, outdated, or unpatched videoconferencing applications can expose security flaws.
The risks include the potential for interruptions, unauthorised access, and perhaps most concerning, the opportunity for a bad actor to acquire sensitive information.
Will the Crypto Crash Impact Cyber Security in 2023? Maybe.
With the implosion of the FTX exchange putting a punctuation mark on the cryptocurrency crash of 2022, one of the natural questions for those in the cyber security world is, how will this rapid decline of cryptocurrency valuations change the cyber crime economy?
Throughout the most recent crypto boom, and even before then, cyber criminals have used and abused cryptocurrency to build up their empires. The cryptocurrency market provides the extortionary medium for ransomware; it's a hotbed of scams against consumers to steal their wallets and accounts. Traditionally, it's provided a ton of anonymous cover for money laundering on the back end of a range of cyber criminal enterprises.
Even so, according to cyber security experts and intelligence analysts, while there certainly have been some shifts in trends and tactics that they believe are loosely tied to the crypto crash, the jury's still out on long-term impacts.
Regardless of crypto values, cyber criminals this year have definitely become more sophisticated in how they use cryptocurrencies to monetise their attacks including the use by some ransomware groups taking advantage of yield farming within decentralised finance (DeFi), as an example.
The concept of yield farming is the same as lending money, with a contract in place that clearly shows how much interest will need to be paid. The advantage for ransomware groups is that the 'interest' will be legitimate proceeds, so there will be no need to launder or hide it.
Threat actors are increasingly turning toward 'stablecoins,' which are usually tied to fiat currencies or gold to stem their volatility. In many ways, the downturn in crypto values has increased the risk appetite of cyber criminals and is spurring them into more investment fraud and cryptocurrency scams.
https://www.darkreading.com/threat-intelligence/crypto-crash-impact-cybersecurity-2023-maybe
The Worst Hacks of 2022
The year was marked by sinister new twists on cyber security classics, including phishing, breaches, and ransomware attacks.
With the pandemic evolving into an amorphous new phase and political polarisation on the rise around the world, 2022 was an uneasy and often perplexing year in digital security. And while hackers frequently leaned on old chestnuts like phishing and ransomware attacks, they still found vicious new variations to subvert defences.
Technology magazine Wired looked back on the year's worst breaches, leaks, ransomware attacks, state-sponsored hacking campaigns, and digital takeovers. If the first years of the 2020s are any indication, the digital security field in 2023 will be more bizarre and unpredictable than ever. Stay alert, and stay safe out there.
Russia Hacking Ukraine
For years, Russia has pummelled Ukraine with brutal digital attacks causing blackouts, stealing and destroying data, meddling in elections, and releasing destructive malware to ravage the country's networks. Since invading Ukraine in February, though, times have changed for some of Russia's most prominent and most dangerous military hackers. Shrewd long-term campaigns and grimly ingenious hacks have largely given way to a stricter and more regimented clip of quick intrusions into Ukrainian institutions, reconnaissance, and widespread destruction on the network—and then repeated access over and over again, whether through a new breach or by maintaining the old access.
Twilio and the 0ktapus Phishing Spree
Over the summer, a group of researchers dubbed 0ktapus went on a massive phishing bender, compromising nearly 10,000 accounts within more than 130 organisations. The majority of the victim institutions were US-based, but there were dozens in other countries as well.
Ransomware Still Hitting the Most Vulnerable Targets
In recent years, countries around the world and the cyber security industry have increasingly focused on countering ransomware attacks. While there has been some progress on deterrence, ransomware gangs were still on a rampage in 2022 and continued to target vulnerable and vital social institutions, including health care providers and schools. The Russian-speaking group Vice Society, for example, has long specialised in targeting both categories, and it focused its attacks on the education sector this year.
The Lapsus$ Rampage Continues
The digital extortion gang Lapsus$ was on an intense hacking spree at the beginning of 2022, stealing source code and other sensitive information from companies like Nvidia, Samsung, Ubisoft, and Microsoft and then leaking samples as part of apparent extortion attempts. Lapsus$ has a sinister talent for phishing, and in March, it compromised a contractor with access to the ubiquitous authentication service Okta.
LastPass
The beleaguered password manager giant LastPass, which has repeatedly dealt with data breaches and security incidents over the years, said at the end of December that a breach of its cloud storage in August led to a further incident in which hackers targeted a LastPass employee to compromise credentials and cloud storage keys.
Vanuatu
At the beginning of November, Vanuatu, an island nation in the Pacific, was hit by a cyber attack that took down virtually all of the government's digital networks. Agencies had to move to conducting their work on paper because emergency systems, medical records, vehicle registrations, driver's license databases, and tax systems were all down.
Honourable Mention: Twitter-Related Bedlam
Twitter has been in chaos mode for months following Elon Musk's acquisition of the company earlier this year. Amidst the tumult, reports surfaced in July and then again in November of a trove of 5.4 million Twitter users' data that has been circulating on criminal forums since at least July, if not earlier. The data was stolen by exploiting a vulnerability in a Twitter application programming interface, or API.
https://www.wired.com/story/worst-hacks-2022/
Geopolitical Tensions Expected to Further Impact Cyber Security in 2023
Geopolitics will continue to have an impact on cyber security and the security posture of organisations long into 2023.
The impact of global conflicts on cyber security was thrust into the spotlight when Russia made moves to invade Ukraine in February 2022. Ukraine’s Western allies were quick to recognise that with this came the threat of Russian-backed cyber-attacks against critical national infrastructure (CNI), especially in retaliation to hefty sanctions. While this may not have materialised in the way many expected, geopolitics is still front of mind for many cyber security experts looking to 2023.
Russia has always been among a handful of states recognised for their cyber prowess and being the source of many cyber criminal gangs. As previously mentioned, we have failed to see a significant cyber-attack, at least one comparable to the Colonial Pipeline incident, in 2022. However the cyber security services provider, e2e-assure, warned: “We have underestimated Russia’s cyber capability. There is a wide view that Russian cyber activity leading up to and during their invasion of Ukraine indicated that they aren’t the cyber power we once thought. Patterns and evidence will emerge in 2023 that shows this wasn’t the case, instead Russia was directing its cyber efforts elsewhere, with non-military goals (financial and political).”
NordVPN, the virtual private network (VPN) provider, warns that the cyber-war is only just starting: “With China’s leader securing his third term and Russia’s war in Ukraine, many experts predict an increase in state-sponsored cyber-attacks. China may increase cyber-attacks on Taiwan, Hong Kong, and other countries opposing the regime. Meanwhile, Russia is predicted to sponsor attacks on countries supporting Ukraine.”
We are used to seeing cyber-attacks that encrypt data and ask for ransom, but it is likely in this era of nation-state sponsored attacks we could experience attacks for the sake of disruption.
https://www.infosecurity-magazine.com/news/geopolitical-tensions-impact/
Fraudsters’ Working Patterns Have Changed in Recent Years
Less sophisticated fraud — in which doctored identity documents are readily spotted — has jumped 37% in 2022, according to the identify verfication provider Onfido. Fraudsters can scale these attacks on an organisation’s systems around the clock.
It is estimated that the current global financial cost of fraud is $5.38 trillion (£4.37 trillion), which is 6.4% of the world’s GDP. With most fraud now happening online (80% of reported fraud is cyber-enabled), Onfido’s Identity Fraud Report uncovers patterns of fraudster behaviour, attack techniques, and emerging tactics.
Over the last four years, fraudsters’ working patterns have dramatically changed. In 2019, attacks mirrored a typical working week, peaking Monday to Friday and dropping off during the weekends. Yet over the last three years, fraudulent activity started to shift so that levels of fraud span every day of the week.
In 2022, fraud levels were consistent across 24 hours, seven days a week. With technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline. This hyperconnectivity means there are no more ‘business hours’ for fraudsters and sophisticated fraud rings — they will scam and defraud 24/7.
“As criminals look to take advantage of digitisation processes, they’re able to commit financial crimes with increasing efficiency and sophistication, to the extent that financial crime and cyber crime are now invariably linked,” said Interpol. “A significant amount of financial fraud takes place through digital technologies, and the pandemic has only hastened the emergence of digital money laundering tools and other cyber-enabled financial crimes.”
https://www.helpnetsecurity.com/2022/12/29/less-sophisticated-fraud/
Hacktivism is Back and Messier Than Ever
Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.
During its brutal war in Ukraine, Russian troops have burnt cities to the ground, raped and tortured civilians, and committed scores of potential war crimes. On November 23, lawmakers across Europe overwhelmingly labelled Russia a “state sponsor” of terrorism and called for ties with the country to be reduced further. The response to the declaration was instant. The European Parliament’s website was knocked offline by a DDoS attack.
The unsophisticated attack—which involves flooding a website with traffic to make it inaccessible—disrupted the Parliament’s website offline for several hours. Pro-Russian hacktivist group Killnet claimed responsibility for the attack. The hacktivist group has targeted hundreds of organisations around the world this year, having some limited small-scale successes knocking websites offline for short periods of time. It’s been one player in a bigger hacktivism surge.
Following years of sporadic hacktivist activity, 2022 has seen the re-emergence of hacktivism on a large scale. Russia’s full-scale invasion of Ukraine spawned scores of hacktivist groups on both sides of the conflict, while in Iran and Israel, so-called hacktivist groups are launching increasingly destructive attacks. This new wave of hacktivism, which varies between groups and countries, comes with new tactics and approaches and, increasingly, is blurring lines between hacktivism and government-sponsored attacks.
Threats
Ransomware, Extortion and Destructive Attacks
Jersey school locked out of systems as hackers demand "ransom" | Bailiwick Express Jersey
Vice Society Ransomware Attackers Adopt Robust Encryption Methods (thehackernews.com)
Global counter-ransomware task force to become active in January - CyberScoop
Fool Me Thrice? How to Avoid Double and Triple Ransomware Extortion (darkreading.com)
Rackspace criticized for PR response to ransomware attack (expressnews.com)
Ransomware, DDoS see major upsurge led by upstart hacker group (techrepublic.com)
6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)
Your business should compensate for modern ransomware capabilities right now | VentureBeat
Vice Society Adds Custom-branded Payload PolyVice to its Arsenal | Cyware Alerts - Hacker News
Hackers stole data from multiple electric utilities in recent ransomware attack | CNN Politics
Ransomware attack at Louisiana hospital impacts 270,000 patients (bleepingcomputer.com)
The mounting death toll of hospital cyber attacks - POLITICO
Royal ransomware claims attack on Intrado telecom provider (bleepingcomputer.com)
Healthcare Providers and Hospitals Under Ransomware's Siege (darkreading.com)
Guardian Australia staff sent home after cyber attack takes out systems (theage.com.au)
Dumfries Arnold Clark garages hit by company-wide cyber attack - Daily Record
Ransom Deadline Given By LockBit In Port Of Lisbon Attack (informationsecuritybuzz.com)
Phishing & Email Based Attacks
Reported phishing attacks have quintupled - Help Net Security
6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
GuLoader implements new evasion techniques - Security Affairs
PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware (thehackernews.com)
2022 sees over 5000 times new Windows malware vs macOS, over 60 times vs Linux - Neowin
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (thehackernews.com)
New information-stealing malware is being spread by fake pirate sites | TechSpot
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Smart Home Cyber security Hubs: Protecting Endpoints in Your Smarthome (compuquip.com)
Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)
Data Breaches/Leaks
BetMGM discloses security breach impacting 1.5 Million customers - Security Affairs
Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)
Massive EDiscovery Provider Shut Down Over 'Unauthorized Access' - Above the LawAbove the Law
Data of 400 Million Twitter users up for sale - Security Affairs
It’s all in the (lack of) details: 2022’s badly handled data breaches | TechCrunch
Military device with biometric database of 2K people sold on eBay for $68 | Ars Technica
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
How ‘brazen’ multibillion-dollar crypto fraud fell to pieces | Business | The Times
BTC.com lost $3 million worth of cryptocurrency in cyber attack (bleepingcomputer.com)
Hackers steal $8 million from users running trojanized BitKeep apps (bleepingcomputer.com)
Bitcoin Mining Pool Btc.com Suffers $3 Million Cyber attack – Mining Bitcoin News
Crypto wallet BitKeep lost over $9M over a cyber attack - Security Affairs
Case for blockchain in financial services dented by failures | Financial Times (ft.com)
Digital Assets Of $9.9 Million Stolen In BitKeep Cyber Attack (informationsecuritybuzz.com)
Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Linkedin Is Full Of Job Scams – Be Careful Out There (informationsecuritybuzz.com)
Scam complaints from Revolut users more than double since 2020 (telegraph.co.uk)
Fraudsters’ working patterns have changed in recent years - Help Net Security
Experts warn of attacks exploiting WordPress gift card plugin - Security Affairs
North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com
Ukraine shuts down fraudulent call center claiming 18,000 victims (bleepingcomputer.com)
Insurance
Supply Chain and Third Parties
Software Supply Chain
Why Attackers Target GitHub, and How You Can Secure It (darkreading.com)
Improving Software Supply Chain Cyber security (trendmicro.com)
Cloud/SaaS
Identity and Access Management
Enterprises waste money on identity tools they don't use - Help Net Security
Steps To Planning And Implementation Of PAM Solutions (informationsecuritybuzz.com)
Encryption
API
Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)
Google: With Cloud Comes APIs & Security Headaches (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
TikTok User Data Has Been Compromised (giantfreakinrobot.com)
Elon Musk ‘orders Twitter to remove suicide prevention feature’ | Twitter | The Guardian
Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)
Meta settles Cambridge Analytica scandal case for $725m - BBC News
TikTok bans haven't really banned much of anything - The Washington Post
Twitter restores suicide prevention feature | Twitter | The Guardian
Data of 400 Million Twitter users up for sale - Security Affairs
Hacker claims to be selling Twitter data of 400 million users (bleepingcomputer.com)
Malvertising
Privacy
Regulations, Fines and Legislation
Governance, Risk and Compliance
IBM and 70 Global Banks Co-Create New Cyber security, Risk Framework (accelerationeconomy.com)
Economic uncertainty compels IT leaders to rethink their strategy - Help Net Security
3 important changes in how data will be used and treated - Help Net Security
2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)
Secure Disposal
Careers, Working in Cyber and Information Security
IT Jobs: How To Become An Information Security Analyst (informationsecuritybuzz.com)
‘There's a career in cyber security for everyone,’ Microsoft Security CVP says | Fortune
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)
Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian
The Threat of Predictive Policing to Data Privacy and Personal Liberty (darkreading.com)
Meta settles Cambridge Analytica scandal case for $725m - BBC News
78% of Employers Are Using Remote Work Tools to Spy on You (entrepreneur.com)
Germany: Police surveillance software a legal headache – DW – 12/22/2022
Artificial Intelligence
Code-generating AI can introduce security vulnerabilities, study finds | TechCrunch
AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)
Russia’s Cyberwar Foreshadowed Deadly Attacks on Civilians | WIRED
Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU
Ukrainian Hackers Gather Data on Russian Soldiers, Minister Says - Bloomberg
North Korean hackers targeted nearly 1,000 South Korean foreign policy experts
German double agent ‘passed Ukraine intelligence to Russia’ (telegraph.co.uk)
Nation State Actors
Nation State Actors – Russia
Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU
Russian mobile calls, internet seen deteriorating after Nokia, Ericsson leave – EURACTIV.com
Nation State Actors – China
Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian
Nation State Actors – North Korea
BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection (thehackernews.com)
North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com
North Korean hacking outfit impersonating venture capital firms | SC Media (scmagazine.com)
North Korean hackers targeted nearly 1,000 South Korean foreign policy experts
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
Vulnerabilities
Patch now: Serious Linux kernel security hole uncovered | ZDNET
Microsoft Patches Azure Cross-Tenant Data Access Flaw | SecurityWeek.Com
Critical Linux Kernel flaw affects SMB servers with ksmbd enabled - Security Affairs
Critical “10-out-of-10” Linux kernel SMB hole – should you worry? – Naked Security (sophos.com)
Log4Shell remains a big threat and a common cause for security breaches | CSO Online
Thousands of Citrix servers vulnerable to patched critical flaws (bleepingcomputer.com)
Netgear warns users to patch recently fixed WiFi router bug (bleepingcomputer.com)
CISA Warns of Active exploitation of JasperReports Vulnerabilities (thehackernews.com)
Tools and Controls
Other News
AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews
Review: 10 Biggest Hacks And Cyber Security Threats Of 2022 (informationsecuritybuzz.com)
New information-stealing malware is being spread by fake pirate sites | TechSpot
Trend Micro: Expect 2023 to Bring Uncertainty to Cyber Attackers and Defenders - MSSP Alert
After the Uber Breach: 3 Questions All CISOs Should Ask Themselves (darkreading.com)
Top 10 Cyber Security Predictions For 2023 Based On Expert Responses (informationsecuritybuzz.com)
The Five Stories That Shaped Cyber security in 2022 | SecurityWeek.Com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.