Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Intelligence Briefing 14 March 2025
Black Arrow Cyber Threat Intelligence Briefing 14 March 2025:
-95% of Data Breaches Tied to Human Error in 2024
-Hackers Using Advanced Social Engineering Techniques with Phishing Attacks
-Confidence Gap in Cyber Security Leaves Businesses at Risk
-Over Half of UK Organisations Experienced a Security Breach Resulting from Third-Party Access in the Past Year
-Ransomware Gang Encrypted Network from a Webcam to Bypass Security Controls
-Microsoft Reveals Over a Million PCs Hit by Malvertising Campaign
-How Cyber Attacks Affect Your Staff
-UK Government Officials: The UK Is Unprepared and Vulnerable to Russian Cyber Attacks.
-Navigating AI-Powered Cyber Threats in 2025: 4 Expert Security Tips for Businesses
-86% of Financial Firms are Still Not Fully Compliant With DORA
-The CISO as Business Resilience Architect
-Data Breach at Japanese Telecom Giant NTT Hits 18,000 Companies
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Summary
Black Arrow Cyber’s review of threat intelligence this week highlights that human error and susceptibility to social engineering remain at the heart of cyber security failures. A new report reveals that 95% of data breaches in 2024 were due to human mistakes, with just 8% of employees responsible for 80% of incidents. Despite widespread training efforts, a confidence gap persists: 86% of employees believe they can detect phishing scams, yet many still fall victim. Meanwhile, cyber criminals are deploying more sophisticated pretexting techniques, such as fake job offers, to exploit trust before launching attacks. The financial impact of phishing-related breaches now averages $4.88 million per incident.
Third-party access and unmonitored IoT devices also present major risks, with over half of UK firms experiencing a breach due to supplier access. The Akira ransomware gang recently exploited an unsecured webcam to bypass endpoint defences, highlighting the need for a more layered approach to cyber security. Additionally, AI-driven threats are accelerating, enabling criminals to automate cyber attacks and create deepfake scams, such as one that resulted in a $25 million theft.
Looking ahead, regulatory compliance pressures are mounting, with 86% of financial firms still unprepared for the EU’s DORA framework. Meanwhile, UK government officials warn of national cyber security vulnerabilities due to outdated systems and staffing shortages. Black Arrow Cyber believes that businesses must take a proactive stance, adopting zero-trust security, strengthening third-party risk management, and ensuring human resilience against evolving cyber threats.
Top Cyber Stories of the Last Week
95% of Data Breaches Tied to Human Error in 2024
A new report by Mimecast has found that human error was the primary cause of 95% of data breaches in 2024, with insider threats, credential misuse and user mistakes playing a major role. Just 8% of employees were responsible for 80% of incidents, highlighting a concentrated risk. Despite 87% of organisations providing regular cyber security training, concerns remain over employee fatigue and errors, particularly in handling email threats. While 95% of firms use AI for cyber defence, over half admit they are unprepared for AI-driven threats. Collaboration tools are an emerging risk, with 79% citing security gaps and 61% expecting a business impact from an attack in 2025.
Hackers Using Advanced Social Engineering Techniques with Phishing Attacks
Cyber criminals are refining their phishing tactics, moving beyond basic scams to sophisticated social engineering that builds trust before delivering malicious payloads. A report by security provider ESET highlights North Korea-aligned groups using elaborate pretexting, such as fake job offers, to lure victims. Verizon’s 2024 report found that 68% of breaches involved human error, with pretexting now surpassing traditional phishing in impact. IBM’s latest study estimates the average cost of a phishing-related breach at $4.88 million. Businesses must adopt a prevention-first approach, combining employee awareness training with multilayered security solutions to mitigate these increasingly deceptive cyber threats.
Confidence Gap in Cyber Security Leaves Businesses at Risk
New research by KnowBe4 highlights a concerning gap between employee confidence and actual ability to detect cyber threats. While 86% of employees believe they can spot phishing emails, nearly a quarter have fallen victim, with South Africa reporting the highest scam victimisation rate at 68%. The study of 12,000 employees across six countries found that confidence is often misplaced, leaving organisations vulnerable to evolving threats like AI-driven scams and deepfakes. Experts stress the need for scenario-based training and simulated phishing tests to close this gap, ensuring security awareness efforts translate into real-world cyber resilience.
Over Half of UK Organisations Experienced a Security Breach Resulting from Third-Party Access in the Past Year
More than half of UK organisations suffered a security breach linked to third-party access in the past year, surpassing the global average. A new study by Imprivata and the Ponemon Institute highlights that 47% see third-party remote access as their biggest attack surface. Despite growing awareness, weak security strategies persist, with only 58% implementing best practices. The most common consequences include data loss (54%), regulatory fines (49%), and severed vendor relationships (47%). With 65% expecting these breaches to increase, businesses must prioritise robust third-party risk management to mitigate ongoing threats.
Ransomware Gang Encrypted Network from a Webcam to Bypass Security Controls
The Akira ransomware gang exploited an unsecured webcam to bypass the victim’s endpoint detection and response (EDR) and encrypt the network. After initial access via a compromised remote access solution, the attackers deployed AnyDesk, stole data, and attempted to deploy ransomware, only to be blocked by EDR. They then pivoted to a vulnerable Linux-based webcam, to access and encrypt resources that were shared across the victim’s network undetected. The incident highlights the risks posed by unmonitored IoT devices and the need for strict network segmentation, regular firmware updates, and a layered security approach beyond EDR to mitigate evolving cyber threats.
Microsoft Reveals Over a Million PCs Hit by Malvertising Campaign
Microsoft has uncovered a large-scale malvertising campaign that has compromised over a million PCs, deploying infostealers to harvest sensitive data. The attack originated from illegal streaming sites, where users were redirected to malicious GitHub repositories hosting malware. Once installed, the malware gathered system details and exfiltrated login credentials, banking data, and cryptocurrency information. Microsoft took action by removing a number of repositories, but the malware was also hosted on other platforms like Dropbox and Discord. The attack affected a broad range of industries, demonstrating the indiscriminate nature of the threat.
How Cyber Attacks Affect Your Staff
Cyber attacks are now the leading cause of data loss and IT downtime for businesses, with over half of organisations surveyed in the 2024 Data Health Check reporting incidents in the past year. 37% of these cases led to job losses, highlighting the significant human impact. High-profile breaches have resulted in redundancies, pay freezes, and financial instability. Beyond financial losses, employees face uncertainty, stress, and reputational concerns. A robust cyber resilience strategy, combining training, incident response exercises, and clear crisis communication, is essential to minimising disruption and protecting staff, ensuring businesses can navigate cyber threats while maintaining operational stability.
UK Government Officials: The UK Is Unprepared and Vulnerable to Russian Cyber Attacks.
The UK Government is at critical risk of cyber attack due to years of underfunding, recruitment shortfalls, and outdated IT systems, senior officials have warned. A parliamentary probe found that one in three cyber security roles in government remains vacant, while nearly a quarter of legacy IT systems are at high risk of attack. Hostile states, particularly Russia and China, have intensified cyber warfare tactics, posing a substantial risk to government and critical services. Experts stress the urgent need for investment in cyber resilience, warning that failure to act could have severe national security and operational consequences.
Navigating AI-Powered Cyber Threats in 2025: 4 Expert Security Tips for Businesses
AI-powered cyber threats are evolving rapidly, with criminals using generative AI to create hyper-personalised phishing attacks, deepfake scams, and automated malware that adapts to defences in real-time. A recent case saw deepfake technology used to steal $25 million via fraudulent video conferencing. AI-driven cyber attacks operate autonomously, probing networks for weaknesses and bypassing traditional security measures. Experts stress the need for zero-trust security, training employees on AI driven threats, monitoring and regulating employee AI use and collaborating with AI and cyber security experts. Without proactive defences, organisations risk being outpaced by increasingly sophisticated attacks in 2025 and beyond.
86% of Financial Firms are Still Not Fully Compliant With DORA
The majority of financial firms are not compliant with the EU’s Digital Operational Resilience Act (DORA). 86% are yet to achieve full compliance despite the regulation coming into force in January 2025, and only 5% are fully confident in their compliance. Managing third-party vendors, a key part of DORA, is a challenge with 54% citing a lack of transparency as a significant risk. Without proper oversight, firms risk regulatory penalties and operational vulnerabilities. Organisations subject to the regulations should take immediate action through policy development, gap analysis, and targeted remediation plans.
The CISO as Business Resilience Architect
The role of the CISO is evolving beyond cyber defence to encompass business resilience. Regulatory scrutiny is intensifying, with personal accountability for breaches and increasing compliance demands stretching CISOs. Gartner predicts 45% will see their responsibilities expand beyond cyber security by 2027. Technical challenges persist, with 44% of CISOs unable to detect breaches using current tools, and AI integration adding complexity. Rather than fragmenting, the role is set to converge with enterprise architecture, embedding resilience into business strategy. With 24% of CISOs considering resignation, adapting to this shift is key to maintaining boardroom influence.
Data Breach at Japanese Telecom Giant NTT Hits 18,000 Companies
NTT Communications Corporation has disclosed a cyber security breach affecting nearly 18,000 corporate customers. Hackers infiltrated its Order Information Distribution System, exposing contract details, contact information, and service usage data. The breach was discovered on 5 February 2025, with access blocked the next day. However, further investigation revealed attackers had pivoted within the network, prompting containment actions. NTT has assured that personal customers were not impacted. This follows previous cyber security incidents, including a major DDoS attack in January and a 2020 breach, highlighting the persistent threats facing critical telecoms infrastructure.
Sources:
https://www.infosecurity-magazine.com/news/data-breaches-human-error/
https://cybersecuritynews.com/hackers-using-advanced-social-engineering-techniques/
https://informationsecuritybuzz.com/confidence-gap-in-cybersecurity-risk/
https://www.darkreading.com/cyberattacks-data-breaches/how-cyberattacks-affect-your-staff
https://inews.co.uk/news/uk-unprepared-vulnerable-russian-cyber-attacks-heres-why-3580126
https://www.darkreading.com/vulnerabilities-threats/ciso-business-resilience-architect
Governance, Risk and Compliance
Tech Complexity Puts UK Cyber Security at Risk - Infosecurity Magazine
The CISO as Business Resilience Architect
KnowBe4 Research Reveals a Confidence Gap in Cyber Security, Leaving Organisations at Risk
Why effective cyber security is a team effort | TechRadar
Cyber Security Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware gang encrypted network from a webcam to bypass EDR
Travelers reports rise in ransomware activity in Q4'24 Cyber Threat Report - Reinsurance News
Medusa Ransomware: FBI and CISA Urge Organisations to Act Now to Mitigate Threat | Tripwire
Medusa ransomware infects 300+, uses 'triple extortion' • The Register
Microsoft: North Korean hackers join Qilin ransomware gang
FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
Ransomware poseurs are trying to extort businesses through physical letters | CyberScoop
'Spearwing' RaaS Group Ruffles Cyber Threat Feathers
Ransomware Groups Favour Repeatable Access Over Mass Exploits - Infosecurity Magazine
North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
Ragnar Loader Toolkit Evolves Amid Increased Traction Among Threat Operations | MSSP Alert
New SuperBlack ransomware exploits Fortinet auth bypass flaws
Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop
Ransomware Victims
Many Schools Report Data Breach After Retirement Services Firm Hit by Ransomware - SecurityWeek
Two Rhysida healthcare attacks pwned 300K patients' data • The Register
82% of K-12 schools recently experienced a cyber incident | K-12 Dive
RansomHouse gang claims the hack of the Loretto Hospital in Chicago
More than 300,000 US healthcare patients impacted in suspected Rhysida cyber attacks | ITPro
Phishing & Email Based Attacks
Hackers Using Advanced Social Engineering Techniques With Phishing Attacks
Phishing campaign impersonating Booking.com targeting UK hospitality | The Standard
ICANN regains control of X account after phishing attack - Domain Name Wire | Domain Name News
US cities warn of wave of unpaid parking phishing texts
Other Social Engineering
Hackers Using Advanced Social Engineering Techniques With Phishing Attacks
Most AI voice cloning tools aren't safe from scammers, Consumer Reports finds | ZDNET
Consumer Reports calls out poor AI voice-cloning safeguards • The Register
AI-Powered Fraud: How Cyber Criminals Target Finance Teams—and How To Stop Them
How to spot and avoid AI-generated scams - Help Net Security
'Threat actor' has registered over 10k domains for smishing scams, cyber security firm says
How to Steer Clear of Smishing Scams | TIME
Trump Coins Used as Lure in Malware Campaign - SecurityWeek
Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop
US cities warn of wave of unpaid parking phishing texts
New YouTube Windows Attack Warning—Three Strikes And You’re Hacked
Artificial Intelligence
Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags - Infosecurity Magazine
Most AI voice cloning tools aren't safe from scammers, Consumer Reports finds | ZDNET
The Invisible Battlefield Behind LLM Security Crisis - Security Boulevard
AI-Powered Fraud: How Cyber Criminals Target Finance Teams—and How To Stop Them
Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers - SecurityWeek
4 expert security tips for navigating AI-powered cyber threats | ZDNET
How to spot and avoid AI-generated scams - Help Net Security
DeepSeek spits out malware code with a little persuasion • The Register
Worried about DeepSeek? Turns out, Gemini and other US AIs collect more user data | ZDNET
UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine
Even premium AI tools distort the news and fabricate links - these are the worst | ZDNET
Malware
Update your Wi-Fi cameras, else malware could infect your network | PCWorld
Microsoft Says One Million Devices Impacted by Infostealer Campaign - SecurityWeek
Another top security camera maker is seeing devices hijacked into botnet | TechRadar
New threat uses fake CAPTCHA to infect systems with malware | TechSpot
New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Steganography Explained: How XWorm Hides Inside Images
Gone In 120 Seconds: TRUMP Coin Phishing Lure Delivers RAT
Binance Spoofers Compromise PCs in 'TRUMP' Crypto Scam
DeepSeek spits out malware code with a little persuasion • The Register
Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop
1,600 Victims Hit by South American APT's Malware - SecurityWeek
Bots/Botnets
Another top security camera maker is seeing devices hijacked into botnet | TechRadar
Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 - SecurityWeek
Update your Wi-Fi cameras, else malware could infect your network | PCWorld
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Edimax Says No Patches Coming for Zero-Day Exploited by Botnets - SecurityWeek
Mobile
'Threat actor' has registered over 10k domains for smishing scams, cyber security firm says
How to Steer Clear of Smishing Scams | TIME
SIM Swapping Fraud Surges in the Middle East - Infosecurity Magazine
US cities warn of wave of unpaid parking phishing texts
Is your phone eavesdropping on you? Try NordVPN's simple test to find out | ZDNET
Denial of Service/DoS/DDoS
DNS DDoS: Downtime is just the tip of the iceberg | Total Telecom
Another top security camera maker is seeing devices hijacked into botnet | TechRadar
How to Survive Fast-and-Furious DDoS Microbursts
Update your Wi-Fi cameras, else malware could infect your network | PCWorld
Musk blames Ukrainians for cyber attack on X. Experts aren’t convinced. – POLITICO
X’s Attackers Hit Servers Faulted for Lacking Key Protection
Cyber Attack on X Hit Insecure Servers
The Real Reason Twitter Went Down Actually Sounds Pretty Embarrassing
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
X hit by ‘massive cyber attack’ amid Dark Storm’s DDoS claims
What Really Happened With the DDoS Attacks That Took Down X | WIRED
X Outage Exposes Musk's Poor Digital Hygiene | HackerNoon
Elon Musk blaming Ukraine after Twitter cyber attack is ‘dangerous’, expert says | The Independent
Internet of Things – IoT
Hackers spotted using unsecured webcam to launch cyber attack | TechRadar
Update your Wi-Fi cameras, else malware could infect your network | PCWorld
‘Ban These Chinese Routers NOW,’ Cries House Committee - Security Boulevard
Another top security camera maker is seeing devices hijacked into botnet | TechRadar
Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 - SecurityWeek
Car Exploit Allows You to Spy on Drivers in Real Time
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Edimax Says No Patches Coming for Zero-Day Exploited by Botnets - SecurityWeek
CISOs, are your medical devices secure? Attackers are watching closely - Help Net Security
Data Breaches/Leaks
95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine
Data breach at Japanese telecom giant NTT hits 18,000 companies
Two Rhysida healthcare attacks pwned 300K patients' data • The Register
New York sues Allstate and subsidiaries for back-to-back data breaches | CyberScoop
'Uber for nurses' exposes 86K+ medical records, PII • The Register
Australian financial firm hit with lawsuit after massive data breach | CSO Online
Software bug meant NHS information was potentially “vulnerable to hackers” | TechRadar
More than 23.7 Million Hardcoded Secrets Publicly Exposed In GitHub Last Year | MSSP Alert
Does the NHS have a security culture problem? • The Register
Organised Crime & Criminal Actors
Cyber Crime's Cobalt Strike Use Plummets 80% Worldwide
Texas Developer Convicted After Kill Switch Sabotage Plot - Infosecurity Magazine
New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
The Violent Rise of ‘No Lives Matter’ | WIRED
Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ripple CEO Chris Larsen lost $150M in XRP after LastPass hack
US seizes $23 million in crypto stolen via password manager breach
EU investigates OKX for its role in Lazarus' $1.5 billion Bybit hack | Cryptopolitan
North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack - BBC News
Why CFOs Considering Stablecoins, Crypto Need Cyber Security
Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop
North Korean hackers cash out $300 million from ByBit heist
MassJacker malware uses 778,000 wallets to steal cryptocurrency
Gone In 120 Seconds: TRUMP Coin Phishing Lure Delivers RAT
Insider Risk and Insider Threats
95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine
Employee charged with stealing unreleased movies, sharing them online
Developer sabotaged ex-employer IT systems with kill switch • The Register
Developer Convicted for Hacking Former Employer's Systems - SecurityWeek
Man found guilty of planting infinite loop logic bomb on ex-employer's system
Insurance
Cyber insurance becoming a key safeguard for SMEs: Report | Insurance Business America
Supply Chain and Third Parties
Data breach at Japanese telecom giant NTT hits 18,000 companies
Who’s in your digital house? The truth about third-party access - Help Net Security
Cyber criminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets | TechRadar
Cloud/SaaS
Cloud security gains overshadowed by soaring storage fees - Help Net Security
Hiding In Plain Sight: Cyber Criminals Take Advantage Of US Cloud Providers - Above the Law
'Uber for nurses' exposes 86K+ medical records, PII • The Register
Identity and Access Management
Machine Identities Outnumber Humans Increasing Risk Seven-Fold - Infosecurity Magazine
Encryption
UK quietly scrubs encryption advice from government websites | TechCrunch
France rejects controversial encryption backdoor provision | TechRadar
Legislative push for child online safety runs afoul of encryption advocates (again) | CyberScoop
Apple To Appeal Government Backdoor Order Friday | Silicon UK
Linux and Open Source
PoC Exploit Released for Actively Exploited Linux Kernel Write Vulnerability
UK Government Report Calls for Stronger Open Source Supply Chain Security Practices - SecurityWeek
Passwords, Credential Stuffing & Brute Force Attacks
Ripple CEO Chris Larsen lost $150M in XRP after LastPass hack
US seizes $23 million in crypto stolen via password manager breach
Social Media
Musk blames Ukrainians for cyber attack on X. Experts aren’t convinced. – POLITICO
X’s Attackers Hit Servers Faulted for Lacking Key Protection
The Real Reason Twitter Went Down Actually Sounds Pretty Embarrassing
X hit by ‘massive cyber attack’ amid Dark Storm’s DDoS claims
What Really Happened With the DDoS Attacks That Took Down X | WIRED
X Outage Exposes Musk's Poor Digital Hygiene | HackerNoon
ICANN regains control of X account after phishing attack - Domain Name Wire | Domain Name News
New YouTube Windows Attack Warning—Three Strikes And You’re Hacked
Malvertising
Microsoft reveals over a million PCs hit by malvertising campaign | TechRadar
GitHub-Hosted Malware Infects 1M Windows Users
Training, Education and Awareness
95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine
4 expert security tips for navigating AI-powered cyber threats | ZDNET
Regulations, Fines and Legislation
SEC cyber security disclosure rules, with checklist | TechTarget
UK quietly scrubs encryption advice from government websites | TechCrunch
Switzerland Mandates Cyber Reporting for Critical Infrastructure - Infosecurity Magazine
The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online
Balancing Cyber Security Accountability & Deregulation
‘Ban These Chinese Routers NOW,’ Cries House Committee - Security Boulevard
CISA completed its election security review. It won’t make the results public | CyberScoop
Ex-NSA vet slams reported halt to Russia cyber ops | Cybernews
White House instructs agencies to avoid firing cyber security staff, email says | KELO-AM
Cyber Security Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies
MS-ISAC loses federal support | StateScoop
Legislative push for child online safety runs afoul of encryption advocates (again) | CyberScoop
Apple To Appeal Government Backdoor Order Friday | Silicon UK
Models, Frameworks and Standards
NIST Finalizes Differential Privacy Rules to Protect Data
Cyber Essentials April 2025 Update: What you Need to Know
Backup and Recovery
Lessons from the Field, Part III: Why Backups Alone Won’t Save You - Security Boulevard
Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
Data Protection
NIST Finalizes Differential Privacy Rules to Protect Data
Careers, Working in Cyber and Information Security
Understaffed but still delivering -- the reality of cyber security teams
How remote work strengthens cyber security teams - Help Net Security
Managing the emotional toll cyber security incidents can take on your team | CSO Online
The Legacy of the Cyber Security Challenge | SC Media UK
UK’s infosec chiefs must be paid more than PM, say officials • The Register
Law Enforcement Action and Take Downs
US seizes $23 million in crypto stolen via password manager breach
Employee charged with stealing unreleased movies, sharing them online
Developer sabotaged ex-employer IT systems with kill switch • The Register
Texas Developer Convicted After Kill Switch Sabotage Plot - Infosecurity Magazine
Developer Convicted for Hacking Former Employer's Systems - SecurityWeek
Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop
Cyber criminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets | TechRadar
Man found guilty of planting infinite loop logic bomb on ex-employer's system
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Europe, Don't Forget the Information War - CEPA
Nation State Actors
UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine
China
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers - SecurityWeek
Salt Typhoon: A Wake-up Call for Critical Infrastructure
China's Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days - SecurityWeek
‘Ban These Chinese Routers NOW,’ Cries House Committee - Security Boulevard
UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine
Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers - SecurityWeek
Russia
The UK is unprepared and vulnerable to Russian cyber attacks. Here's why
The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online
The Geopolitical Fallout of a Potential US Cyber Stand-Down – The Diplomat
Europe, Don't Forget the Information War - CEPA
Ex-NSA vet slams reported halt to Russia cyber ops | Cybernews
Ukraine loses Signal support for anti-Russian cyber threat efforts, says official | SC Media
North Korea
Microsoft: North Korean hackers join Qilin ransomware gang
EU investigates OKX for its role in Lazarus' $1.5 billion Bybit hack | Cryptopolitan
North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack - BBC News
Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
1,600 Victims Hit by South American APT's Malware - SecurityWeek
Tools and Controls
Hackers spotted using unsecured webcam to launch cyber attack | TechRadar
95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine
How to safely dispose of old tech without leaving a security risk - Help Net Security
4 expert security tips for navigating AI-powered cyber threats | ZDNET
Lessons from the Field, Part III: Why Backups Alone Won’t Save You - Security Boulevard
Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
Threat Groups Using RMM Tools for Initial-Stage in Attacks | MSSP Alert
Defending against EDR bypass attacks - Help Net Security
Security operations centres are fundamental to cyber security — here’s how to build one | CSO Online
Other News
Tech Complexity Puts UK Cyber Security at Risk - Infosecurity Magazine
How Cyber Attacks Affect Your Staff
AI, 5G, and Fiber: The Telecom Infrastructure Boom No One’s Monitoring
Every Truth (And Lie) Told in Netflix's 'Zero Day,' Ranked | HackerNoon
Slow development of Irish maritime security strategy raises concerns
Zut Alors! Surge in Cyber Attacks Targeting France in 2024
Does the NHS have a security culture problem? • The Register
Vulnerability Management
Why Now is the Time to Adopt a Threat-Led Approach to Vulnerability Management
CISOs Connect Research Report on Cyber Security Debt Exposes Widespread Vulnerabilities
Balancing Cyber Security Accountability & Deregulation
Vulnerabilities
Thousands of Orgs Risk Zero-Day VM Escape Attacks
Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday - SecurityWeek
Patch Tuesday: Critical Code Execution Bugs in Adobe Acrobat and Reader - SecurityWeek
Fortinet Patches 18 Vulnerabilities - SecurityWeek
Newly Patched Windows Zero-Day Exploited for Two Years - SecurityWeek
Google researchers uncover critical security flaw in all AMD Zen processors | TechSpot
Mass Exploitation of Critical PHP Vulnerability Begins - SecurityWeek
Top Bluetooth chip security flaw could put a billion devices at risk worldwide | TechRadar
SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver - SecurityWeek
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw - SecurityWeek
Critical PHP RCE vulnerability mass exploited in new attacks
Apple fixed the third actively exploited zero-day of 2025
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
Zoom Patches 4 High-Severity Vulnerabilities - SecurityWeek
PoC Exploit Released for Actively Exploited Linux Kernel Write Vulnerability
New SuperBlack ransomware exploits Fortinet auth bypass flaws
Cisco Patches 10 Vulnerabilities in IOS XR - SecurityWeek
Mozilla warns users to update Firefox before certificate expires
GitLab patches critical authentication bypass vulnerabilities
FreeType Zero-Day Being Exploited in the Wild - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 12 March 2025 – Security Updates from Microsoft, Fortinet, Apple, Adobe, Zoom and SAP
Black Arrow Cyber Advisory 12 March 2025 – Security Updates from Microsoft, Fortinet, Apple, Adobe, Zoom and SAP
Executive Summary
Microsoft’s Patch Tuesday for March 2025 delivered 57 security updates across its product line, including 6 actively exploited zero-day vulnerabilities. This month, several other major software and hardware vendors also released critical security updates to address vulnerabilities that could be exploited by attackers.
Fortinet issued 17 security advisories with updates addressing various high, medium, and low severity vulnerabilities across multiple product ranges, including FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiAnalyzer, FortiManager, FortiAnalyzer-BigData, FortiSandbox, FortiNDR, FortiWeb, FortiSIEM, and FortiADC.
Apple released updates to address zero-day security issues across its iPhone, iPad, macOS, and visionOS product ranges, specifically targeting vulnerabilities in WebKit, the browser engine used within Safari and other Apple products.
Adobe provided updates addressing 35 vulnerabilities, including critical issues in various product lines such as Acrobat and Reader, InDesign, and Substance 3D Sampler.
Zoom patched five vulnerabilities in its applications, including four rated ‘high severity’, affecting Zoom Workplace, Rooms Controller, Rooms Client, and Meeting SDK products.
SAP also released 21 new security notes, covering high, medium, and low severity vulnerabilities addressed by security patches.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar
Apple, Adobe, Fortinet, Zoom, SAP
Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:
https://helpx.adobe.com/security/security-bulletin.html
https://support.apple.com/en-us/100100
https://fortiguard.fortinet.com/psirt
https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 07 March 2025
Black Arrow Cyber Threat Intelligence Briefing 07 March 2025:
-Cyber Security's Future Is All About Governance, Not More Tools
-'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs
-Why Cyber Drills are as Vital as Fire Drills
-Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%
-Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview
-Old Unpatched Vulnerabilities Among the Most Widely Exploited
-Chinese State Back Threat Actor ‘Silk Typhoon’ Shifted to Specifically Targeting Outsourced IT Providers
-Social Engineering and Stolen Credential Threats Continue to Dominate Cyber Attacks
-Security CEOs Warn Your Voicemail Greeting is the Latest Target for Cyber Criminals
-Would-be Extortionists Send “BianLian” Ransom Notes in the Mail
-Cyber Threat Highest It’s Ever Been, Ex-Five Eyes Leader Warns
-Trump Administration Retreats in Fight Against Russian Cyber Threats
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review this week includes the evolving shift in cyber security, where governance and proactive risk management is becoming more critical than tool proliferation as exemplified by the inclusion of the ‘Govern’ function in the NIST Cyber Security Framework. Businesses still face a cocktail of cyber risks as geopolitical tensions, misinformation, and AI-driven threats continue to evolve. Despite increased awareness, cyber risk integration remains insufficient at the executive level, leaving many organisations, particularly smaller businesses, exposed.
Vulnerability management remains a pressing concern. 40% of vulnerabilities leveraged in 2024 date back to 2020 or earlier, while ransomware and botnet expansion thrive on unpatched systems. Meanwhile, the financial sector continues to be a target for cyber attacks, with European regulators responding through stricter risk management frameworks like DORA. The rise of state-sponsored actors such as China-backed Silk Typhoon, which targets IT service providers, further underscores the importance of securing supply chains and third-party dependencies.
Our review this week also highlights the importance of rehearsing how to respond to a cyber incident, as well as the changing tactics of attackers such as the use of AI voice cloning from voicemail recordings to impersonate individuals, and false extortion demands. These, and other observations from our threat intelligence briefings, highlight the need for comprehensive security awareness. With cyber threats at an all-time high, organisations must adopt a strategic, governance-led approach to resilience, ensuring robust defences against both sophisticated adversaries and opportunistic cyber criminals.
Top Cyber Stories of the Last Week
Cyber Security's Future Is All About Governance, Not More Tools
The cyber security landscape is shifting from tool-centric procurement to strategic governance, with CISOs taking a more prominent role in business decision-making. Despite growth in the number of security tools that organisations deploy, fragmented workflows and diminishing returns persist. The focus is now on aligning security with business objectives, regulatory expectations, and operational efficiency. The NIST Cyber Security Framework 2024 update introduced a "Govern" function, underscoring proactive risk management. As cyber security becomes integral to corporate strategy, CISOs must prioritise transparency, accountability, and resilience over simply expanding their security stack.
'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs
The World Economic Forum's ‘Global Cybersecurity Outlook 2025’ highlights the evolving risk landscape, where cyber security threats are increasingly intertwined with geopolitical and economic risks. Misinformation and AI-related threats are now among the top concerns, while cyber espionage is reportedly declining. Despite growing awareness, only 60% of CEOs and CISOs integrate cyber risk into enterprise risk management. Smaller businesses are particularly vulnerable, with 35% admitting their cyber resilience is insufficient. The report stresses that CISOs must navigate shifting board priorities, regulatory changes, and supply chain risks while ensuring cyber security remains a core business consideration.
Why Cyber Drills are as Vital as Fire Drills
Cyber resilience is becoming a business imperative, with human error remaining the leading cause of cyber incidents and the average cost of a cyber attack reaching a record $4.88 million in 2024. A recent study found that 94% of organisations have implemented or plan to implement cyber drills within three years, recognising their role in strengthening defences and ensuring business continuity. Yet, decision-makers spend only 39% of their time on cyber readiness. As nearly half of businesses faced an attack in the past year, routine cyber drills, like fire drills, are essential to preparing teams for real-world threats.
Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%
Nonprofit organisations have experienced a sharp rise in cyber attacks, with email threats increasing by 35% over the past year. A report by Abnormal Security highlights that limited cyber security resources and high-trust environments make nonprofits prime targets. Credential phishing has surged by 50%, compromising donor databases and enabling financial fraud, while malware attacks have risen by 26%, often leading to ransomware incidents. As cyber criminals refine their tactics, nonprofits must prioritise email security, leveraging AI-driven solutions to detect threats and protect sensitive data, ensuring operational resilience and maintaining public trust.
Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview
The latest report from the European Network and Information Security Agency (ENISA) highlights a surge in cyber threats targeting Europe’s financial sector, with 488 reported incidents between January 2023 and June 2024. Banks bore the brunt of attacks (46%), followed by public financial institutions (13%) and individual customers (10%). DDoS attacks were the most common, accounting for 58% of incidents, often linked to geopolitical tensions. Data breaches, ransomware, and fraud also saw a rise, exposing sensitive financial records and disrupting operations. In response, regulators have strengthened cyber security policies, with initiatives like DORA aiming to enhance resilience through stricter risk management and incident response frameworks.
Old Unpatched Vulnerabilities Among the Most Widely Exploited
GreyNoise’s latest report highlights that 40% of vulnerabilities exploited in 2024 were from 2020 or earlier, with some dating back over two decades. Attackers are also accelerating their exploitation of newly disclosed flaws, with some targeted within hours. Home internet routers and enterprise solutions from vendors like Ivanti, D-Link, and VMware were among the most affected. Ransomware groups remain the primary exploiters, leveraging 28% of newly listed vulnerabilities in the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalogue. Key attacker objectives include botnet expansion, cryptocurrency mining, and ransomware deployment, underscoring the risks posed by unpatched legacy systems.
Chinese State Back Threat Actor ‘Silk Typhoon’ Shifted to Specifically Targeting Outsourced IT Providers
Microsoft has reported that Silk Typhoon, a Chinese state-backed espionage group, has shifted focus to targeting IT management firms, aiming to infiltrate downstream customers. The group exploits stolen API keys, credentials, and unpatched software to access cloud and on-premises systems. By compromising IT providers and privileged access tools, they steal sensitive data from sectors including government, healthcare, and energy. Microsoft highlights Silk Typhoon’s ability to swiftly adapt, making it one of the most pervasive Chinese threat actors. This report coincides with US indictments of 12 Chinese nationals linked to cyber espionage, including two alleged Silk Typhoon members.
Social Engineering and Stolen Credential Threats Continue to Dominate Cyber Attacks
CrowdStrike’s 2025 Global Threat Report highlights a sharp rise in social engineering attacks, with credential theft surging by 442% in the latter half of 2024. Stolen credentials remain a primary attack vector, while adversaries operate with increasing speed: the average time to move within a compromised network has fallen to just 48 minutes, with some breaches occurring in as little as 51 seconds. The report underscores the need for enhanced employee training, stronger credential protection, and improved detection capabilities to counter these evolving threats, particularly as cyber criminals leverage AI and target cloud environments with greater sophistication.
Security CEOs Warn Your Voicemail Greeting is the Latest Target for Cyber Criminals
Cyber security leaders are warning that AI voice cloning is a growing threat, with criminals using voicemail recordings to impersonate individuals. Experts highlight that just three seconds of audio is enough to create a convincing deepfake, which can be exploited in scams targeting employees, families, and businesses. C-suite executives are particularly at risk, with attacks mimicking their voices to manipulate staff. To mitigate this risk, security professionals recommend replacing personal voicemail greetings with automated defaults, limiting voice recordings online, and using a family-safe word to verify urgent requests.
Would-be Extortionists Send “BianLian” Ransom Notes in the Mail
Executives are being targeted in a new ransomware scam involving physical letters falsely claiming to be from the BianLian ransomware group. The letters demand ransoms of $250,000 to $350,000, threatening to leak sensitive data unless payment is made within 10 days. However, security experts have found no evidence of actual network intrusions, suggesting the campaign is a fraudulent extortion attempt. The FBI has issued a warning, confirming no links to the real BianLian group. Organisations are advised to inform executives, review incident response procedures, and report any such letters to law enforcement.
Cyber Threat Highest It’s Ever Been, Ex-Five Eyes Leader Warns
The cyber threat to critical infrastructure is at an all-time high, driven by geopolitical tensions, financial incentives, and technological advancements, warns the former head of the UK’s National Cyber Security Centre (NCSC). Organised criminals and state-backed hacking groups pose a growing risk to essential services. Artificial intelligence is making cyber attacks more efficient, cost-effective, and accessible, potentially enabling new threat actors to launch large-scale campaigns. While financial motives remain unchanged, the increasing role of AI in cyber warfare is a key concern, as it lowers barriers to entry for malicious actors, amplifying the risks faced by organisations globally.
Trump Administration Retreats in Fight Against Russian Cyber Threats
The Trump administration has shifted its stance on cyber threats, no longer publicly recognising Russia as a major cyber security risk to US national security and critical infrastructure. This policy change marks a significant departure from long-standing intelligence assessments and contrasts with the positions of US allies. Experts warn that deprioritising Russia as a cyber threat could leave the US vulnerable to attacks. Reports indicate internal directives have limited efforts to monitor Russian cyber activities, raising concerns that adversaries may exploit weakened defences. Meanwhile, job cuts across key agencies may have further reduced cyber security capabilities, compounding the risks.
Sources:
https://www.darkreading.com/cyber-risk/cybersecurity-future-governance-not-more-tools
https://www.darkreading.com/cyber-risk/thinking-outside-box-cyber-risk
https://www.forbes.com/sites/jameshadley/2025/03/04/why-cyber-drills-are-as-vital-as-fire-drills/
https://www.infosecurity-magazine.com/news/nonprofits-email-threats-rise-35/
https://www.jdsupra.com/legalnews/rising-cyber-threats-in-europe-s-7746792/
https://www.infosecurity-magazine.com/news/old-vulnerabilities-widely/
https://cyberscoop.com/silk-typhoon-targets-it-services/
https://cybernews.com/security/cybercriminals-use-voicemail-greetings-ai-voice-cloning-attacks/
https://www.infosecurity-magazine.com/news/extortionists-bianlian-ransom/
https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security
Governance, Risk and Compliance
Cybersecurity’s Future Is All About Governance, Not More Tools
Why Employee Training Is A Critical Component Of Effective Business Cybersecurity - Minutehack
Why Cyber Drills Are As Vital As Fire Drills
'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs
Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews
Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine
Third-Party Risk Top Cybersecurity Claims
Cyber risks see SME focus but big risks remain
Board Oversight of Cyber Security Incidents
How to create an effective incident response plan | CSO Online
CFOs’ Risk Outlook—The Economy, Cyber and Talent Are Top Concerns
What CISOs need from the board: Mutual respect on expectations | CSO Online
The evolving landscape of regulatory compliance in cybersecurity - Digital Journal
WTF? Why the cyber security sector is overrun with acronyms | CSO Online
The 5 stages of incident response grief - Help Net Security
A Shield of Defensibility Protecting CISOs and Their Companies
CISO Liability Risks Spur Policy Changes at 93% of Organisations - Infosecurity Magazine
CISO vs. CIO: Where security and IT leadership clash (and how to fix it) - Help Net Security
Cyber Threats Are Evolving Faster Than Defences
Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Evolution: From Encryption to Extortion
Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever
Cyber criminals picked up the pace on attacks last year | CyberScoop
Ransomware 2025: Lessons from the Past Year and What Lies Ahead
Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs | MSSP Alert
Ransomware activity surged last year, report finds | SC Media
Ransomware Attacks Appear to Keep Surging - InfoRiskToday
Your New Car Could Be the Next Ransomware Target
Ransomware scum abusing Microsoft Windows-signed driver • The Register
VulnCheck Exposes CVEs From Black Bastas' Chats
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Would-be Extortionists Send “BianLian” Ransom Notes in the Mail - Infosecurity Magazine
Cactus Ransomware: What You Need To Know | Tripwire
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
Emulating the Relentless RansomHub Ransomware - Security Boulevard
Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Ransomware: from REvil to Black Basta, what do we know about Tramp? | Computer Weekly
Schools Vs Ransomware: Lessons Learned From A Cyber Attack - TeachingTimes
Ransomware Victims
Hunters International ransomware claims attack on Tata Technologies
Qilin claims attacks on cancer, women's clinics • The Register
Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register
‘My company thrived for 150 years — then Russian hackers brought it down in three months’
Ransomware Group Takes Credit for Lee Enterprises Attack - SecurityWeek
Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine
Phishing & Email Based Attacks
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Phishing Campaign Uses Havoc Framework to Control Infected Systems - Infosecurity Magazine
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar
5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them
Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert
How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ
Business Email Compromise (BEC)/Email Account Compromise (EAC)
From Event to Insight Unpacking a B2B Business Email Compromise BEC Scenario | Trend Micro (US)
Other Social Engineering
2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft
How QR code attacks work and how to protect yourself - Help Net Security
Vishing attacks surged 442% last year - how to protect yourself | ZDNET
The Hidden Risks Of Job Hunting: Recruitment Fraud And Cybersecurity
What is vishing? Voice phishing is surging - expert tips on how to spot it and stop it | ZDNET
North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds
Digital nomads and risk associated with the threat of infiltred employees
YouTube warns of AI-generated video of its CEO used in phishing attacks
Scammers take over social media - Help Net Security
Fake police call cryptocurrency investors to steal their funds
Artificial Intelligence
Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews
89% of enterprise AI usage is invisible to the organisation - Help Net Security
Deepfake cyber attacks proliferated in 2024, iProov claims • The Register
Nearly 12,000 API keys and passwords found in AI training dataset
The Urgent Need to Address Cyber Security in the GenAI Market
Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar
How New AI Agents Will Transform Credential Stuffing Attacks
YouTube warns of AI-generated video of its CEO used in phishing attacks
Private 5G Networks Face Security Risks Amid AI Adoption - Infosecurity Magazine
Police arrests suspects tied to AI-generated CSAM distribution ring
Innovation vs. security: Managing shadow AI risks - Help Net Security
Malware
Microsoft says malvertising campaign impacted 1 million PCs
Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains
Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar
Hackers Weaponizing PowerShell & Microsoft Legitimate Apps To Deploy Malware
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
Devs beware: fake Golang packages target Mac users | Cybernews
Polyglot files used to spread new backdoor | CSO Online
1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED
5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them
Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS
Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
Badbox Android botnet disrupted through coordinated threat hunting | CSO Online
Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert
26 Million Devices Hit By Infostealers—Bank Cards Leaked To Dark Web
1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED
Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica
Russian-Speaking Hackers Goad Users Into Installing Havoc
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
Bots/Botnets
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet | TechRadar
Widespread network edge device targeting conducted by PolarEdge botnet | SC Media
Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica
New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek
Badbox Android botnet disrupted through coordinated threat hunting | CSO Online
Mobile
Over 500K Android, iOS, iPadOS, Devices Impacted By Spyzie Stalkerware | MSSP Alert
Governments can't seem to stop asking for secret backdoors • The Register
New Android RAT Dubbed “AndroRAT” Attacking to Steal Pattern, PIN & Passcodes
Do you really need to worry about spyware on your phone?
Google’s 'consent-less' Android tracking probed by academics • The Register
Google confirms mass app deletion on Play Store after ad fraud | Android Central
Denial of Service/DoS/DDoS
Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica
Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar
New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek
Internet of Things – IoT
Top risks produced by old wireless routers and smart home devices
8 ways to secure your smart home from hackers
Your New Car Could Be the Next Ransomware Target
BadBox Botnet Powered by 1 Million Android Devices Disrupted - SecurityWeek
How Can Your Smart Washer Pose A Threat To Your Privacy?
Badbox Android botnet disrupted through coordinated threat hunting | CSO Online
Goodbye Kia - this is the serious vulnerability that affects all vehicles registered after this date
Data Breaches/Leaks
Inside a cyber attack: How hackers steal data
Lost luggage data leak exposes nearly a million records | Cybernews
75% of US government websites experienced data breaches | Cybernews
Angel One Breach Compromises Client Data | MSSP Alert
Organised Crime & Criminal Actors
Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever
Cyber criminals picked up the pace on attacks last year | CyberScoop
Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald
Online crime-as-a-service skyrockets with 24,000 users selling attack tools - Help Net Security
US Soldier Intends to Admit Hacking 15 Telecom Carriers
Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence
International cops seize Russian crypto exchange Garantex • The Register
Bybit hackers resume laundering activities, moving another 62,200 ETH
US recovers $31 million stolen in 2021 Uranium Finance hack
$51,300,000,000: Crypto Scams 2025 Report by Chainalysis is Out
Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan
North Korea’s $1.5 billion heist puts the crypto world on notice - The Japan Times
Shape-shifting Chrome extensions target wallets | Cybernews
Fake police call cryptocurrency investors to steal their funds
Insider Risk and Insider Threats
Digital nomads and risk associated with the threat of infiltred employees
Insurance
Third-Party Risk Top Cyber Security Claims
Supply Chain and Third Parties
Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine
Third-Party Risk Top Cyber Security Claims
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Why Vendor Risk Management Can't Be a One-Time Task | UpGuard
Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register
Cloud/SaaS
How to plan your cloud migration with security in mind | SC Media
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
New Microsoft 365 outage impacts Teams, causes call failures
Microsoft Teams and other Windows tools hijacked to hack corporate networks | TechRadar
Attackers Leverage Microsoft Teams and Quick Assist for Access - Infosecurity Magazine
Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld
Outages
New Microsoft 365 outage impacts Teams, causes call failures
Barclays: bank to pay £12.5m compensation for online outage
Microsoft Blames Widespread Outage On “Problematic Code Change”
How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ
Identity and Access Management
Misconfigured access management systems expose global enterprises to security risks | CSO Online
Identity: The New Cyber Security Battleground
Prioritising data and identity security in 2025 - Help Net Security
Encryption
The UK will neither confirm nor deny that it’s killing encryption | The Verge
Encryption Wars: Governments Want a Backdoor, but Hackers Are Watching | HackerNoon
France pushes for law enforcement access to Signal, WhatsApp and encrypted email | Computer Weekly
Governments can't seem to stop asking for secret backdoors • The Register
Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld
Why a push for encryption backdoors is a global security risk - Help Net Security
UK cyber security damaged by “clumsy Home Office political censorship” | Computer Weekly
Linux and Open Source
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS
Open Source Security Risks Continue To Rise
Passwords, Credential Stuffing & Brute Force Attacks
2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft
How New AI Agents Will Transform Credential Stuffing Attacks
‘My company thrived for 150 years — then Russian hackers brought it down in three months’
Social Media
UK probes TikTok, Reddit over child data privacy concerns • The Register
Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar
YouTube warns of AI-generated video of its CEO used in phishing attacks
Scammers take over social media - Help Net Security
USCIS mulls policing social media of all would-be citizens • The Register
Malvertising
Microsoft says malvertising campaign impacted 1 million PCs
Training, Education and Awareness
Why Employee Training Is A Critical Component Of Effective Business Cyber Security - Minutehack
Regulations, Fines and Legislation
Former intelligence officials denounce job cuts to federal cyber roles - Nextgov/FCW
Cyber resilience under DORA – are you prepared for the challenge? | TechRadar
The Crime and Policing Bill Explained
Governments can't seem to stop asking for secret backdoors • The Register
Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld
Why a push for encryption backdoors is a global security risk - Help Net Security
What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget
The evolving landscape of regulatory compliance in cyber security - Digital Journal
CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek
UK security in shock as America signals end to cyber operations against Russia
The Wiretap: How Trump, Hegseth And DOGE Are Undermining Ukrainian Security
DoD, CISA Deny Reports of Pausing Cyber Operations Against Russia | MSSP Alert
Gadgets Used By American Presidents (And Why They Were A Security Nightmare)
National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert
CISA Cuts: A Dangerous Gamble in a Dangerous World
Trump's Staffing Overhauls Hit Nation's Cyber Defense Agency
Strengthening Telecommunications Security: A Call to Action for Cyber Resilience
Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard
Google asks US government to drop breakup plan over national security fears | TechRadar
Models, Frameworks and Standards
Cyber resilience under DORA – are you prepared for the challenge? | TechRadar
What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget
Financial Organisations Urge CISA to Revise Proposed CIRCIA Implementation - SecurityWeek
Navigating NIS 2 compliance [Q&A]
Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard
Careers, Working in Cyber and Information Security
New 2025 SANS Threat Hunting Survey Reveals 61% of Organisations Struggle with Staffing Shortages
The days of easy hiring in cyber security coming to an end • The Register
Stress and Burnout Impacting Vast Majority of IT Pros - Infosecurity Magazine
Cyber Security Job Satisfaction Plummets, Women Hit Hardest - Infosecurity Magazine
Why Cyber Security Jobs Are Hard to Find in a Worker Shortage
Will AI Start Taking Cyber Security Professionals' Jobs?
Law Enforcement Action and Take Downs
International cops seize Russian crypto exchange Garantex • The Register
US seizes domain of Garantex crypto exchange used by ransomware gangs
US Soldier Intends to Admit Hacking 15 Telecom Carriers
Police arrests suspects tied to AI-generated CSAM distribution ring
Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
Will Chinese cyberespionage be more aggressive in 2025? CrowdStrike thinks so | TechRadar
Silk Typhoon shifted to specifically targeting IT management companies | CyberScoop
In case we forgot, Typhoon attacks remind us of China’s cyber capability—and intent | The Strategist
Chinese cyber espionage growing across all industry sectors | CSO Online
Defence, not more assertive cyber activity, is the right response to Salt Typhoon | The Strategist
US Charges Members of Chinese Hacker-for-Hire Group i-Soon - Infosecurity Magazine
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
Russia
The Trump Administration Is Deprioritizing Russia as a Cyber Threat | WIRED
As Trump warms to Putin, U.S. halts offensive cyber operations against Moscow - The Washington Post
Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters
France has ‘trouble understanding’ US halt on cyber operations against Russia – POLITICO
CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek
US Cyber Command Russia stand-down: Strategic diplomacy or security gamble? | SC Media
DHS says CISA won’t stop looking at Russian cyber threats | CyberScoop
UK security in shock as America signals end to cyber operations against Russia
National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert
CISA Cuts: A Dangerous Gamble in a Dangerous World
Russian telecom Beeline facing outages after cyber attack | The Record from Recorded Future News
Russian-Speaking Hackers Goad Users Into Installing Havoc
International cops seize Russian crypto exchange Garantex • The Register
‘My company thrived for 150 years — then Russian hackers brought it down in three months’
Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine
Iran
Large cyber attack emanated from Iran days after Trump sanctions - watchdogs | Iran International
Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector
Crafty Camel APT Targets Aviation, OT With Polygot Files
North Korea
How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence
Bybit hackers resume laundering activities, moving another 62,200 ETH
North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds
Digital nomads and risk associated with the threat of infiltred employees
Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan
The rise of Lazarus Group from Sony hacks to billion dollar crypto heists
Tools and Controls
Why Employee Training Is A Critical Component Of Effective Business Cyber Security - Minutehack
Why Cyber Drills Are As Vital As Fire Drills
Board Oversight of Cyber Security Incidents
How to create an effective incident response plan | CSO Online
How to plan your cloud migration with security in mind | SC Media
RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable
British Tech Industry Backs UK Proposal on Software Security
Misconfigured access management systems expose global enterprises to security risks | CSO Online
'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs
Why Vendor Risk Management Can't Be a One-Time Task | UpGuard
EDR And Vendor Consolidation Are A Losing Approach To Cyber Security
Prioritising data and identity security in 2025 - Help Net Security
Other News
Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview | HaystackID - JDSupra
Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35% - Infosecurity Magazine
Cyber risks see SME focus but big risks remain
Attackers could hack smart solar systems and cause serious damages
This Browser-Based Attack Can Dodge Security Protections to Take Over Your Account
What is cyber stalking and how to prevent it? | Definition from TechTarget
The More You Care, The More You Share: Information Sharing And Cyber Awareness
What is a Watering Hole Attack? | Definition from TechTarget
WTF? Why the cyber security sector is overrun with acronyms | CSO Online
If you want security, start with secure products – Computerworld
ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report - SecurityWeek
Over Half of Organisations Report Serious OT Security Incidents - Infosecurity Magazine
Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters
Polish Space Agency offline as it recovers from cyber attack
Hackers breach military walls as funding falls short | Cybernews
Why Decommissioned Nuclear Sites Must Stay on the Security Agenda | SC Media UK
3 Cyber Security Steps Every Local Government Should Take
Google asks US government to drop breakup plan over national security fears | TechRadar
Vulnerability Management
CISA's KEV list informs ransomware attacks, paper suggests • The Register
Old Vulnerabilities Among the Most Widely Exploited - Infosecurity Magazine
Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs | MSSP Alert
VulnCheck Exposes CVEs From Black Bastas' Chats
Vulnerabilities
CISA tags Windows, Cisco vulnerabilities as actively exploited
Android security update contains 2 actively exploited vulnerabilities | CyberScoop
Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks - SecurityWeek
Cisco warns some Webex users of worrying security flaw, so patch now | TechRadar
Hackers can turn any Bluetooth device into an AirTag and track its location | Cybernews
Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities - SecurityWeek
Cisco warns of Webex for BroadWorks flaw exposing credentials
PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors
Vulnerabilities Patched in Qualcomm, Mediatek Chipsets - SecurityWeek
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 28 February 2025
Black Arrow Cyber Threat Intelligence Briefing 28 February 2025:
-Cyber Security's Biggest Blind Spot - Third-Party Risk
-Cyber Criminals Can Now Clone Any Legitimate Website, and It’s Pretty Terrifying
-Over 25 New Malware Variants Created Every Single Hour
-Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour
-Only a Fifth of Ransomware Attacks Now Encrypt Data
-Biggest Crypto Heist in History, Worth $1.5Bn, Linked to North Korea Hackers
-89% of Enterprise GenAI Usage is Invisible to Organisations, Exposing Critical Security Risks
-Combating Deepfakes in Financial Services: A Call to Action
-Threat Actors Are Increasingly Trying to Grind Business to a Halt
-With AI and Automation, Hackers are Stealing Data at Unprecedented Speeds
-Mobile Phishing Attacks on the Rise
-With Millions Upon Millions of Victims, Scale of Info-Stealer Malware Laid Bare
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
The last week has identified several critical cyber security threats that demand immediate attention from business leaders. Third-party risk has become a major concern, with supply chain vulnerabilities now driving 31% of cyber insurance claims. Attackers are also leveraging new techniques, such as MFA fatigue and AI-powered phishing, to bypass traditional defences. The emergence of sophisticated phishing toolkits and deepfake fraud highlights the growing challenge of verifying digital identities, while mobile phishing (mishing) is increasingly targeting employees through personal devices.
The accelerating pace of cyber threats is evident, with 25 new malware variants created every hour and cyber criminals leveraging AI and automation to exfiltrate data at unprecedented speeds, sometimes within minutes. Meanwhile, ransomware actors are shifting strategies, focusing 80% of attacks on data theft rather than encryption, making traditional defences less effective. The surge in generative AI usage within enterprises, often without IT oversight, introduces further risks, including data leakage and code exposure.
Black Arrow Cyber believes that businesses must adopt a proactive, layered security approach. This includes real-time threat detection, robust vendor risk management, AI-driven fraud prevention, and enhanced employee training. With cyber extortion demands rising sharply and operational disruptions increasing, organisations that fail to adapt will face significant financial, operational, and reputational consequences.
Top Cyber Stories of the Last Week
Cyber Security's Biggest Blind Spot: Third-Party Risk
Cyber insurer Resilience has identified third-party risk as a leading driver of cyber insurance claims, accounting for 31% of all claims in 2024. Notably, for the first time, these risks led to direct financial losses, making up 23% of incurred claims. Ransomware remained a major cause, linked to 61% of losses, while transfer fraud increased to 18%. Sectors such as healthcare, finance, and manufacturing were most affected. The findings highlight the growing need for businesses to assess not just their own cyber security, but also that of their vendors to mitigate financial and operational risks.
Cyber Criminals Can Now Clone Any Legitimate Website, and It’s Pretty Terrifying
Researchers have identified a surge in activity around a new phishing toolkit, called Darcula-suite 3.0, which enables cyber criminals to clone legitimate websites with ease. This development significantly lowers the barrier for less technical attackers, allowing them to impersonate trusted brands and steal sensitive information. The toolkit includes an admin panel to track successful attacks and even generate fraudulent payment card details. As phishing scams grow more sophisticated with AI-driven enhancements, organisations must strengthen their cyber security measures to mitigate the risk of falling victim to these increasingly convincing attacks.
Over 25 New Malware Variants Created Every Single Hour
SonicWall’s latest research highlights an alarming rise in cyber threats, with 637 new malware variants detected daily; more than 25 every hour. Encrypted threats have surged by 92%, with attackers leveraging TLS encryption to bypass defences. Security teams are under increasing strain, with burnout and mental health concerns on the rise. Despite the urgency, some organisations take up to 150 days to apply critical patches, leaving them exposed. With cyber attacks doubling in cost in 2024, businesses must move beyond legacy defences and adopt real-time threat monitoring and security operations centre (SOC) capabilities to stay ahead of increasingly sophisticated threats.
Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour
MFA fatigue attacks are emerging as a critical cyber security threat, exploiting human behaviour rather than technical vulnerabilities. Attackers overwhelm users with repeated MFA prompts, hoping frustration or confusion will lead to accidental approval. High-profile breaches, including Uber in 2022, highlight the risks. Cyber criminals often pair push spamming with social engineering to increase success rates. Organisations must move beyond reliance on MFA alone by implementing phishing-resistant authentication, monitoring for excessive login attempts, and training staff to recognise and report unusual activity. A layered security approach is essential to counter these evolving tactics and protect critical systems.
Only a Fifth of Ransomware Attacks Now Encrypt Data
ReliaQuest’s latest report reveals that ransomware actors are increasingly abandoning encryption, with 80% of attacks in 2024 focused solely on data exfiltration, which is 34% faster. Service accounts were a key vulnerability, implicated in 85% of breaches, while insufficient logging was identified as the leading cause of security failures. Two-thirds of critical intrusions involved legitimate software, and a quarter stemmed from exploited public-facing applications. The report urges organisations to enhance monitoring, deploy AI-driven automation, and strengthen endpoint security to keep pace with increasingly rapid cyber threats.
Biggest Crypto Heist in History, Worth $1.5Bn, Linked to North Korea Hackers
A cyber attack on the Dubai-based cryptocurrency exchange Bybit resulted in the theft of an estimated $1.5bn, with analysts attributing the breach to North Korea’s Lazarus Group. Experts report that malware was used to authorise fraudulent transactions, with the stolen funds allegedly laundered to support North Korea’s missile programme. Bybit has offered a $140m bounty to trace and freeze the stolen assets. Blockchain analysis indicates North Korea-linked hackers were responsible for one in five crypto breaches in 2024, stealing $1.34bn across 47 incidents, up from $660m across 20 incidents the previous year.
89% of Enterprise GenAI Usage is Invisible to Organisations, Exposing Critical Security Risks
A new report by LayerX highlights a significant blind spot in enterprise security, revealing that nearly 90% of generative AI (GenAI) usage occurs without IT oversight. This lack of visibility increases risks such as data leakage and unauthorised access. While only 15% of employees use GenAI daily, 50% engage with these tools at least biweekly. Notably, 39% of frequent users are software developers, raising concerns over proprietary code exposure. Additionally, half of all data pasted into GenAI tools contains corporate information, underscoring the urgent need for robust security measures to manage ‘shadow AI’ and protect sensitive business data.
Combating Deepfakes in Financial Services: A Call to Action
Deepfake fraud is emerging as a critical threat to financial institutions. Criminals use AI-generated video and audio to bypass traditional security measures, impersonating executives and manipulating high-value transactions. One incident saw an organisation transfer $25 million following a deepfake video call. To combat this, financial firms must adopt advanced identity verification, including liveness detection and AI-driven fraud analysis. A layered security approach, combined with employee awareness and customer education, is essential to mitigating risk and maintaining trust in digital banking.
Threat Actors Are Increasingly Trying to Grind Business to a Halt
Palo Alto Networks’ Unit 42 found that nearly 9 in 10 cyber attacks it responded to last year led to business disruption, with organisations facing operational downtime, fraud-related losses and reputational damage. Attackers increasingly use disruption as leverage, alongside encryption and data theft, to pressure victims into paying. The median extortion demand surged by almost 80% to $1.25 million in 2024, though negotiated payments averaged $267,500. Critical infrastructure sectors, including health care and manufacturing, were particularly targeted. These findings highlight the growing threat of cyber extortion and the increasing financial and operational toll on businesses.
With AI and Automation, Hackers are Stealing Data at Unprecedented Speeds
ReliaQuest’s Annual Cyber-Threat Report highlights how AI and automation are accelerating cyber attacks, with hackers now exfiltrating critical data in record time. On average, attackers achieve lateral movement within 48 minutes, with the fastest observed data theft occurring in just 4 hours and 29 minutes. Ransomware groups increasingly prioritise data exfiltration over encryption, with 80% of attacks focused on stealing information. In 60% of cases, stolen data is sent to legitimate cloud platforms. With the threat landscape evolving rapidly, organisations must rethink their response strategies to detect and mitigate attacks before critical assets are compromised.
Mobile Phishing Attacks on the Rise
Mishing (mobile phishing) attacks have risen sharply, with one major global campaign compromising over 600 organisations. Attackers are increasingly using advanced social engineering tactics, including device-aware phishing and geolocation-based redirection, making scams more targeted and harder to detect. The rise in Bring Your Own Device policies and reduced user verification of URLs have contributed to this trend. Security experts highlight the need for organisations to adapt, recommending mobile threat defence, phishing-resistant multi-factor authentication, clear Bring Your Own Device policies, and strong password management to counter the growing risk of credential-based attacks.
With Millions Upon Millions of Victims, Scale of Info-Stealer Malware Laid Bare
A vast trove of stolen credentials has been added to the privacy-breach-notification service ‘Have I Been Pwned’ (HIBP) after a government agency tipped off its founder, Troy Hunt. The dataset, linked to the "Alien Txtbase" Telegram channel, comprises 1.5TB of data, including 23 billion records and 284 million unique email addresses, harvested by info-stealer malware. HIBP has integrated 244 million new passwords and updated 199 million existing ones. Attackers increasingly exploit stolen credentials to bypass security, with new HIBP APIs now enabling organisations to check if their domains are compromised, reinforcing the need for strong cyber security measures.
Sources:
https://www.xda-developers.com/cybercriminals-clone-legitimate-website/
https://www.infosecurity-magazine.com/opinions/healthcare-ai-fight-cyber-attacks/
https://thehackernews.com/2025/02/89-of-enterprise-genai-usage-is.html
https://cyberscoop.com/cyberattacks-business-disruption-2025-unit-42-palo-alto-networks/
https://cybernews.com/security/hackers-stealing-data-at-unprecedented-speeds/
https://www.scworld.com/brief/mobile-phishing-attacks-on-the-rise
https://www.theregister.com/2025/02/26/hibp_adds_giant_infostealer_trove/
Governance, Risk and Compliance
Threat actors are increasingly trying to grind business to a halt | CyberScoop
Geopolitical Tension Fuels APT and Hacktivism Surge - Infosecurity Magazine
The Time to Speak to Employees About Insider Risk Is Now
Cyber attacks Become Increasingly Efficient | MSSP Alert
The CISO's dilemma of protecting the enterprise while driving innovation - Help Net Security
Insurers still concerned over cyber risk unknowns
Data: Cyber threats skyrocket as attackers think like businesses | Capacity Media
The Future of Auditing: What to Look for in 2025 - Security Boulevard
Cyber security professionals face expanding responsibilities, with 61% covering multiple domains
Threats
Ransomware, Extortion and Destructive Attacks
Only a Fifth of Ransomware Attacks Now Encrypt Data - Infosecurity Magazine
AI is helping hackers get access to systems quicker than ever before | TechRadar
FBI Has Warned About 'Ghost' Cyber Attacks. What You Need to Know. - Business Insider
Warning issued over prolific 'Ghost' ransomware group | ITPro
New Anubis Ransomware Could Pose Major Threat to Organisations - SecurityWeek
EncryptHub breaches 618 orgs to deploy infostealers, ransomware
With AI and automation, hackers are stealing data at unprecedented speeds | Cybernews
23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild
CL0P Ransomware Attacking Telecommunications & Healthcare Sectors In Large Scale
Threat actors are increasingly trying to grind business to a halt | CyberScoop
Massive leak exposes the inner workings of top ransomware syndicate Black Basta | TechSpot
Black Basta ransomware leak sheds light on targets, tactics | TechTarget
NCC Group tracks alarming ransomware surge in January | TechTarget
A landscape forever altered? The LockBit takedown one year on | Computer Weekly
Should ransomware payments be illegal? | TechRadar
Black Basta Goes Dark Amid Infighting, Chat Leaks Show
Targeted by Ransomware, Middle East Banks Shore Up Security
Dragos: Ransomware attacks against industrial orgs up 87% | TechTarget
Ransomware Victims
Ransomware attack on Southern Water cost £4.5 million – DataBreaches.Net
Hackers claim responsibility for NHS provider attack - BBC News
DISA took a year to disclose a breach affecting 3.3M+ people • The Register
DragonForce Ransomware Group is Targeting Saudi Arabia
'Paddington' victim of Russian cyber attack
Ransomware Gang Publishes Stolen Genea IVF Patient Data - Infosecurity Magazine
LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat
Home Depot Refutes Clop Ransomware Attack Claims | MSSP Alert
Phishing & Email Based Attacks
Cyber criminals can now clone any legitimate website, and it's pretty terrifying
Cyber Crooks Exploit URL Manipulation In Sophisticated Phishing Scam
Forget phishing, now "mishing" is the new security threat to worry about | TechRadar
Cyber Criminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3
Job Application Spear Phishing - Security Boulevard
Deceptive Signatures: Advanced Techniques in BEC Attacks
Beware: PayPal "New Address" feature abused to send phishing emails
FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services
Be careful! That legit PayPal email might be a phishing scam | PCWorld
How I Keep Myself Safe From Phishing When I Work From Home
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Deceptive Signatures: Advanced Techniques in BEC Attacks
Other Social Engineering
Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour - IT Security Guru
CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks
One wrong SMS can wipe your savings, thanks to this Android Trojan | Cybernews
Pump.fun X account hacked to promote scam governance token
DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert
Artificial Intelligence
Deep trouble: Deepfakes and their implications for cyber security - Verdict
4 Low-Cost Ways to Defend Your Organisation From Deepfakes
Combating Deepfakes in Financial Services: A Call to Action: By Adam Preis
AI is helping hackers get access to systems quicker than ever before | TechRadar
With AI and automation, hackers are stealing data at unprecedented speeds | Cybernews
CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks
The truth about GenAI security: your business can't afford to “wait and see” | TechRadar
The First International AI Safety Report: A Call To Action
Quarter of Brits Report Deepfake Phone Scams - Infosecurity Magazine
Microsoft names cyber criminals behind AI deepfake network
AI-Powered Deception is a Menace to Our Societies
Why AI deployment requires a new level of governance - Help Net Security
AI Is Everywhere Since October 7, From the Battlefield to the Cyber Arena - The Media Line
DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert
OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns
Nearly a third of UK public sector IT professionals anxious about AI security risks
2FA/MFA
Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour - IT Security Guru
Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine
Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to know | ITPro
Why Gmail is replacing SMS codes with QR codes - and what it means for you | ZDNET
Malware
Scale of unstoppable info-stealer malware laid bare • The Register
Cyber criminals prefer remote tools over malware, says CrowdStrike | SC Media
Why ‘malware as a service’ is becoming a serious problem | ITPro
Have I Been Pwned adds 284M accounts stolen by infostealer malware
Is your email or password among the 240+ million compromised by infostealers? - Help Net Security
3.9 Billion Passwords Stolen—Infostealer Malware Blamed
EncryptHub breaches 618 orgs to deploy infostealers, ransomware
AI malware pioneers | Cybernews
New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer
5 Active Malware Campaigns in Q1 2025
2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT
GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets
New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems
Hundreds of GitHub repos served up malware for years - Help Net Security
Mac malware masks as job interview to steal crypto | Cybernews
‘Auto-Color’ Linux Malware Uses Advanced Stealth Tactics To Evade Detection
Two new pieces of Mac malware in the wild – one being fixed this week
FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services
Vo1d malware botnet grows to 1.6 million Android TVs worldwide
Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks - Infosecurity Magazine
New malware disrupts critical industrial processes • The Register
Bots/Botnets
Massive botnet hits Microsoft 365 accounts - Help Net Security
Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine
Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to know | ITPro
Vo1d malware botnet grows to 1.6 million Android TVs worldwide
Mobile
Mobile phishing attacks on the rise | SC Media
Forget phishing, now "mishing" is the new security threat to worry about | TechRadar
SpyLend Android malware downloaded 100,000 times from Google Play
Apple currently only able to detect Pegasus spyware in half of infected iPhones
Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors
One wrong SMS can wipe your savings, thanks to this Android Trojan | Cybernews
Unmanaged Devices: The Overlooked Threat CISOs Must Confront
New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades
Security flaw in popular stalkerware apps is exposing phone data of millions | TechRadar
Why this Android image-scanning feature is controversial - and how to get rid of it | ZDNET
A Major Security Flaw Has Been Discovered in Samsung's Secure Folder Feature | Extremetech
Denial of Service/DoS/DDoS
How DDoS Attacks Work and How You Can Protect Your Business From Them - Security Boulevard
Web DDoS attacks up over 500 percent
Radware’s Cyber Threat Report: Web DDoS Attacks Surge 550%
Internet of Things – IoT
Cyber Attacks On EV Chargers Pose A Growing Threat | The Truth About Cars
Vo1d malware botnet grows to 1.6 million Android TVs worldwide
Hackers Can Crack Into Car Cameras in Minutes Flat
Data Breaches/Leaks
Orange Group confirms breach after hacker leaks company documents
Cyber Security's Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds
Third parties now dominant cyber-attack point
Background check, drug testing provider DISA suffers data breach - Help Net Security
Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek
DISA took a year to disclose a breach affecting 3.3M+ people • The Register
Top digital loan firm security slip-up puts data of 36 million users at risk | TechRadar
Organised Crime & Criminal Actors
B1ack’s Stash released 1 Million credit cards - Security Affairs
Thailand Targets Cyber Sweatshops to Free 1000s of Captives
Microsoft names cyber criminals behind AI deepfake network
INSIGHT: Fraud-as-a-Service: Creating a new breed of fraudsters - AML Intelligence
10 cyber security insights from ex hacker and FBI agent who arrested him
Data: Cyber threats skyrocket as attackers think like businesses | Capacity Media
'Silver Fox' APT Skirts Windows Blocklist in BYOVD Attack
26 New Threat Groups Spotted in 2024: CrowdStrike - SecurityWeek
Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek
Leader of cyber blackmail gang faces jail – Court News UK
The evolution of Russian cyber crime | Intel 471
How Anonymous Actually Works, According to a Founding Member - Business Insider
Criminal hacker known as ALTDOS, DESORDEN, GHOSTR and 0mid16B arrested – DataBreaches.Net
US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Lazarus Group moves funds to multiple wallets as Bybit offers bounty
Lazarus Group launches ‘QinShihuang’ meme coin to launder $26M more from Bybit stash | Cryptopolitan
AI Tricksters Spin Up Fake DeepSeek Sites to Steal Crypto
Mac malware masks as job interview to steal crypto | Cybernews
Inside the Lazarus Group money laundering strategy
Fake CS2 tournament streams used to steal crypto, Steam accounts
Pump.fun X account hacked to promote scam governance token
DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert
Argentina’s $4.6 Billion Crypto Scandal; Largest-Ever Crypto Theft
Insider Risk and Insider Threats
The Time to Speak to Employees About Insider Risk Is Now
US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security
Insurance
Insurers still concerned over cyber risk unknowns
Supply Chain and Third Parties
Cyber Security's Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds
Third parties now dominant cyber-attack point
Survey: Nearly Half of Data Breaches Involved Third-Party Remote Access - Security Boulevard
Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware
Russia warns financial sector organisations of IT service provider LANIT compromise
Cloud/SaaS
UK backdoor order forces Apple to disable cloud encryption | Digital Trends
Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand - SecurityWeek
Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine
Are False Positives Killing Your Cloud Security? Veriti Research Reveals - Security Boulevard
The Future of Auditing: What to Look for in 2025 - Security Boulevard
Encryption
Apple Pulls Encrypted iCloud Security Feature in UK Amid Government Backdoor Demands - MacRumors
Government has made UK user data ‘less secure’ with Apple row – experts - LBC
Experts Slam Government After “Disastrous” Apple Encryption Move - Infosecurity Magazine
Public told to use Apple security tool Advanced Data Protection that Home Office tried to crack
Quantum Computing Has Arrived; We Need To Prepare For Its Impact
The encryption backdoor debate: Why are we still here?
The Case for Encryption | Open Rights Group
Google Says Its Encryption Has Not Changed—Does Android Now Beat iPhone?
FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data
Signal May Exit Sweden If Government Imposes Encryption Backdoor - Infosecurity Magazine
Privacy tech firms warn France’s encryption and VPN laws threaten privacy
Linux and Open Source
New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems
‘Auto-Color’ Linux Malware Uses Advanced Stealth Tactics To Evade Detection
OpenSSF Releases Security Baseline for Open Source Projects - SecurityWeek
Passwords, Credential Stuffing & Brute Force Attacks
Scale of unstoppable info-stealer malware laid bare • The Register
Hackers stole this engineer's 1Password database. Could it happen to you? | ZDNET
Is your email or password among the 240+ million compromised by infostealers? - Help Net Security
3.9 Billion Passwords Stolen—Infostealer Malware Blamed
HaveIBeenPwned Adds 244 Million Passwords Stolen By Infostealers - Infosecurity Magazine
Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics - SecurityWeek
Social Media
As Meta gets rid of fact-checkers, misinformation is going viral | TechCrunch
How new Facebook policies incentivize spreading misinformation | ZDNET
Pump.fun X account hacked to promote scam governance token
Regulations, Fines and Legislation
Government has made UK user data ‘less secure’ with Apple row – experts - LBC
Cyber security Needs to Stay Nonpartisan in the Age of DOGE
House Dems say DOGE is leaving publicly exposed entry points into government systems | CyberScoop
Firing of 130 CISA staff worries cyber security industry | CSO Online
Federal cyber security layoffs could leave U.S. vulnerable to hackers - CBS News
Why we need an expanded CISA to fight today’s cyber threats | SC Media
Gabbard Calls for Investigation of UK’s Apple Backdoor Request
The Future of Auditing: What to Look for in 2025 - Security Boulevard
Trump 2.0 Brings Cuts to Cyber, Consumer Protections – Krebs on Security
Fake video of Trump kissing Musk's toes beamed to federal computers
China compromised GOP emails ahead of Republican convention • The Register
NIST Purge Puts US Semiconductors, AI Safety At Risk
Models, Frameworks and Standards
We must all safeguard against cyber attacks
UK businesses should look to Ireland amid EU cyber security overhaul | Computer Weekly
How To Take Your Firm From Risk To Resilience In 8 DORA-compliant Steps
Careers, Working in Cyber and Information Security
The CISO's dilemma of protecting the enterprise while driving innovation - Help Net Security
The cyber security skills gap reality: We need to face the challenge of emerging tech | CSO Online
Cyber security professionals face expanding responsibilities, with 61% covering multiple domains
Law Enforcement Action and Take Downs
Microsoft names cyber criminals behind AI deepfake network
Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek
Leader of cyber blackmail gang faces jail – Court News UK
Criminal hacker known as ALTDOS, DESORDEN, GHOSTR and 0mid16B arrested – DataBreaches.Net
US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security
Misinformation, Disinformation and Propaganda
As Meta gets rid of fact-checkers, misinformation is going viral | TechCrunch
How new Facebook policies incentivize spreading misinformation | ZDNET
AI-Powered Deception is a Menace to Our Societies
Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations
Opinion | The right-wing media machine hits a wall - The Washington Post
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Aggressive Tactics, Weaponization of AI-powered Deception Rises | Business Wire
The Growing Threat of Cyber Warfare from Nation-States - PaymentsJournal
Nation State Actors
Geopolitical Tension Fuels APT and Hacktivism Surge - Infosecurity Magazine
How APT Naming Conventions Make Us Less Safe
China
FBI Has Warned About 'Ghost' Cyber Attacks. What You Need to Know. - Business Insider
Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine
A Tale of Two Typhoons: Properly Diagnosing Chinese Cyber Threats - War on the Rocks
CrowdStrike: China hacking has reached 'inflection point' | TechTarget
Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs
China-linked threat actors stole 10% of Belgian State Security Service (VSSE)'s staff emails
Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations
Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics - SecurityWeek
China compromised GOP emails ahead of Republican convention • The Register
Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks - Infosecurity Magazine
Russia
The evolution of Russian cyber crime | Intel 471
Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware
Russia warns financial sector organisations of IT service provider LANIT compromise
Cyber Attacks Hits Leading Russian IT Service Provider’s Subsidiaries | MSSP Alert
Russia warns financial sector of major IT service provider hack
Australia Bans Kaspersky Software Over National Security and Espionage Concerns
Apple Cuts Off Russian Developers from Enterprise Program Amid Ongoing Sanctions - gHacks Tech News
Sweden investigates suspected sabotage of undersea telecoms cable - BBC News
Germany takes the fight to Russia in undersea cable war
Drone-Equipped U.S. Marines Now Helping Protect Baltic Sea Submarine Cables
Putin’s secret weapon: The threat to the UK lurking on our sea beds - BBC News
North Korea
Lazarus Group launches ‘QinShihuang’ meme coin to launder $26M more from Bybit stash | Cryptopolitan
FBI Confirms North Korea’s Lazarus Group as Bybyit Hackers - Infosecurity Magazine
Inside the Lazarus Group money laundering strategy
FBI fingers North Korea for $1.5B Bybit cryptocurrency heist • The Register
Lazarus Group moves funds to multiple wallets as Bybit offers bounty
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Modern Approach to Attributing Hacktivist Groups - Check Point Research
How Anonymous Actually Works, According to a Founding Member - Business Insider
Tools and Controls
Cyber criminals prefer remote tools over malware, says CrowdStrike | SC Media
Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs
Why you can’t afford to botch staff onboarding processes | ITPro
99% of Organisations Report API-Related Security Issues - Infosecurity Magazine
Nations Open 'Data Embassies' to Protect Critical Info
Privacy tech firms warn France’s encryption and VPN laws threaten privacy
Reports Published in the Last Week
CrowdStrike 2025 Global Threat Report: Beware the Enterprising Adversary
Other News
Cyber Attacks Become Increasingly Efficient | MSSP Alert
26 New Threat Groups Spotted in 2024: CrowdStrike - SecurityWeek
SITA report reveals how aviation industry is doubling down on cyber security | Times Aerospace
OpenSSF Releases Security Baseline for Open Source Projects - SecurityWeek
What Netflix's 'Zero Day' Got Right (and Wrong) About Cyber Attacks
Threat Actors Stealing Users Browser Fingerprints To Bypass Security Measures & Impersonate Users
Mounting Threats to Cyber-Physical Systems - Security Boulevard
Manufacturers told beware cyber-attacks as sector becoming rising target
Experts Warn of Maritime Industry’s Cyber Vulnerabilities | AFCEA International
Security and privacy concerns challenge public sector's efforts to modernize - Help Net Security
Nine Threat Groups Active in OT Operations in 2024: Dragos - SecurityWeek
New malware disrupts critical industrial processes • The Register
Vulnerability Management
23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild
Software Vulnerabilities Take Almost Nine Months to Patch - Infosecurity Magazine
61% of Hackers Use New Exploit Code Within 48 Hours of Attack - Infosecurity Magazine
What is VMaaS? Why You Should Consider Vulnerability-Management-as-a-Service
Misconfigured Access Systems Expose Hundreds Of Thousands Of Employees And Organisations
US Government Supercharges Security Vulnerabilities
Vulnerabilities
Atlassian fixed critical flaws in Confluence and Crowd
Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls - SecurityWeek
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
Cisco Patches Vulnerabilities in Nexus Switches - SecurityWeek
Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers - SecurityWeek
Mac security researchers expose two new exploits | Macworld
Max Severity RCE Vuln in All Versions of MITRE Caldera
Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 21 February 2025
Black Arrow Cyber Threat Intelligence Briefing 14 February 2025:
-Supply Chain Cyber Attacks Surge Over 400%, Expected to Continue Rising
-98% of Business Leaders Can't Spot a Phishing Scam
-Two-Thirds of UK Businesses Still Failing on Cyber Security
-44% of Middle-Market Firms Invest in Cyber Crime Protection
-A Deepfake Epidemic Is Coming: People Are Simply Not Good Enough at Identifying Fakes
-Cyber Security Gaps Exposed as 96% of S&P 500 Firms Hit by Data Breaches
-Cyber Criminals Shift Focus to Social Media as Attacks Reach Historic Highs
-Is a Lack of Supply Chain Visibility Undermining Board-Level Confidence in Cyber Security Programs?
-Ransomware Gangs Extort Victims 17 Hours After Intrusion on Average
-Over 330 million Credentials Compromised by Infostealers
-Mobile Phishing Attacks Surge, Accounting for 16% of Phishing Incidents
-Phishing-as-a-Service (PhaaS) Can Now Auto-Generate Phishing Kits for Any Brand
-This Open Text-to-Speech Model Needs Just Seconds of Audio to Clone Your Voice
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Black Arrow Cyber has identified a significant surge in cyber threats targeting organisations worldwide, with supply chain vulnerabilities, phishing scams, and ransomware tactics evolving at an alarming rate. Supply chain cyber attacks have increased by 431% in just two years, exposing weaknesses in third-party security oversight and operational dependencies. Simultaneously, phishing attacks remain a major risk, with 98% of senior business leaders unable to recognise key warning signs. The rapid rise of deepfake technology, infostealer malware, and mobile phishing further exacerbates these threats, with cyber criminals leveraging AI and automation to enhance their attack strategies.
Corporate cyber security measures remain insufficient, as evidenced by 96% of S&P 500 firms experiencing data breaches and 69% of UK businesses failing to implement basic network security protections. Ransomware gangs are accelerating their attacks, demanding ransoms within 17 hours of infiltration, while Phishing-as-a-Service platforms are making sophisticated attacks accessible to criminals with little technical knowledge. Social media has also become a prime target, with 2.55 billion threats blocked in a single quarter.
Black Arrow Cyber believes that urgent action is required. Businesses must prioritise proactive security strategies, including continuous supply chain monitoring, robust phishing awareness training, and advanced authentication measures to mitigate these growing risks. As cyber threats evolve, only a strong, multi-layered defence will ensure operational resilience and data security in an increasingly volatile digital landscape.
Top Cyber Stories of the Last Week
Supply Chain Cyber Attacks Surge Over 400%, Expected to Continue Rising
A new cyber risk report by Cowbell has revealed a 431% surge in supply chain cyber attacks between 2021 and 2023, with further increases expected by 2025. Businesses with revenues over $50 million are 2.5 times more likely to be targeted, with manufacturing, public administration, and education among the most at-risk sectors. Key vulnerabilities stem from reliance on third-party suppliers, poor visibility into vendor security, and weaknesses in operating systems and business applications. To mitigate these risks, organisations must enhance supplier oversight, conduct regular cyber risk assessments, and implement proactive security measures across their supply chains.
98% of Business Leaders Can't Spot a Phishing Scam
A new report from Tech.co has revealed that 98% of senior business leaders struggle to recognise all the warning signs of phishing, despite such attacks accounting for 40% of data breaches in 2024, a sharp rise from the previous year. Nearly half of respondents failed to identify urgency or threats as key phishing indicators, while 19% could not correctly define two-factor authentication. With the global average cost of a data breach reaching $4.88M, the findings highlight a critical gap in cyber security awareness at the highest levels, underscoring the need for improved training across all leadership roles.
Two-Thirds of UK Businesses Still Failing on Cyber Security
Beaming’s latest research reveals that 69% of UK businesses, equating to 3.6 million companies, are at heightened risk of cyber attack due to poor network security practices. Many fail to encrypt data in transit, isolate traffic from public infrastructure, or monitor for malicious activity. While the majority are micro businesses, over 7,000 medium-sized and nearly 1,000 large organisations also fall short. With corporate networks now critical to business operations, the report highlights a widespread failure to recognise their role in safeguarding sensitive data and maintaining operational resilience.
44% of Middle-Market Firms Invest in Cyber Crime Protection
A recent PYMNTS Intelligence report highlights that cyber security is a growing concern for middle-market CFOs, with 44% of high-uncertainty firms (facing fluctuating demand, supply chain disruptions, or macroeconomic volatility) investing in AI-driven threat detection. Rising cyber threats are diverting budgets away from innovation, forcing firms to prioritise security over growth. Nearly a third of high-uncertainty organisations have conducted third-party security assessments, while just 13% have implemented multifactor authentication. Despite these measures, optimism about cyber security improvements remains mixed, with 31% of high-uncertainty firms expecting risks to worsen in 2025, while 74% of low-uncertainty firms anticipate improvements.
A Deepfake Epidemic Is Coming: People Are Simply Not Good Enough at Identifying Fakes
A new study by iProov highlights the growing threat of deepfakes, revealing that most people struggle to distinguish AI-generated content from reality. In a test of 2,000 participants, only 0.1% correctly identified all deepfakes, with older adults being particularly vulnerable and 39% of those over 65 had never heard of deepfakes. While younger generations showed greater confidence, their detection accuracy did not improve. Social media was identified as a key risk area, with nearly half of respondents pointing to Meta and TikTok. Experts warn that traditional detection methods are insufficient, calling for biometric security solutions to combat rising deepfake threats.
Cyber Security Gaps Exposed as 96% of S&P 500 Firms Hit by Data Breaches
Nearly all S&P 500 firms have experienced data breaches, with 96% impacted, highlighting critical cyber security gaps across industries. A new report reveals widespread deficiencies in software patching, SSL configurations, and system hosting, with nearly 90% of companies affected by hosting vulnerabilities and over 80% exposed to web application security risks. Manufacturing, Finance, and Healthcare rank among the most vulnerable sectors. Nearly 63% of Finance sector employees reuse compromised passwords. The findings underscore the urgent need for stronger encryption, better patch management, and stricter credential security to mitigate risks and prevent further breaches.
Cyber Criminals Shift Focus to Social Media as Attacks Reach Historic Highs
Cyber criminals are increasingly exploiting social media platforms, with attacks reaching record highs in 2024. A new report from Gen revealed that 2.55 billion threats were blocked in Q4 alone, equating to 321 per second. Social engineering accounted for 86% of these, highlighting the growing sophistication of scams. Malvertising drove 41% of threats, while Facebook was the most targeted platform, linked to 56% of social media attacks. Financial scams surged, with mobile banking malware infections rising by 236%. As AI-driven fraud increases, businesses must prioritise cyber security awareness and robust defences to mitigate evolving digital risks.
Is a Lack of Supply Chain Visibility Undermining Board-Level Confidence in Cyber Security Programs?
Many UK organisations are struggling with supply chain cyber security. 95% of C-level executives reported being negatively impacted by supply chain cyber breaches, yet 34% have no way of knowing when an incident occurs. As supply chains grow (some organisations engage with over 10,000 third parties) so too does risk, with nearly every firm with 10,000+ suppliers suffering a breach in the past year. Boards must prioritise continuous monitoring and structured oversight to mitigate risk and ensure operational resilience amidst increasing regulatory pressures.
Ransomware Gangs Extort Victims 17 Hours After Intrusion on Average
Ransomware groups are accelerating their attacks, reducing the time organisations have to detect intrusions. Analysis shows the average time from breach to ransom demand is now just 17 hours, with some groups acting in as little as 4 to 6 hours. Groups with the fastest attack times have also seen the highest growth in victims. A shift towards data theft over encryption is emerging, exploiting gaps in data loss prevention tools. Multiple sectors remain primary targets, with attackers increasingly abusing remote monitoring tools to maintain access and evade detection.
Over 330 million Credentials Compromised by Infostealers
Infostealer malware emerged as a major initial access threat in 2024, with over 330 million credentials compromised across at least 4.3 million machines, according to a new report. These stolen credentials grant access to critical corporate services, heightening cyber security risks. While law enforcement efforts disrupted key infostealer operations, including RedLine, threats persist due to the growth of malware-as-a-service models. The report also highlighted a 10.5% rise in ransomware victims and a 28.5% increase in active threat groups, underscoring the escalating cyber crime landscape organisations must navigate.
Mobile Phishing Attacks Surge, Accounting for 16% of Phishing Incidents
Mobile phishing attacks, or “mishing,” have surged, with daily incidents peaking at over 1,000 in August 2024. A report by Zimperium zLabs found that 16% of these attacks occurred in the US, with India leading global susceptibility at 37%. Attackers are increasingly exploiting mobile-first channels such as SMS, QR codes and messaging apps to bypass traditional security measures, often using geolocation-targeted campaigns. With 82% of phishing sites now designed for mobile devices, experts stress the need for mobile-specific security strategies, including phishing-resistant multi-factor authentication, real-time URL analysis and targeted user training.
Phishing-as-a-Service (PhaaS) Can Now Auto-Generate Phishing Kits for Any Brand
The latest version of the Darcula phishing-as-a-service (PhaaS) platform removes technical barriers, enabling cyber criminals to launch highly sophisticated phishing attacks with minimal effort. The platform's new DIY phishing kit generator allows users to clone any brand's website automatically, streamlining credential theft. Additional features include enhanced anti-detection measures, real-time campaign monitoring, and tools for automating credit card fraud. Netcraft reports that in the past 10 months, it has blocked nearly 100,000 Darcula-related domains and 20,000 phishing sites, warning that the ease of use and growing adoption of this platform will significantly increase phishing attack volumes.
This Open Text-to-Speech Model Needs Just Seconds of Audio to Clone Your Voice
Zyphra has released an open-source text-to-speech model capable of cloning a voice with just five seconds of sample audio. The Zonos models, trained on 200,000 hours of multilingual speech data, generate convincing voice replicas, though subtle pacing inconsistencies remain detectable. Unlike competitors, Zyphra has made the models freely available under an open licence. While the technology has legitimate applications in accessibility and audiobook production, it also raises security concerns, such as its potential use in scams and misinformation campaigns. Given the minimal effort required to create realistic clones, organisations should be alert to emerging threats in voice-based authentication and fraud.
Sources:
https://totaltele.com/two-thirds-of-uk-businesses-still-failing-on-cyber-security/
https://www.helpnetsecurity.com/2025/02/18/cybercriminals-social-media-attacks/
https://www.infosecurity-magazine.com/news/330-million-credentials/
https://www.infosecurity-magazine.com/news/mobile-phishing-attacks-surge-16/
Governance, Risk and Compliance
Gartner: CISOs struggling to balance security, business objectives | Computer Weekly
Is a lack of supply chain visibility undermining board-level confidence in cyber security programs?
2024 a 'record year for cyber attacks on business' - Director of Finance Online
How Slashing the SAT Budget Is Appreciated By Hackers - Security Boulevard
Cyber security gaps exposed as 96% of S&P 500 firms hit by data breaches
Two-thirds of UK businesses still failing on cyber security | Total Telecom
IT spending will be driven by cybesecurity and AI
44% of Middle-Market Firms Invest in Cyber Crime Protection
New GRC and cyber risk strategies emphasize risk adaptability - Help Net Security
Cyber Security in 2025: AI, Attack Surfaces and the Shift to Cyber Resilience - Security Boulevard
Signs Your Organisation's Culture Is Hurting Your Cyber Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware gangs extort victims 17 hours after intrusion on average | CSO Online
Ransomware and reputation | Professional Security Magazine
Ransomware Detection: Attack Types & Latest Techniques in 2025 - Security Boulevard
BlackLock ransomware onslaught: What to expect and how to fight it - Help Net Security
Ransomware Spike Driven By RaaS Operations | MSSP Alert
The new ransomware groups worrying security researchers in 2025 | ITPro
Ransomware Attacks on Critical Infrastructure, AI Use to Grow in 2025 | MSSP Alert
Dozens of Orgs Claimed To Be Hacked by Cl0p Ransomware | MSSP Alert
Ending the Ransomware Scourge Requires Punishing Its Enablers
BlackLock On Track to Be 2025’s Most Prolific Ransomware Group - Infosecurity Magazine
The growing cyber threat: Ransomware, China, and state-sponsored attacks - GZERO Media
Feds warn Ghost ransomware crew remains active, potent • The Register
CISA and FBI: Ghost ransomware breached orgs in 70 countries
Inside A LockBit Ransomware Attack: A Firsthand Account Of Financial And Security Fallout
Updated Shadowpad Malware Leads to Ransomware Deployment | Trend Micro (US)
Darktrace Report Highlights The Growing Power Of MaaS, Sneaky Evasion Tactics
Black Basta ransomware gang's internal chat logs leak online
Acronis H2 2024 Cyber Threats Report Unveils Rise in
The complete story of the 2024 ransomware attack on UnitedHealth
Is Russia Reining In Ransomware-Wielding Criminals?
Ransomware losses tumble but threat remains: Chainalysis
NailaoLocker ransomware targets EU healthcare-related entities
Ransomware Victims
Dozens of Orgs Claimed To Be Hacked by Cl0p Ransomware | MSSP Alert
Lee Enterprises newspaper disruptions caused by ransomware attack
Christie's Ransomware Hack Settlement Pact Wins Court's Approval
Army soldier linked to Snowflake extortion to plead guilty • The Register
The complete story of the 2024 ransomware attack on UnitedHealth
Medusa extortion gang demands $2M from UK's HCRG Care Group • The Register
NailaoLocker ransomware targets EU healthcare-related entities
Phishing & Email Based Attacks
Darcula PhaaS can now auto-generate phishing kits for any brand
Mobile Phishing Attacks Surge with 16% of Incidents in US - Infosecurity Magazine
98% of Business Leaders Can't Spot a Phishing Scam Tech.co Report Reveals | Business Wire
Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine
What is device code phishing, and why are Russian spies so successful at it? - Ars Technica
Suspected Russian spies caught spoofing Teams invites • The Register
Threat actors are using legitimate Microsoft feature to compromise M365 accounts - Help Net Security
Hackers are using this new phishing technique to bypass MFA | ITPro
What is barrel phishing? All you need to know | NordVPN
Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains
Phishing with AI is cyber security’s new hook
This New Email Attack Can Bypass Spam Filters: Here's How to Protect Against It
Amazon Phish Hunts for Security Answers and Payment Information - Security Boulevard
Phishing attack hides JavaScript using invisible Unicode trick
Russian phishing campaigns exploit Signal's device-linking feature
A Signal Update Fends Off a Phishing Technique Used in Russian Espionage | WIRED
Spear Phishing vs Phishing: What Are the Main Differences?
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Mining Company NioCorp Loses $500,000 in BEC Hack - SecurityWeek
Other Social Engineering
Zypher's speech model can clone your voice with 5s of audio • The Register
Cyber criminals shift focus to social media as attacks reach historic highs - Help Net Security
Venture capital giant Insight Partners hit by cyber attack
Cyber Investor Insight Partners Suffers Security Breach - Infosecurity Magazine
Insight Partners, VC Giant, Falls to Social Engineering
Artificial Intelligence
Zypher's speech model can clone your voice with 5s of audio • The Register
The AI Hype Frenzy Is Fueling Cyber Security Risks
IT spending will be driven by cyber security and AI
Cyber security pros are preparing for a new adversary: AI agents | Fortune
Ransomware Attacks on Critical Infrastructure, AI Use to Grow in 2025 | MSSP Alert
Why Regulating AI Is So Hard — And Necessary - The Good Men Project
The overlooked cyber security threat of AI
UK’s AI Safety Institute Rebrands Amid Government Strategy Shift - Infosecurity Magazine
The risks of autonomous AI in machine-to-machine interactions - Help Net Security
Sounding the alarm on AI-powered cyber security threats in 2025 | TechRadar
AI vs. Endpoint Attacks: What Security Leaders Need To Know | VentureBeat
Phishing with AI is cyber security’s new hook
Russia’s AI-Powered Cyber Attacks Threaten to Outpace Western Defences
South Korea Suspends DeepSeek AI Downloads Over Privacy Violations
UK’s AI Security Institute to protect against AI risks to national security
DarkMind: A new backdoor attack that leverages the reasoning capabilities of LLMs
Controlling Shadow AI: Protecting Knowledge Management From Cyber Threats
How to run DeepSeek AI locally to protect your privacy - 2 easy ways | ZDNET
US AI Safety Institute will be 'gutted,' Axios reports | ZDNET
Europe Mounts the Artificial-Intelligence Barricades - Bloomberg
Yikes: Jailbroken Grok 3 can be made to say and reveal just about anything | ZDNET
2FA/MFA
Hackers are using this new phishing technique to bypass MFA | ITPro
Malware
Microsoft Outlook targeted by new malware attacks allowing sneaky hijacking | TechRadar
New FinalDraft Malware Spotted in Espionage Campaign - SecurityWeek
ESentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms
Malware-as-a-Service accounts for 57 percent of all threats
300% increase in endpoint malware detections - Help Net Security
Why ‘malware as a service’ is becoming a serious problem | ITPro
Over 330 Million Credentials Compromised by Infostealers - Infosecurity Magazine
Beware of Fake BSOD Delivered by Malicious Python Script
PirateFi game on Steam caught installing password-stealing malware
Microsoft Detects New XCSSET MacOS Malware Variant - Infosecurity Magazine
Telegram Used as C2 Channel for New Golang Malware - Infosecurity Magazine
Russian malware discovered with Telegram hacks for C2 operations | CSO Online
Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer - Infosecurity Magazine
Evolving Snake Keylogger Variant Targets Windows Users - Infosecurity Magazine
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
Hackers used free Steam game to steal passwords, Valve warns affected users | TechSpot
US military and defence contractors hit with Infostealer malware | TechRadar
Updated Shadowpad Malware Leads to Ransomware Deployment | Trend Micro (US)
Darktrace Report Highlights The Growing Power Of MaaS, Sneaky Evasion Tactics
Google Calendar Malware Is on the Rise. Here’s How to Stay Safe | WIRED
Hide and Seek in Memory: Outsmarting Sneaky Malware with Data Magic | HackerNoon
Phishing attack hides JavaScript using invisible Unicode trick
Chinese hackers use custom malware to spy on US telecom networks
Mobile
Mobile Phishing Attacks Surge with 16% of Incidents in US - Infosecurity Magazine
The 6 most notorious and dangerous Android malware of all time
Chrome for Android adds new protection against malicious apps | Digital Trends
Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls
Apple resists UK regulator demands to open up iOS browsers, citing security risks | TechSpot
Your Android phone could have stalkerware — here's how to remove it | TechCrunch
Denial of Service/DoS/DDoS
Qualys Identifies Critical Vulnerabilities That Enable DDoS, MITM Attacks
Internet of Things – IoT
Massive Data Exposure At Mars Hydro Highlights IoT Security Risks
Connected vehicle hacking on the increase
Data Breaches/Leaks
Cyber security gaps exposed as 96% of S&P 500 firms hit by data breaches
N Ireland police charges suspected terrorists using FoI data • The Register
Insight Partners, VC Giant, Falls to Social Engineering
When Brand Loyalty Trumps Data Security
Massive data breach in France: Protect yourself from cyber attacks
Zacks Investment hit in data breach - 12 million users potentially at risk | TechRadar
Fintech giant Finastra notifies victims of October data breach
Massive Data Exposure At Mars Hydro Highlights IoT Security Risks
Zacks Investment Research Breach Hits 12 Million - Infosecurity Magazine
US Coast Guard paychecks delayed by cyber attack | TechRadar
Cyber attack compromises leading Australian IVF provider’s data | SC Media
Data breach risk confirmed - Bailiwick Express News Guernsey
Organised Crime & Criminal Actors
Malware-as-a-Service accounts for 57 percent of all threats
Why ‘malware as a service’ is becoming a serious problem | ITPro
127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police - SecurityWeek
Black Basta ransomware gang's internal chat logs leak online
Thousands of trafficked scammers await return to Thailand • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
Two arrested after pensioner scammed out of crypto nest egg • The Register
Insider Risk and Insider Threats
The Bourne Insecurity: When Defence Employees Unwittingly Help Attackers
Forrester Report: The Complexities Of Human-Element Breaches
Insurance
Supply Chain and Third Parties
Is a lack of supply chain visibility undermining board-level confidence in cyber security programs?
Third party delegation risk - IT Security Guru
Cloud/SaaS
Hackers are using this new phishing technique to bypass MFA | ITPro
Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine
What is device code phishing, and why are Russian spies so successful at it? - Ars Technica
Suspected Russian spies caught spoofing Teams invites • The Register
Threat actors are using legitimate Microsoft feature to compromise M365 accounts - Help Net Security
Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media
New "whoAMI" Attack Exploits AWS AMI Name Confusion for Remote Code Execution
How CISOs can balance security and business agility in the cloud - Help Net Security
Identity and Access Management
Identity is the Breaking Point—Get It Right or Zero Trust Fails | VentureBeat
Encryption
What is an encryption backdoor? | TechCrunch
Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media
10 years on after Data and Goliath warned of data collection • The Register
Rethinking the Debate on Encryption Backdoors | SC Media UK
Quantum computing in cyber security: A double-edged sword | Computer Weekly
Passwords, Credential Stuffing & Brute Force Attacks
Over 330 Million Credentials Compromised by Infostealers - Infosecurity Magazine
PirateFi game on Steam caught installing password-stealing malware
The Bourne Insecurity: When Defence Employees Unwittingly Help Attackers
Hackers used free Steam game to steal passwords, Valve warns affected users | TechSpot
US military and defence contractors hit with Infostealer malware | TechRadar
Hundreds of US Military and Defence Credentials Stolen - Infosecurity Magazine
Credential Theft Becomes Cyber Criminals' Favorite Target
Social Media
Cyber criminals shift focus to social media as attacks reach historic highs - Help Net Security
Training, Education and Awareness
How Slashing the SAT Budget Is Appreciated By Hackers - Security Boulevard
Regulations, Fines and Legislation
Why Regulating AI Is So Hard — And Necessary - The Good Men Project
Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media
UK’s AI Safety Institute Rebrands Amid Government Strategy Shift - Infosecurity Magazine
UK’s AI Security Institute to protect against AI risks to national security
SEC creates Cyber and Emerging Technologies Unit
CIOs to the DORA test: how to speed up the process for compliance | CSO Online
Top US Election Security Watchdog Forced to Stop Election Security Work | WIRED
Elon Musk's DOGE launched its website. It was hacked within days | Fortune
Why dismantling the PCLOB and CSRB threatens privacy and national security
DoD's new CISO once had clearance revoked for data leak • The Register
DOGE Now Has Access to the Top US Cyber Security Agency | WIRED
US AI Safety Institute will be 'gutted,' Axios reports | ZDNET
Europe Mounts the Artificial-Intelligence Barricades - Bloomberg
Models, Frameworks and Standards
CIOs to the DORA test: how to speed up the process for compliance | CSO Online
PCI DSS 4.0 Mandates DMARC By 31st March 2025
Careers, Working in Cyber and Information Security
Cyber security jobs are on the rise as digital threats continue to evolve - The Globe and Mail
Cyber security Salaries Stay Competitive, Retention Challenges Persist - Security Boulevard
Cyber security is tough: 4 steps leaders can take now to reduce team burnout | CSO Online
Q&A: Tackling the cyber skills gap — Financier Worldwide
Cyber security professionals not happy in their jobs
West Coast Cyber Security Salaries Outshine Rest of Country - Infosecurity Magazine
Law Enforcement Action and Take Downs
127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police - SecurityWeek
US Army soldier pleads guilty to AT&T and Verizon hacks | TechCrunch
The Zservers takedown is another big win for law enforcement | ITPro
Two arrested after pensioner scammed out of crypto nest egg • The Register
Thousands of trafficked scammers await return to Thailand • The Register
Ending the Ransomware Scourge Requires Punishing Its Enablers
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Banking sector wrestling with cyber concerns amid spectre of geopolitical impacts
ESentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms
Spies Eye AUKUS Nuclear Submarine Secrets - Infosecurity Magazine
Nation State Actors
China
The growing cyber threat: Ransomware, China, and state-sponsored attacks - GZERO Media
China-Linked Threat Group Targets Japanese Orgs' Servers
South Korea Suspends DeepSeek AI Downloads Over Privacy Violations
Chinese hackers use custom malware to spy on US telecom networks
Salt Typhoon used custom malware JumbledPath to spy on US telecom providers
Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
AI Could Help the US Evade a Crippling Cyber Attack on Its Satellites - Business Insider
How to run DeepSeek AI locally to protect your privacy - 2 easy ways | ZDNET
Russia
Hackers are using this new phishing technique to bypass MFA | ITPro
Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine
Suspected Russian spies caught spoofing Teams invites • The Register
Russian malware discovered with Telegram hacks for C2 operations | CSO Online
Russia’s AI-Powered Cyber Attacks Threaten to Outpace Western Defences
Russian Groups Target Signal Messenger in Spy Campaign
Ending the Ransomware Scourge Requires Punishing Its Enablers
Russian phishing campaigns exploit Signal's device-linking feature
Is Russia Reining In Ransomware-Wielding Criminals?
North Korea
North Korea's Kimsuky Attacks Rivals' Trusted Platforms
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
N Ireland police charges suspected terrorists using FoI data • The Register
Tools and Controls
How Slashing the SAT Budget Is Appreciated By Hackers - Security Boulevard
44% of Middle-Market Firms Invest in Cyber Crime Protection
IT spending will be driven by cyber security and AI
300% increase in endpoint malware detections - Help Net Security
CISO's Expert Guide To CTEM And Why It Matters
New GRC and cyber risk strategies emphasize risk adaptability - Help Net Security
Edge device vulnerabilities fueled attack sprees in 2024 | CyberScoop
Most impactful cyber attacks linked to vulnerable edge devices | SC Media
AI vs. Endpoint Attacks: What Security Leaders Need To Know | VentureBeat
API Security Matters: The Risks of Turning a Blind EyeWebinar.
Identity is the Breaking Point—Get It Right or Zero Trust Fails | VentureBeat
How CISOs can balance security and business agility in the cloud - Help Net Security
Other News
Two-thirds of UK businesses still failing on cyber security | Total Telecom
Robert De Niro Tries to Save America in Netflix’s High-Profile Mini-Series Zero Day | Vanity Fair
How to improve cyber security in healthcare | McKinsey
US Coast Guard paychecks delayed by cyber attack | TechRadar
Another Cyber Security Flaw: Automakers Still Risking Too Much
Securing E-Commerce in an Age of Relentless Cyber Threats
AI Could Help the US Evade a Crippling Cyber Attack on Its Satellites - Business Insider
4 Cyber Security Misconceptions to Leave Behind in 2025 - The New Stack
Five cyber security basics that stand the test of time | SC Media
Vulnerability Management
Cyber security experts defend CVSS amid criticism | SC Media
Edge device vulnerabilities fuelled attack sprees in 2024 | CyberScoop
Microsoft reminds admins to prepare for WSUS driver sync deprecation
Vulnerabilities
Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure - SecurityWeek
SonicWall firewalls under attack. Patch now • The Register
Palo Alto Networks and SonicWall Firewalls Under Attack - Infosecurity Magazine
Microsoft is pushing a security update to Windows 11 that breaks File Explorer
New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
Ivanti endpoint manager can become endpoint ravager • The Register
Xerox Versalink Printer Vulnerabilities Enable Lateral Movement - SecurityWeek
Qualys Identifies Critical Vulnerabilities That Enable DDoS, MITM Attacks
Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication
Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products
OpenSSH bugs threaten enterprise security, uptime • The Register
Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities - SecurityWeek
Palo Alto warns firewalls flaws are under active attack • The Register
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
WordPress Plugin Vulnerability Exposes 90,000 Sites to Attack - Infosecurity Magazine
Firefox 135.0.1: important security update and bug fixes - gHacks Tech News
Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target US Telecom Networks
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 14 February 2025
Black Arrow Cyber Threat Intelligence Briefing 14 February 2025:
-Russian State Threat Group Shifts Focus to US, UK Targets
-Majority of Businesses Expect a Cyber Breach in 2025
-The Hidden Cyber Threat Lurking in Your Supply Chain
-Cyber Resilience: A C-Suite Game Plan for Balancing Innovation, Compliance and Risk
-NIS2: the GDPR of Cyber Security
-Hackers Ramp Up Efficiency, Speed, and Scale in 2024, Targeting Business of All Sizes
-Number of Active Dark Web Ransomware Groups Up 38% in 2024
-Nation State Hackers Want in on the Ransomware Action – Ransomware Isn’t Always About the Money: Government Spies Have Objectives, Too
-Enterprises Under Growing Pressure to Demonstrate Readiness for Cyber Threats
-Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks
-The UK’s Secret iCloud Backdoor Request Raises Concerns from Critics
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
There has been a clear surge in cyber threats targeting UK and US organisations in recent weeks, particularly from state-backed and criminal ransomware groups. Russian state-affiliated actors are exploiting vulnerabilities in critical infrastructure sectors, while nation-state groups from China, Iran, and North Korea increasingly use ransomware for espionage and financial gain. The number of active ransomware groups rose by 38% in 2024, with attacks becoming more efficient through automation. The evolving threat landscape demands proactive cyber defence, including robust endpoint protection, threat intelligence, and rapid incident response.
Despite growing awareness, organisations remain vulnerable due to inadequate investment and outdated security strategies. Research shows that 60% of businesses expect a cyber breach in 2025, yet nearly half have not reviewed their security posture recently. Supply chain risks are particularly pressing, with financial services firms facing repeated third-party breaches. The EU’s NIS2 directive is set to impose stricter cyber security standards, with UK firms working with EU partners already required to comply. Leadership alignment is crucial, as gaps between CIOs, CTOs, and CISOs continue to hinder cyber resilience.
Regulatory pressure is mounting, with the UK government reportedly seeking backdoor access to encrypted data. Meanwhile, cyber criminals are exploiting seasonal events, such as Valentine’s Day, to launch sophisticated scams. As cyber threats intensify, Black Arrow Cyber advises organisations to adopt a ‘Resilient by Design’ approach, prioritising zero trust security models, continuous monitoring, and executive-level collaboration to mitigate risks and safeguard long-term business continuity.
Top Cyber Stories of the Last Week
Russian State Threat Group Shifts Focus to US, UK Targets
Microsoft has identified a shift in focus by a Russian state-backed cyber threat group, Seashell Blizzard, towards targets in the US and UK. The group, linked to the Russian military intelligence, has exploited vulnerabilities in widely used internet-facing systems to gain persistent access, steal credentials, and move laterally within networks. Their indiscriminate approach has impacted critical infrastructure sectors, including energy and defence. The campaign aligns with Russia’s broader strategy of destabilising Western institutions, with Microsoft warning that such activity is likely to continue, presenting a significant cyber security challenge for organisations globally.
Majority of Businesses Expect a Cyber Breach in 2025
Zscaler’s latest research highlights a stark reality: 60% of global organisations expect a significant cyber breach in 2025. Despite 94% of IT leaders expressing confidence in their resilience measures, nearly half have not reviewed their strategies recently. The report underscores the need for a shift towards ‘Resilient by Design’, embedding cyber resilience into security strategies from the outset. However, 49% of leaders say investment is inadequate. Zscaler advocates for a zero-trust approach to mitigate threats and ensure business continuity in an evolving cyber landscape.
The Hidden Cyber Threat Lurking in Your Supply Chain
More than half of large UK financial services firms suffered a third-party supply chain attack in 2024, with nearly a quarter facing three or more incidents, according to research by Orange Cyberdefense. The study found that firms relying on one-time onboarding risk assessments were twice as likely to be attacked as those with continuous monitoring. With 92% of UK cyber security leaders calling for stronger regulations, many argue that aligning with EU standards could enhance resilience. While sentiment on UK regulation remains mixed, firms failing to rigorously assess third-party risks face the greatest exposure to cyber threats.
Cyber Resilience: A C-Suite Game Plan for Balancing Innovation, Compliance and Risk
LevelBlue’s latest report highlights the disconnect between CIOs, CTOs, and CISOs, which is undermining cyber resilience. While 66% of CISOs believe budgets lack proactive security funding, only around half of CIOs and CTOs agree. Compliance is another divide, with 73% of CTOs seeing it as a barrier to competitiveness, while most CISOs and CIOs view it as essential for risk management. Encouragingly, cloud adoption is a shared priority. However, with 63% of executives stating leadership does not prioritise cyber resilience, organisations must foster collaboration at the top to treat it as a strategic business imperative, not just a technical concern.
NIS2: the GDPR of Cyber Security
The EU’s NIS2 directive introduces stringent cyber security standards, yet only 30% of member states have fully implemented it. This legislation mandates 24-hour reporting of major cyber incidents and stricter accountability for supply chain security. UK businesses working with EU partners are already being asked to comply, as contracts are being updated to reflect these requirements. With open-source software making up 90% of modern applications and cyber threats rising, aligning with NIS2 principles is not just about compliance but about safeguarding long-term resilience. Early adoption helps businesses avoid operational strain and remain competitive in an evolving regulatory landscape.
Hackers Ramp Up Efficiency, Speed, and Scale in 2024, Targeting Business of All Sizes
Hackers are accelerating their tactics, deploying ransomware faster and at greater scale across businesses of all sizes. The Huntress 2025 Cyber Threat Report found that ransomware incidents from key groups increased by up to 15% in 2024, with some attacks executed in under six hours. Automation played a major role, with 87% of attacks relying on automated tools before shifting to hands-on activity. Education, healthcare, and technology were prime targets, while infostealers enabled initial access. As cyber criminals refine their techniques, organisations must adopt proactive security measures, including strong incident response plans and robust endpoint protection.
Number of Active Dark Web Ransomware Groups Up 38% in 2024
A new report highlights a 38% rise in active ransomware groups in 2024, with 94 groups listing victims and 49 new groups emerging. The total number of victims posted on ransomware leak sites also increased by 11% to 5,728. The ransomware landscape is shifting, with newer groups like RansomHub, now the most prolific, overtaking previously dominant players. This evolving threat environment presents challenges for security teams, making it essential for organisations to apply threat intelligence to anticipate attack techniques and focus defences on the most likely adversaries based on their industry and risk profile.
Nation State Hackers Want in on the Ransomware Action – Ransomware Isn’t Always About the Money: Government Spies Have Objectives, Too
Nation-state actors are increasingly adopting ransomware, not just for financial gain but also for espionage and geopolitical disruption. Threat groups linked to Russia, China, Iran, and North Korea are blurring the lines between cyber crime and state-sponsored hacking. Russian-linked Sandworm has disguised destructive attacks as ransomware, while North Korea uses ransomware profits to fund weapons programmes. Chinese and Iranian groups have leveraged ransomware as a distraction to mask intelligence gathering. With over $3 billion stolen in cryptocurrency-related cyber attacks, these operations highlight the evolving threats beyond traditional financially motivated cyber crime.
Enterprises Under Growing Pressure to Demonstrate Readiness for Cyber Threats
A new study by Immersive Labs highlights that 96% of cyber leaders see effective communication of cyber readiness to boards as crucial for 2025, driven by regulatory pressures and rising cyber threats. Nearly half of organisations surveyed experienced a cyber attack in the past year, with software and cloud vulnerabilities (51%) and ransomware (46%) cited as the biggest risks. To improve resilience, 94% are deploying cyber drills, yet 76% face readiness barriers, mainly due to competing business priorities. Encouragingly, 55% report strong cyber awareness at board level, reflecting a growing recognition of cyber risk at the highest levels.
Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks
Cyber criminals are exploiting Valentine’s Day with romance scams, phishing attacks and fraudulent e-commerce offers. A report found that 58,734 people in the US fell victim to romance scams in 2024, resulting in losses of $697 million. AI-driven scams are becoming more sophisticated, with chatbots and deepfake videos increasing fraud success rates. Valentine-themed phishing emails have doubled since last year, with half now classified as scams. Businesses are urged to monitor brand impersonation and educate customers. McAfee blocked over 321,000 fraudulent URLs, highlighting the growing cyber threat as criminals exploit emotions for financial gain.
The UK’s Secret iCloud Backdoor Request Raises Concerns from Critics
The UK government has reportedly issued a secret order requiring Apple to create a backdoor into its iCloud encryption, raising concerns from some quarters about privacy and security. The request, made under the Investigatory Powers Act 2016, would give authorities unrestricted access to users’ private data, bypassing Apple’s end-to-end encryption safeguards. Apple has historically resisted similar demands and has suggested it may withdraw services from the UK rather than compromise security. Critics warn that such backdoors weaken encryption for all users, set a dangerous global precedent, and risk enabling mass surveillance under the guise of national security.
Sources:
https://cyberscoop.com/russian-state-threat-group-shifts-focus/
https://www.accountancyage.com/2025/02/10/the-hidden-cyber-threat-lurking-in-your-supply-chain/
https://www.techradar.com/pro/nis2-the-gdpr-of-cybersecurity
https://betanews.com/2025/02/11/number-of-active-dark-web-ransomware-groups-up-38-percent-in-2024/
https://www.theregister.com/2025/02/12/ransomware_nation_state_groups/
https://www.helpnetsecurity.com/2025/02/13/uk-government-icloud-backdoor-request/
Governance, Risk and Compliance
58% of UK financial firms targeted in supply chain cyber attacks, survey reveals
Third-Party Risk Management Failures Expose UK Finance Sector - Infosecurity Magazine
Majority Of Businesses Expect A Cyber Breach In 2025 | Silicon UK
Gartner: Most Security Leaders Cannot Balance Data Security, Business Goals
Enterprises under growing pressure to demonstrate readiness for cyber threats
Cyber resilience: A C-suite game plan for balancing innovation, compliance and risk | SC Media
From Reactive to Predictive: Building Cyber Resilience for 2025 - Security Boulevard
7 tips for improving cyber security ROI | CSO Online
Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire
Cyber Resilience: What’s in store for 2025? | SC Media UK
Human Risk Management Will Be the Hot Topic of 2025 | Mimecast
Inconsistent security strategies fuel third-party threats - Help Net Security
Business leaders see risks in economy, cyber threats and talent | Accounting Today
Why CFOs and CISOs Should Care About B2B Cyber Audits
New Cyber Attack Severity Classification Scale Unveiled By UK Org | MSSP Alert
Financial crime in the shadows of the dark web | Premium | Compliance Week
Threats
Ransomware, Extortion and Destructive Attacks
2024 Breaks Records With Highest Ever Ransomware Attacks
Number of active dark web ransomware groups up 38 percent in 2024
Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks - Infosecurity Magazine
Hackers Ramp Up Efficiency, Speed, and Scale in 2024,
Nation-state hackers want in on the ransomware action • The Register
Chinese Cyber Spy Possibly Launching Ransomware Attacks as Side Job - SecurityWeek
Triplestrength hits with ransomware, cloud crypto mining • The Register
Google says policymakers must stem upward cyber crime trend • The Register
US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop
Warning: Cyber Crime Services Underpin National Security Risk
‘We Don’t Negotiate with Terrorists’: Ransomware Strategy in Modern Cyber Security | MSSP Alert
Cyber attacks targeting medical organisations up 32% in 2024 | SC Media
US indicts 8Base ransomware operators for Phobos encryption attacks
Operation Phobos Aetor: Police dismantled 8Base ransomware gang
Thai authorities detain four Europeans in ransomware crackdown | CyberScoop
Ransomware Victims
Was Cisco Just Hit By Ransomware? What Happened And What To Do
Cisco Hacked – Ransomware Group Allegedly Breached & Gained AD Access
Cisco Says Ransomware Group's Leak Related to Old Hack - SecurityWeek
Cisco dispels Kraken data breach claims, insists stolen data came from old attack | ITPro
120K Compromised in Memorial Hospital Ransomware Attack
'Cyber event' delaying US newspaper prints enters 2nd week • The Register
Phishing & Email Based Attacks
SVG files are offering cyber criminals an easy way in with new phishing attacks | TechRadar
Cyber Criminals Weaponize Graphics Files in Phishing Attacks - Infosecurity Magazine
AI-Powered Social Engineering: Reinvented Threats
Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks - Security Boulevard
Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques - Infosecurity Magazine
Google's DMARC Push Pays Off, but Challenges Remain
A new Facebook phishing campaign looks to trick you with emails sent from Salesforce | TechRadar
Cloudflare outage caused by botched blocking of phishing URL
Phishing Season 2025: The Latest Predictions Unveiled - Security Boulevard
Study: Workplace Phishing Tests Only Have a 2% Success Rate
Other Social Engineering
DPRK hackers dupe targets into typing PowerShell commands as admin
Windows, Mac And Linux Users Given New LinkedIn Security Warning
I'm a security expert and I almost fell for this IT job scam • The Register
Artificial Intelligence
Malicious AI Models on Hugging Face Exploit Novel Attack Technique - Infosecurity Magazine
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
AI-Powered Social Engineering: Reinvented Threats
Bad Actors Target DeepSeek In LLMJacking Attacks
DeepSeek-R1: A Smorgasbord Of Security Risks
CISOs Brace for LLM-Powered Attacks: Key Strategies to Stay Ahead - Security Boulevard
How to Steer AI Adoption: A CISO Guide
AI-Driven Cyber Threats Require New Defence Strategies | MSSP Alert
Biz Beware: DeepSeek AI Fails Multiple Security Tests
AI chatbots distort the news, BBC finds - see what they get wrong | ZDNET
A review of the UK Government AI security guidance
How fake security reports are swamping open-source projects, thanks to AI | ZDNET
Rapid growth of AI poses ‘profound’ threat to privacy – The Irish Times
In Paris, US signals shift from AI safety to deregulation | CyberScoop
ChatGPT maker OpenAI taking claims of data breach ‘seriously’ | The Independent
20 million OpenAI users hacked? Here's how to stay safe | PCWorld
2FA/MFA
Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques - Infosecurity Magazine
Inside The Söze Syndicate: MFA Flaws, And The Battle For SMB Security
4 Ways to Keep MFA From Becoming too Much of a Good Thing
Malware
DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects
Millions of Mac owners urged to be on alert for info-stealing malware | Tom's Guide
Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks
US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop
Microsoft IIS servers targeted for malware deployment | SC Media
Hackers are targeting your password manager app | Mashable
Microsoft warns hackers have a new and devious way of distributing malware | TechRadar
Linux running in a PDF? This hack is as bizarre as it is brilliant | ZDNET
Bots/Botnets
Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog
Denial of Service/DoS/DDoS
DDoS Attack Volume and Magnitude Continues to Soar - Infosecurity Magazine
Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks
Internet of Things – IoT
Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records - Infosecurity Magazine
Data Breaches/Leaks
Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire
Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records - Infosecurity Magazine
Silent breaches are happening right now, most companies have no clue - Help Net Security
Over 3 million Fortune 500 employee accounts compromised since 2022 - Help Net Security
14 State AGs to Sue DOGE Over Payment System Access | MSSP Alert
Judge: DOGE made US Treasury ‘more vulnerable to hacking’ • The Register
Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire
20 million OpenAI users hacked? Here's how to stay safe | PCWorld
HPE notifies employees of data breach after Russian Office 365 hack
Over 882K Impacted By Hospital Sisters Health System Breach | MSSP Alert
Georgia Hospital Alerts 120,000 Individuals of Data Breach - Infosecurity Magazine
OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials - SecurityWeek
Lexipol Data Leak: Hackers Drop Police Training Manuals
Cisco dispels Kraken data breach claims, insists stolen data came from old attack | ITPro
Additional Details on PowerSchool Breach Impact Emerge | MSSP Alert
120K Compromised in Memorial Hospital Ransomware Attack
Organised Crime & Criminal Actors
Nation-state hackers want in on the ransomware action • The Register
Google says policymakers must stem upward cyber crime trend • The Register
US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop
Warning: Cyber Crime Services Underpin National Security Risk
Russian cyber criminal Alexander Vinnik is being released from US custody in exchange for Marc Fogel
Russia taps cyber criminals to keep military pressure on Ukraine – POLITICO
Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Triplestrength hits with ransomware, cloud crypto mining • The Register
US: Man Gets 20 Years for $37m Crypto Heist - Infosecurity Magazine
Insider Risk and Insider Threats
Human Risk Management Will Be the Hot Topic of 2025 | Mimecast
Behavioural Analytics in Cyber Security: Who Benefits Most?
Insurance
Tips for Maximizing Your Cyber Insurance Program | Goodwin - JDSupra
Supply Chain and Third Parties
Nearly half of organisations suffer third-party security incidents
58% of UK financial firms targeted in supply chain cyber attacks, survey reveals
Third-Party Risk Management Failures Expose UK Finance Sector - Infosecurity Magazine
The hidden cyber threat lurking in your supply chain - Accountancy Age
Inconsistent security strategies fuel third-party threats - Help Net Security
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment
It's time to secure the extended digital supply chain - Help Net Security
Why CFOs and CISOs Should Care About B2B Cyber Audits
IT reliance leaves insurers open to attack
Cloud/SaaS
Triplestrength hits with ransomware, cloud crypto mining • The Register
Outages
PlayStation Network Outage: A Wake-Up Call For Cyber Security?
Cloudflare outage caused by botched blocking of phishing URL
Encryption
UK's secret Apple iCloud backdoor order is a global emergency, say critics | TechCrunch
Apple’s ‘Dangerous’ iPhone Update Is Much Worse Than You Think
Experts Dismayed at UK’s Apple Encryption Demands - Infosecurity Magazine
The UK’s war on encryption affects all of us | The Verge
Europol Warns Financial Sector of “Imminent” Quantum Threat - Infosecurity Magazine
Passwords, Credential Stuffing & Brute Force Attacks
Over 3 million Fortune 500 employee accounts compromised since 2022 - Help Net Security
Security attacks on password managers have soared | TechRadar
Massive brute force attack uses 2.8 million IPs to target VPN devices
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices | TechRadar
Social Media
Windows, Mac And Linux Users Given New LinkedIn Security Warning
What to do if your social media accounts are hacked | The Independent
Google fixes flaw that could unmask YouTube users' email addresses
A new Facebook phishing campaign looks to trick you with emails sent from Salesforce | TechRadar
Malvertising
Magecart Attackers Abuse Google Ad Tool to Steal Data
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
Chinese-Speaking Group Manipulates SEO with BadIIS | Trend Micro (US)
Regulations, Fines and Legislation
The UK’s war on encryption affects all of us | The Verge
CIOs to the DORA test: how to speed up the process for compliance | CSO Online
Apple ordered to open encrypted user accounts globally to UK spying | The Verge
NIS2: the GDPR of cyber security | TechRadar
Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 - Infosecurity Magazine
Treasury Curtails Musk-led DOGE’s Government Access | MSSP Alert
Musk’s DOGE teen was fired by cyber security firm for leaking company secrets
Judge: DOGE made US Treasury ‘more vulnerable to hacking’ • The Register
Elon Musk's DOGE Is a Cyber Security Nightmare
The Government’s Computing Experts Say They Are Terrified - The Atlantic
A review of the UK Government AI security guidance
Cyber security group sues DOGE over data access | Mashable
Trump White House Dismantles Key Data Security Safeguards
In Paris, US signals shift from AI safety to deregulation | CyberScoop
Coast Guard falls short on maritime cyber security, GAO says • The Register
Trump Order Grants DOGE Hiring Powers, Raising Cyber Fears
Models, Frameworks and Standards
CIOs to the DORA test: how to speed up the process for compliance | CSO Online
NIS2: the GDPR of cyber security | TechRadar
Data Protection
Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 - Infosecurity Magazine
Careers, Working in Cyber and Information Security
Tackling the UK's cyber security skills shortage | TechRadar
Cyber Security Challenge Announces Plans for Closure | SC Media UK
UK Military Fast-Tracks Cyber Security Recruitment - Infosecurity Magazine
Law Enforcement Action and Take Downs
US: Man Gets 20 Years for $37m Crypto Heist - Infosecurity Magazine
US indicts 8Base ransomware operators for Phobos encryption attacks
Operation Phobos Aetor: Police dismantled 8Base ransomware gang
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
US woman faces years in federal prison for running laptop farm for N Korean IT workers
Alabama Man Pleads Guilty to Hacking SEC's X Account - SecurityWeek
Misinformation, Disinformation and Propaganda
AI chatbots distort the news, BBC finds - see what they get wrong | ZDNET
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets
Nation State Actors
Nation-state hackers want in on the ransomware action • The Register
Google says policymakers must stem upward cyber crime trend • The Register
US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop
Warning: Cyber Crime Services Underpin National Security Risk
China
Chinese Cyber Spy Possibly Launching Ransomware Attacks as Side Job - SecurityWeek
Chinese espionage tools deployed in RA World ransomware attack
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
New Chinese Hacking Campaign Targets Manufacturing Firms to Steal IP - Infosecurity Magazine
China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers | WIRED
DeepSeek-R1: A Smorgasbord Of Security Risks
We’re In for a Rude Awakening on Cyber Security
Security Researchers Warn of New Risks in DeepSeek AI App
Chinese-Speaking Group Manipulates SEO with BadIIS | Trend Micro (US)
Russia
A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks | WIRED
Russian state threat group shifts focus to US, UK targets | CyberScoop
Russia's intelligence recruits Ukrainians for terror attacks via messaging apps
Salt Typhoon's Impact on the US and Beyond
Russia taps cyber criminals to keep military pressure on Ukraine – POLITICO
Russian military hackers deploy malicious Windows activators in Ukraine
US, UK and Australia Hit Bulletproof Hoster Zservers with Sanctions - Infosecurity Magazine
HPE notifies employees of data breach after Russian Office 365 hack
Russian cyber criminal Alexander Vinnik is being released from US custody in exchange for Marc Fogel
Russia Says Baltic Sea Cable Damaged by ‘External Impact' - The Moscow Times
TeamViewer's CISO on Thriving After Russian Cyber-Attack - Infosecurity Magazine
North Korea
DPRK hackers dupe targets into typing PowerShell commands as admin
Researchers Unveiled Tactics, Techniques, and Procedures Used by North Korean Hackers
I'm a security expert and I almost fell for this IT job scam • The Register
US woman faces years in federal prison for running laptop farm for N Korean IT workers
Tools and Controls
Massive brute force attack uses 2.8 million IPs to target VPN devices
Security attacks on password managers have soared | TechRadar
Cyber resilience: A C-suite game plan for balancing innovation, compliance and risk | SC Media
From Reactive to Predictive: Building Cyber Resilience for 2025 - Security Boulevard
Analyst Burnout Is an Advanced Persistent Threat
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices | TechRadar
Google's DMARC Push Pays Off, but Challenges Remain
7 tips for improving cyber security ROI | CSO Online
New Cyber Attack Severity Classification Scale Unveiled By UK Org | MSSP Alert
4 Ways to Keep MFA From Becoming too Much of a Good Thing
Behavioural Analytics in Cyber Security: Who Benefits Most?
Transforming Cyber Security With Continuous Threat Exposure Management
How Deepseek’s security failures shape the future of cyber defence on AI | Cybernews
Other News
Why Attackers Heart SMBs— and How to Fight Back | Symantec Enterprise Blogs
What is Physical Security and How Does it Work? | Definition from TechTarget
London council hit by 20,000 cyber attacks every day | The Standard
Elon Musk's DOGE Is a Cyber Security Nightmare
Cyber attacks targeting medical organisations up 32% in 2024 | SC Media
Cyber security requires new approaches, where all stakeholders contribute | Healthcare IT News
IT reliance leaves insurers open to attack
Canada to spend almost $38 million on huge cyber security overhaul
Vehicle cyber security under scrutiny as major hacking attempts triple in 2024
Japan Goes on Offense With New 'Active Cyber Defense' Bill
Cyber security group sues DOGE over data access | Mashable
Coast Guard falls short on maritime cyber security, GAO says • The Register
Linux running in a PDF? This hack is as bizarre as it is brilliant | ZDNET
Vulnerability Management
XE Group shifts from credit card skimming to exploiting zero-days
How fake security reports are swamping open-source projects, thanks to AI | ZDNET
Vulnerabilities
Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks - SecurityWeek
SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
Fortinet 0-Day in FortiOS & FortiProxy Let Attackers Hijack Firewall to Gain Super Admin Access
SAP Releases 21 Security Patches - SecurityWeek
PAN-OS 0-day Vulnerability Let Attackers Bypass Web Interface Authentication
High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks - SecurityWeek
Apple’s security patch highlights the growing security threat – Computerworld
Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities - SecurityWeek
Additional Details on PowerSchool Breach Impact Emerge | MSSP Alert
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
Apple fixes iPhone and iPad bug actively exploited in ‘extremely sophisticated attacks’
Progress Software fixed multiple high-severity LoadMaster flaws
Intel Patched 374 Vulnerabilities in 2024 - SecurityWeek
Security Researchers Warn of New Risks in DeepSeek AI App
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 12 February 2025 – Comprehensive Security Updates from Microsoft, Adobe, Apple, and More
Black Arrow Cyber Advisory 12 February 2025 – Microsoft, Adobe, Fortinet, Apple, Ivanti, OpenSSL, SAP, Zyxel, Intel, AMD & Nvidia Security Updates
Executive Summary
Microsoft’s Patch Tuesday for February 2025 included 63 security updates for its product line, including 2 actively exploited zero-day vulnerabilities. Several other major software and hardware vendors released critical security updates this month to address vulnerabilities that could be exploited by attackers.
Ivanti patched several critical flaws within its Connect Secure and Policy Secure products. Apple issued patches for its iOS and iPadOS devices to address a USB vulnerability that could allow for data exfiltration. Adobe provided updates addressing 45 vulnerabilities for several products, including InDesign, Commerce, Magento, Substance, Photoshop Elements, and Illustrator.
Fortinet published nine security advisories with updates addressing high, medium, and low severity security issues. They also updated a previous advisory from January with additional information and reference to CVE-2025-24472, which Arctic Wolf had previously highlighted in their breakdown of the attack pattern against Fortinet Fortigate Firewalls since November 2024.
OpenSSL released patches to address a vulnerability related to raw public keys, introduced with OpenSSL 3.2. Patches were released within versions 3.4.1, 3.3.2, and 3.2.4 to address the issue. As OpenSSL is utilised by many vendors, it may take some time for the updates to propagate to affected products.
SAP released 19 new security notes, including high, medium, and low vulnerabilities addressed by security patches. Zyxel recently released a security advisory on three reported vulnerabilities, informing customers to replace affected devices as they have reached end of life and are no longer supported.
Additionally, Intel, AMD, and Nvidia published new security advisories addressing high-severity vulnerabilities in their products. Intel released 34 security advisories across their product line, including a critical issue in their Server Board BMC Firmware. AMD released 11 security bulletins which included firmware patches for several high-severity vulnerabilities affecting their embedded processors. Nvidia issued four advisories for vulnerabilities within their Container, Triton, Jetson, and JPEG2000 products.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb
Ivanti, Apple, Adobe, Fortinet, OpenSSL, SAP, Zyxel, Intel, AMD & Nvidia
Further details of the vulnerabilities in affected Ivanti, Apple, Adobe, Fortinet, OpenSSL, SAP, Zyxel, Intel, AMD and Nvidia products can be found here:
https://www.ivanti.com/blog/february-security-update
https://support.apple.com/en-us/100100
https://helpx.adobe.com/security/security-bulletin.html
https://fortiguard.fortinet.com/psirt
https://openssl-library.org/news/secadv/20250211.txt
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.html
https://www.intel.com/content/www/us/en/security-center/default.html
https://www.amd.com/en/resources/product-security.html
https://www.nvidia.com/en-us/security/
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 7 February 2025
Black Arrow Cyber Threat Intelligence Briefing 07 February 2025:
-Destructive Attacks on Financial Institutions Surge
-AI, Cyber Crime Perceived as Top Insurance Risks
-Ransomware Victims Increased by 26% in 2024
-Over 60 Percent of Enterprise Cyber Security Incidents Relate to Known Risks
-CISOs Drive the Intersection between Cyber Maturity and Business Continuity
-Cyber Criminals Entice Traitorous Insiders via Ransom Notes
-Phishing Up Almost 50% Since 2021 with AI Attacks on the Rise
-The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses
-Board Directors Are Taking the Lead on Cyber Security Oversight
-Credential-Stealing Malware Surges in 2024
-How Agentic AI will be Weaponised for Social Engineering Attacks
-LinkedIn Has Become a Prime Hunting Ground for Cyber Criminals
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Black Arrow Cyber's review of threat intelligence identified further evidence of an alarming increase in cyber threats targeting financial institutions, insurers, and enterprises, and the consequences that can include financial ruin.
Destructive cyber attacks have risen by over 12%, often erasing evidence rather than merely disrupting operations. Ransomware attacks surged by 26% in 2024, while phishing attacks have grown by nearly 50% since 2021, with AI-driven threats becoming more sophisticated. Insider threats are also on the rise, with ransomware gangs recruiting employees to facilitate breaches. Business leaders need to be aware that over 60% of enterprise cyber incidents stem from previously identified but unresolved risks, highlighting the need for proactive risk management. These trends underscore the evolving threat landscape and the critical need for a cohesive security strategy that includes continuous monitoring, the timely remediation of vulnerabilities, and employee awareness programmes.
The financial sector faces dual challenges from AI and cyber crime, with insurers ranking cyber attacks as an immediate risk. The weaponisation of AI in cyber attacks is accelerating, enabling adaptive, multi-stage social engineering campaigns. Meanwhile, credential-stealing malware now accounts for 25% of all malware activity, making identity protection a top priority. Cyber security governance is evolving to address this, with CISOs increasingly influencing business strategy and board directors taking a more proactive role in oversight.
As cyber risks intensify, Black Arrow Cyber advises businesses to prioritise cyber resilience, integrate security into corporate strategy, and enhance threat detection to safeguard operations, reputation, and financial stability.
Top Cyber Stories of the Last Week
Destructive Attacks on Financial Institutions Surge
Over half (54%) of financial institutions faced destructive cyber attacks last year, marking a 12.5% rise from 2023, according to Contrast Security. These attacks often serve to erase evidence rather than purely disrupt services. Two-thirds (64%) of firms reported cyber incidents, with cloud environments and APIs identified as key attack vectors. Despite strong detection rates (94%), attackers still bypassed defences, with 46 major breaches per month evading web application firewalls. Customer account takeovers rose by 48%, while 43% suffered ‘island hopping’ attacks where attackers exploit trusted relationships between organisations. The report highlights the need for continuous monitoring and application defence to counter evolving threats.
AI, Cyber Crime Perceived as Top Insurance Risks
The latest report from law firm Kennedys identifies artificial intelligence (AI) adoption and cyber crime as major risks for insurers. While AI is seen as the highest long-term risk, cited by over 85% of respondents, its full impact is expected to emerge over the next three to five years. Meanwhile, cyber attacks present a more immediate threat, with 27% of European, Middle Eastern, and African partners ranking it as their top concern for 2025. AI is also being exploited in cyber crime, increasing insurers’ exposure to data breaches. The report warns that inadequate cyber security could lead to severe financial, legal, and reputational consequences.
Ransomware Victims Increased by 26% in 2024
Ransomware attacks surged by 26% in 2024, with nearly 5,300 reported victims, according to a new analysis. The number of active ransomware gangs also grew, with LockBit remaining the most prolific despite a 50% drop in its victims. RansomHub rapidly scaled operations to take second place, while the Play gang continued to focus on manufacturing, real estate, and technology. Seasonal trends showed peak activity in spring and autumn, with summer seeing a decline. The US remained the most targeted country, with over 1,700 victims, more than ten times the number seen in Canada or the UK.
Over 60% of Enterprise Cyber Security Incidents Relate to Known Risks
A new report from ZEST Security reveals that 62% of enterprise cyber security incidents stem from previously identified risks that remain unresolved. Security teams struggle with long remediation times, taking 10 times longer to fix vulnerabilities than attackers take to exploit them. The financial burden is significant, exceeding $2 million annually. Backlogs are a key issue, with 87% of organisations managing over 100 critical security tickets. While automation and effort-based prioritisation are gaining traction, stricter SLAs and regulatory pressure are expected to drive faster remediation to mitigate the growing risk of cloud security incidents.
CISOs Drive the Intersection between Cyber Maturity and Business Continuity
The role of the CISO is evolving beyond IT, with one in five now reporting directly to the CEO, according to Deloitte’s latest cyber survey. High-cyber-maturity organisations are embedding cyber security into business strategy, enhancing resilience and enabling business continuity. Budget allocations are shifting, with cyber spending increasingly integrated into digital transformation and IT investments, reflecting its cross-functional impact. As regulatory pressures grow, particularly with new SEC disclosure requirements in the US, CISOs are playing a key role in risk management and compliance. Organisations with mature cyber strategies recover faster from incidents, protecting revenue, reputation and operations in an increasingly interconnected digital landscape.
Cyber Criminals Entice Traitorous Insiders via Ransom Notes
Ransomware gangs are now targeting employees with financial incentives to betray their and other organisations, embedding recruitment messages within ransom notes. Threat groups, including Sarcoma and DoNex, have begun soliciting insider access, offering substantial rewards for login credentials, network access, and sensitive data of any organisation. Security researchers note this tactic is a recent development, with threat actors exploiting disgruntled staff to bypass defences. While such offers may seem lucrative, experts warn that cyber criminals operate with no accountability, making payment unlikely. The shift highlights the evolving sophistication of ransomware operations, reinforcing the need for robust insider threat detection and employee awareness programmes.
Phishing Up Almost 50% Since 2021 with AI Attacks on the Rise
Phishing attacks have surged by 49% since 2021, with AI-driven threats emerging as a growing concern, according to Hoxhunt’s latest report. AI-generated phishing emails, while currently under 5% of reported cases, have risen sharply in just six months. On average, organisations with 1,000 employees face 2,330 phishing attempts that bypass filters each year, leading to 466 malicious clicks. Attackers frequently impersonate Microsoft, Docusign, and HR departments to exploit urgency and curiosity. Encouragingly, phishing awareness training can reduce incidents by 86% in six months, significantly enhancing organisational resilience against social engineering threats.
The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses
A recent case involving Stoli Group highlights how cyber incidents can push financially vulnerable businesses into bankruptcy. Following a severe ransomware attack that disrupted financial reporting, Stoli was unable to provide lenders with key data, contributing to an $84 million debt burden and its eventual collapse. This case underscores the growing risk, which is especially high for small and medium-sized businesses (SMBs) that often lack the resources to recover from cyber attacks. With nearly 60% of SMBs failing within six months of an attack, organisations must prioritise cyber security resilience to prevent financial and operational ruin.
Board Directors Are Taking the Lead on Cyber Security Oversight
Board directors are increasingly taking a proactive role in cyber security oversight, shifting responsibility from IT teams to a company-wide approach. BDO’s 2024 board survey found that 37% of directors are broadening accountability, while many are investing in incident response strategies and regulatory compliance. The US SEC’s enhanced disclosure rules are driving the need for clear cyber incident reporting. Boards are also prioritising expertise, with 27% seeking cyber security knowledge in 2025. Directors are dedicating 42 hours annually to education, while external assessments, benchmarking, and evolving response plans are strengthening resilience against emerging threats.
Credential-Stealing Malware Surges in 2024
Credential-stealing malware now represents 25% of all malware activity, marking a threefold surge in this type of threat. Picus Security’s annual cyber security report found that credential theft has, for the first time, entered the top 10 techniques in the MITRE ATT&CK framework. Analysis of over one million malware samples revealed that just 10 attack techniques accounted for 93% of all malicious actions. Attackers are increasingly using stealthy multi-stage operations to extract credentials and leveraging encrypted channels to evade detection. Security teams can mitigate risk by focusing on the most prevalent attack techniques and enforcing strong authentication practices.
How Agentic AI will be Weaponised for Social Engineering Attacks
AI-driven social engineering attacks are evolving rapidly, with cyber criminals leveraging agentic AI to create highly personalised, adaptive, and multi-stage phishing campaigns. These AI agents can autonomously gather data, refine attack strategies, and deploy deepfake audio and video to deceive employees. Unlike traditional phishing, these threats are dynamic, adjusting to real-time responses. As AI becomes more autonomous, organisations must enhance defences by deploying AI-powered security tools, investing in adaptive awareness training, and fostering a cyber-aware culture. With AI-driven attacks set to rise, proactive measures are essential to mitigate risks and safeguard against increasingly sophisticated social engineering threats.
LinkedIn Has Become a Prime Hunting Ground for Cyber Criminals
LinkedIn has become a key target for cyber criminals using fake job offers to conduct social engineering attacks. A recent Bitdefender report highlights tactics used by the Lazarus Group, a North Korean state-sponsored threat actor, to deploy malware via fraudulent recruitment messages. Attackers trick victims into running malicious code disguised as job evaluation documents, ultimately stealing cryptocurrency wallet data and establishing persistence on systems. The group has also targeted sensitive industries such as aviation and defence. Experts warn professionals to remain vigilant, verify job offers, and avoid running unverified code outside secure environments like virtual machines.
Sources:
https://www.infosecurity-magazine.com/news/destructive-attacks-banks-surge-13/
https://www.insurancejournal.com/news/national/2025/02/04/810573.htm
https://betanews.com/2025/01/31/ransomware-victims-increased-by-26-percent-in-2024/
https://www.darkreading.com/threat-intelligence/cybercriminals-traitorous-insiders-ransom-notes
https://informationsecuritybuzz.com/credential-stealing-malware-surges-in/
https://www.securityweek.com/how-agentic-ai-will-be-weaponized-for-social-engineering-attacks/
https://www.itpro.com/security/cyber-attacks/linkedin-social-engineering-attacks
Governance, Risk and Compliance
AI, Cyber Ccrime Perceived as Top Insurance Risks: Kennedys
CISO stature gains traction as global cyber risk escalates | CIO Dive
CISOs drive the intersection between cyber maturity and business continuity
21% of CISOs Have Been Pressured Not to Report a Compliance Issue
Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine
It pays to know how your cyber security stacks up | CSO Online
Infosec pros struggle under growing compliance - Help Net Security
The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses | MSSP Alert
Boardroom cyber expertise comes under scrutiny
Board Directors Are Taking the Lead on Cyber Security Oversight
Critical Questions For Boards: Are You Prepared For Ransomware?
Study warns on "head-in-the-sand" approach to cyber security
Why cyber hygiene should be a priority for every business in 2025 - Digital Journal
Why Cyber Security Is Everyone’s Responsibility
EMEA CISOs Plan 2025 Cloud Security Investment
Under Pressure: Why Companies Must Mitigate the Churn of Cyber Security Leaders - Security Boulevard
The CISO’s role in advancing innovation in cyber security | CSO Online
Over 60 percent of enterprise cyber security incidents relate to known risks
Security Teams Pay the Price: The Unfair Reality of Cyber Incidents - SecurityWeek
Overconfident execs are making their companies vulnerable to fraud - Help Net Security
Why Cyber Security Needs Probability — Not Predictions
Budgets and Awareness Up, Impersonation Attacks Still Prominent | SC Media UK
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware victims increased by 26 percent in 2024
Ransomware Groups Weathered Raids, Profited in 2024
Ransomware and the Impact on Human Lives
Critical Questions For Boards: Are You Prepared For Ransomware?
Cyber Criminals Court Traitorous Insiders via Ransom Notes
How to combat exfiltration-based extortion attacks | TechRadar
Top 3 Ransomware Threats Active in 2025
New AI "agents" could hold people for ransom in 2025 | Malwarebytes
Destructive Attacks on Financial Institutions Surge 13% - Infosecurity Magazine
More destructive cyber attacks target financial institutions - Help Net Security
Ransomware recovery payments fell in 2024 • The Register
Ransomware Victims
Indian tech giant Tata Technologies hit by ransomware attack
Tata Technologies confirms ransomware attack, says investigation still ongoing | TechRadar
Wirral NHS cyberattack leads to missed cancer care targets • The Register
Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden | WIRED
Data breach disclosed by Mizuno after BianLian claims | SC Media
Engineering group IMI latest UK firm to be hit by cyber attack
Phishing & Email Based Attacks
How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek
Phishing up almost 50 percent since 2021 with AI attacks on the rise
Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA - Infosecurity Magazine
High-profile X Accounts Targeted in Phishing Campaign - Infosecurity Magazine
1-Click Phishing Campaign Targets High-Profile X Accounts
Cyberhaven: A Wake-Up Call for Consent Phishing Risks | Grip - Security Boulevard
Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank - Infosecurity Magazine
Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks - Security Boulevard
Business Email Compromise (BEC)/Email Account Compromise (EAC)
US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
Wembley Multi-Academy Trust Scammed Out of £385,000
Other Social Engineering
How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek
Top 5 AI-Powered Social Engineering Attacks
North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
How to Protect Yourself from the Growing Threat of Spam Calls and Robocalls
Artificial Intelligence
How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek
Top 5 AI-Powered Social Engineering Attacks
AI, Cyber Crime Perceived as Top Insurance Risks: Kennedys
Why employees smuggle AI into work - BBC News
AI jailbreaking techniques prove highly effective against DeepSeek | Computer Weekly
DeepSeek’s Flagship AI Model Under Fire for Security Vulnerabilities - Infosecurity Magazine
Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices - SecurityWeek
UK Announces “World-First” AI Security Standard - Infosecurity Magazine
Protect your data as cyber criminals use AI to target Mac in 2025
Risk Matters: Cyber Risk and AI – The Changing Landscape
Video Cyber Security expert discovers DeepSeek using ‘digital fingerprinting technology’ - ABC News
Qualys Report Raises Red Flags In DeepSeek-RI Security
New AI "agents" could hold people for ransom in 2025 | Malwarebytes
How Are Threat Actors Using Adversarial GenAI?
Invisible Threats: The Rise of AI-Powered Steganography Attacks - Security Boulevard
AI Rise: Can We Still Trust What We See? - InfoRiskToday
You Could Get 5 Years In Prison For Possessing These AI Tools
Cyber Threat Defence Code of Practice Announced by UK Government | SC Media UK
Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?
Scotland at risk of major AI hack, expert warns
Charges mount in former ex-Googler's AI theft case • The Register
2FA/MFA
Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA - Infosecurity Magazine
Malware
Credential-stealing Malware Surges In 2024
Macs targeted by almost two dozen newly emergent payloads last year | SC Media
Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware
Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
DaggerFly-Linked Linux Malware Targets Network Appliances - Infosecurity Magazine
Threefold Increase in Malware Targeting Credential Stores - Infosecurity Magazine
Mac Users Warned As “Fully Undetectable” Security Backdoor Confirmed
Surge in Infostealer Attacks Threatens EMEA Organisations - Infosecurity Magazine
AI Malware Dressed Up as DeepSeek Lurks in PyPi
Protect your data as cyber criminals use AI to target Mac in 2025
North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
22 New Mac Malware Families Seen in 2024 - SecurityWeek
New Microsoft script updates Windows media with bootkit malware fixes
Lazarus APT targets crypto wallets using cross-platform JavaScript stealer
Microsoft says attackers use exposed ASP.NET keys to deploy malware
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
The RAT Pack Returns: ValleyRAT's Devious Delivery Methods
Chinese cyber spies use new SSH backdoor in network device hacks
SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
Bots/Botnets
Akamai warns of active attacks from new Mirai variant | SC Media
Mobile
Screenshot-reading malware cracks iPhone security for the first time | Digital Trends
Malware With Screen Reading Code Found in iOS Apps for the First Time - MacRumors
Google Bans 158,000 Malicious Android App Developer Accounts in 2024
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
Security and Privacy on Your Android Phone: Features You Should Know About - CNET
Why rebooting your phone daily is your best defence against zero-click hackers | ZDNET
Gravy Analytics soaks up another sueball over data breach • The Register
Wiping your iPhone? Here's the easiest way to erase all personal data | ZDNET
Denial of Service/DoS/DDoS
Akamai warns of active attacks from new Mirai variant | SC Media
Internet of Things – IoT
Akamai warns of active attacks from new Mirai variant | SC Media
Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?
Data Breaches/Leaks
Credential Theft Becomes Cyber Criminals' Favourite Target
Gravy Analytics soaks up another sueball over data breach • The Register
OpenAI Data Breach: Threat Actor Allegedly Claims 20 Million Logins for Sale
Mizuno USA says hackers stayed in its network for two months
NorthBay Health Data Breach Impacts 569,000 Individuals - SecurityWeek
Globe Life data breach may impact an additional 850,000 clients
US healthcare provider data breach impacts 1 million patients
1 Million Impacted by Data Breach at Connecticut Healthcare Provider - SecurityWeek
Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden | WIRED
Data breach disclosed by Mizuno after BianLian claims | SC Media
Data Purportedly Stolen From Trump Hotels In Cyberattack | MSSP Alert
Taliban deny cyber security breach, claim leaked documents were not confidential | Amu TV
Organised Crime & Criminal Actors
US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
DOJ: Over 17M Americans Impacted By Seized Cyber Crime Forums | MSSP Alert
From credit card fraud to zero-day exploits: Xe Group expanding cyber criminal efforts | CyberScoop
Crazy Evil gang runs over 10 highly specialized social media scams
Police dismantles HeartSender cyber crime marketplace network
2 Arrested in Takedown of Nulled, Cracked Hacking Forums - SecurityWeek
Two of the world's largest cyber crime forums knocked offline | ITPro
California man steals $50 million using fake investment sites, gets 7 years
US accuses Canadian math prodigy of $65M crypto scheme • The Register
Man Sentenced to 7 Years in Prison for Role in $50M Internet Scam | Tripwire
Charges mount in former ex-Googler's AI theft case • The Register
Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs
Nigeria Touts Cyber Success as African Cyber Crime Rises
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
Even the US government can fall victim to cryptojacking | FedScoop
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
US accuses Canadian math prodigy of $65M crypto scheme • The Register
Lazarus APT targets crypto wallets using cross-platform JavaScript stealer
Insider Risk and Insider Threats
Why employees smuggle AI into work - BBC News
Cyber Criminals Court Traitorous Insiders via Ransom Notes
Charges mount in former ex-Googler's AI theft case • The Register
What you can do to prevent workforce fraud - Help Net Security
How to Root Out Malicious Employees - Security Boulevard
Human error an overlooked cyber risk for SMEs
Insurance
AI, Cyber Crime Perceived as Top Insurance Risks: Kennedys
Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine
UK’s Cyber Monitoring Centre begins incident classification work | Computer Weekly
Supply Chain and Third Parties
Over a dozen firms compromised in BeyondTrust breach | SC Media
Tata Technologies confirms ransomware attack, says investigation still ongoing | TechRadar
Cyberhaven: A Wake-Up Call for Consent Phishing Risks | Grip - Security Boulevard
How to create a third-party risk management policy | TechTarget
Cloud/SaaS
EMEA CISOs Plan 2025 Cloud Security Investment
Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
Watch Out For These 8 Cloud Security Shifts in 2025
Here’s all the ways an abandoned cloud instance can cause security issues | CyberScoop
Only 3% of organisations have a dedicated budget for SaaS security - Help Net Security
Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud
Abandoned AWS Cloud Storage: A Major Cyberattack Vector
Outages
Familiar failings as Barclays outage delays transactions | Today's Conveyancer
Encryption
Cyber Insights 2025: Quantum and the Threat to Encryption - SecurityWeek
If you're not working on quantum-safe encryption now, it's already too late | ZDNET
Linux and Open Source
DaggerFly-Linked Linux Malware Targets Network Appliances - Infosecurity Magazine
Linux Security: Scan Your Servers for Rootkits With Ease - The New Stack
Passwords, Credential Stuffing & Brute Force Attacks
Credential Theft Becomes Cyber Criminals' Favorite Target
Millions Of Password Manager Users On Red Alert—Act Now To Stay Safe
Threefold Increase in Malware Targeting Credential Stores - Infosecurity Magazine
Cyber Criminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
Stop saving your email login info in your password manager | PCWorld
Social Media
These Are the Accounts Most Targeted By Hackers: Here's How to Secure Them
High-profile X Accounts Targeted in Phishing Campaign - Infosecurity Magazine
1-Click Phishing Campaign Targets High-Profile X Accounts
Malvertising
Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts
Fraudulent Google ads seek to breach Microsoft advertisers’ credentials | SC Media
Regulations, Fines and Legislation
“Vámonos!” Declares DORA, But 43% Of UK Financial Services Say “No”
Infosec pros struggle under growing compliance - Help Net Security
UK Announces “World-First” AI Security Standard - Infosecurity Magazine
It's Time to Consolidate Cyber Security Regulations
Critical Questions For Boards: Are You Prepared For Ransomware?
Musk' DOGE leashed by court after digging up Treasury data • The Register
Protecting the US from hackers apparently isn't in Trump's budget
Ireland responds to EU infringement notice on cyber security directive | Business Post
21% of CISOs Have Been Pressured Not to Report a Compliance Issue
Recent US Executive Order Calls for Encrypting DNS - ISC
Trump’s anti-DEI efforts damage national security, former officials say - Nextgov/FCW
DORA Compliance Must be a Top Priority for US Financial Institutions - Security Boulevard
House Democrats demand answers over DOGE OPM server • The Register
Musk, DOGE Move into Treasury Systems Raises Security, Privacy Concerns | MSSP Alert
The biggest breach of US government data is under way | TechCrunch
Cyber Threat Defence Code of Practice Announced by UK Government | SC Media UK
Talks begin to move National Cyber Security Centre to Department of Justice
Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?
DeepSeek users could face million-dollar fine and prison time under new law | The Independent
USCG Final Rule on Cyber Security in Marine Transportation
Models, Frameworks and Standards
“Vámonos!” Declares DORA, But 43% Of UK Financial Services Say “No”
Ireland responds to EU infringement notice on cyber security directive | Business Post
DORA Compliance Must be a Top Priority for US Financial Institutions - Security Boulevard
Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks - Security Boulevard
Careers, Working in Cyber and Information Security
The cyber security skills gap reality: We need to face the challenge of emerging tech | CSO Online
Shaping The Next Generation Of Cyber Security Professionals
The Cyber Security Crisis: Companies Can’t Fill Roles, Workers Shut Out
Under Pressure: Why Companies Must Mitigate the Churn of Cyber Security Leaders - Security Boulevard
Government must address cyber security staffing shortage, NAO warns
Why Diversity Should not be Removed from Cyber in 2025 | SC Media UK
Public sector pay gap threatens UK cyber resilience
The hidden dangers of a toxic cyber security workplace - Help Net Security
Law Enforcement Action and Take Downs
Ransomware Groups Weathered Raids, Profited in 2024
US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
DOJ: Over 17M Americans Impacted By Seized Cyber Crime Forums | MSSP Alert
Police dismantles HeartSender cyber crime marketplace network
2 Arrested in Takedown of Nulled, Cracked Hacking Forums - SecurityWeek
California man steals $50 million using fake investment sites, gets 7 years
US accuses Canadian math prodigy of $65M crypto scheme • The Register
Man Sentenced to 7 Years in Prison for Role in $50M Internet Scam | Tripwire
Charges mount in former ex-Googler's AI theft case • The Register
Europol Cracks Down on Global Child Abuse Network “The Com” - Infosecurity Magazine
Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs
Nigeria Touts Cyber Success as African Cyber Crime Rises
Misinformation, Disinformation and Propaganda
Mis/Disinformation: The Skew of Information and Its Impacts on You | AFCEA International
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Britain to boost cyber warfare capabilities
Exploring The Cyber Security Battlefield Of 2025
The Weaponization of Operational Technology
Nation State Actors
China
Video Cyber Security expert discovers DeepSeek using ‘digital fingerprinting technology’ - ABC News
Qualys Report Raises Red Flags In DeepSeek-RI Security
Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud
Chinese cyber spies use new SSH backdoor in network device hacks
DeepSeek Jailbreak Reveals Its Entire System Prompt
AI jailbreaking techniques prove highly effective against DeepSeek | Computer Weekly
DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot | WIRED
Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices - SecurityWeek
Australia bans DeepSeek over security... - Mobile World Live
Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
Russia
Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank - Infosecurity Magazine
British PM scrapped ‘dangerously obvious’ email after Russian hacking | Cybernews
7-Zip MotW bypass exploited in zero-day attacks against Ukraine
British PM Keir Starmer’s Personal Email Allegedly Hacked by Russian Operatives
North Korea
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
Lazarus APT targets crypto wallets using cross-platform JavaScript stealer
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
WhatsApp claims that 100 journalists and activists were the targets of Israeli-made spyware
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists
WhatsApp: Global spyware campaign conducted by Israeli firm | SC Media
Tools and Controls
Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware
Risk Matters: Cyber Risk and AI – The Changing Landscape
Enterprises invest heavily in AI-powered solutions - Help Net Security
EMEA CISOs Plan 2025 Cloud Security Investment
Watch Out For These 8 Cloud Security Shifts in 2025
Here’s all the ways an abandoned cloud instance can cause security issues | CyberScoop
Future of Cyber Security: Will XDR Absorb SIEM & SOAR? | Trend Micro (US)
How AI-driven SOC co-pilots will change security center operations
Only 3% of organisations have a dedicated budget for SaaS security - Help Net Security
The API security crisis and why businesses are at risk - Help Net Security
Beware cyber security tech that’s past its prime — 5 areas to check or retire | CSO Online
Recent US Executive Order Calls for Encrypting DNS - ISC
How to build an effective purple team playbook | TechTarget
Security Teams Pay the Price: The Unfair Reality of Cyber Incidents - SecurityWeek
One breach to rule them all: The security perils of digital consolidation | SC Media
Budgets and Awareness Up, Impersonation Attacks Still Prominent | SC Media UK
Why streamlining cyber security is essential for success - Verdict
How to create a third-party risk management policy | TechTarget
Is Your Antivirus Spying on You? Yes, and Some Are Worse Than Others
What does it mean to build in security from the ground up? • The Register
Why honeypots deserve a spot in your cyber security arsenal | CSO Online
Other News
Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine
The Weaponisation of Operational Technology
Financial sector faces increased cyber security threats
Destructive Attacks on Financial Institutions Surge 13% - Infosecurity Magazine
DNSFilter's Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests
How safe is coffee shop WiFi? | BCS
Build a vulnerability management program with internet exposure in mind | SC Media
One breach to rule them all: The security perils of digital consolidation | SC Media
Threat Actors Target Public-Facing Apps for Initial Access - Infosecurity Magazine
More destructive cyber attacks target financial institutions - Help Net Security
NCSC Issues Guidance to Protect UK Research and Innovation - Infosecurity Magazine
2024: The Year Data Security Took A Beating
NAO warns of severe cyber threat to the UK
Cyber security, government experts are aghast at security failures in DOGE takeover | CyberScoop
Introduce cyber security in schools, experts warn
Financial advisers neglecting cyber security at their own risk
Government must address cyber security staffing shortage, NAO warns
Booking.com’s CISO on Strengthening Security in Travel Sector - Infosecurity Magazine
Vulnerability Management
Navigating the Future: Key IT Vulnerability Management Trends
Transforming Vulnerability Management with Threat Intelligence: A Vision for MSSPs | MSSP Alert
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
Over 60 percent of enterprise cyber security incidents relate to known risks
Managing Software Risk in a World of Vulnerabilities
Infosec pros: We need CVSS, warts and all | CyberScoop
From credit card fraud to zero-day exploits: Xe Group expanding cyber criminal efforts | CyberScoop
Vulnerabilities
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
A worrying security flaw could have left Microsoft SharePoint users open to attack | TechRadar
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities - SecurityWeek
Google warns Android users of a kernel flaw under attack • The Register
Critical RCE bug in Microsoft Outlook now exploited in attacks
Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware
Zyxel won’t patch newly exploited flaws in end-of-life routers
Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers | TechCrunch
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
AMD patches high severity security flaw affecting Zen chips | TechRadar
Microsoft Patches Critical Azure AI Face Security Bug | MSSP Alert
New Microsoft script updates Windows media with bootkit malware fixes
CISA orders agencies to patch Linux kernel bug exploited in attacks
Cisco Patches Critical Vulnerabilities in Enterprise Security Product - SecurityWeek
BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key
7-Zip MotW bypass exploited in zero-day attacks against Ukraine
Netgear warns users to patch critical WiFi router vulnerabilities
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
Black Arrow Cyber Threat Intelligence Briefing 31 January 2025
Black Arrow Cyber Threat Intelligence Briefing 31 January 2025:
-More Than Half of UK Workplaces Faced Cyber Attacks Last Year
-Cyber Security Responsibilities Across the C-Suite: A Breakdown for Every Executive
-Hackers Use Generative AI to Attack More Frequently and Effectively
-74% of Organisations are Increasing Crisis Simulation Budgets
-Only 13% of Organisations Fully Recover Data After a Ransomware Attack
-Cyber Security Threats Hit Mid-Market Firms Where It Hurts: The Bottom Line
-GhostGPT Can Write Malicious Code, Create Malware, and Create Convincing Phishing Emails for Just $50/Week
-New Phishing Campaign Targets Mobile Devices with Malicious PDFs
-The Clock is Ticking: Hackers Can Take You Down in 48 Minutes
-Security Threats Top Concerns for UK SMEs
-SaaS (Cloud) Breaches Skyrocket 300% as Traditional Defences Fall Short
-Rise of AI is Causing Many Firms to Worry About Their Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Looking at open source reporting this week, and indeed from our own work, it is clear that UK businesses are facing an alarming rise in cyber attacks, with over half experiencing an incident in 2024. Despite this, only a minority have structured risk assessments or incident response plans in place. AI-driven phishing attacks have surged by over 4,000%, yet just 17% of organisations invest in cyber security training. Meanwhile, the rapid adoption of generative AI is both strengthening defences and empowering attackers. Tools like GhostGPT, available for as little as $50 per week, are automating malware development and phishing campaigns, reducing the technical barrier for cyber criminals. The time from initial breach to full compromise has shrunk to just 48 minutes, highlighting the need for faster response times and automated defences.
Cyber security is no longer just a technical challenge but a critical business issue requiring C-suite engagement. CEOs must integrate security into corporate strategy, particularly for mid-market firms where breaches threaten growth and innovation. The escalating ransomware crisis has led to 58% of victims shutting down operations, yet only 13% fully recover their data, exposing gaps in resilience. The surge in SaaS breaches, up 300% in the past year, further underscores the importance of identity protection and continuous monitoring to mitigate risk.
As cyber threats intensify, Black Arrow Cyber advises organisations to prioritise crisis simulations, proactive investment, and cross-functional collaboration. With 74% of CISOs increasing crisis simulation budgets and AI reshaping the threat landscape, businesses must act now to build resilience. Strengthening mobile security, enforcing least privilege access, and rapidly addressing vulnerabilities are crucial to preventing financial and reputational harm. The cyber security clock is ticking, and businesses must move swiftly to stay ahead of evolving threats.
Top Cyber Stories of the Last Week
More Than Half of UK Workplaces Faced Cyber Attacks Last Year
More than half of UK businesses experienced a cyber attack in 2024, yet only 31% had conducted a cyber risk assessment, and just 15% had a formal incident response plan. Phishing attacks, fuelled by AI advancements, have surged by over 4,000% since 2022, making cyber resilience essential. Despite the evolving threat landscape, only 17% of businesses provide cyber security training to staff. Organisations must prioritise continuous monitoring, attack simulations, and structured incident response plans to mitigate risks. A strong cyber resilience strategy ensures businesses can not only prevent attacks but also respond effectively, minimising disruption and financial impact.
Cyber Security Responsibilities Across the C-Suite: A Breakdown for Every Executive
Cyber security is a core business concern requiring engagement from the entire C-suite, not just the Chief Information Security Officer (CISO). With cyber threats growing in complexity and regulations becoming stricter, organisations must integrate security into their business strategies. A single cyber attack can cause severe financial losses, operational disruption, and reputational damage. Every member of the C-suite plays a key role: CEOs set strategic business priorities that require a secure business environment, CFOs manage financial risks, and a good CISO establishes security defences across people, operations and technology with the CHRO, COO, and CIO. Cross-functional collaboration is essential, ensuring cyber security is embedded in operations, innovation, and culture to protect the organisation’s future.
Hackers Use Generative AI to Attack More Frequently and Effectively
The latest Splunk CISO Report highlights the growing role of Generative AI (GenAI) in cyber security, with over half (52%) of CISOs prioritising emerging technologies. However, only a third (33%) of board members share this view, exposing a strategic gap. Attackers are leveraging GenAI to enhance the effectiveness (32%) and volume (28%) of cyber attacks, making AI-driven threats a top concern for 36% of CISOs. Budget constraints remain an issue, with 64% of CISOs linking underfunding to increased cyber risks.
74% of Organisations are Increasing Crisis Simulation Budgets
Following a series of high-profile cyber incidents in 2024, CISOs are increasing investment in crisis simulations to strengthen organisational resilience. A report by Hack The Box found that 74% of CISOs are raising budgets for crisis preparedness in 2025, with 16% of security budgets being reallocated to these exercises. Key drivers include the growing frequency of cyber incidents (31%) and gaps in incident response planning (20%). With AI reshaping the cyber threat landscape, organisations are prioritising realistic, stress-tested simulations to ensure both technical and non-technical teams can respond decisively to evolving threats.
Only 13% of Organisations Fully Recover Data After a Ransomware Attack
Ransomware attacks are becoming more disruptive, with 58% of organisations forced to shut down operations, up from 45% in 2021. Business impacts are severe: 40% reported revenue losses, 41% lost customers, and 35% suffered significant brand damage. Despite 29% of IT budgets allocated to ransomware defences, 88% of organisations have been victims, with only 13% fully recovering their data. Poor visibility in hybrid environments and unpatched systems are key vulnerabilities. With only 27% adopting microsegmentation, organisations must prioritise containment strategies to protect critical systems and avoid the rising costs of downtime, lost business, and reputational harm.
Cyber Security Threats Hit Mid-Market Firms Where It Hurts: The Bottom Line
Middle-market firms, especially those facing high uncertainty due to fluctuating demand, supply chain disruptions, or macroeconomic volatility, face growing cyber security threats that directly impact their financial stability and innovation. According to PYMNTS Intelligence’s 2025 Certainty Project, 72% of firms are concerned about financial losses due to cyber incidents, rising to 88% for those experiencing heightened uncertainty. High-uncertainty firms are also 81% more likely to delay or cancel technology initiatives, stalling growth. Despite constrained resources, CFOs are shifting cyber security from an IT concern to a business priority, recognising its role in resilience and competitive advantage. As cyber threats escalate, proactive investment in security is essential to safeguard operations and drive innovation.
GhostGPT Can Write Malicious Code, Create Malware, and Create Convincing Phishing Emails for Just $50/Week
Hackers are using an AI chatbot, GhostGPT, to automate cyber attacks, enabling them to write malware, craft phishing emails, and develop exploits with ease. Unlike mainstream AI tools, GhostGPT lacks ethical safeguards and is marketed openly on cyber crime forums. Available as a Telegram bot for as little as $50 per week, it lowers the barrier for attackers with minimal technical skills. Security researchers warn that AI-driven threats like GhostGPT will make cyber attacks more sophisticated and harder to detect, underscoring the need for organisations to adapt their defences to counter AI-enabled cyber crime.
New Phishing Campaign Targets Mobile Devices with Malicious PDFs
A newly discovered phishing campaign is targeting mobile users by impersonating known brands and delivering malicious PDF files via SMS. Researchers uncovered over 20 malicious PDFs and 630 phishing pages, highlighting a large-scale operation spanning more than 50 countries. The campaign employs a sophisticated obfuscation technique to bypass detection, tricking users into providing sensitive information. As mobile phishing threats grow, organisations must prioritise mobile security investments, implement multi-factor authentication and adopt a layered security approach to mitigate risks posed by increasingly advanced social engineering tactics.
The Clock is Ticking: Hackers Can Take You Down in 48 Minutes
Hackers are accelerating their attacks, with the average time from initial access to lateral movement now just 48 minutes; 22% faster than last year. The quickest observed incident took only 27 minutes. A key driver is the rise of information-stealing malware, aiding initial access brokers in expediting attacks. Additionally, the ransomware-as-a-service ecosystem has become more efficient, and AI is enhancing hacking tools. Alarmingly, the time from vulnerability discovery to exploitation has dropped from 47 days to just 18 days; a 62% decrease. Automated defences and rapid patching are critical to mitigating these evolving threats.
Security Threats Top Concerns for UK SMEs
JumpCloud’s latest report highlights that 61% of UK SMEs see security as their top challenge in 2025, with 45% having suffered a cyber security attack, and phishing accounting for 53% of incidents. IT teams are under pressure, with 90% concerned about unauthorised apps expanding their attack surface, and 60% fearing AI threats will outpace their defences. Despite security concerns, nearly half (48%) hesitate to strengthen protections due to user experience trade-offs. Tool sprawl remains an issue, driving 83% to seek unified platforms. Budgets are increasing, with 76% expecting cyber security investment to rise and MSP adoption growing to 79%.
SaaS (Cloud) Breaches Skyrocket 300% as Traditional Defences Fall Short
Software-as-a-Service (SaaS) breaches have surged by 300% in the past year as cyber criminals and nation-state actors increasingly target these platforms. A report by Obsidian Security found that 85% of incidents stemmed from compromised identities, with adversary-in-the-middle attacks accounting for 39%. The healthcare sector was the most affected (14%), followed by government (13%) and financial services (11%). Traditional security tools are struggling to protect SaaS environments, with MFA failing in 84% of cases due to weak implementation or adversary-in-the-middle (AiTM) techniques. To mitigate risk, firms must enhance visibility over SaaS usage, enforce least privilege access controls, and implement continuous monitoring to detect and respond to threats swiftly.
Rise of AI is Causing Many Firms to Worry About Their Cyber Security
A Sophos report highlights growing concerns about AI's impact on cyber security, with 89% of IT leaders fearing flaws in generative AI could weaken defences. Despite this, 99% now see AI as essential when selecting a cyber security provider. While AI enhances threat capabilities, one in five IT leaders hopes it will strengthen protection, and 14% hope it will relieve employee burnout. However, four in five anticipate rising costs, though 87% expect long-term savings. With 98% already embedding AI in security solutions, firms are urged to adopt a human-first approach and carefully assess AI vendors for data quality and effectiveness.
Sources:
https://www.techradar.com/pro/security/hackers-use-genai-to-attack-more-frequently-and-effectively
https://www.helpnetsecurity.com/2025/01/28/cisos-crisis-simulation-budgets/
https://www.helpnetsecurity.com/2025/01/29/ransomware-attacks-business-operations-disruption/
https://www.infosecurity-magazine.com/news/phishing-campaign-targets-mobile/
https://pcr-online.biz/2025/01/29/security-threats-top-concerns-for-uk-smes/
https://www.infosecurity-magazine.com/news/saas-breaches-defenses-short/
Governance, Risk and Compliance
CISOs boost board presence by 77% over two years | Computer Weekly
CISOs are gaining more influence in the boardroom, and it’s about time | ITPro
74% of CISOs are increasing crisis simulation budgets - Help Net Security
Rise of AI is causing many firms to worry about their cyber security | TechRadar
Hackers Are Getting Faster—48 Minutes And You’re Cooked
Cyber security crisis in numbers - Help Net Security
Cyber security Threats Hit Mid-Market Firms in the Bottom Line
CISOs Are Gaining C-Suite Swagger
88% of High-Uncertainty Firms Report Cyber Security Risks
UK Organisations Boosting Cyber Security Budgets - Infosecurity Magazine
UK's small businesses underestimating risk of cyber attacks
Security threats top concerns for UK SMEs – PCR
It’s time to catch up with cyber attackers | TechRadar
More than half of UK workplaces faced cyber attacks last year | theHRD
How to improve cyber resilience across your workforce | theHRD
Cyber Resilience: Sorry Vendors, It’s About Leadership, Not Tech
Crisis Simulation: The New Frontier for CISOs in 2025
How CISOs can forge the best relationships for cyber security investment | CSO Online
Old Ways of Vendor Risk Management Are No Longer Enough
We're losing the battle against complexity, and AI may or may not help | ZDNET
Revealed – top emerging threats for banks and insurers | Insurance Business America
Acronis Data Privacy Survey Reveals 64% of Global Consumers
Cyber trends set to influence business strategies - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert
Don't count on ransomware insurance to save you - Tech Monitor
Survey Surfaces Extent of Financial Damage Caused by Ransomware Scourge - Security Boulevard
58% of Ransomware Victims Forced to Shut Down Operations - Infosecurity Magazine
Illumio Research Reveals 58% of Companies Hit With
Only 13% of organisations fully recover data after a ransomware attack - Help Net Security
Another banner year for ransomware gangs • The Register
Ransomware Gangs Linked by Shared Code and Ransom Notes - Infosecurity Magazine
The rising tide of ransomware and what it means for small and medium-sized businesses [Q&A]
Lynx Ransomware Infrastructure To Attack Windows, Linux, ESXi & Affiliate Panel Uncovered
Baguettes bandits strike again with ransomware, humiliation • The Register
New Hellcat Ransomware Gang Employs Humiliation Tactics - Infosecurity Magazine
Revealed – top emerging threats for banks and insurers | Insurance Business America
How Interlock Ransomware Infects Healthcare Organisations
What we know about the AI-powered ransomware group, FunkSec - Raconteur
UK: Consultation on Ransomware payments | DLA Piper - JDSupra
Lynx ransomware infiltration reveals affiliate panel details | SC Media
Ransomware gang uses SSH tunnels for stealthy VMware ESXi access
Ransomware Victims
MGM to pay $45m to data breach and ransomware victims
152,000 Impacted by Data Breach at Berman & Rabin - SecurityWeek
Healthcare Sector Charts 2 More Ransomware Attacks
Ransomware Attack Disrupts Blood Donation Services in US - Infosecurity Magazine
Smiths Group Scrambling to Restore Systems Following Cyber Attack - SecurityWeek
Phishing & Email Based Attacks
New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine
The top 10 brands exploited in phishing attacks - and how to protect yourself | ZDNET
Hidden Text Salting Disrupts Brand Name Detection Systems - Infosecurity Magazine
Hidden in Plain Sight: PDF Mishing Attack - Security Boulevard
Threat Actors Exploit Government Websites for Phishing - Infosecurity Magazine
Phishing Campaign Baits Hook With Malicious Amazon PDFs
Nine out of ten emails are spam - Help Net Security
Other Social Engineering
New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine
Scammers Are Creating Fake News Videos to Blackmail Victims | WIRED
DoJ Busts Up Another Multinational DPRK IT Worker Scam
Don't Fall For These Reddit Scam Pages Waiting to Install Malware On Your Computer
Reddit, WeTransfer pages spoofed in Lumma Stealer campaign | SC Media
British Vishing-as-a-Service Trio Sentenced - Infosecurity Magazine
Artificial Intelligence
Prompt Injection Tricks AI Into Downloading And Executing Malware | Hackaday
Hackers use GenAI to attack more frequently and effectively | TechRadar
Rise of AI is causing many firms to worry about their cyber security | TechRadar
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
DeepSeek's popularity exploited by malware peddlers, scammers - Help Net Security
AI-powered Chrome extensions are watching you…
AI security posture management will be needed before agentic AI takes hold - Help Net Security
DeepSeek’s Popular AI App Is Explicitly Sending US Data to China | WIRED
DeepSeek Blames Disruption on Cyber Attack as Vulnerabilities Emerge - SecurityWeek
The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find
Nation-State Hackers Abuse Gemini AI Tool - Infosecurity Magazine
What we know about the AI-powered ransomware group, FunkSec - Raconteur
The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar
DeepSeek database left open, exposing sensitive info • The Register
Hackers Are Using Google's AI Chatbot to Make Attacks More Efficient - Business Insider
Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics
Risk Matters: Cyber Risk and AI – The Changing Landscape | Newswise
Preparing financial institutions for the next generation of cyber threats - Help Net Security
Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks
2FA/MFA
How hackers bypass MFA – and what to do about it | ITPro
Malware
Over a billion credentials stolen were stolen in malware attacks in 2024 | TechRadar
Prompt Injection Tricks AI Into Downloading And Executing Malware | Hackaday
Hacker infects 18,000 "script kiddies" with fake malware builder
Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine
MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks
Phishing Campaign Baits Hook With Malicious Amazon PDFs
Don't Fall For These Reddit Scam Pages Waiting to Install Malware On Your Computer
Reddit, WeTransfer pages spoofed in Lumma Stealer campaign | SC Media
18,459 Devices Compromised Worldwide Via XWorm RAT Builder | MSSP Alert
Cyber Insights 2025: Malware Directions - SecurityWeek
Secondary payloads delivered via MintsLoader attacks | SC Media
The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find
PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyber Attacks
Phishing campaign in Poland and Germany deploys TorNet backdoor | SC Media
What Happens When Students Bring Malware to Campus? | EdTech Magazine
Bots/Botnets
Aquabot Botnet Targeting Vulnerable Mitel Phones - SecurityWeek
Mobile
New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine
Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More
Google Play security teams used AI in 92% of app reviews in 2024 - Android Authority
Google blocked 2.36 million risky Android apps from Play Store in 2024
Denial of Service/DoS/DDoS
Internet of Things – IoT
Cyber Security Threats To Modern Cars: How Hackers Are Taking Control
Data Breaches/Leaks
MGM to pay $45m to data breach and ransomware victims
TalkTalk confirms data breach involving a third-party platform
UK telco TalkTalk launches probe into alleged data grab • The Register
1 in 2 Americans affected by UnitedHealth cyber attack, new disclosure shows | Rock Hill Herald
UnitedHealth estimates 190M people impacted by Change Healthcare cyber attack – DataBreaches.Net
Mega Data Breaches Push US Victim Count to 1.7 Billion - Infosecurity Magazine
Millions of airline customers possibly affected by OAuth security flaw | TechRadar
DeepSeek database left open, exposing sensitive info • The Register
312% Surge in Breach Notices That Could Have Been Prevented
PowerSchool starts notifying victims of massive data breach
Reporting a Breach? Make Sure Your Lawyer's on Call
152,000 Impacted by Data Breach at Berman & Rabin - SecurityWeek
Organised Crime & Criminal Actors
Cyber security crisis in numbers - Help Net Security
Hackers Are Getting Faster—48 Minutes And You’re Cooked
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert
Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine
What's Yours is Mine: Is Your Business Ready for Cryptojacking Attacks?
Insider Risk and Insider Threats
How to improve cyber resilience across your workforce | theHRD
British Museum says ex-contractor 'shut down' IT systems • The Register
HR Magazine - Former employee shuts down British Museum IT systems
CrowdStrike Highlights Magnitude of Insider Risk
Insurance
Don't count on ransomware insurance to save you - Tech Monitor
Cyber Insights 2025: Cyberinsurance – The Debate Continues - SecurityWeek
Supply Chain and Third Parties
TalkTalk confirms data breach involving a third-party platform
Revealed – top emerging threats for banks and insurers | Insurance Business America
How Lazarus Group built a cyber espionage empire - Help Net Security
Third-Party Vendors Are the Supply Chain’s Ignored Vulnerability | HackerNoon
Building Resilience Against Zero-Day Threats In Third-Party Risk Management
Old Ways of Vendor Risk Management Are No Longer Enough
Companies told to enhance third party cyber security efforts
GoDaddy’s Cyber Security Called Into Question
Cloud/SaaS
TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert
SaaS Breaches Skyrocket 300% as Traditional Defences Fall Short - Infosecurity Magazine
MITRE's Latest ATT&CK Simulations Tackles Cloud Defences
Microsoft investigates Microsoft 365 outage affecting users, admins
Outages
Microsoft investigates Microsoft 365 outage affecting users, admins
Identity and Access Management
Hackers use Windows RID hijacking to create hidden admin account
Staying Ahead with Enhanced IAM Protocols - Security Boulevard
Microsoft Details Key Strategies for Proactive Identity Management
Encryption
Linux and Open Source
Lynx Ransomware Infrastructure To Attack Windows, Linux, ESXi & Affiliate Panel Uncovered
Lazarus Group's latest heist hits hundreds globally • The Register
Passwords, Credential Stuffing & Brute Force Attacks
Over a billion credentials stolen were stolen in malware attacks in 2024 | TechRadar
Multiple Git flaws led to credentials compromise
Social Media
Microsoft Eyes TikTok’s US Operations Amid National Security Concerns - gHacks Tech News
facebook flags Linux topics as threats
Trump’s bigger China cyber threat isn’t TikTok - The Japan Times
Malvertising
Security Bite: How hackers are still using Google Ads to spread malware - 9to5Mac
Training, Education and Awareness
How to improve cyber resilience across your workforce | theHRD
Regulations, Fines and Legislation
National security risks in routers, modems targeted in bipartisan Senate bill | CyberScoop
SEC and FCA fines: Issues jump - Help Net Security
312% Surge in Breach Notices That Could Have Been Prevented
UK: Consultation on Ransomware payments | DLA Piper - JDSupra
Strengthening National Security in the AI Era
Trump Administration Faces Security Balancing Act in Borderless Cyber Landscape - SecurityWeek
Gutting US cyber advisory boards 'foolish' • The Register
Models, Frameworks and Standards
MITRE's Latest ATT&CK Simulations Tackles Cloud Defences
Careers, Working in Cyber and Information Security
Hackers allegedly stole $69M from cryptocurrency platform Phemex
Nine human-centric strategies that strengthen security teams | SC Media
How to make sure you’ve got the cyber security people you need
Law Enforcement Action and Take Downs
Another banner year for ransomware gangs • The Register
British Vishing-as-a-Service Trio Sentenced - Infosecurity Magazine
Brit fraudsters sentenced over account takeover operation • The Register
Authorities Seize Domains of Popular Hacking Forums in Major Cyber Crime Crackdown
Nulled, Other Cyber Crime Websites Seized by Law Enforcement - SecurityWeek
FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent
Law enforcement continues efforts to disrupt cyber crime forums and services – DataBreaches.Net
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
The Private Sector on the Front Line | Foreign Affairs
Nation State Actors
China
Vessel seized on suspicion of cutting Baltic internet cable
Latvia: Undersea cable likely damaged by external influence – DW – 01/27/2025
DeepSeek’s Popular AI App Is Explicitly Sending US Data to China | WIRED
Inside China's 'hacking capital' that has ignited global cyber security alarms | ITV News
Are We Serious About Chinese Spying? - SMERCONISH
DeepSeek Blames Disruption on Cyber Attack as Vulnerabilities Emerge - SecurityWeek
National security risks in routers, modems targeted in bipartisan Senate bill | CyberScoop
The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find
Hackers Are Using Google's AI Chatbot to Make Attacks More Efficient - Business Insider
Baltic undersea pipes and cables keep getting damaged. What’s going on? | CNN Business
Trump’s bigger China cyber threat isn’t TikTok - The Japan Times
UK launches inquiry into threats to subsea cable systems
Sweden seizes vessel after another undersea cable damaged • The Register
DeepSeek's popularity exploited by malware peddlers, scammers - Help Net Security
Gutting US cyber advisory boards 'foolish' • The Register
Microsoft Eyes TikTok’s US Operations Amid National Security Concerns - gHacks Tech News
Russia
Vessel seized on suspicion of cutting Baltic internet cable
Latvia: Undersea cable likely damaged by external influence – DW – 01/27/2025
Cross-Party Inquiry Examines Threats to Undersea UK Internet Cables - ISPreview UK
Nation-State Hackers Abuse Gemini AI Tool - Infosecurity Magazine
Baltic undersea pipes and cables keep getting damaged. What’s going on? | CNN Business
UK launches inquiry into threats to subsea cable systems
Sweden seizes vessel after another undersea cable damaged • The Register
Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine
European Union Sanctions Russian Nationals for Hacking Estonia - SecurityWeek
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
Iran
Google details nefarious Gemini use by Iranian spies • The Register
North Korea
How Lazarus Group built a cyber espionage empire - Help Net Security
DoJ Busts Up Another Multinational DPRK IT Worker Scam
Lazarus Group's latest heist hits hundreds globally • The Register
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
Tools and Controls
74% of CISOs are increasing crisis simulation budgets - Help Net Security
Crisis Simulations: A Top 2025 Concern for CISOs
CISOs Boost Crisis Simulation Budgets Amid High-Profile Cyber-Attacks - Infosecurity Magazine
Crisis Simulation: The New Frontier for CISOs in 2025
How to improve cyber resilience across your workforce | theHRD
Attackers exploit SimpleHelp RMM Software flaws for initial access
Building Resilience Against Zero-Day Threats In Third-Party Risk Management
Hackers exploiting flaws in SimpleHelp RMM to breach networks
Risk Matters: Cyber Risk and AI – The Changing Landscape | Newswise
UK Organisations Boosting Cyber Security Budgets - Infosecurity Magazine
PrintNightmare Aftermath: Windows Print Spooler is Better. What's Next?
Old Ways of Vendor Risk Management Are No Longer Enough
Cyber Resilience: Sorry Vendors, It’s About Leadership, Not Tech
How CISOs can forge the best relationships for cyber security investment | CSO Online
Microsoft Teams phishing attack alerts coming to everyone next month
How to Choose the Right Cyber Security Software: A Comprehensive Guide - Security Boulevard
Remote Monitoring and Management (RMM) Abuse | Intel 471
Staying Ahead with Enhanced IAM Protocols - Security Boulevard
We're losing the battle against complexity, and AI may or may not help | ZDNET
WFH with privacy? 85% of Brit bosses are snooping on staff • The Register
Fragmented cyber security is costing businesses billions, and putting them at risk | TechRadar
Other News
World Economic Forum 2025: Navigating Cyber Security in an Era of Complexity
Vulnerabilities in Telecom Networks Let Hackers Gain Access to 3,000 Companies
Cross-Party Inquiry Examines Threats to Undersea UK Internet Cables - ISPreview UK
Cyber security crisis in numbers - Help Net Security
The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar
UK government is facing a “severe” cyber threat, report
NAO blasts UK gov over litany of cyber resilience failures • The Register
It’s time to catch up with cyber attackers | TechRadar
UK launches inquiry into threats to subsea cable systems
Sweden seizes vessel after another undersea cable damaged • The Register
SMEs to ramp up tech investments in 2025 | Mortgage Professional Australia
Remote Monitoring and Management (RMM) Abuse | Intel 471
Vulnerability Management
Building Resilience Against Zero-Day Threats In Third-Party Risk Management
NCSC Calls on Vendors to Eradicate “Unforgivable” Vulnerabilities - Infosecurity Magazine
Microsoft to deprecate WSUS driver synchronization in 90 days
The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar
UK’s NCSC Proposes New Vulnerability Classification System | MSSP Alert
Vulnerabilities
Fortinet Zero-Day Gives Attackers Super-Admin Privileges
TeamViewer Patches High-Severity Vulnerability in Windows Applications - SecurityWeek
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
Palo Alto Networks firewalls have UEFI flaws, Secure Boot bypasses | CSO Online
LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity - SecurityWeek
Vulnerabilities in Telecom Networks Let Hackers Gain Access to 3,000 Companies
Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More
SonicWall says hackers are exploiting a new zero-day bug to breach customer networks | TechCrunch
Aquabot Botnet Targeting Vulnerable Mitel Phones - SecurityWeek
Multiple Git flaws led to credentials compromise
Apple Silicon flaws could make your private data vulnerable
Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
Apple's in-house chips have security flaws that could expose your Gmail inbox to attackers
Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft
VMware plugs credential-leaking bugs in Cloud Foundation • The Register
TeamViewer fixed a bug in Windows client and host applications
Hackers exploiting flaws in SimpleHelp RMM to breach networks
Millions of airline customers possibly affected by OAuth security flaw | TechRadar
Critical remote code execution bug found in Cacti framework
Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow’s Key Cyber Predictions for 2025
Black Arrow’s Key Cyber Predictions for 2025
At Black Arrow, we see significant cyber risks escalating in 2025 as attackers’ technology and tactics develop, and geopolitical tensions increase. Our cyber threat intelligence, including our weekly briefing for our newsletter subscribers, shows a sharp rise in attacks during 2024, which continues into 2025. This includes increasingly sinister phishing and other AI-enabled attacks as part of ransomware and extortion, which in some cases lead to the collapse of the victim organisation.
At Black Arrow, we see significant cyber risks escalating in 2025 as attackers’ technology and tactics develop, and geopolitical tensions increase. Our cyber threat intelligence, including our weekly briefing for our newsletter subscribers, shows a sharp rise in attacks during 2024, which continues into 2025. This includes increasingly sinister phishing and other AI-enabled attacks as part of ransomware and extortion, which in some cases lead to the collapse of the victim organisation.
Phishing in 2025, Powered by AI
In 2025, we see phishing continuing its alarming rise. Attackers are using AI to amplify the dangers of phishing, not just in emails but also in Teams and other messaging platforms. AI-generated messages adapt to bypass existing controls, with greater success in landing in employees' inboxes. Gone are the days of spotting phishing through bad spelling and grammar; AI will generate perfect communications tailored to specific sectors and will flex to penetrate victims' security.
Deepfake: A Growing Threat in 2025
Deepfake audio and video calls form part of a modern attack scenario, no longer limited to sophisticated attackers. The deepfake video attack on Arup last year, which resulted in USD 25 million in fraudulent bank payments, was a trailblazing example. With the rapid development of AI, we predict that deepfake attacks will affect small and medium-sized businesses as much as large organisations. The technology and kits for such attacks are set to become cheaper and more accessible in 2025.
Supply Chain Risks: No Company is an Island
Organisations heavily rely on other companies to manage key activities or systems, including outsourced payroll, IT, accounting, legal services, and marketing. This trend will continue to grow in 2025, along with substantial cyber security risks. Attackers will increasingly focus on supply chains as an easy way to access data for ransom or payment fraud. An example of the most popular attack we see would be where an attacker gains access to your third party’s email account (known as business email compromise, or BEC), and then interacts with you from that trusted email account to make changes to bank account details for upcoming payments. BEC and other attacks often start with phishing emails which we see will be enhanced by AI and deepfake in 2025.
Quantum Computing: On the Horizon
With many organisations developing quantum computing, we expect advances in 2025 and beyond that will present opportunities for both organisations and attackers. Quantum computers have the potential to solve highly complex problems at high speed, but this capability could also be used by attackers to break encryption. We see 2025 as the year when many organisations start to reexamine their security approaches to withstand the malicious use of quantum computing.
Constant Innovation: The Need for Threat Intelligence
The sudden appearance of DeepSeek AI in late January 2025, which sent shockwaves through the global technology sector, reminds us that all businesses need to stay abreast of technological developments and understand their cyber security implications. We encourage you to subscribe to our free weekly threat intelligence briefing, sent by email every Monday, to help keep up to date.
Visit our website at www.blackarrowcyber.com/subscribe for more information.
Black Arrow Cyber Threat Intelligence Briefing 24 January 2025
Black Arrow Cyber Threat Intelligence Briefing 24 January 2025:
-Russian Ransomware Groups Deploy Email Bombing and Teams Vishing
-Cyber Security Breaches Are Increasing Business Insolvency Risks
-Companies Seek Specialised Expertise to Combat Artificial Intelligence (AI) Cyber Threats
-When Risk Becomes Habit: Employee Behaviour and Organisational Security
-New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing
-Global Cyber Attacks Jumped 44% Last Year
-Phishing Campaigns Became a Lot More Sinister in 2024
-CISOs Dramatically Increase Boardroom Influence but Many Still Lack Soft Skills
-Bad News - Businesses Who Pay Ransomware Attackers Aren’t Very Likely to Get Their Data Back
-Deepfakes Force a New Era in Fraud Detection, Identity Verification
-Misinformation Is No. 1 Global Risk, Cyber Espionage in Top 5
-Educate, Prepare, and Mitigate: The Keys to Unlocking Cyber Resilience
-What is ‘Security Theatre’ and How Can Firms Move Beyond It?
-SMEs Face Rising Cyber Threats Amid AI and Training Concerns
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, our cyber threat intelligence reports on new and evolving tactics of attackers and the devastating impact of attacks, as well as how organisations should act to improve their security including rehearsing how they will react when they experience an incident.
Recent reports highlight a surge in attacks whereby the attacker overwhelms their victim with emails and then contacts them on Teams posing as IT support to gain access to the victim’s systems. These attacks underscore the need for organisations to restrict external communications, limit remote access, and enhance employee awareness to prevent breaches. Furthermore, the growing use of artificial intelligence (AI) by cyber criminals has necessitated a focus on specialised expertise, with companies investing in both internal training and external cyber security support to counter AI-driven threats.
Behind the stories of attacks and data breaches, there are the real lives of individuals and organisations who suffer the heart-breaking catastrophic impact, including organisations that have closed or filled for insolvency. Studies indicate that the average cost of a breach is now nearly $5 million, while paying ransom demands often fails to recover data, leading to further losses. The increasing sophistication of phishing campaigns and deepfake technology is further complicating fraud detection and identity verification processes. To mitigate these risks, firms must adopt a proactive approach that includes robust incident response plans, enhanced employee training, and the adoption of zero-trust security frameworks.
Organisations must move beyond 'security theatre' by focusing on practical, risk-based strategies that address core vulnerabilities rather than relying on superficial measures. The rise in nation-state cyber espionage, misinformation, and AI-enabled threats highlights the importance of collaboration between public and private sectors to enhance resilience. As cyber security gains greater prominence at the boardroom level, business leaders must ensure they are equipped with the necessary knowledge and strategic vision to navigate this rapidly changing threat landscape effectively.
Top Cyber Stories of the Last Week
Russian Ransomware Groups Deploy Email Bombing and Teams Vishing
Security experts have identified two ransomware groups using email bombing and Teams-based social engineering to gain remote access to corporate systems. Victims receive thousands of spam emails followed by a fraudulent Teams call from someone posing as IT support. The attackers then attempt to install remote access tools to steal data and extort organisations. At least 15 attacks have been observed in the past three months, with a significant increase recently. Businesses are advised to restrict external Teams calls, limit remote access tools, and enhance employee awareness to mitigate these evolving threats.
Cyber Security Breaches Are Increasing Business Insolvency Risks
Cyber attacks are increasingly pushing businesses into financial distress, with data breaches and ransomware incidents significantly raising operational costs and even leading to bankruptcy. A 2024 IBM study found that data breaches cost companies an average of $4.9 million globally, nearly doubling in the US. High-profile cases, such as Stoli Group and National Public Data, highlight the devastating impact, with disrupted operations and mounting legal expenses. Despite the rising risks, 75% of small US businesses remain underinsured for cyber events, underscoring the growing need for robust cyber insurance and proactive security measures to ensure business resilience.
Companies Seek Specialised Expertise to Combat Artificial Intelligence (AI) Cyber Threats
Kaspersky's latest study highlights growing concerns over AI-driven cyber attacks, with 92% of IT and security professionals expecting an escalation in such threats within the next two years. In response, organisations are prioritising cyber security expertise, with 94% focusing on internal training and 93% seeking external support from cyber security vendors. The report reveals that 61% of companies already utilise external expertise, while 62% have internal training programs in place, reflecting a dual approach to strengthening cyber defences across various sectors.
When Risk Becomes Habit: Employee Behaviour and Organisational Security
A recent report highlights that a small number of employees account for a disproportionate share of cyber security risks within organisations. Just 5% of users are responsible for 75% of detected security incidents, with 1% clicking on nearly half of phishing emails. While most employees engage in only one type of risky behaviour, a small group repeatedly commit multiple infractions. The study suggests that shielding high-risk roles, such as managers and executives, from frequent phishing attempts may be more effective than additional training, helping organisations better mitigate human-related cyber threats.
New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing
Researchers have identified a new malicious AI chatbot, GhostGPT, which is being sold on Telegram to assist cyber criminals with activities such as malware creation and phishing. Unlike earlier tools, GhostGPT offers easy access without the need to jailbreak existing AI models. Thousands of views on online forums highlight growing interest in such tools, which enable low-skilled attackers to launch sophisticated campaigns with ease. The chatbot is marketed for a range of criminal activities, including exploit development and business email compromise, with claims of anonymity and fast response times to aid efficiency.
Global Cyber Attacks Jumped 44% Last Year
Check Point Software’s latest report reveals a 44% rise in cyber attacks globally last year, driven by evolving nation-state tactics and the growing use of generative AI. Threat actors are shifting from short-term attacks to sustained campaigns aimed at undermining trust and stability. AI-driven disinformation targeted a third of global elections, while ransomware groups increasingly focus on data extortion over encryption. Healthcare saw a 47% surge in ransomware attacks, and compromised edge devices became key entry points. The report stresses the need for resilience, urging firms to enhance bring-your-own-device (BYOD) security, threat intelligence, and patch management.
Phishing Campaigns Became a Lot More Sinister in 2024
Phishing attacks surged by 202% in the second half of 2024, with some individuals receiving at least one sophisticated phishing attempt each week capable of bypassing security controls. The rise in advanced tactics, such as leveraging legitimate services to mask malicious intent, has made detection increasingly challenging. To counter these threats, organisations must focus on employee awareness, regular software updates, and adopting a zero-trust security approach to mitigate risks effectively.
CISOs Dramatically Increase Boardroom Influence but Many Still Lack Soft Skills
Splunk's latest research reveals that Chief Information Security Officers (CISOs) are gaining greater influence in the boardroom, with 82% now reporting directly to the CEO, up from 47% in 2023. However, board members highlight a need for improved business acumen, communication, and emotional intelligence among CISOs. Budget concerns persist, with only 29% of CISOs feeling adequately funded, while 64% reported that financial constraints led to a cyber attack. The report underscores the need for better alignment between CISOs and boards to position cyber security as a business enabler and drive digital resilience.
Bad News - Businesses Who Pay Ransomware Attackers Aren’t Very Likely to Get Their Data Back
A recent Hiscox study has revealed that paying ransomware demands rarely leads to full data recovery, with only 7% of businesses successfully retrieving all their data. 1 in 10 firms that paid still experienced data leaks. Beyond financial losses, ransomware attacks have a significant impact on reputation, with 47% of affected firms facing challenges in attracting new customers and 43% reporting customer losses. Additionally, 21% lost business partners due to reputational damage. With ransomware attacks becoming more frequent, a company’s response strategy is critical to minimising long-term harm and ensuring operational resilience.
Deepfakes Force a New Era in Fraud Detection, Identity Verification
Deepfake technology is posing a significant challenge for businesses globally, with nearly half affected by its growing sophistication. To combat this, organisations are enhancing their identity verification processes by incorporating liveness checks and strengthening biometric methods such as facial recognition and fingerprint scanning. However, traditional fraud methods, including fake IDs, remain prevalent. The industry is adapting to rising regulatory pressures and evolving workforce needs, with AI and machine learning playing an increasing role in fraud prevention. Moving forward, businesses must strike a balance between robust security measures and user-friendly solutions to meet compliance demands and customer expectations.
Misinformation Is No. 1 Global Risk, Cyber Espionage in Top 5
The World Economic Forum's Global Risks Report 2025 highlights misinformation and disinformation as the top global risk over the next two years, driven by the rise of generative AI and geopolitical tensions. Cyber espionage ranks fifth, with one in three CEOs citing it as a major concern. Despite growing threats, cyber resilience remains inadequate, particularly among small and mid-sized firms, with 35% feeling underprepared. Larger organisations face challenges with supply chain vulnerabilities, while AI presents both opportunities and risks, with 47% of firms concerned about its misuse. Public-private partnerships are crucial to enhancing cyber resilience and regulatory alignment.
Educate, Prepare, and Mitigate: The Keys to Unlocking Cyber Resilience
Recent cyber incidents have highlighted the real-world impact of poor cyber security, affecting healthcare services and retail supply chains, eroding public trust, and damaging brand reputations. With threats increasing year over year, organisations must focus on education, preparation, and mitigation to enhance resilience. Employee training, regular risk assessments, and penetration testing are crucial to identifying and addressing vulnerabilities. Additionally, having a robust incident response plan and business continuity plan, regularly tested and updated, ensures operational resilience and safeguards customer trust in the face of potential cyber attacks.
What is ‘Security Theatre’ and How Can Firms Move Beyond It?
Many organisations are trapped in ‘security theatre,’ relying on an increasing number of alerts and tools that create an illusion of protection rather than addressing the root causes of cyber threats. In 2024 alone, over 1 billion individuals were impacted by data breaches, a 409% rise from the previous year. Despite rising investments in cyber security, human error remains the primary attack vector, with 99% of identity attacks targeting passwords. To move beyond performative security, organisations must focus on reducing the attack surface by eliminating static credentials and minimising standing privileges.
SMEs Face Rising Cyber Threats Amid AI and Training Concerns
Sharp Europe’s latest study highlights the growing cyber security risks facing European SMEs, with 84% of employees now more concerned than a year ago. AI-driven threats are a major worry, with 43% citing AI as a key factor in their unease, while 72% lack confidence in identifying cyber threats. 41% of SME workers have not received cyber security training in the past two years. With over half of SMEs fearing they could go out of business within a week of a major incident, the report underscores the urgent need for improved training and proactive cyber security measures.
Sources:
https://www.infosecurity-magazine.com/news/ransomware-email-bombing-teams/
https://www.mimecast.com/blog/when-risk-becomes-habit-employee-behavior-and-organizational-security/
https://www.infosecurity-magazine.com/news/ghostgpt-ai-chatbot-malware/
https://www.itpro.com/security/cyber-attacks/global-cyber-attacks-jumped-44-percent-last-year
https://hackernoon.com/phishing-campaigns-became-a-lot-more-sinister-in-2024
https://www.infosecurity-magazine.com/news/cisos-increase-boardroom-influence/
https://www.helpnetsecurity.com/2025/01/24/identity-fraud-rise/
https://www.govinfosecurity.com/misinformation-no-1-global-risk-cyberespionage-in-top-5-a-27358
https://informationsecuritybuzz.com/the-keys-to-unlocking-cyber-resilience/
https://cyberscoop.com/security-theater-cybersecurity-tooling-ev-kontsevoy-op-ed/
https://www.therecycler.com/posts/smes-face-rising-cyber-threats-amid-ai-and-training-concerns/
Governance, Risk and Compliance
Many firms see cyber attacks as their top business concern this year | TechRadar
Experts fire security warning as EU’s DORA comes into play
DORA Takes Effect: Financial Firms Navigating Compliance Headwinds - Infosecurity Magazine
Cyber disruptions remain top business risk concern in US, globally | CIO Dive
The WEF forecasts a rocky year ahead in cyber security - Verdict
When risk becomes habit Employee behaviour and organisational security | Mimecast
Why CISOs Must Think Clearly Amid Regulatory Chaos
The CFO may be the CISO’s most important business ally | CSO Online
Global cyber attacks jumped 44% last year | ITPro
Security chiefs whose companies operate in the EU should be exploring DORA now | CSO Online
Cyber security Breaches Are Increasing Business Insolvency Risks
Educate, Prepare, & Mitigate: The Keys To Unlocking Cyber Resilience
What is ‘security theatre’ and how can we move beyond it? | CyberScoop
Security Need to Start Saying 'No' Again
CISOs Dramatically Increase Boardroom Influence but Still Lack Soft Sk - Infosecurity Magazine
CISOs are juggling security, responsibility, and burnout - Help Net Security
Splunk Report: CISOs Gain Influence in the C-Suite and Boardrooms Worldwide
Nearly half of CISOs now report to CEOs, showing their rising influence - Help Net Security
SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025
JPMorgan’s CISO on Overcoming Surging Threats and Regulatory Hurdles - Infosecurity Magazine
Cyber security is tough: 4 steps leaders can take now to reduce team burnout | CSO Online
The UK's cyber security landscape: Key trends and challenges for 2025
CISO Top 10 Priorities for Q1 2025: Key Findings and Evolving Focus | SC Media
Top Priorities for Cyber Security Leaders in 2025: Info-Tech Research Group Publishes Annual Report
Threats
Ransomware, Extortion and Destructive Attacks
Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine
Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
Ransomware Attacks Surge to Record High in December 2024 - Infosecurity Magazine
Microsoft services exploited in separate ransomware campaigns | SC Media
Record Number of Ransomware Attacks in December 2024 - SecurityWeek
Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment | MSSP Alert
HP Wolf Security Threat Intelligence: AI-Fueled Cyber Attackers - The Futurum Group
FBI: North Korean IT workers steal source code to extort employers
Russian couple on trial for large-scale ransomware attacks
35 years on: The history and evolution of ransomware | TechRadar
The impact of the cyber insurance industry in resilience against ransomware | TechRadar
Medusa Ransomware: What You Need To Know | Tripwire
A floppy disk launched world's first ransomware attack 35 years ago | TechSpot
New Ransomware Attacking VMware ESXi Hosts Via SSH Tunneling to Evade Detection
Next Steps for the International Counter Ransomware Initiative
Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads
Ransomware Victims
Ransomware costs at NHS provider Synnovis far outstrip profits
59 organisations reportedly victim to breaches caused by Cleo software bug | TechRadar
PowerSchool hackers have your kid's info. These 3 steps protect them | PCWorld
Ransomware attack forces Brit high school to shut doors • The Register
Phishing & Email Based Attacks
Ransomware Groups Abuse Microsoft Services for Initial Access - SecurityWeek
Microsoft Teams abused in Russian email bombing ransomware campaign | TechRadar
Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine
Phishing Campaigns Became a Lot More Sinister in 2024 | HackerNoon
Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks - Infosecurity Magazine
When risk becomes habit Employee behaviour and organisational security | Mimecast
Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures - Infosecurity Magazine
Phishing Attacks Are Top Security Issue for Consumers
Account Compromise and Phishing Top Healthcare Security Incidents - Infosecurity Magazine
Other Social Engineering
Microsoft Teams abused in Russian email bombing ransomware campaign | TechRadar
Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine
FBI: North Korean IT workers steal source code to extort employers
Scam Yourself attacks: How social engineering is evolving - Help Net Security
Hundreds of fake Reddit sites push Lumma Stealer malware
Artificial Intelligence
Why the 'Bring Your Own AI' trend could mean big trouble for business leaders | ZDNET
Employees Enter Sensitive Data Into GenAI Prompts Too Often
New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine
HP Wolf Security Threat Intelligence: AI-Fueled Cyber Attackers - The Futurum Group
Companies seek specialised expertise to combat Artificial Intelligence (AI) cyber threats
Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment | MSSP Alert
Invisible Prompt Injection: A Threat to AI Security | Trend Micro (US)
The Security Risk of Rampant Shadow AI
Deepfakes force a new era in fraud detection, identity verification - Help Net Security
CISA releases AI cyber security playbook
World Economic Forum Provides Guidance on AI Use | SC Media UK
One in ten GenAI prompts puts sensitive data at risk - Help Net Security
SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025
Trump Overturns Biden Rules on AI Development, Security
Misinformation Is No. 1 Global Risk, Cyberespionage in Top 5
Sage Copilot grounded briefly to fix AI misbehaviour • The Register
2FA/MFA
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Sneaky 2FA Kit Exposes Vulnerabilities In 2FA Security
Microsoft to Mandate MFA for Accessing Microsoft 365 Admin Center
Malware
New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine
Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment | MSSP Alert
Fake Homebrew Google ads target Mac users with malware
Enterprise Juniper Routers Tagged with 'Magic' Backdoor
Pumakit - A Sophisticated Linux Rootkit Attack Critical Infrastructure
Hundreds of fake Reddit sites push Lumma Stealer malware
Telegram captcha tricks you into running malicious PowerShell scripts
Chinese Hackers Hijack VPN's Website to Spread Malware
Bots/Botnets
Botnet Unleashes Record-Breaking 5.6Tbps DDoS Attack
Mirai Botnet Spinoffs Unleash Global DDoS Attack Wave
Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers
Mobile
Mobile Cyber Security Trends for 2025: Key Predictions and Preparations - Security Boulevard
New Porn Ban Threat—Millions Of iPhone, iPad, Android Users Now At Risk
Novel Android Malware Leveraged By DoNot Team | MSSP Alert
Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations
WhatsApp Security Alert—Broken Link Hackers Strike
Phishing Attacks Are Top Security Issue for Consumers
Denial of Service/DoS/DDoS
Botnet Unleashes Record-Breaking 5.6Tbps DDoS Attack
Cloudflare blocks 21.3 million DDoS attacks in 2024, reports record 53% surge
Standing strong against hyper-volumetric DDoS attacks | TechRadar
Critical Vulnerability In ChatGPT API Enables Reflective DDoS Attacks
Several Swiss municipalities and banks hit by cyber attack - SWI swissinfo.ch
Spooks of the internet came alive this Halloween | CSO Online
Who is DDoSing you? Competitors, most likely • The Register
How to Stop Layer 7 DDoS Attacks in 2025 - Security Boulevard
The Internet is (once again) awash with IoT botnets delivering record DDoSes
Internet of Things – IoT
Mirai Botnet Spinoffs Unleash Global DDoS Attack Wave
Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers
The Internet is (once again) awash with IoT botnets delivering record DDoSes
FTC orders GM to stop collecting and selling driver’s data
Experts found multiple flaws in Mercedes-Benz infotainment system
Subaru’s poor security left troves of vehicle data easily accessible
Data Breaches/Leaks
Otelier data breach exposes info, hotel reservations of millions
Hackers Likely Stole FBI Call Logs From AT&T That Could Compromise Informants | WIRED
Major Cyber Security Vendors’ Credentials Found on Dark Web - Infosecurity Magazine
Fortinet: FortiGate config leaks are genuine but misleading • The Register
Wolf Haldenstein Data Breach Impacts 3.4 Million People - SecurityWeek
HPE’s sensitive data exposed in alleged IntelBroker hack | CSO Online
PowerSchool hacker claims they stole data of 62 million students
Organised Crime & Criminal Actors
New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine
US President Donald Trump granted a "full and unconditional pardon" to Ross Ulbricht
Telegram boss Pavel Durov admits 'seriousness' of French allegations
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
"Crazy Evil" Cryptoscam Gang: Unmasking a Global Threat in 2024
Insider Risk and Insider Threats
When risk becomes habit Employee behaviour and organisational security | Mimecast
Former CIA Analyst Pleads Guilty to Sharing Top Secret Files - Infosecurity Magazine
When risky cyber security behaviour becomes a habit among employees - Help Net Security
Insurance
The impact of the cyber insurance industry in resilience against ransomware | TechRadar
Report highlights urgent need for cyber insurance | Insurance Business America
Supply Chain and Third Parties
Supply chain attack strikes array of Chrome Extensions • The Register
The critical need for watertight security across the IT supply chain | TechRadar
Biden order gives CISA software supply chain 'teeth' | TechTarget
Cloud/SaaS
Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
Why some companies are backing away from the public cloud | ZDNET
Cloud challenges | Professional Security Magazine
Staying Ahead: Key Cloud-Native Security Practices - Security Boulevard
Outages
Bitbucket services “hard down” due to major worldwide outage
Identity and Access Management
How Secure Is Your PAM Strategy? - Security Boulevard
Will 2025 See a Rise of NHI Attacks?
Linux and Open Source
Pumakit - A Sophisticated Linux Rootkit Attack Critical Infrastructure
Passwords, Credential Stuffing & Brute Force Attacks
Major Cyber Security Vendors’ Credentials Found on Dark Web - Infosecurity Magazine
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
Social Media
Has the TikTok Ban Already Backfired on US Cyber Security?
TikTok among six tech firms under fire for sending Europeans' personal data to China | TechRadar
Hundreds of fake Reddit sites push Lumma Stealer malware
Trump dismisses concerns over TikTok's potential security risks
TikTok Restores Service for US Users Based on Trump's Promised Executive Order - SecurityWeek
Meta confirms it will keep fact-checkers outside the US 'for now' | TechCrunch
Meta's pay-or-consent model criticized by EU consumer groups • The Register
Donald Trump’s bigger China cyber threat isn’t TikTok
Malvertising
Fake Homebrew Google ads target Mac users with malware
Understanding and avoiding malvertizing attacks | TechRadar
Training, Education and Awareness
Companies seek specialised expertise to combat Artificial Intelligence (AI) cyber threats
Educate, Prepare, & Mitigate: The Keys To Unlocking Cyber Resilience
SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025
Regulations, Fines and Legislation
Experts fire security warning as EU’s DORA comes into play
DORA Takes Effect: Financial Firms Navigating Compliance Headwinds - Infosecurity Magazine
Security chiefs whose companies operate in the EU should be exploring DORA now | CSO Online
GDPR Fines Total €1.2bn in 2024 - Infosecurity Magazine
Why CISOs Must Think Clearly Amid Regulatory Chaos
EU’s DORA could further strain cyber security skills gap | CSO Online
Trump axes TSA chief who led pipeline, airline, rail cyber security rules | SC Media
Government battles against tech could leave consumers less secure | CyberScoop
Biden's Cyber Security EO Leaves Trump a Comprehensive Blueprint for Defence
CISA should abandon disinformation fight, Trump’s DHS pick says - Defense One
TikTok among six tech firms under fire for sending Europeans' personal data to China | TechRadar
TikTok Restores Service for US Users Based on Trump's Promised Executive Order - SecurityWeek
Trump Overturns Biden Rules on AI Development, Security
Trump’s disbanding of Cyber Safety Review Board draws ire | SC Media
Under Trump, US Cyber Defence Loses Its Head | WIRED
Trump Has Had a Light Touch on Cyber Security – So Far - Security Boulevard
Trump has fired a major cyber security investigations body. It’s a risky move
PayPal fined by New York for cyber security failures | Reuters
Donald Trump’s bigger China cyber threat isn’t TikTok
Models, Frameworks and Standards
Experts fire security warning as EU’s DORA comes into play
DORA Takes Effect: Financial Firms Navigating Compliance Headwinds - Infosecurity Magazine
Security chiefs whose companies operate in the EU should be exploring DORA now | CSO Online
EU’s DORA could further strain cyber security skills gap | CSO Online
MITRE Launches D3FEND 1.0 to Standardize Cyber Security Techniques
GDPR Fines Total €1.2bn in 2024 - Infosecurity Magazine
EU Strengthens Cyber Security with Enhanced NIS2 Directive | MSSP Alert
76% of Irish businesses will struggle to meet NIS2 requirements
OWASP Top 10 2025 - Most Critical Weaknesses Exploited/Discovered in Smart Contract
Cyber Essentials NHS and Healthcare Organisations - Security Boulevard
Irish companies 'a mixed bag' on new cyber attack laws
Backup and Recovery
Acronis CISO on why backup strategies fail and how to make them resilient - Help Net Security
Data Protection
GDPR Fines Total €1.2bn in 2024 - Infosecurity Magazine
Privacy professionals feel more stressed than ever - Help Net Security
Careers, Working in Cyber and Information Security
EU’s DORA could further strain cyber security skills gap | CSO Online
Law Enforcement Action and Take Downs
Former CIA Analyst Pleads Guilty to Sharing Top Secret Files - Infosecurity Magazine
Telegram boss Pavel Durov admits 'seriousness' of French allegations
Washington Man Admits to Role in Multiple Cyber Crime, Fraud Schemes - SecurityWeek
Russian couple on trial for large-scale ransomware attacks
Misinformation, Disinformation and Propaganda
Misinformation Is No. 1 Global Risk, Cyberespionage in Top 5
Meta confirms it will keep fact-checkers outside the US 'for now' | TechCrunch
CISA should abandon disinformation fight, Trump’s DHS pick says - Defense One
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Misinformation Is No. 1 Global Risk, Cyberespionage in Top 5
Understanding Cyber Effects in Modern Warfare - War on the Rocks
Taking the fight to the enemy: Cyber persistence strategy gains momentum
Let’s get creative to protect undersea cables from sabotage – POLITICO
Nation State Actors
Are attackers already embedded in US critical infrastructure networks?
China
Nato flotilla assembles off Estonia to protect undersea cables in Baltic Sea | Nato | The Guardian
ProxyLogon, one of Salt Typhoon's favorites, still wide open • The Register
FCC says US telcos by law must secure networks from spies • The Register
US Names One of the Hackers Allegedly Behind Massive Salt Typhoon Breaches | WIRED
Treasury Breach by Chinese Sponsored Hackers Focused on Sanctions, Report Says - Bloomberg
Trump Fires DHS Board Probing Salt Typhoon Hacks
Trump dismisses concerns over TikTok's potential security risks
Trump ‘waved a white flag to Chinese hackers,’ senator says • The Register
Chinese Hackers Hijack VPN's Website to Spread Malware
How Taiwan Balances Cyber Security With Human Rights in Resisting China – The Diplomat
TikTok among six tech firms under fire for sending Europeans' personal data to China | TechRadar
TikTok Restores Service for US Users Based on Trump's Promised Executive Order - SecurityWeek
New Chinese cyberespionage campaign targeted South Korean VPN service | SC Media
US Supreme Court Gives Green Light to TikTok Ban - Infosecurity Magazine
Has the TikTok Ban Already Backfired on US Cyber Security?
Trump Faces Unique Challenges Due to Chinese Hackers | Newsmax.com
Trump has fired a major cyber security investigations body. It’s a risky move
Donald Trump’s bigger China cyber threat isn’t TikTok
Hackers game out infowar against China with the US Navy • The Register
Russia
Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine
Microsoft Teams abused in Russian email bombing ransomware campaign | TechRadar
Nato flotilla assembles off Estonia to protect undersea cables in Baltic Sea | Nato | The Guardian
Shutting down the net: The growing threat of Russian internet censorship · Global Voices
Russian Hackers Target WhatsApp Accounts, Microsoft | Silicon UK
Several Swiss municipalities and banks hit by cyber attack - SWI swissinfo.ch
Increased cyber security cooperation forged by Russia, Iran | SC Media
CERT-UA warns against "security audit" requests via AnyDesk - Help Net Security
Ukraine's State Registers Restored Following Cyber Attack - Infosecurity Magazine
Massive Russian hack on government database shows cracks in Ukraine's digitalization drive
Russian APT Phishes Kazakh Gov't for Strategic Intel
Iran
Increased cyber security cooperation forged by Russia, Iran | SC Media
North Korea
FBI: North Korean IT workers steal source code to extort employers
The hacker state: How North Korea weaponised internet - India Today
Tools and Controls
An estimated 46,000 VPN servers are vulnerable to being hijacked | Tom's Guide
Educate, Prepare, & Mitigate: The Keys To Unlocking Cyber Resilience
Companies seek specialised expertise to combat Artificial Intelligence (AI) cyber threats
Unsecured Tunnelling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Deepfakes force a new era in fraud detection, identity verification - Help Net Security
How Secure Is Your PAM Strategy? - Security Boulevard
Chinese Hackers Hijack VPN's Website to Spread Malware
How Can Generative AI be Used in Cyber Security - Security Boulevard
SDLC Gap Analysis: Requirement For Organisation - Security Boulevard
Using your own laptop or phone for work? Why it’s a security hazard for businesses
Cyber Insights 2025: Attack Surface Management - SecurityWeek
Cyber Insights 2025: APIs – The Threat Continues - SecurityWeek
Acronis CISO on why backup strategies fail and how to make them resilient - Help Net Security
CISA releases AI cyber security playbook
SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025
Will 2025 See a Rise of NHI Attacks?
Staying Ahead: Key Cloud-Native Security Practices - Security Boulevard
Microsoft to Mandate MFA for Accessing Microsoft 365 Admin Center
AI-driven insights transform security preparedness and recovery - Help Net Security
Other News
Travel Warning: Cyber Security Emerges As A Top Security Threat In 2025
The WEF forecasts a rocky year ahead in cyber security - Verdict
73% of UK Education Sector Hit by Cyber-Attacks in Past Five Years - Infosecurity Magazine
Healthcare Cyber Security: The Chronic Condition We Can’t Ignore - Security Boulevard
Security Need to Start Saying 'No' Again
Check Point Software’s 2025 Security Report Finds Alarming
The UK's cyber security landscape: Key trends and challenges for 2025
Researchers say new attack could take down the European power grid - Ars Technica
65% of energy professionals rank cyber security as industry's greatest risk
Hit by wave of online attacks, Japan shifts to ‘active cyber defence’ | The Straits Times
Top Spy Agencies in the World: Secrets & Operations
Cyber security threat predictions for 2025: Insights from the dark web - Digital Journal
Lessons from PowerSchool: A Wake-Up Call for the Education Sector | SC Media
Sector getting better at combatting cyber threats - TFN
Ex-spies say suburban D.C. casino would put nation’s secrets at risk - The Washington Post
Vulnerability Management
Exploits on the rise: How defenders can combat sophisticated threat actors | TechRadar
Microsoft: Exchange 2016 and 2019 reach end of support in October
How to Perform a Website Security Scan: A Vulnerabilities Guide
Vulnerabilities
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
Microsoft Outlook has a new ‘critical’ flaw that spreads malware easily | Digital Trends
A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks
Unsecured Tunnelling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Critical Vulnerability In ChatGPT API Enables Reflective DDoS Attacks
Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
7-Zip bug could allow a bypass of a Windows security feature. Update now | Malwarebytes
Cisco addresses a critical privilege escalation bug in Meeting Management
FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know - SecurityWeek
Six vulnerabilities in rsync announced and fixed in a day • The Register
50K Fortinet firewalls still vulnerable to latest zero-day • The Register
Yubico Issues Security Advisory As 2FA Bypass Vulnerability Confirmed
CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List
QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app
Asus lets chip fix slip out early, AMD says patch is inbound • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 17 January 2025
Black Arrow Cyber Threat Intelligence Briefing 17 January 2025:
-New EU Cyber Rules for Financial Institutions Came into Force on Friday 17 January
-Cyber Attacks Considered Top Business Concern for 2025: Allianz
-How CISOs Can Elevate Cyber Security in Boardroom Discussions
-Cyber Security is Stepping into a New Era of Complexity
-Ransomware Victim Numbers Hit an All-Time High
-The Current State of Ransomware: Weaponising Disclosure Rules and More
-The Top SME Security Worries for 2025
-What They Don’t Tell You About Cyber Attacks – the Emotional Impact on Staff
-The Hybrid Workforce Crisis: How it has Weakened Enterprise Security, and What to Do About It
-New Ransomware Group Uses AI to Develop Nefarious Tools
-'Arson, Sabotage, Cyber Attacks': UK Enters New Era of Threats from Hostile States
-NATO Launches New Mission to Protect Crucial Undersea Cables
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, the EU’s Digital Operational Resilience Act (DORA) has come into effect, imposing stringent cyber security requirements on over 22,000 financial institutions. This regulation strengthens incident reporting, risk management, and IT third-party oversight, aiming to create a unified approach to mitigating ICT-related risks. As cyber security incidents are identified as the top business concern for 2025, organisations are urged to adopt holistic strategies that address interconnected risks like supply chain vulnerabilities, geopolitical tensions, and the increasing role of AI in threat landscapes.
Our selection of threat intelligence news this week shows how emerging threats highlight the need for enhanced resilience. Ransomware attacks reached record highs in 2024, with attackers weaponising disclosure rules and leveraging AI tools for sophisticated phishing and extortion tactics. SMEs face rising concerns over AI-driven risks, while hybrid working has expanded the corporate attack surface, necessitating adaptive security solutions. Meanwhile, geopolitical risks are complicating the global cyber landscape, driving NATO’s efforts to protect critical infrastructure, such as undersea cables essential for internet traffic and financial transactions.
To navigate this era of escalating complexity, organisations must prioritise proactive measures. These include integrating cyber resilience into business strategies, fostering a culture of security awareness, and addressing the often-overlooked emotional impact of cyber attacks on staff. Effective collaboration, innovation, and investment are critical to safeguarding operations and enabling sustained growth.
Top Cyber Stories of the Last Week
New EU Cyber Rules for Financial Institutions Came into Force on Friday 17 January
The EU's Digital Operational Resilience Act (DORA) came into effect on Friday, introducing stringent cyber security requirements for over 22,000 financial institutions, including banks, insurers, and investment firms. Designed to enhance resilience against severe disruptions such as cyber attacks, DORA mandates robust risk management, incident reporting, resilience testing, and oversight of IT third-party risks. It also encourages the sharing of cyber threat intelligence between firms to strengthen collective defences. The new framework aims to create a unified, cross-sectoral approach to mitigating Information and Communications Technology (ICT) related risks, setting strict standards to limit the impact of potential vulnerabilities.
Cyber Attacks Considered Top Business Concern for 2025: Allianz
The Allianz Risk Barometer highlights cyber incidents as the top global business risk for 2025, with 38% of respondents ranking it as their primary concern. Business interruption follows closely, exacerbated by events such as natural disasters, geopolitical instability, and cyber attacks, which increasingly disrupt supply chains. Climate change has risen to fifth place, reflecting its growing significance amid record-breaking global temperatures and extreme weather events in 2024, which caused insured losses exceeding $100 billion for the fifth consecutive year. The interconnected nature of risks underscores the need for holistic, resilient strategies to address evolving challenges.
How CISOs Can Elevate Cyber Security in Boardroom Discussions
Cyber security leaders must align their boardroom presentations with business priorities by highlighting the direct impact of security initiatives on revenue and customer confidence. Metrics like risk reduction trends, cost per incident, and ROI resonate well with non-technical audiences. Persistent challenges include limited board time, misconceptions about spending or certifications, and unclear ownership of security practices. Effective strategies include using concrete examples, such as improved customer experiences through streamlined authentication, and maintaining ongoing dialogue via executive committees or regular updates. This approach fosters deeper understanding and sustained support for security programs, framing them as enablers of business growth and resilience.
Cyber Security is Stepping into a New Era of Complexity
The World Economic Forum’s Global Cybersecurity Outlook 2025 highlights escalating complexity in cyber security driven by technological advances, geopolitical uncertainty, supply chain interdependencies, and a growing skills gap. Over half of large organisations cite supply chain vulnerabilities as a critical barrier to cyber resilience, while 66% predict AI will significantly impact cyber security by 2025, yet only 37% assess AI tool security before deployment. Regulatory fragmentation also challenges 76% of CISOs. Meanwhile, the cyber insurance market is forecast to double from $14 billion in 2023 to $29 billion by 2027, underscoring its growing role in managing cyber risks. The report calls for a shift from cyber security to cyber resilience, emphasising resource allocation.
Ransomware Victim Numbers Hit an All-Time High
Ransomware victim numbers reached a record high in 2024, with over 1,600 reported in Q4 alone, reflecting a 40% year-on-year increase in active threat groups, now totalling 88 globally. The US accounted for 52% of victims. Despite a surge in published vulnerabilities, averaging 110 per day, attackers predominantly exploited older ones. Law enforcement made notable gains, disrupting threat actors, but ransomware-as-a-service remains resilient. Effective risk mitigation in 2025 will depend on robust vulnerability management, attack surface awareness, and actionable intelligence.
The Current State of Ransomware: Weaponising Disclosure Rules and More
Ransomware remains a significant and evolving threat in 2025, with cyber criminals exploiting AI, legal frameworks, and geopolitical tensions to devastating effect. Phishing attacks, now enhanced by AI, have become highly personalised, increasing their success rates, while "living-off-the-land" techniques evade traditional defences. A striking development is the weaponisation of disclosure regulations, where ransomware groups leverage legal obligations to pressure victims. Attack rates continue to rise, with industries like healthcare and public administration heavily targeted. Recovery costs now average $2.73 million, more than double 2023 figures, highlighting the urgent need for proactive measures to mitigate these escalating risks.
The Top SME Security Worries for 2025
Smaller businesses are just as vulnerable to cyber security issues as larger ones, more so in some cases as they have fewer resources to devote to protection. Research by Six Degrees highlights that 35 percent of UK SMEs now view AI-driven threats as their top concern, surpassing malware, phishing, and ransomware. AI is amplifying risks, such as personalised phishing attacks, rather than introducing entirely new methods. The report warns that tools alone are insufficient; effective protection requires active management and integration into a broader organisational strategy.
What They Don’t Tell You About Cyber Attacks – the Emotional Impact on Staff
Cyber attacks often focus attention on financial and operational damage, but the emotional toll on staff involved in recovery is a critical yet overlooked aspect. Frontline employees frequently experience intense stress, fear of failure, isolation, and burnout during recovery efforts, with prolonged hours and high-pressure environments exacerbating these effects. Organisations must proactively support staff by ensuring clear communication, offering mental health resources, and recognising contributions. Addressing the emotional impact not only aids recovery but also strengthens team resilience and preparedness for future incidents.
The Hybrid Workforce Crisis: How it has Weakened Enterprise Security, and What to Do About It
The shift to hybrid working has significantly expanded the corporate attack surface, exposing organisations to heightened cyber security risks. An October 2024 report by the Institute for Critical Infrastructure Technology highlights key vulnerabilities, including unsecured home networks, weak passwords, and unmanaged personal devices. Traditional identity and access management systems struggle to cope, with adaptive solutions like continuous authentication proving essential. Third-party risks require dynamic, real-time monitoring, replacing outdated static assessments. Emerging technologies such as SD-WAN and behavioural biometrics can bolster security while enhancing user convenience. Strategic investment and fostering a culture of cyber security awareness are critical to safeguarding hybrid operations.
New Ransomware Group Uses AI to Develop Nefarious Tools
Check Point Research has identified a new ransomware group, FunkSec, which claims to have targeted 85 organisations in December 2024. FunkSec, a ransomware-as-a-service operation, uses AI-assisted tools to develop malware, enabling even low-skilled operators to create sophisticated attacks. Despite its claims, many of its leaked datasets are recycled from previous hacktivist campaigns, raising doubts about its impact. The group employs double extortion tactics and demands unusually low ransoms, sometimes as little as $10,000. FunkSec’s tools reflect limited technical expertise but showcase the growing use of AI in cyber attacks.
'Arson, Sabotage, Cyber Attacks': UK Enters New Era of Threats from Hostile States
The UK faces an escalating range of threats from hostile states, including cyber attacks, arson, and sabotage, with state-backed criminal groups increasingly adopting terrorist-like tactics. The UK’s Foreign, Commonwealth and Development Office reports a 50% rise in state threat investigations over the past year, highlighting the urgency of rebuilding lost expertise and capability. Cyber attacks, described as the “new normal,” have severely impacted public services, with incidents like the NHS cyber attack disrupting thousands of procedures and appointments. Experts stress the need for a coordinated, whole-of-society response to address these threats and adapt to an evolving global landscape.
NATO Launches New Mission to Protect Crucial Undersea Cables
NATO has launched "Baltic Sentry", a mission to enhance surveillance of the Baltic Sea following a rise in damage to critical undersea cables. The initiative will involve increased deployment of patrol aircraft, warships, and drones, with a focus on monitoring Russia's "shadow fleet." Over 95% of internet traffic and $10 trillion in daily financial transactions depend on undersea cables, making their protection vital. NATO leaders emphasised the potential for hostile intent behind recent incidents, noting that such damage is unlikely to be accidental.
Sources:
https://www.rte.ie/news/business/2025/0117/1491313-banks-cyber-rules/
https://www.reinsurancene.ws/cyber-attacks-considered-top-business-concern-for-2025-allianz/
https://www.helpnetsecurity.com/2025/01/16/ross-young-team8-cybersecurity-boardroom-discussions/
https://www.helpnetsecurity.com/2025/01/15/cybersecurity-complexity-era/
https://betanews.com/2025/01/16/ransomware-victim-numbers-hit-an-all-time-high/
https://securityintelligence.com/articles/the-current-state-of-ransomware-weaponizing-disclosure-rules/ [TC1]
https://betanews.com/2025/01/14/the-top-sme-security-worries-for-2025/
https://www.infosecurity-magazine.com/news/new-ransomware-group-uses-ai/
https://inews.co.uk/news/arson-sabotage-cyber-attacks-uk-threats-hostile-states-3481620
Governance, Risk and Compliance
Cyber attacks considered top business concern for 2025: Allianz - Reinsurance News
What they don’t tell you about cyber attacks – the emotional impact on staff | Computer Weekly
Cyber attacks, tech disruption ranked as top threats to business growth | CIO Dive
The top SME security worries for 2025
Geopolitics making cyber security challenges more complex: World Economic Forum - World - DAWN.COM
WEF Warns of Growing Cyber Inequity Amid Escalating Complexities - Infosecurity Magazine
Cyber security is stepping into a new era of complexity - Help Net Security
CISOs take on extra responsibilities
How CISOs can elevate cyber security in boardroom discussions - Help Net Security
A cyber-resilient culture: Key to adapting to evolving cyber threats - SiliconANGLE
Breaking the Cycle of Isolated Risk Management | MSSP Alert
Vigilance, Resilience, Flexibility as Keys to Countering Evolving Cyber Threats | Newswise
EU AI Act and NIS2 Directive 2025 Compliance Challenges
The Year Of Proactive Defence: Staying Ahead Of Threat Actors
Cyber Risk Quantification: Use Cases and Best Practices | MSSP Alert
73% of office workers say staff get blamed for cyber security incidents - survey
Threats
Ransomware, Extortion and Destructive Attacks
New Ransomware Group Uses AI to Develop Nefarious Tools - Infosecurity Magazine
The current state of ransomware: Weaponizing disclosure rules and more
85 Victims and Counting: What To Know About FunkSec Ransomware
‘Millions’ in taxpayer money paid to cyber criminals in recent years – minister | The Standard
US charges operators of cryptomixers linked to ransomware gangs
Ako Ransomware Abusing Windows API Calls To Detect Infected System Locations
New Ransomware Encrypts Amazon S3 Buckets Using SSE-C Encryption
New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment
Ransomware on ESXi: The Mechanization of Virtualized Attacks
Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime
Ongoing Play Ransomware Attack—What You Need To Know
Ransomware Victims
£33m cost of cyber-attack revealed | News | Health Service Journal
Personal data compromised in Gateshead Council cyber attack | ITPro
UnitedHealth hid its Change Healthcare data breach notice for months | TechCrunch
OneBlood confirms personal data stolen in July ransomware attack
Phishing & Email Based Attacks
Phishing click rates tripled in 2024 despite user training | CSO Online
Beware of These Microsoft Teams Phishing Scams
This Phishing Attack Disables Your iPhone Security: Here's How to Protect Yourself
Google Search ads are being hacked to steal account info | TechRadar
Accelerated BlackBasta-like email attack examined | SC Media
Fancy Bear spotted using real Kazak government documents in spearpishing campaign | CyberScoop
Browser-Based Cyber-Threats Surge as Email Malware Declines - Infosecurity Magazine
Other Social Engineering
Scammers have a new phishing trick for iPhone users – here’s how to avoid falling victim | TechRadar
Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine
Artificial Intelligence
New Ransomware Group Uses AI to Develop Nefarious Tools - Infosecurity Magazine
How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET
85 Victims and Counting: What To Know About FunkSec Ransomware
Microsoft takes legal action against bad actors using AI for sophisticated exploitation - Neowin
Addressing the Security Risks of AI in the Cloud
Ensuring U.S. Security and Economic Strength in the Age of Artificial Intelligence | The White House
CyberCube predicts AI will amplify cyber attacks in 2025 - Reinsurance News
What Enterprises Need to Know About Agentic AI Risks
Microsoft AI Red Team says security work will never be done • The Register
AI hallucinations can pose a risk to your cyber security
CISA's AI Playbook Pushes For More Information Sharing
Second Biden cyber executive order directs agency action on fed security, AI, space | CyberScoop
EU AI Act and NIS2 Directive 2025 Compliance Challenges
Law Firm Leads 15,000 to Sue Google and Microsoft over AI Data - Infosecurity Magazine
Trump, Musk Discuss AI, Cyber Security With Microsoft CEO
2FA/MFA
Microsoft MFA outage blocking access to Microsoft 365 apps
MFA Failures - The Worst is Yet to Come
Malware
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
MikroTik botnet relies on DNS misconfiguration to spread malware
Browser-Based Cyber Threats Surge as Email Malware Declines - Infosecurity Magazine
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine
Microsoft: macOS bug lets hackers install malicious kernel drivers
Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely
Cyber Attackers Hide Infostealers in YouTube Comments
FBI wipes Chinese PlugX malware from over 4,000 US computers
Apple devices at risk after security researcher hacks ACE3 USB-C controller - SiliconANGLE
Bots/Botnets
MikroTik botnet uses misconfigured SPF DNS records to spread malware
IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)
Mobile
Mobile apps exploited to harvest location data on massive scale, hacked files reveal | TechSpot
This Phishing Attack Disables Your iPhone Security: Here's How to Protect Yourself
Researchers disclosed details of a now-patched Samsung zero-click flaw
Denial of Service/DoS/DDoS
IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)
Internet of Things – IoT
Homeowners are clueless about how smart devices collect their data - Help Net Security
GM settles charges it shared driver location data • The Register
IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)
Allstate car insurer sued for tracking drivers without permission
Data Breaches/Leaks
2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records - SecurityWeek
Cyber Security Breaches Degrade Consumer Trust, but Apathy Rises - Security Boulevard
Telefonica Breach Hits 20,000 Employees and Exposes Jira Details - Infosecurity Magazine
Personal data stolen in cyber-attack on Gateshead Council - BBC News
60 Million Students and Teachers Targeted in PowerSchool Data Breach
GoDaddy Accused of Serious Security Failings by FTC - Infosecurity Magazine
Largest US addiction treatment provider notifies patients of data breach
OneBlood confirms personal data stolen in July ransomware attack
Prominent US law firm Wolf Haldenstein disclosed a data breach
Organised Crime & Criminal Actors
How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET
The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says | WIRED
The Wiretap: At $24 Billion In Sales, The Biggest Illicit Marketplace Ever Is On Telegram
How to protect yourself from the social media cyber crime boom - Digital Journal
The Insider Threat Digital Recruitment Marketplace - Security Boulevard
Online Gambling Unleashed Transnational Crime in Philippines (2)
Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime
Pastor who saw crypto project in his "dream" indicted for fraud
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists - SecurityWeek
US govt says North Korea stole over $659 million in crypto last year
New Web3 attack exploits transaction simulations to steal crypto
US charges operators of cryptomixers linked to ransomware gangs
Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine
Transaction simulation spoofing attack targets cryptocurrency wallets | SC Media
Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime
Pastor who saw crypto project in his "dream" indicted for fraud
Insider Risk and Insider Threats
Phishing click rates tripled in 2024 despite user training | CSO Online
The Insider Threat Digital Recruitment Marketplace - Security Boulevard
Human Factors in Cyber Security in 2025 | UpGuard
Concern over staff blame for cyber breaches - survey
73% of office workers say staff get blamed for cyber security incidents - survey
Insurance
Cyber attacks considered top business concern for 2025: Allianz - Reinsurance News
Supply Chain and Third Parties
£33m cost of cyber-attack revealed | News | Health Service Journal
Cloud/SaaS
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Google OAuth flaw lets attackers gain access to abandoned accounts
Beware of These Microsoft Teams Phishing Scams
Addressing the Security Risks of AI in the Cloud
Are Your Cloud Security Strategies Effective in 2025? | HackerNoon
New Ransomware Encrypts Amazon S3 Buckets Using SSE-C Encryption
New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
Azure and M365 MFA outage leaves logins lost • The Register
Outages
Azure and M365 MFA outage leaves logins lost • The Register
What the 2024 CrowdStrike Glitch Can Teach Us About Cyber Risk
GitHub Git downtime caused by bad configuration update • DEVCLASS
Identity and Access Management
2025: The year of evolution in identity security
First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released
Linux and Open Source
The Shifting Landscape of Open Source Security
Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely
Passwords, Credential Stuffing & Brute Force Attacks
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Google OAuth flaw lets attackers gain access to abandoned accounts
A Deep Dive into ISO 27001 Password Requirements - Security Boulevard
Social Media
How to protect yourself from the social media cyber crime boom - Digital Journal
TikTok warns of broad consequences if Supreme Court allows ban | Reuters
'How to quit Facebook?' searches spike after Meta's fact-checking ban | ZDNET
Meta's fact-checking end raises concerns about disinformation
Cyber Attackers Hide Infostealers in YouTube Comments
The Looming Crisis: Meta, Misinformation, And Public Trust
TikTok, five other Chinese firms hit by EU privacy complaints | Reuters
Trump’s Truth Social Users Targeted by Rampant Scams Online - Infosecurity Magazine
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Experts Unpack The Truth Behind TikTok’s Data Collection | HuffPost Life
'Free Our Feeds' campaign aims to billionaire-proof Bluesky’s tech | TechCrunch
Malvertising
Google Search ads are being hacked to steal account info | TechRadar
Training, Education and Awareness
Phishing click rates tripled in 2024 despite user training | CSO Online
Regulations, Fines and Legislation
New EU cyber rules for financial institutions from today
DORA Comes Into Force: Experts Weigh In On Its Impact And Opportunities
UK Considers Banning Ransomware Payment by Public Sector and CNI - SecurityWeek
The UK's Online Safety Act applies to Small Tech too • The Register
DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses - Infosecurity Magazine
The EU Cyber Resilience Act - What You Need to Know | A&O Shearman - JDSupra
Biden signs executive order inspired by lessons from recent cyber attacks - Nextgov/FCW
EU AI Act and NIS2 Directive 2025 Compliance Challenges
Last-Minute Biden EO Reportedly Prompted By Chinese Cyber Attacks | MSSP Alert
Governments call for spyware regulations in UN Security Council meeting | TechCrunch
TikTok warns of broad consequences if Supreme Court allows ban | Reuters
New ‘cyber security’ law in Turkey could criminalize reporting on data leaks - Turkish Minute
Models, Frameworks and Standards
European finance readying itself for DORA implementation
DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses - Infosecurity Magazine
New EU cyber rules for financial institutions from today
First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released
The EU Cyber Resilience Act - What You Need to Know | A&O Shearman - JDSupra
A Deep Dive into ISO 27001 Password Requirements - Security Boulevard
Backup and Recovery
Backup technology explained: The fundamentals of enterprise backup | Computer Weekly
Careers, Working in Cyber and Information Security
Career Opportunities in Cyber Security: A Guide for Aspiring Professionals | BCS
Microsoft is Laying Off Employees Across its Sales, Security, and Gaming Divisions
ISC2 Cyber Security Workforce Study: Shortage of AI skilled workers
Law Enforcement Action and Take Downs
US charges operators of cryptomixers linked to ransomware gangs
FBI wipes Chinese PlugX malware from over 4,000 US computers
Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime
Pastor who saw crypto project in his "dream" indicted for fraud
Misinformation, Disinformation and Propaganda
Meta's fact-checking end raises concerns about disinformation
The Looming Crisis: Meta, Misinformation, And Public Trust
'Free Our Feeds' campaign aims to billionaire-proof Bluesky’s tech | TechCrunch
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
'Arson, sabotage, cyber attacks': UK enters new era of threats from hostile states
‘Hybrid threats’, ‘grey zones’, ‘competition’, and ‘proxies’: When is it actually war?
Nation State Actors
China
US Telecom, Zero-Day Attacks Highlight Cyber Hygiene Need
China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again
Salt Typhoon spies spotted on US govt networks before telcos • The Register
US has responded to Chinese-linked cyber attacks on telecoms firms, Sullivan says | Reuters
ISMG Editors: The Coming Battle Over Chinese Cyberthreats
Last-Minute Biden EO Reportedly Prompted By Chinese Cyber Attacks | MSSP Alert
Strengthening America’s Resilience Against the PRC Cyber Threats | CISA
Nato launches 'Baltic Sentry' mission to protect undersea cables - BBC News
China Targeted Foreign Investment, Sanctions Offices in Treasury Hack: Reports - SecurityWeek
As Tensions Mount With China, Taiwan Sees Surge in Attacks
FBI wipes Chinese PlugX malware from over 4,000 US computers
TikTok, five other Chinese firms hit by EU privacy complaints | Reuters
Experts Unpack The Truth Behind TikTok’s Data Collection | HuffPost Life
Chinese hackers accessed Yellen's computer in US Treasury breach, Bloomberg News reports | Reuters
TikTok warns of broad consequences if Supreme Court allows ban | Reuters
Chinese cyber-spies target CFIUS investigations • The Register
Russia
Russia Carves Out Commercial Surveillance Success
Nato launches 'Baltic Sentry' mission to protect undersea cables - BBC News
Russia-linked APT Star Blizzard targets WhatsApp accounts
Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups - SecurityWeek
Ukraine’s PM discusses defence, cyber security, sanctions with Estonia’s Foreign Minister
Fancy Bear spotted using real Kazak government documents in spearpishing campaign | CyberScoop
Russia Targets Kazakhstan in Espionage Campaign
North Korea
US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists - SecurityWeek
North Korean Hackers Targeting Freelance Software Developers - SecurityWeek
Treasury sanctions North Korea over remote IT worker schemes | CyberScoop
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Governments call for spyware regulations in UN Security Council meeting | TechCrunch
How Barcelona became an unlikely hub for spyware startups | TechCrunch
Tools and Controls
Phishing click rates tripled in 2024 despite user training | CSO Online
What they don’t tell you about cyber attacks – the emotional impact on staff | Computer Weekly
How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET
2025 Informed: Cyber Security and AI
How “right-sizing” cyber security initiatives can prevent data Loss | theHRD
Home Office rolls out cyber crime protections for data centres
How CTEM is providing better cyber security resilience for organisations
Backup technology explained: The fundamentals of enterprise backup | Computer Weekly
A cyber-resilient culture: Key to adapting to evolving cyber threats - SiliconANGLE
Breaking the Cycle of Isolated Risk Management | MSSP Alert
How CISOs Can Build a Disaster Recovery Skillset
Are Your Cloud Security Strategies Effective in 2025? | HackerNoon
Ransomware on ESXi: The Mechanization of Virtualized Attacks
What Security Leaders Get Wrong About Zero-Trust Architecture
First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
The AI Conundrum In Security: Why The Future Belongs To The Bold
How AI and ML are transforming digital banking security - Help Net Security
North Korean Hackers Targeting Freelance Software Developers - SecurityWeek
Hackers leak configs and VPN credentials for 15,000 FortiGate devices
What the 2024 CrowdStrike Glitch Can Teach Us About Cyber Risk
Cyber Risk Quantification: Use Cases and Best Practices | MSSP Alert
Risk, Reputational Scoring Services Enjoy Mixed Success
AI hallucinations can pose a risk to your cyber security
A Deep Dive into ISO 27001 Password Requirements - Security Boulevard
Balancing usability and security in the fight against identity-based attacks - Help Net Security
Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges - Infosecurity Magazine
Enabling confident cyber resilience and recovery with CyberSense - SiliconANGLE
Cyber security on a shoestring: maximizing your ROI | TechRadar
Reports Published in the Last Week
Other News
The top SME security worries for 2025
US Telecom, Zero-Day Attacks Highlight Cyber Hygiene Need
Chrome Web Store is a mess | Almost Secure
UK Registry Nominet Breached Via Ivanti Zero-Day - Infosecurity Magazine
CNI Attacks: What to Expect in 2025 | SC Media UK
Nominet probes possible Ivanti zero-day exploit • The Register
EU To Launch Support Centre by 2026 to Boost Healthcare Cyber Security - Infosecurity Magazine
What's happening in the cyber security market? | Insurance Business America
The Year Of Proactive Defence: Staying Ahead Of Threat Actors
The rise of cyber attacks | Law Gazette
WEF Report Reveals Growing Cyber Resilience Divide Between Public and Private Sectors - SecurityWeek
The Cyber Security Risks Threatening The Automotive Industry, And How To Combat Them
Cyber attack forces Dutch university to cancel lectures | The Record from Recorded Future News
Aerospace Tech Week to put the spotlight on AI, autonomous aviation and cyber security
A humble proposal: The InfoSec CIA triad should be expanded - Help Net Security
Vulnerability Management
Vulnerability Remediation vs Mitigation: Which Strategy Wins in Cyber Security? - Security Boulevard
What 2024 taught us about security vulnerabilities - Help Net Security
Critical vulnerabilities remain unresolved due to prioritization gaps - Help Net Security
Vulnerabilities
Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days - SecurityWeek
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
Google Chrome 132 update fixes 16 unique security issues - gHacks Tech News
Fortinet Releases Security Updates for Multiple Products | CISA
Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities - SecurityWeek
Ivanti Patches Critical Vulnerabilities in Endpoint Manager - SecurityWeek
Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader
Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS - SecurityWeek
UK Registry Nominet Breached Via Ivanti Zero-Day - Infosecurity Magazine
Nominet probes possible Ivanti zero-day exploit • The Register
SAP Patches Critical Vulnerabilities in NetWeaver - SecurityWeek
Apple Patches Flaw That Allows Kernel Security Bypassing
Adobe Releases Security Updates for Multiple Products | CISA
Microsoft: macOS bug lets hackers install malicious kernel drivers
Windows BitLocker bug triggers warnings on devices with TPMs
New UEFI Secure Boot flaw exposes systems to bootkits, patch now
Debian 12.9 “Bookworm” Arrives with 72 Bug Fixes and 38 Security Updates - 9to5Linux
Google OAuth flaw lets attackers gain access to abandoned accounts
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
Researchers disclosed details of a now-patched Samsung zero-click flaw
Microsoft 365 apps crash on Windows Server after Office update
Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely
Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 15 January 2025 – Microsoft, Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall, Zyxel, Google Chrome and Zoom Security Updates - updated
Black Arrow Cyber Advisory 15 January 2025 – Microsoft, Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall and Zyxel Security Updates
Updated
Since writing further updates have been released for another Ivanti vulnerability, this time affecting Endpoint Manager, as well as updates for Google Chrome, to address 132 fixes and 16 unique security issues, and Zoom to address a number of security issues across Windows, Mac and Linux clients.
See more details on each of those in the relevant sections below
Executive Summary
Microsoft’s Patch Tuesday for January 2025 started the year with security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. This Patch Tuesday also included fixes for twelve critical vulnerabilities, including information disclosure, privileges elevation, and remote code execution flaws.
Several other major software and hardware vendors released critical security updates this month to address vulnerabilities that could be exploited by attackers. Adobe issued updates for popular products such as Photoshop, Illustrator for iPad, and Animate, while Cisco addressed issues across multiple tools, including ThousandEyes and Crosswork Network Controller. Ivanti and Fortinet tackled zero-day vulnerabilities actively exploited in attacks, with Ivanti focusing on Connect Secure and Fortinet on its FortiOS and FortiProxy platforms.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan
Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall & Zyxel - updated to include Google Chrome and Zoom
Further details of the vulnerabilities in affected Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall and Zyxel products can be found here:
https://helpx.adobe.com/security/security-bulletin.html
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
https://www.ivanti.com/blog/january-security-update
https://github.blog/open-source/git/git-security-vulnerabilities-announced-5/
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html
https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 10 January 2025
Black Arrow Cyber Threat Intelligence Briefing 10 January 2025:
-Phishing Click Rates Triple in 2024
-What Boards Need to Know on Digital and Cyber Security Governance In 2025
-Only 26% of Europe’s Top Companies Earn a High Rating for Cyber Security
-Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape
-Ransomware Shock: $133 Million Paid, 195 Million Records Compromised
-Operational Incident Reporting: UK Financial Regulators Propose New Rules
-Insider Threat: Tackling the Complex Challenges of the Enemy Within
-The Big Question: Are Businesses Now in the Front Line for Cyber Warfare?
-How Cyber Security Jargon Creates Barriers and Wastes Resources
-Scammers Exploit Microsoft 365 to Target PayPal Users
-Five Ways to Make Cyber Security Resilience More Than Just a Buzzword
-Meet the Chinese ‘Typhoon’ Hackers Preparing for War
-The Cyber Security Priorities For 2025: What Leaders Should Focus On
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Cyber security remains a critical priority for organisations in 2025, with evolving threats demanding stronger leadership, governance, and proactive resilience measures. Phishing click rates surged by 190% in 2024, with cloud applications as primary targets and a shift in attack vectors from email to search engines and malicious ads. Meanwhile, ransomware inflicted $133.5 million in payouts, and insider threats posed complex risks, exacerbated by generative AI-enabled scams. Addressing these challenges requires a combination of advanced defences like zero trust architectures, improved governance frameworks, and clarity in communication to bridge knowledge gaps at the board level.
Governance is under heightened scrutiny as systemic risks grow. Only 26% of Europe’s top companies earned high ratings for cyber security resilience, while regulatory pressures, such as the EU’s DORA, underline the urgency for improved third-party risk management and operational resilience. Boards must prioritise expertise, particularly in AI, as gaps persist despite incremental progress. Leaders should integrate risk management across infrastructures to address geopolitical cyber warfare threats, emphasising supply chain security and AI-driven defences.
To sustain resilience, organisations must embed adaptability, automate responses, and foster cross-departmental collaboration. Strategic investments in skilled talent, incident readiness, and emerging technologies will help to ensure businesses not only survive but thrive amidst escalating cyber threats.
Top Cyber Stories of the Last Week
Phishing Click Rates Triple in 2024
Phishing click rates surged by 190% in 2024, with over eight in 1,000 users clicking phishing links monthly, according to Netskope. Cloud applications were the top targets (27%), primarily aiming to compromise accounts for illicit resale, of which Microsoft was the most targeted brand (42% of clicks), followed by banking (17%) and telco (13%) sectors. A shift was noted in phishing link locations from email-based attacks to search engines using SEO poisoning and malicious ads. Meanwhile, workplace adoption of GenAI apps rose to 94%, with organisations implementing controls such as app blocking (73%) and data loss prevention (45%).
What Boards Need to Know on Digital and Cyber Security Governance In 2025
In 2025, boardroom oversight of digital and cyber security will face increased scrutiny and expectations as systemic risks continue to grow. In 2024, cyber incidents cost UnitedHealth Group $2.5 billion and drove a 40% stock price drop at Crowdstrike, underlining the escalating consequences of poor governance. While 25% of S&P 500 directors now have cyber security expertise, up from 12% in 2020, gaps remain: 79% of boards report limited or no AI experience. Regulatory pressure, such as the European Central Bank (ECB) mandatory cyber expertise for bank boards, and frameworks like NIST CSF 2.0, signal the shift towards systemic reforms in boardroom governance.
Only 26% of Europe’s Top Companies Earn a High Rating for Cyber Security
A report by SecurityScorecard reveals that only 26% of Europe’s top 100 companies earn an A rating for cyber security resilience, with organisations rated A being 13.8 times less likely to experience a breach than those rated F. 98% of European companies faced third-party breaches in the past year, and 18% reported direct breaches, exposing gaps in internal defences. The energy sector lags significantly, with 75% of companies rated C or lower, while Scandinavian firms lead with only 20% scoring below B. As the EU’s DORA deadline looms, prioritising third-party risk management is critical for strengthening operational resilience.
Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape
Organisations must now recognise that breaches are highly prevalent in today’s threat landscape, driven by increasingly sophisticated cyber attacks. Traditional perimeter-based defences, while essential, are no longer sufficient on their own. To mitigate the impact of inevitable breaches, adopting a zero trust approach and embedding microsegmentation can limit attackers’ movement within a network, reducing harm and operational disruption. While implementing such strategies demands cross-departmental collaboration and mindset shifts, gradual adoption can ease operational impacts. By becoming ‘breach ready’, organisations can maintain resilience, protect their reputation, and safeguard business continuity even in the face of persistent threats.
Ransomware Shock: $133 Million Paid, 195 Million Records Compromised
Ransomware continues to pose a significant threat to organisations globally, with a 2024 report revealing over 1,200 confirmed attacks and more than 195 million records compromised. Ransom payments reached $133.5 million, with an average payout of $9.5 million. Key sectors affected include business, healthcare, and government, while education saw a slight decline in incidents. Despite early signs of decreasing activity, ransomware attacks surged towards the end of the year, and experts warn of continued large-scale disruptions and data breaches in 2025. The lack of mandatory reporting in many regions further obscures the true scale of the threat.
Operational Incident Reporting: UK Financial Regulators Propose New Rules
UK financial regulators, including the FCA and PRA, are consulting on new operational incident reporting rules to strengthen operational resilience across the financial sector. The proposals aim to clarify when and how firms must report incidents such as IT outages or cyber attacks, focusing on consumer harm, market integrity, and safety risks. Firms would need to submit initial, intermediate, and final reports for each incident. Additionally, material third-party arrangements would require annual updates. These changes align with international standards like the EU’s DORA, and regulators may pursue enforcement for non-compliance. The consultation closes in March 2025.
Insider Threat: Tackling the Complex Challenges of the Enemy Within
Insider threats represent a growing challenge for organisations, with risks ranging from financial fraud and intellectual property theft to national security breaches. High-profile cases demonstrate how malicious insiders, such as bribed employees or malcontent staff, exploit weak detection systems. Sophisticated hiring scams, including the use of false identities, are increasingly enabled by generative AI. Prevention efforts include robust background checks, network anomaly detection, and sentiment analysis, but these methods are not foolproof. As technology evolves, organisations must balance effective detection with legal and ethical considerations to mitigate these complex and evolving risks.
The Big Question: Are Businesses Now in the Front Line for Cyber Warfare?
Recent reports highlight a growing shift towards cyber warfare, with businesses increasingly on the frontline of nation-state cyber attacks. The evolving threat landscape is driven by geopolitical tensions, with critical infrastructure, supply chains, and even civilian services becoming primary targets. Experts warn of a rise in AI-driven cyber weapons capable of bypassing defences and amplifying the scale of attacks. Organisations face heightened risks as ransomware evolves into a political weapon and the proliferation of IoT devices creates new vulnerabilities. A unified approach to security, integrating risk management across infrastructures, is essential to address the escalating threats in 2025.
How Cyber Security Jargon Creates Barriers and Wastes Resources
The cyber security industry, growing at 20% year-on-year, faces a critical communication challenge. Over-reliance on jargon and acronyms hinders understanding and creates barriers, particularly at the board level. Complex terms often obscure what tools do, limiting funding and leaving organisations vulnerable to cyber attacks. A shift toward clear, actionable language, focusing on securing source code, runtime applications, cloud environments, and supply chains, can break down silos and improve integration into development processes. By fostering clarity and inclusivity, organisations can better align security strategies with business priorities, ensuring both protection and efficiency.
Scammers Exploit Microsoft 365 to Target PayPal Users
Fortinet has identified a phishing attack exploiting PayPal's money request feature, leveraging Microsoft 365's Sender Rewrite Scheme (SRS) to bypass email authentication and deceive recipients. The scam involves legitimate-looking payment requests, making them hard to distinguish from genuine communications. Victims who follow the provided link risk granting scammers access to their PayPal accounts. Fortinet highlights the importance of employee education, robust data loss prevention (DLP) rules, and advanced AI-driven detection tools to identify unusual patterns, such as group messaging anomalies, and mitigate these increasingly sophisticated threats. Organisations must prioritise vigilance and proactive defences to combat such risks.
Five Ways to Make Cyber Security Resilience More Than Just a Buzzword
Organisations must shift from reactive approaches to a sustainable cyber security strategy to build true resilience. This means not just addressing immediate threats but embedding adaptability into core systems, enabling defences to evolve with emerging risks. Key measures include automating responses for agility, implementing zero trust architectures, and continuously improving through learning and self-healing mechanisms. By prioritising proactive preparation and fostering a culture of shared responsibility, businesses can move beyond survival to thrive amidst uncertainty, ensuring their defences are robust, adaptable, and future proof.
Meet the Chinese ‘Typhoon’ Hackers Preparing for War
Chinese state-sponsored hacking groups, labelled collectively as the "Typhoon" family, have emerged as a significant cyber security threat to the West, targeting critical infrastructure sectors like water, energy, and transportation. These groups, including Volt Typhoon, Flax Typhoon, and Salt Typhoon, have engaged in deep infiltration to prepare for potential disruptive cyber attacks. Notable incidents include the dismantling of botnets used to mask malicious activities, with over 100 intrusions identified by early 2025. Recent breaches by Salt Typhoon targeted telecoms, exposing sensitive communications data, including law enforcement surveillance systems, underscoring the escalating strategic risks posed by these operations.
The Cyber Security Priorities For 2025: What Leaders Should Focus On
A recent analysis highlights the evolving cyber security priorities for 2025, emphasising the critical role of leadership in driving resilience. As cyber threats become increasingly sophisticated, AI-driven attacks and supply chain vulnerabilities are top concerns, alongside stricter data privacy regulations. Leaders are encouraged to adopt zero trust principles, invest in skilled talent, and align security strategies with business objectives. Preparing for quantum computing’s impact on encryption is also vital. Practical steps include regular incident response testing, vendor risk assessments, and fostering a security-first culture. Effective leadership can turn robust cyber security into a competitive advantage.
Sources:
https://www.infosecurity-magazine.com/news/phishing-click-rates-triple/
https://www.helpnetsecurity.com/2025/01/06/european-companies-cybersecurity-rating/
https://www.jdsupra.com/legalnews/operational-incident-reporting-uk-2347989/
https://www.securityweek.com/insider-threat-tackling-the-complex-challenges-of-the-enemy-within/
https://www.techradar.com/pro/how-cybersecurity-jargon-creates-barriers-and-wastes-resources
https://www.infosecurity-magazine.com/news/scammers-exploit-microsoft365/
https://techcrunch.com/2025/01/06/meet-the-chinese-typhoon-hackers-preparing-for-war/
Governance, Risk and Compliance
Report: AI and security governance remain top priorities for 2025 - SD Times
What Boards Need To Know On Digital And Cyber Security Governance In 2025
The true cost of a security breach | TechRadar
So, you don’t have a chief information security officer? 9 signs your company needs one | CSO Online
Poor Cyber Hygiene can Cost Organizations up to an Average of $677 Million - Security Boulevard
Operational Incident Reporting: UK Financial Regulators Propose New Rules | A&O Shearman - JDSupra
Personal liability sours 70% of CISOs on their role | CSO Online
The Cyber Security Priorities For 2025: What Leaders Should Focus On
How CISOs can forge the best relationships for cybersecurity investment | CSO Online
The Cybersecurity Wake-Up Call for MSMEs in 2025 | Entrepreneur
Top 9 Cyber Loss Scenarios: A Year In Review, 2024 | Kovrr - Security Boulevard
How cyber security jargon creates barriers and wastes resources | TechRadar
Executive Leadership Under Siege: Cyber Security Predictions for 2025
Five ways to make cybersecurity resilience more than just a buzzword | SC Media
Brace yourself for cyber attacks | Professional Security Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Shock—$133 Million Paid, 195 Million Records Compromised
Ransomware attacks against critical infrastructure exceed 2K in a decade | SC Media
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch
Important Preventative Strategies For Avoiding And Recovering From Ransomware Threats
Space Bears Ransomware: What You Need To Know | Tripwire
Ransomware attacks on education declined in 2024, report shows | StateScoop
How to Protect Against Ransomware: Everything You Need to Know
Ransomware Victims
New York Hospital Says Ransomware Attack Data Breach Impacts 670,000 - SecurityWeek
Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media
PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak - Infosecurity Magazine
IT Giant Atos Responds to Ransomware Group's Data Theft Claims - SecurityWeek
Hackers release files stolen in cyberattack on Rhode Island benefits system | StateScoop
Dental Practice Pays State in Alleged Data Breach 'Cover Up'
Almost 8500 People Affected By Casio Data Leak
Ransomware Targeting Infrastructure Hits Telecom Namibia
Phishing & Email Based Attacks
Phishing Click Rates Triple in 2024 - Infosecurity Magazine
The top target for phishing campaigns - Help Net Security
Russian hackers turn trusted online stores into phishing pages | CSO Online
Fortinet warns of sophisticated phishing campaign exploiting Microsoft 365 domains - SiliconANGLE
Scammers Exploit Microsoft 365 to Target PayPal Users - Infosecurity Magazine
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
How to protect yourself from phishing attacks in Chrome and Firefox | ZDNET
Other Social Engineering
Fake Government Officials Use Remote Access Tools for Card Fraud - Infosecurity Magazine
Artificial Intelligence
Report: AI and security governance remain top priorities for 2025 - SD Times
Google Chrome AI extensions deliver info-stealing malware in broad attack | Malwarebytes
Cloud, AI, and cybersecurity converge on fintech landscape | SC Media
A NATO-backed startup says agentic malware could be here as soon as 2027
New AI Challenges Will Test CISOs & Their Teams in 2025
UK Government to Ban Creation of Explicit Deepfakes - Infosecurity Magazine
Deepfake advancements pose growing cyber security risks
How will the evolution of AI change its security? | TechRadar
Trolley Problem, Safety Versus Security of Generative AI - SecurityWeek
Why an “all gas, no brakes” approach for AI use won't work - Help Net Security
Innovation, Automation, And The Cyber Security Challenges Ahead
Malware
Google Chrome AI extensions deliver info-stealing malware in broad attack | Malwarebytes
A NATO-backed startup says agentic malware could be here as soon as 2027
Over 4,000 backdoors hijacked by registering expired domains
New Banshee Malware Targeting MacOS Users Remained Undetected For Months
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
A Windows filetype update may have complicated cyber threat detection efforts | TechRadar
New Infostealer Campaign Uses Discord Videogame Lure - Infosecurity Magazine
Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024 - SecurityWeek
Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques
Google warns of legit VPN apps being used to infect devices with malware | TechRadar
Top 5 Malware Threats to Prepare Against in 2025
Fake Government Officials Use Remote Access Tools for Card Fraud - Infosecurity Magazine
Advanced evasion techniques leveraged by novel NonEuclid RAT | SC Media
Bots/Botnets
US Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks - Infosecurity Magazine
New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices - Infosecurity Magazine
Gayfemboy Botnet targets Four-Faith router vulnerability
Mobile
FireScam Malware Campaign Highlights Rising Threat To Mobile Users
Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
Millions of Vinted, Spotify and Tinder users' data could be compromised in global hack
Porn Ban—New Threat For iPhone, iPad, Android Users
Data Privacy: Your Carrier Knows a Lot About You. Here's How to Take Back Control - CNET
Android patches several vulnerabilities in first security update of 2025 | CyberScoop
This iOS 18 feature shares your photos with Apple for analysis. Should you be worried? | ZDNET
Android Under Attack—Users Warned As FireScam Threat Evades Detection
Apple rolls out mystery update with 'important bug fixes' for iPhones and iPads | ZDNET
First Android Update of 2025 Patches Critical Code Execution Vulnerabilities - SecurityWeek
Denial of Service/DoS/DDoS
Japanese Businesses Hit By a Surge In DDoS Attacks
Internet of Things – IoT
IoT's Regulatory Reckoning Is Overdue
Buying a smart home device? Look for this new cybersecurity seal - here's why | ZDNET
White House launches cybersecurity label program for consumers | CyberScoop
New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices - Infosecurity Magazine
Gayfemboy Botnet targets Four-Faith router vulnerability
How vulnerable Ecovacs robot vacuums are being hacked | Kaspersky official blog
Tesla data helped police in Las Vegas. It highlights privacy concerns | AP News
Data Breaches/Leaks
Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
Millions of Vinted, Spotify and Tinder users' data could be compromised in global hack
Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media
PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak - Infosecurity Magazine
The real cost of data breaches for businesses - Help Net Security
CISA says Treasury was the only US agency breached via BeyondTrust - Help Net Security
UN's aviation agency confirms attack on recruitment database • The Register
Largest US addiction treatment provider notifies patients of data breach
How to empower employees to prevent data leaks | Professional Security Magazine
Washington Attorney General Sues T-Mobile Over 2021 Data Breach - SecurityWeek
Dental group lied through teeth about data breach, fined $350,000 | Malwarebytes
Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data
Medical billing firm Medusind discloses breach affecting 360,000 people
Excelsior Orthopaedics Data Breach Impacts 357,000 People - SecurityWeek
Mortgage Cos. Fined $20M Over Cybersecurity Breach - Law360
Almost 8500 People Affected By Casio Data Leak
Organised Crime & Criminal Actors
Malicious hackers have their own shadow IT problem | CyberScoop
Web3 Attacks Result in $2.3Bn in Cryptocurrency Losses - Infosecurity Magazine
Torturing hackers in prison: surviving as an act of protest | Cybernews
CISOs’ Top Cyber Security Threats 2025: Scattered Spider, Deepfakes, and More - Security Boulevard
Cyber Criminals Don't Care About National Cyber Policy
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch
Hacker Sentenced After Stealing Unreleased Coldplay Tracks
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptocurrency wallet drainers stole $494 million in 2024
Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024 - SecurityWeek
Insider Risk and Insider Threats
Insider Threat: Tackling the Complex Challenges of the Enemy Within - SecurityWeek
83% of organizations reported insider attacks in 2024
Internal threats in the cloud | Professional Security Magazine
How to empower employees to prevent data leaks | Professional Security Magazine
How can organizations mitigate the security risks caused by human error?
Supply Chain and Third Parties
Widespread cyberattack targets Google Chrome extensions, compromises 2.6 million devices | TechSpot
Chrome Compromises Highlight Software Supply Challenges
OpenAI Blames Cloud Provider For ChatGPT Outage
Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media
CISA says Treasury was the only US agency breached via BeyondTrust - Help Net Security
Cloud/SaaS
Cloud, AI, and cyber security converge on fintech landscape | SC Media
Internal threats in the cloud | Professional Security Magazine
OpenAI Blames Cloud Provider For ChatGPT Outage
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch
Fortinet warns of sophisticated phishing campaign exploiting Microsoft 365 domains - SiliconANGLE
Scammers Exploit Microsoft 365 to Target PayPal Users - Infosecurity Magazine
MSSPs Have a Role in Stopping Cloud Attacks Using Stolen Credentials | MSSP Alert
Unconventional Cyber Attacks Aim for PayPal Account Takeover
Hacker Sentenced After Stealing Unreleased Coldplay Tracks
Outages
OpenAI Blames Cloud Provider For ChatGPT Outage
Proton Mail still down as Proton recovers from worldwide outage
CrowdStrike bounces back after triggering largest IT outage in history
Identity and Access Management
Identity Security to Become a Focus in 2025, Experts Say | MSSP Alert
The Benefits of Implementing Least Privilege Access - Security Boulevard
Encryption
Around 3.3M POP3 and IMAP mail servers lack TLS encryption
Millions of email users at risk — passwords could be exposed to hackers, experts warn | Tom's Guide
Making the most of cryptography, now and in the future - Help Net Security
How to password protect a USB stick in less than 5 minutes - Which? News
Encryption backdoor debate 'done and dusted' • The Register
Mixed Messages: The Salt Typhoon Encryption Debacle | Benesch - JDSupra
How to encrypt any email - in Outlook, Gmail, and other popular services | ZDNET
Linux and Open Source
Open source worldwide: Critical maintenance gaps exposed - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Router reality check: 86% of default passwords have never been changed
MSSPs Have a Role in Stopping Cloud Attacks Using Stolen Credentials | MSSP Alert
Almost half Gen Z and Millennials have had their social media passwords hacked
Critical ‘Rising Risk’ Attack Alert—Change Your Router Password Now
Social Media
Meta ditches fact checking for community notes - just like on X | ZDNET
TikTok Ban Thrusts Apple (AAPL), Google Into US-China Geopolitical Fray - Bloomberg
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws
Almost half Gen Z and Millennials have had their social media passwords hacked
New Infostealer Campaign Uses Discord Videogame Lure - Infosecurity Magazine
UK universities join retreat from Elon Musk's X, citing misinformation on platform | Reuters
Meta exempted top advertisers from standard content moderation process
Meta Now Lets Users Say Gay and Trans People Have ‘Mental Illness’ | WIRED
Training, Education and Awareness
How to empower employees to prevent data leaks | Professional Security Magazine
8 Tips for Fortifying Your Cyber Defenses With a Human Firewall
Regulations, Fines and Legislation
New HIPAA Security Rules Pull No Punches
Cyber security law updates in the UK and the EU | Technology Law Dispatch
Operational Incident Reporting: UK Financial Regulators Propose New Rules | A&O Shearman - JDSupra
IoT's Regulatory Reckoning Is Overdue
White House launches cyber security label program for consumers | CyberScoop
UK Government to Ban Creation of Explicit Deepfakes - Infosecurity Magazine
Cyber criminals Don't Care About National Cyber Policy
Dental group lied through teeth about data breach, fined $350,000 | Malwarebytes
Dental Practice Pays State in Alleged Data Breach 'Cover Up'
Mortgage Cos. Fined $20M Over Cyber Security Breach - Law360
US has ‘a lot of work to do’ on network defences, departing cyber czar says - Defense One
Models, Frameworks and Standards
New HIPAA Security Rules Pull No Punches
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws
The ongoing evolution of the CIS Critical Security Controls - Help Net Security
The NIS2 Directive in Germany: Looking Ahead | Hogan Lovells - JDSupra
Data Protection
Huge Changes Predicted For The Data Privacy Landscape
Careers, Working in Cyber and Information Security
It’s Time Businesses Address The UK’s Cybersecurity Talent Shortage
Law Enforcement Action and Take Downs
Sharing of Telegram User Data Surged After CEO Arrest
Hacker Sentenced After Stealing Unreleased Coldplay Tracks
Misinformation, Disinformation and Propaganda
Meta ditches fact checking for community notes - just like on X | ZDNET
UK universities join retreat from Elon Musk's X, citing misinformation on platform | Reuters
Meta exempted top advertisers from standard content moderation process
Meta Now Lets Users Say Gay and Trans People Have ‘Mental Illness’ | WIRED
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Historical Warfare’s Parallels with Cyber Warfare - Australian Cyber Security Magazine
Preparing for Cybergeddon - defenceWeb
The Big Question: Are businesses now in the front line for cyberwarfare? - Emerging Risks Media Ltd
Shadows Of Power: Navigating The Complexities Of Global Security – Analysis – Eurasia Review
Nation State Actors
China
Meet the Chinese 'Typhoon' hackers preparing for war | TechCrunch
How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons - WSJ
China cyber threats: What businesses can do to protect themselves | ITPro
UK cyber experts on red alert after Salt Typhoon attacks on US telcos | ITPro
China’s escalating cyber attacks highlight Biden, Trump differences - Defense One
Hackers Terrify US Intelligence After Infiltrating Guam - Bloomberg
After China's Salt Typhoon, the reconstruction starts now • The Register
FCC chief urges auction to fund 'Rip and Replace' program • The Register
Japanese police claim China ran five-year cyberattack • The Register
Mandiant links Ivanti zero-day exploitation to Chinese hackers | TechTarget
46 Japanese entities hit by cyberattacks since year-end - Japan Today
US-China: A Cyberwar With Internet Agents – OpEd – Eurasia Review
Taiwan claims China-linked ship damaged submarine cable • The Register
Taiwan raises alarm over increasing Chinese cyberattacks | Taiwan News | Jan. 5, 2025 15:31
TikTok Ban Thrusts Apple (AAPL), Google Into US-China Geopolitical Fray - Bloomberg
Mixed Messages: The Salt Typhoon Encryption Debacle | Benesch - JDSupra
Chinese APT Exploits Versa Networks Zero-Day Flaw | Decipher
Russia
WordPress phishing plugin drives online shopping fraud | SC Media
Russian hackers turn trusted online stores into phishing pages | CSO Online
Banshee: The Stealer That "Stole Code" From MacOS XProtect - Check Point Research
Cyber attacks on Ukraine in 2024: a 70% increase
'Russia's Google' Yandex ordered to hide maps of oil refineries after Ukrainian attacks
Hackers claim to have breached Russia’s real estate database, Moscow denies
Tools and Controls
Why Small Business Can't Rely Solely on AI to Combat Threats
Around 3.3M POP3 and IMAP mail servers lack TLS encryption
Confidently Secure: Leveraging PAM for Enhanced Protections - Security Boulevard
How to empower employees to prevent data leaks | Professional Security Magazine
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
Identity Security to Become a Focus in 2025, Experts Say | MSSP Alert
From Silos to Synergy: Transforming Threat Intelligence Sharing in 2025 - SecurityWeek
Top 6 Ways To Back Your Business Up With Cyber Threat Intelligence
Innovation, Automation, And The Cyber Security Challenges Ahead
The Benefits of Implementing Least Privilege Access - Security Boulevard
Google warns of legit VPN apps being used to infect devices with malware | TechRadar
Why Traditional Fraud Scores Are No Longer Enough for Modern Threats - Security Boulevard
8 Tips for Fortifying Your Cyber Defenses With a Human Firewall
How CISOs can make smarter risk decisions - Help Net Security
Other News
Only 26% of Europe's top companies earn a high rating for cybersecurity - Help Net Security
UK Internet Domain Registry Nominet Suffers Cyber Attack - ISPreview UK
The Cyber Security Wake-Up Call for MSMEs in 2025 | Entrepreneur
Magecart Attacks Surge as E-Commerce Security Struggles to Keep Pace - Security Boulevard
Cyber security deserves a place in the political spotlight | SC Media
Cyber resiliency should be top priority for investors | News | IPE
7 Lessons From A Year Of Unprecedented Cyber Attacks
2024 was worst year on record for commercial cyber attacks | Total Telecom
Rethinking cyber security in government: Prioritizing recovery and resilience | FedScoop
So, you don’t have a chief information security officer? 9 signs your company needs one | CSO Online
Vulnerability Management
Millions of Windows 10 PCs face security disaster as Microsoft ends support
Key Cyber Initiatives from CISA: KEV Catalog, CPGs, and PRNI | CISA
Vulnerabilities
Security pros baited by fake Windows LDAP exploits • The Register
Thousands of Buggy BeyondTrust Systems Remain Exposed
Tenable Disables Nessus Agents Over Faulty Updates - SecurityWeek
Mandiant links Ivanti zero-day exploitation to Chinese hackers | TechTarget
Android patches several vulnerabilities in first security update of 2025 | CyberScoop
Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers - Help Net Security
Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities - SecurityWeek
Surprise Google Chrome 131 Update For Windows, Mac, Linux, Android
Hackers are exploiting a new Ivanti VPN security bug to hack into company networks | TechCrunch
Another top WordPress plugin found carrying critical security flaws | TechRadar
First Android Update of 2025 Patches Critical Code Execution Vulnerabilities - SecurityWeek
WordPress Popular Posts Plugin Vulnerability Affects 100k+ Sites
Popular open source vulnerability scanner Nuclei forced to patch worrying security flaw | TechRadar
Dell, HPE, MediaTek Patch Vulnerabilities in Their Products - SecurityWeek
SonicWall urges admins to patch exploitable SSLVPN bug immediately
Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool - SecurityWeek
Apple rolls out mystery update with 'important bug fixes' for iPhones and iPads | ZDNET
UK Internet Domain Registry Nominet Suffers Cyber Attack - ISPreview UK
Gayfemboy Botnet targets Four-Faith router vulnerability
Chinese APT Exploits Versa Networks Zero-Day Flaw | Decipher
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 03 January 2025
Black Arrow Cyber Threat Intelligence Briefing 03 January 2025:
-Corporate Executives are Being Increasingly Targeted by AI Phishing Scams
-Unconventional Russian Attack Could Cause 'Substantial' Casualties, Top NATO Official Warns
-35 Chrome Extensions Began Stealing People's Data After the Developers Got Phished
-China's Cyber Intrusions Took a Sinister Turn in 2024
-Third Party Risk Management is Critical as DORA and New FCA Rules Come into Effect
-Ransomware 2024: A Year of Tricks, Traps, Wins and Losses
-The Modern CISO is a Cornerstone of Organisational Success
-Ransomware Reality Check: Are You Ready to Face Organised Cyber Crime?
-How Cops Taking Down Ransomware Gangs Led to the Meteoric Rise of Another
-Experts Unsure of Risk Appetite as EU Beefs Up Cyber Rules for Critical Infrastructure
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Summary
Cyber security threats in 2024 became more sophisticated, with AI-driven phishing, ransomware, and state-sponsored attacks presenting significant challenges. This week’s threat intelligence review shows that hyper-personalised phishing campaigns now account for 90% of successful cyber attacks, costing organisations an average of $4.9m per breach. Ransomware-as-a-service (RaaS) has lowered barriers for attackers, targeting critical sectors and driving recovery costs to $3m per incident.
Geopolitical tensions have intensified risks, with NATO highlighting hybrid attacks from Russia and China’s state-backed groups targeting critical infrastructure. These incidents underscore the vulnerabilities in sectors like energy and emergency services, necessitating urgent action to enhance resilience.
Supply chain security also remains a concern, with Chrome extension compromises demonstrating the risks of inadequate oversight. New regulations such as the EU’s NIS2 directive and UK Financial Conduct Authority (FCA) rules will push businesses to improve third-party risk management and compliance in 2025.
To combat these threats, organisations must adopt a cyber security strategy that considers zero trust architectures, multi-factor authentication, and robust incident response plans. Effective training and the strategic leadership of Chief Information Security Officers (CISOs) are critical in bridging security and business objectives, ensuring resilience against an evolving cyber threat landscape.
Top Cyber Stories of the Last Week
Corporate Executives are Being Increasingly Targeted by AI Phishing Scams
Corporate executives are increasingly targeted by sophisticated AI-driven phishing attacks, leveraging vast amounts of data to create hyper-personalised scams. Experts highlight a sharp rise in such attacks, with 90% of successful cyber attacks originating from phishing emails. These scams cost organisations significantly, with the global average cost of a data breach reaching $4.9m in 2024. Reports reveal a 28% increase in phishing attacks in Q2 2024, with some firms receiving up to 36 phishing emails daily. Businesses are urged to adopt multi-layered security measures and employee training to mitigate these escalating threats.
Unconventional Russian Attack Could Cause 'Substantial' Casualties, Top NATO Official Warns
NATO officials warn that hybrid attacks, particularly from Russia, are escalating to levels considered intolerable just five years ago, describing the situation as akin to "boiling the frog." These unconventional threats, including sabotage and cyber attacks, pose a "real prospect" of substantial casualties or significant economic harm. The rise in incidents is linked to Western support for Ukraine and Moscow's perception of NATO as an adversary. In response, NATO is updating its strategy on hybrid warfare, enhancing tracking of incidents and clarifying red lines to deter escalation, addressing ambiguities around thresholds for invoking Article 5.
35 Chrome Extensions Began Stealing People's Data After the Developers Got Phished
Recent reports have highlighted the risks associated with compromised Chrome extensions after a phishing campaign targeted developers. Attackers used fake Google warnings to trick developers into sharing login credentials, allowing them to introduce malicious updates to 35 extensions. These updates harvested data from users. Notably, even two-factor authentication was bypassed during the attacks, exposing vulnerabilities in the security process. Organisations are advised to review their use of Chrome extensions against published threat lists and ensure robust security awareness for staff managing digital assets to mitigate risks of similar incidents.
China's Cyber Intrusions Took a Sinister Turn in 2024
In 2024, Chinese state-backed cyber attacks took a concerning turn, moving from traditional espionage to pre-positioning for potential disruptive operations targeting critical infrastructure. Groups like Volt Typhoon have infiltrated US networks, including emergency services and the electric grid, using stealth techniques to avoid detection. Despite efforts to dismantle botnets, attackers maintain access to compromised systems, leveraging legitimate tools for reconnaissance and persistence. Experts warn that these activities highlight gaps in critical infrastructure security, with many organisations unaware of vulnerabilities. US agencies urge urgent action, including patching systems, upgrading outdated equipment, and adopting multi-factor authentication, to mitigate future threats.
Third Party Risk Management is Critical as DORA and New FCA Rules Come into Effect
New rules coming into effect in 2025 will require IT firms deemed “critical” to the UK financial sector to enhance transparency around cyber attacks and resilience measures. Overseen by the Financial Conduct Authority, the Bank of England and the Prudential Regulation Authority, the measures aim to ensure the sector remains resilient against threats like cyber attacks and natural disasters. While industry experts broadly welcome the focus on third-party risk management, questions remain about supplier classification and data-sharing processes. Firms will also need to conduct resilience testing, potentially collaborating with financial institutions to ensure robust protection of financial market infrastructures.
Ransomware 2024: A Year of Tricks, Traps, Wins and Losses
Ransomware attacks in 2024 reached unprecedented levels, targeting critical sectors like healthcare, public infrastructure, and the cloud. The rise of ransomware-as-a-service (RaaS) enabled less experienced attackers to launch devastating campaigns, while nation-state actors leveraged ransomware for geopolitical gains. High-profile incidents exposed vulnerabilities in healthcare, disrupted infrastructure, and fuelled economic warfare. Recovery costs soared to an average of $3 million per attack, reflecting attackers’ increasing sophistication. Generative AI played a dual role, enhancing both defences and threats. These developments underscore ransomware’s evolution into a strategic and economic weapon, demanding heightened resilience, zero-trust adoption, and global collaboration in 2025 and beyond.
The Modern CISO is a Cornerstone of Organisational Success
The role of the Chief Information Security Officer (CISO), whether internal or outsourced, has evolved from a technical focus to being integral to business strategy, bridging cyber security with operational and strategic objectives. Modern CISOs align security initiatives with business goals, enhance customer trust, and ensure compliance with complex regulatory frameworks. Key responsibilities include embedding security into operations without disrupting productivity, managing risks such as legacy systems and resource constraints, and implementing measures like zero trust architecture. As businesses face emerging threats, the CISO’s strategic leadership is increasingly vital to fostering resilience and securing competitive advantage.
Ransomware Reality Check: Are You Ready to Face Organised Cyber Crime?
Ransomware attacks remain a pressing concern, with professional criminal enterprises leveraging advanced extortion tactics that target data confidentiality rather than just availability. The shift from data encryption to exfiltration has increased ransom demands and heightened reputational risks for organisations. Many companies lack clear ransomware-specific policies, leaving leadership to make critical decisions under pressure during incidents. Preparation is vital; pre-defined payment stances, established incident response retainers, and proactive resilience measures are essential. Ransomware is not just a technical issue but a moral and business challenge, requiring C-suite collaboration to mitigate risks and avoid financing organised crime.
How Cops Taking Down Ransomware Gangs Led to the Meteoric Rise of Another
RansomHub has emerged as a dominant ransomware group in 2024, accounting for approximately 20% of all ransomware and data exfiltration incidents in Q4. The group capitalised on the law enforcement takedowns of their competitors LockBit and ALPHV, recruiting affiliates with a highly lucrative 90-10 revenue split. Their aggressive tactics and rapid rise have attracted significant attention, with over 210 victims targeted within six months, including major organisations across various sectors. While their methods are not unique, their speed and affiliate-centric model position them as a critical threat in early 2025, with law enforcement and security firms closely monitoring their activity.
Experts Unsure of Risk Appetite as EU Beefs Up Cyber Rules for Critical Infrastructure
The EU’s NIS2 directive places a renewed focus on cyber security for critical infrastructure and essential services, including energy, transport, and banking. Executives are directly accountable for compliance, with the directive requiring robust risk management, incident reporting, and scrutiny of suppliers’ security measures. Concerns remain over inconsistent enforcement across member states, which could complicate implementation. Experts predict that NIS2 will set a global benchmark for managing cyber risks, similar to the influence of GDPR on data privacy. Business leaders should prepare for increased scrutiny, especially as the directive's scope may encompass more organisations than initially expected.
Sources:
https://www.xda-developers.com/35-chrome-extensions-stealing-peoples-data/
https://www.theregister.com/2024/12/31/china_cyber_intrusions_2024/
https://www.scworld.com/feature/ransomware-2024-a-year-of-tricks-traps-wins-and-losses
https://www.helpnetsecurity.com/2025/01/03/tomorrow-ciso-role-transformation/
https://insight.scmagazineuk.com/ransomware-reality-check-are-you-ready-to-face-organised-cybercrime
https://www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/
Governance, Risk and Compliance
The modern CISO is a cornerstone of organisational success - Help Net Security
Security leaders don't want to be held personally liable for attacks | TechRadar
How to Create an Enterprise-Wide Cyber Security Culture
What 2024’s Worst Cyber Attacks Show About Staying Safe in 2025
Cyber criminals tighten their grip on organisations - Help Net Security
Majority of UK SMEs Lack Cyber Security Policy - Infosecurity Magazine
CISO vs. CEO: Making a case for cyber security investments
The Most Dangerous People on the Internet in 2024 | WIRED
2025 is when the internet could finally die and the consequences will be huge | The Independent
Crafting and Refining a Strategic 2025 Cyber Security Budget - Infosecurity Magazine
2025: A Critical Year for Cyber Security Compliance in the EU and UK - Infosecurity Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Reality Check: Are You Ready To Face Organised Cyber Crime? | SC Media UK
Record-breaking ransoms and breaches: A timeline of ransomware in 2024 | TechCrunch
How LockBit and ALPHV’s takedowns fuelled RansomHub’s rise • The Register
Clop ransomware lists Cleo cyber attack victims | TechRadar
Top 10 Most Active Ransomware Groups of 2024 - Infosecurity Magazine
What 2024’s Worst Cyber Attacks Show About Staying Safe in 2025
Ransomware 2024: A year of tricks, traps, wins and losses | SC Media
Ransomware downtime costs US healthcare organisations $1.9M daily | Healthcare IT News
US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
Ransomware Victims
Clop ransomware lists Cleo cyber attack victims | TechRadar
Hackers Leak Rhode Island Citizens' Data on Dark Web - Infosecurity Magazine
Atos confirms not being compromised by the ransomware group
Thomas Cook Hit by Cyber Attack, IT Systems Impacted
Phishing & Email Based Attacks
Corporate executives are being increasingly targeted by AI phishing scams | TechRadar
Look out for hyper-personalized phishing attacks, powered by AI
New details reveal how hackers hijacked 35 Google Chrome extensions
These 35 Chrome extensions began stealing people's data after the developers got phished
Phishing Attack Allowed Malicious Chrome Extension to be Published | SC Media UK
Google Chrome extensions hack may have started much earlier than expected | TechRadar
Top 12 ways hackers broke into your systems in 2024 | CSO Online
Other Social Engineering
Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign - SecurityWeek
OAuth Identity Attack — Are your Extensions Affected? - Security Boulevard
Cyber security firm's Chrome extension hijacked to steal users' data
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft
Artificial Intelligence
Corporate executives are being increasingly targeted by AI phishing scams | TechRadar
Look out for hyper-personalized phishing attacks, powered by AI
AI agents may lead the next wave of cyber attacks - SiliconANGLE
LLMs could soon supercharge supply-chain attacks • The Register
'Bad Likert Judge' Jailbreaks OpenAI Defences
How will rules and regulations affect cyber security and AI in 2025? | SC Media
Deepfakes question our ability to discern reality - Help Net Security
Navigate the 2025 threat landscape with expert insights | TechTarget
2025: The Dawn of AI-Driven Cyber Crime
2FA/MFA
Google Chrome 2FA Bypass Attacks Confirmed—Millions Of Users At Risk
Malware
Experts warn of a surge in activity associated FICORA and Kaiten botnets
D-Link Botnet Attacks Surge in Global Spike - DataBreachToday
Malware botnets exploit outdated D-Link routers in recent attacks
Global Campaign Targets PlugX Malware with Innovative Portal - Infosecurity Magazine
Bots/Botnets
Experts warn of a surge in activity associated FICORA and Kaiten botnets
D-Link Botnet Attacks Surge in Global Spike - DataBreachToday
Malware botnets exploit outdated D-Link routers in recent attacks
Mobile
Wiping your Android phone? Here's the easiest way to erase all personal data | ZDNET
Critical Gmail Warning—Don’t Click Yes To These Google Security Alerts
Here's how to use the feature that protects your iPhone in case of a major cyber attack - PhoneArena
Denial of Service/DoS/DDoS
NTT Docomo hit by DDoS attack | Total Telecom
Internet of Things – IoT
Experts warn of a surge in activity associated FICORA and Kaiten botnets
D-Link Botnet Attacks Surge in Global Spike - DataBreachToday
Data Breaches/Leaks
Every minute, 4,080 records are compromised in data breaches - Help Net Security
Human error to blame in Ascension data breach that impacted 5.6 million patients | TechSpot
Massive VW Data Leak Exposed 800,000 EV Owners’ Movements, From Homes To Private Spaces | Carscoops
How Breach Readiness Will Shape Cyber Defence in 2025 - Security Boulevard
Machine gun, pistol and hundreds of devices lost by Ministry of Defence | UK News | Sky News
Cisco Confirms Authenticity of Data After Second Leak - SecurityWeek
Hackers Leak Rhode Island Citizens' Data on Dark Web - Infosecurity Magazine
ZAGG disclosed a data breach that exposed its customers' credit card data
Rhode Islanders’ Data Was Leaked From a Cyber Attack on State Health Benefits Website - SecurityWeek
Organised Crime & Criminal Actors
Cyber criminals tighten their grip on organisations - Help Net Security
Ransomware Reality Check: Are You Ready To Face Organised Cyber Crime? | SC Media UK
US Arrests Army Soldier Over AT&T, Verizon Hacking - SecurityWeek
2024: A jackpot year for North Korea's cyber criminals - Daily NK English
Insider Risk and Insider Threats
Human error to blame in Ascension data breach that impacted 5.6 million patients | TechSpot
Things not to store on your work laptop
Navigate the 2025 threat landscape with expert insights | TechTarget
US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
Insurance
How to Get the Most Out of Cyber Insurance
Supply Chain and Third Parties
Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign - SecurityWeek
OAuth Identity Attack — Are your Extensions Affected? - Security Boulevard
New details reveal how hackers hijacked 35 Google Chrome extensions
Google Chrome extensions hack may have started much earlier than expected | TechRadar
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents
LLMs could soon supercharge supply-chain attacks • The Register
Cloud/SaaS
Managing Cloud Risks Gave Security Teams a Big Headache in 2024
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
Azure compromise possible with Apache Airflow vulnerabilities | SC Media
Stay Ahead: Integrating IAM with Your Cloud Strategy - Security Boulevard
Identity and Access Management
Machine identities are the next big target for attackers - Help Net Security
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
Encryption
Quantum Computing Advances in 2024 Put Security In Spotlight
Will quantum computing break encryption as we know it?
Over 3 million mail servers without encryption exposed to sniffing attacks
The CISO’s guide to accelerating quantum-safe readiness
Passwords, Credential Stuffing & Brute Force Attacks
Passkeys were supposed to be secure and simple; here's how they fail
Regulations, Fines and Legislation
New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
Top 10 Data Protection Fines and Settlements of 2024 - Infosecurity Magazine
How will rules and regulations affect cyber security and AI in 2025? | SC Media
2025: A Critical Year for Cyber Security Compliance in the EU and UK - Infosecurity Magazine
UN cyber crime treaty adopted amid pushback | SC Media
US proposes cyber security rules to limit impact of health data leaks
Navigating the SEC’s Cyber Security Disclosure Rules: One Year On - Security Boulevard
US prohibits data sales to adversarial nations | SC Media
Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Snoopy Eavesdropping - SecurityWeek
Court strikes down US net neutrality rules - BBC News
Models, Frameworks and Standards
The 5 most impactful cyber security guidelines (and 3 that fell flat)
New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
Data Protection
Top 10 Data Protection Fines and Settlements of 2024 - Infosecurity Magazine
US prohibits data sales to adversarial nations | SC Media
Careers, Working in Cyber and Information Security
The state of cyber security and IT talent shortages - Help Net Security
Law Enforcement Action and Take Downs
Three Russian-German Nationals Charged with Espionage for Russian Secret Service
US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
US prohibits data sales to adversarial nations | SC Media
Nation State Actors
China
China's cyber intrusions turns sinister in 2024 • The Register
What to know about string of US hacks blamed on China - BBC News
Chinese Hackers Reportedly Targeted US Sanctions Office
Nato to boost Baltic Sea presence after suspected sabotage of underwater cable | Nato | The Guardian
Finland police seize ship after undersea power cable to Estonia is cut - The Washington Post
Finland finds drag marks on Baltic seabed after cable damage | Reuters
Palo Alto Firewalls Backdoored by Suspected Chinese Hackers
US Treasury hacked: Are China and the US stepping up their cyberwar? | Cyber Crime News | Al Jazeera
AT&T and Verizon say networks secure after Salt Typhoon breach
Lumen reports that it has locked out the Salt Typhoon group from its network
Germany Says Latest Undersea Cable Cut a ‘Wake-up Call' - The Moscow Times
Estonia navy to protect undersea power link after main cable damaged - BBC News
Finland moves tanker suspected of undersea cable damage closer to port | Reuters
Russia
Nato to boost Baltic Sea presence after suspected sabotage of underwater cable | Nato | The Guardian
Finland police seize ship after undersea power cable to Estonia is cut - The Washington Post
Finland finds drag marks on Baltic seabed after cable damage | Reuters
Ukraine recovers key notarial registers affected by Russian cyber attack | Ukrainska Pravda
Ukraine Cyber Support Funding Tops €200 million | SC Media UK
US sanctions Russian, Iranian groups for election interference | CyberScoop
Germany Says Latest Undersea Cable Cut a ‘Wake-up Call' - The Moscow Times
Three Russian-German Nationals Charged with Espionage for Russian Secret Service
Luxury Western Goods Line Russian Stores, Three Years Into Sanctions
Pro-Russian hackers target Italian airport websites – DW – 12/28/2024
Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group | Reuters
Russian media outlets Telegram channels blocked in European countries
Estonia navy to protect undersea power link after main cable damaged - BBC News
Finland moves tanker suspected of undersea cable damage closer to port | Reuters
Russian smugglers import luxury cars from Europe despite sanctions
Iran
US sanctions Russian, Iranian groups for election interference | CyberScoop
North Korea
2024: A jackpot year for North Korea's cyber criminals - Daily NK English
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
CISO vs. CEO: Making a case for cyber security investments
Managing Cloud Risks Gave Security Teams a Big Headache in 2024
Rotating Penetration Testing Providers: A Key to Robust Cyber Security | Luxembourg Times
Wiping your Android phone? Here's the easiest way to erase all personal data | ZDNET
Machine identities are the next big target for attackers - Help Net Security
How Breach Readiness Will Shape Cyber Defence in 2025 - Security Boulevard
2025 to be a Year of Reckoning for AI in Cyber Security - Infosecurity Magazine
Over 3 million mail servers without encryption exposed to sniffing attacks
Majority of UK SMEs Lack Cyber Security Policy - Infosecurity Magazine
Crafting and Refining a Strategic 2025 Cyber Security Budget - Infosecurity Magazine
CISOs don't invest enough in code security - Help Net Security
Stay Ahead: Integrating IAM with Your Cloud Strategy - Security Boulevard
Top security solutions being piloted today — and how to do it right | CSO Online
Shift left security — Good intentions, poor execution, and ways to fix it - SD Times
Regulations, security, and remote work: Why network outsourcing is booming - Help Net Security
Other News
The Most Dangerous People on the Internet in 2024 | WIRED
2025 is when the internet could finally die and the consequences will be huge | The Independent
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them
Machine gun, pistol and hundreds of devices lost by Ministry of Defence | UK News | Sky News
Satisfied with Your Cyber Security? Think Again - Security Boulevard
What Security Lessons Did We Learn in 2024?
Cyber Security Lags in Middle East Business Development
New Year’s cyber security resolutions that every startup should keep | TechCrunch
Tackling Cyber Security Challenges With Global Collaboration
Cyber attack on Japan Airlines: A wake-up call for aviation security - Travel Radar - Aviation News
Space Diplomacy: A New Frontier for Cyber Security Efforts - Modern Diplomacy
Addressing growing concerns about cyber security in manufacturing
Hackers Are Hot for Water Utilities
Cyber attacks are on the rise. Is the public sector prepared? - WHYY
Vulnerability Management
Top 12 ways hackers broke into your systems in 2024 | CSO Online
Vulnerabilities
Active Directory Flaw Can Crash Any Microsoft Server
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks - SecurityWeek
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip's creator says is a fake
Azure compromise possible with Apache Airflow vulnerabilities | SC Media
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
New Windows 11 24H2 bug could block future security updates - see who's affected | ZDNET
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 27 December 2024
Black Arrow Cyber Threat Intelligence Briefing 27 December 2024:
-Hackers are Using Russian Domains to Launch Complex Document-Based Phishing Attacks
-How Nation-State Cyber Criminals Are Targeting the Enterprise
-Phishing Report Findings Call for a Fundamental Shift in Organisational Approaches to Defence
-Organisations Need to Get Real About Threat of Cyber Attacks
-Dark Web Cyber Criminals are Buying Up IDs to Bypass KYC Methods
-Cl0p Ransomware Group to Name Over 60 Victims of Cleo Attack
-Service Disruptions Continue to Blindside Businesses
-Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%
-Ransomware Attackers Target Industries with Low Downtime Tolerance
-North Koreans Stole $1.34bn In Crypto This Year
-Beware Of Shadow AI: Shadow IT’s Less Well-Known Brother
-Working with Security Consultants Will Bolster Cyber Resilience as We Enter 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Hackers are Using Russian Domains to Launch Complex Document-Based Phishing Attacks
New research reveals a sharp increase in malicious emails, bypassing secure gateways every 45 seconds. Remote Access Trojans rose by 59%, while open redirects soared by 627%. Phishing attacks are shifting to Microsoft Office documents, surging by nearly 600% in malicious use, and Russian domains, used four to twelve times more, are now being used for data exfiltration. Attackers harness widely used services like TikTok and Google AMP to redirect unsuspecting users to harmful links. This surge in threats highlights the urgent need for stronger cyber security measures to protect organisations’ networks and data.
How Nation-State Cyber Criminals are Targeting the Enterprise
Nation-state threat actors, once focused on critical infrastructure, are now targeting enterprises across industries as geopolitical tensions escalate. In the past year, these advanced groups have increased attacks on organisations handling sensitive data, aiming to exfiltrate intellectual property and disrupt operations. Unlike traditional ransomware gangs, they have significant resources, persistence, and clear missions such as espionage or undermining rivals. This complex threat environment underscores the need for robust cyber security measures, from strengthening incident response planning and network visibility, to fostering partnerships with government and industry peers. Effective defence requires ongoing vigilance and collaboration to safeguard critical assets.
Phishing Report Findings Call for a Fundamental Shift in Organisational Approaches to Defence
SlashNext’s 2024 Phishing Intelligence Report reveals a significant escalation in phishing threats, urging organisations to rethink their defence strategies. Credential phishing attacks surged by 703%, while email-based threats rose by 202%, exposing users to up to 600 mobile threats annually. 80% of embedded malicious links were zero-day threats (for which there was no remedy at the time) and bypassed traditional detection methods. Social engineering attacks increased by 141%, targeting users across platforms like Microsoft Teams and Dropbox. Experts emphasise the need for proactive, adaptive security strategies, advanced identity verification, and machine learning to counter evolving threats and safeguard critical assets in a rapidly expanding threat landscape.
Organisations Need to Get Real About Threat of Cyber Attacks
The UK’s National Cyber Security Centre’s eighth annual review warns that the threat from state-led and criminal cyber attacks is greater than many organisations realise. The impact is already huge, with attacks costing businesses $2 trillion last year. Experts say technology is only part of the solution, calling for stronger human defences, “digital trust” and realistic scenario planning. By running regular incident response exercises and improving user awareness, leaders can better prepare for and respond to breaches, maintaining trust and protecting their operations.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Dark Web Cyber Criminals are Buying Up IDs to Bypass KYC Methods
A new report by iProov reveals a sophisticated dark web operation collecting genuine identity documents and biometric data, often purchased directly from individuals, to bypass Know Your Customer (KYC) processes. The operation spans Latin America and Eastern Europe, posing a significant risk to organisations relying on traditional identity verification systems. iProov warns that these complete identity packages, combining real documents with matching biometrics, are exceptionally challenging to detect. To counteract these threats, firms must adopt a multi-layered, real-time verification approach to confirm both humanity and identity, significantly enhancing defences against advanced impersonation fraud.
Cl0p Ransomware Group to Name Over 60 Victims of Cleo Attack
The Cl0p ransomware group has exploited vulnerabilities in Cleo’s file transfer products, affecting over 60 organisations, with victims being contacted and provided proof of stolen data. Blue Yonder, a supply chain software provider, is the only named victim so far, though more are expected to be publicly identified unless ransoms are paid. The vulnerabilities, exploited since early December, allowed attackers to steal files without authentication, and Cleo’s tools are used by over 4,000 customers. Cl0p’s actions mirror its previous MOVEit campaign, further highlighting the persistent risks of unpatched file transfer systems.
Service Disruptions Continue to Blindside Businesses
PagerDuty's latest report highlights service disruptions as a pressing concern for businesses, with 88% of executives predicting another major incident within a year. The July global IT outage exposed gaps in preparedness, with 83% of executives caught off guard, resulting in lost revenue (37%) and delayed responses (39%). Nearly half of UK, US, and Australian leaders, along with a majority in Japan, cite insufficient real-time data tools as a hindrance. As 86% admit to prioritising efforts to build security rather than being ready to react if the security is breached, the report emphasises the need for proactive planning to mitigate the financial and reputational impacts of future disruptions.
Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%
An infostealer is a type of malicious software designed to secretly gather private information, such as passwords, financial details, or other sensitive data, from an infected device. Once it collects this data, it sends it to the attacker, who can then misuse it for financial gain, identity theft, or other illegal activities. Cyber security software provider ESET has found a 369% increase in detections of the Lumma Stealer infostealer, now dominating attacks by targeting 2FA browser extensions, user credentials and cryptocurrency wallets. Organisations should consider the threat of infostealers and other malicious software as part of a cohesive cyber security strategy.
Ransomware Attackers Target Industries with Low Downtime Tolerance
Cyber security provider Dragos found that 23 ransomware groups, including newly emerged or rebranded operators, impacted industrial organisations in Q3 2024. They targeted sectors with low downtime tolerance, such as healthcare and finance, resulting in significant operational halts, financial losses, and data compromises. One major automotive software firm paid a $25m ransom, while an oilfield services provider lost $35m. Attackers have evolved to bypass multi-factor authentication and exploit VPN weaknesses, with living-off-the-land and remote access tools enabling stealthy intrusions. They also increasingly rely on initial access brokers, using advanced malware to persist in virtual environments and critical operations.
North Koreans Stole $1.34bn In Crypto This Year
Hackers linked to North Korea have reportedly stolen $1.34bn in cryptocurrency so far this year, accounting for over half of all such thefts. This surge highlights a reliance on illicit digital funds to finance ballistic missile and nuclear programmes, with the US estimating a third of North Korea’s missile development is funded by hacking. Attacks slowed after a reported strategic partnership with Russia in June which may have reduced North Korea’s dependency on cyber crime, although overall crypto-based hacking has risen. Despite total stolen amounts being lower than in previous years, the number of breaches is at a record 303, indicating an ongoing need for robust cyber security measures.
Beware Of Shadow AI: Shadow IT’s Less Well-Known Brother
Research indicates that 50–75% of employees use non-company AI tools, raising concerns around data leakage, compliance, and vulnerabilities to cyber attack. The number of these applications continues to surge, yet only 15% of organisations have a formal AI policy in place. This lack of oversight can lead to reputational and legal damage. While AI promises innovation and productivity gains, leaders must address Shadow AI by establishing robust governance, enforcing granular controls, and conducting frequent security audits. Boards should ensure their cyber security strategy helps mitigate these risks while unlocking AI’s benefits.
Working with Security Consultants Will Bolster Cyber Resilience as We Enter 2025
With a shortage of talent, new regulations on the horizon, and an evolving threat landscape, cyber resilience is becoming a top priority for organisations. The upcoming UK Cyber Security and Resilience Bill and stringent frameworks for financial institutions highlight the urgent need for robust defences. Despite this focus on cyber security, many organisations face recruitment hurdles due to an undersupplied talent pool. As a result, hiring external cyber security specialists is emerging as a cost-effective solution, giving businesses access to the necessary skills without the lengthy recruitment process. This approach helps close the talent gap while strengthening defences into 2025 and beyond.
Sources:
https://informationsecuritybuzz.com/phishing-report-findings-fundamental/
https://www.securityweek.com/cl0p-ransomware-group-to-name-over-60-victims-of-cleo-attack/
https://www.helpnetsecurity.com/2024/12/26/service-disruptions-concern/
https://www.infosecurity-magazine.com/news/infostealers-lumma-stealer/
https://www.infosecurity-magazine.com/news/ransomware-industries-downtime/
https://www.silicon.co.uk/security/cyberwar/north-korea-hacking-593725
https://www.securityweek.com/beware-of-shadow-ai-shadow-its-less-well-known-brother/
Governance, Risk and Compliance
Organisations Need To Get Real About Threat Of Cyber Attacks
Working with security consultants will bolster cyber resilience as we enter 2025
Small Business Cyber Security Statistics
Half of UK businesses hit by cyber breaches in 2024 - Digital Journal
The holiday crunch: Threats security teams face and how to mitigate them | ITPro
Managing Threats When Most of the Security Team Is Out of the Office
How Nation-State Cyber Criminals Are Targeting the Enterprise
Cyber security response: Not just an IT issue but an emergency preparedness priority - Nextgov/FCW
Why the industry can’t afford complacency in 2025 | SC Media
New Study Reveals Widening Gap Between Cyber Attack Causes and Public Perception
Top Cyber Security Compliance Issues Businesses Face Today - Security Boulevard
Navigating the Cyber Threat Landscape: Lessons Learned & What’s Ahead
Cyber Risks and Insurance 2025 Forecast | Wiley Rein LLP - JDSupra
Cyber security spending trends and their impact on businesses - Help Net Security
Cyber security: The changing threat and risk landscape | A&O Shearman - JDSupra
Businesses Need New AI Governance in Cyber Security and Privacy
How to Streamline Your Cyber Security Risk Management Process
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Attackers Target Industries with Low Downtime Tolerance - Infosecurity Magazine
Small Business Cyber Security Statistics
Half of UK businesses hit by cyber breaches in 2024 - Digital Journal
Clop ransomware is now extorting 66 Cleo data-theft victims
LockBit Admins Tease a New Ransomware Version - Infosecurity Magazine
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
New Warning As Self-Deleting Cyber Attack Targets Windows, Mac
Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine
Beware Feb. 3, 2025—Diabolic Ransomware Gang Issues New Attack Warning
Suspected LockBit dev faces extradition to the US • The Register
How companies can fight ransomware impersonations - Help Net Security
Nearly four decades on and, like Jesus, ransomware won't die • The Register
6 Crafty Tactics Cyber Criminals Use To Snag Money From Home Users Fast
Facing the Specter of Cyber Threats During the Holidays
Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts
Ransomware Victims
Clop ransomware is now extorting 66 Cleo data-theft victims
5.6M people exposed in Ascension Health ransomware incident earlier this year | Cybernews
Hackney Council: Cyber Attack Cost 'hundreds of thousands' - BBC News
Krispy Kreme breach, data theft claimed by Play ransomware gang
Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme - SecurityWeek
Phishing & Email Based Attacks
Phishing Report Findings Call For A Fundamental Shift In Organisational Approaches To Defence
This devious two-step phishing campaign uses Microsoft tools to bypass email security | TechRadar
Hackers are using Russian domains to launch complex document-based phishing attacks | TechRadar
Fake DocuSign docs used to secure corporate credentials in mishing campaign | SC Media
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
A new Microsoft 365 phishing service has emerged, so be on your guard | TechRadar
Urgent New Gmail Security Warning For Billions As Attacks Continue
Defence Giant General Dynamics Says Employees Targeted in Phishing Attack - SecurityWeek
Other Social Engineering
You Need to Create a Secret Password With Your Family | WIRED
Lazarus APT targeted employees at an unnamed nuclear-related organisation
North Korean “Laptop Farm” IT Worker Scam Targets Multiple High-Profile Companies | Ankura - JDSupra
Artificial Intelligence
AI-driven scams are about to get a lot more convincing - Help Net Security
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case
Beware Of Shadow AI – Shadow IT's Less Well-Known Brother - SecurityWeek
AI impersonators will wreak havoc in 2025. Here’s what to look for | PCWorld
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatG - Infosecurity Magazine
You Need to Create a Secret Password With Your Family | WIRED
Urgent New Gmail Security Warning For Billions As Attacks Continue
Businesses Need New AI Governance in Cyber Security and Privacy
Will AI Drive Efficiency and Budget Growth? Risks, Rewards & Reality - Security Boulevard
Open source machine learning systems are highly vulnerable to security threats | TechRadar
The Intersection of AI and OSINT: Advanced Threats On The Horizon - SecurityWeek
2FA/MFA
Evilginx: Open-source man-in-the-middle attack framework - Help Net Security
Home for the holidays? Share this top cyber security advice with friends and family | TechCrunch
Malware
Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400% - Infosecurity Magazine
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case
New Warning As Self-Deleting Cyber Attack Targets Windows, Mac
Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine
Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts
New 'OtterCookie' malware used to backdoor devs in fake job offers
Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware
Bots/Botnets
Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns - Infosecurity Magazine
BadBox rapidly grows, 190,000 Android devices infected - Security Affairs
How Not To Become A Botnet Victim: A Practical Guide For Everyone
New botnet exploits vulnerabilities in NVRs, TP-Link routers
How Androxgh0st, the hybrid botnet, rose from Mozi's ashes • The Register
Botnets leverage decade-old D-Link vulnerabilities in new attack campaigns - SiliconANGLE
A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs
Mobile
Apple warns spyware targets via ‘threat notifications,’ offers these next steps - 9to5Mac
CISA: Use Signal or other secure communications app - Help Net Security
Fake DocuSign docs used to secure corporate credentials in mishing campaign | SC Media
ICO Warns of Festive Mobile Phone Privacy Snafu - Infosecurity Magazine
iOS devices more exposed to phishing than Android - Help Net Security
FBI Says Use Secret Word, NSA Says Reboot iPhone—Should You Listen?
Spyware Maker NSO Group Found Liable In US Court | Silicon UK
Denial of Service/DoS/DDoS
DNSSEC Denial-of-Service Attacks Show Technology's Fragility
Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine
DDoS Attacks Surge as Africa Expands Its Digital Footprint
Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
7 Ways to Stop VoIP DDoS Attacks from Crashing Your Phones
Internet of Things – IoT
Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns - Infosecurity Magazine
BadBox rapidly grows, 190,000 Android devices infected - Security Affairs
New botnet exploits vulnerabilities in NVRs, TP-Link routers
How Androxgh0st, the hyrbird botnet, rose from Mozi's ashes • The Register
A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs
6 Easy Ways To Make Your Smart Home More Secure
Data Breaches/Leaks
Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400% - Infosecurity Magazine
Small Business Cyber Security Statistics
Half of UK businesses hit by cyber breaches in 2024 - Digital Journal
Clop ransomware threatens 66 Cleo attack victims with data leak
These were the badly handled data breaches of 2024 | TechCrunch
5.6M people exposed in Ascension Health ransomware incident earlier this year | Cybernews
Ascension: Health data of 5.6 million stolen in ransomware attack
FTC orders Marriott and Starwood to implement strict data security
Peugeot Data Breach: Hackers Threaten to Release Stolen Client Information
What Should You Do When You Receive a Data Breach Notice? - CNET
Organised Crime & Criminal Actors
Major Biometric Data Farming Operation Uncovered - Infosecurity Magazine
New Study Reveals Widening Gap Between Cyber Attack Causes and Public Perception
Message service predominantly used by Pixel users intercepted by authorities - PhoneArena
Suspected LockBit dev faces extradition to the US • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korea hackers behind 60% of all crypto stolen in 2024
North Koreans Stole $1.34bn In Crypto This Year | Silicon UK Tech
NFT scammers charged for stealing $22 million through "rug pulls" - Help Net Security
US and Japan Blame North Korea for $308m Crypto Heist - Infosecurity Magazine
Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine
South Korea sanctions 15 North Koreans for crypto heists and cyber theft
Crypto scam suspect arrested in bed as cyber crime cops raid home - Manchester Evening News
Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts
Insurance
Cyber Risks and Insurance 2025 Forecast | Wiley Rein LLP - JDSupra
Cloud/SaaS
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
A new Microsoft 365 phishing service has emerged, so be on your guard | TechRadar
Amazon Security Warning As 3 High-Rated Vulnerabilities Hit Cloud
Why Cloud Identity Attacks Outpace On-Premises Risks
Outages
Service disruptions continue to blindside businesses - Help Net Security
Identity and Access Management
Non-Human Identities Gain Momentum, Requires Both Management, Security
Why Cloud Identity Attacks Outpace On-Premises Risks
Encryption
Why cryptography is important and how it’s continually evolving - Security Boulevard
Linux and Open Source
What open source means for cyber security - Help Net Security
Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine
Strengthening open source: A roadmap to enhanced cyber security - Nextgov/FCW
The Linux log files you should know and how to use them | ZDNET
Open source machine learning systems are highly vulnerable to security threats | TechRadar
Passwords, Credential Stuffing & Brute Force Attacks
Home for the holidays? Share this top cyber security advice with friends and family | TechCrunch
Social Media
Drug Dealers Have Moved on to Social Media | WIRED
Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts
Regulations, Fines and Legislation
Meet the In-Laws: the UK’s Digital Legislative Agenda for 2025 | Ropes & Gray LLP - JDSupra
EU DORA: Are you in scope, and if so, how can you prepare? | King & Spalding - JDSupra
The Cyber Resilience Act: A Field Guide for CTOs and CISOs | HackerNoon
A Hit-and-Miss First Year for SEC’s Cyber Incident Reporting Rules | MSSP Alert
Trump 2.0 Portends Big Shift in Cyber Security Policies
Guardians Of Peace: The EU’s Role In Global Security – OpEd – Eurasia Review
Europe's move toward cyber security sovereignty [Q&A]
INTERPOL welcomes adoption of UN convention against cyber crime
FTC orders Marriott and Starwood to implement strict data security
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT - Infosecurity Magazine
Cyber experts applaud White House cyber security plan
Models, Frameworks and Standards
EU DORA: Are you in scope, and if so, how can you prepare? | King & Spalding - JDSupra
The Cyber Resilience Act: A Field Guide for CTOs and CISOs | HackerNoon
Data Protection
5 Questions to Ask to Ensure Data Resiliency
Law Enforcement Action and Take Downs
BadBox rapidly grows, 190,000 Android devices infected - Security Affairs
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
NFT scammers charged for stealing $22 million through "rug pulls" - Help Net Security
LockBit Taunts New Version as Original Developer Charged | SC Media UK
Interpol Identifies Over 140 Human Traffickers in New Initiative - Infosecurity Magazine
Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine
Massive live sports piracy ring with 812 million yearly visits taken offline
Message service predominantly used by Pixel users intercepted by authorities - PhoneArena
Crypto scam suspect arrested in bed as cyber crime cops raid home - Manchester Evening News
Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The 2024 cyberwar playbook: Tricks used by nation-state actors | CSO Online
Middle East Cyberwar Rages On, With No End in Sight
Nation State Actors
How Nation-State Cyber Criminals Are Targeting the Enterprise
China
CISA: Use Signal or other secure communications app - Help Net Security
DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7
Hundreds of organisations were notified of potential Salt Typhoon compromise - Nextgov/FCW
Major cyber security attack from China exposes systematic flaws - TheStreet
Feds lay blame while Chinese telecom attack continues | CyberScoop
Russia
Russia fires its biggest cyber weapon against Ukraine | CSO Online
Ukraine blames Russia for mega cyber attack on ‘critically important’ infrastructure – POLITICO
Hackers are using Russian domains to launch complex document-based phishing attacks | TechRadar
DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7
Russian cyber attack: Breach occurred at 'top-level account,' MP says
Iran
DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7
OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organisations
Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware
North Korea
North Korea hackers behind 60% of all crypto stolen in 2024
North Koreans Stole $1.34bn In Crypto This Year | Silicon UK Tech
US and Japan Blame North Korea for $308m Crypto Heist - Infosecurity Magazine
Lazarus APT targeted employees at an unnamed nuclear-related organisation
North Korean “Laptop Farm” IT Worker Scam Targets Multiple High-Profile Companies | Ankura - JDSupra
New 'OtterCookie' malware used to backdoor devs in fake job offers
South Korea sanctions 15 North Koreans for crypto heists and cyber theft
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Middle East Cyberwar Rages On, With No End in Sight
Europe is the top target for hacktivists, Orange Cyberdefence report reveals | Total Telecom
Apple warns spyware targets via ‘threat notifications,’ offers these next steps - 9to5Mac
Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users - The Verge
Tools and Controls
ICO Warns of Festive Mobile Phone Privacy Snafu - Infosecurity Magazine
DNSSEC Denial-of-Service Attacks Show Technology's Fragility
What is security service edge (SSE)? | ITPro
Modern IAM: What it looks like, how to achieve it | SC Media
API security blind spots put businesses at risk - Help Net Security
The Linux log files you should know and how to use them | ZDNET
The Pen Test Trap: Why Most Businesses Get It Wrong | MSSP Alert
Cyber security response: Not just an IT issue but an emergency preparedness priority - Nextgov/FCW
Do Honeypots Still Matter? | HackerNoon
Cyber security spending trends and their impact on businesses - Help Net Security
Maximizing the impact of cyber crime intelligence on business resilience - Help Net Security
The Intersection of AI and OSINT: Advanced Threats On The Horizon - SecurityWeek
How Generative AI Is Powering A New Era Of Cyber Security
Too Much 'Trust,' Not Enough 'Verify'
5 Common DNS Vulnerabilities and How to Protect Your Network - Security Boulevard
New 'OtterCookie' malware used to backdoor devs in fake job offers
How to Streamline Your Cyber Security Risk Management Process
The Role of Enterprise Browsers in Securing Remote Work and Hybrid Teams - IT Security Guru
Law enforcement agencies see AI as a key tool for reducing crime - Help Net Security
Other News
The holiday crunch: Threats security teams face and how to mitigate them | ITPro
Managing Threats When Most of the Security Team Is Out of the Office
New Study Reveals Widening Gap Between Cyber Attack Causes and Public Perception
The Worst Hacks of 2024 | WIRED
Decoding the end of the decade: What CISOs should watch out for | Computer Weekly
Cyber Security Resolutions: Skill Sets to Prioritize in 2025
The complexities of cyber security in local government | UKAuthority
The Geopolitics of Water: Cyber Attacks' Impact on Water Stress in the U.S. and Beyond
Scottish rail network 'wholly unequipped' for digital world amid 'Nightsleeper' cyber attack fears
Estate agents warned against festive cyber attacks - Property Industry Eye
Vulnerability Management
Emerging Threats, Vulns to Prepare for in 2025
Impact of Unpatched Vulnerabilities in 2025 - Security Boulevard
Top 7 zero-day exploitation trends of 2024 | CSO Online
Vulnerabilities
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
How to Protect Your Environment from the NTLM Vulnerability
BeyondTrust says hackers hit its remote support products | TechRadar
Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
Microsoft warns of Windows 11 24H2 installation issue that blocks all future security updates
Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
Fortinet flags some worrying security bugs coming back from the dead | TechRadar
Amazon Security Warning As 3 High-Rated Vulnerabilities Hit Cloud
Adobe warns of critical ColdFusion bug with PoC exploit code
Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP - Infosecurity Magazine
OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organisations
Open source machine learning systems are highly vulnerable to security threats | TechRadar
Microsoft fixes bug behind random Office 365 deactivation errors
Botnets leverage decade-old D-Link vulnerabilities in new attack campaigns - SiliconANGLE
TrueNAS device vulnerabilities exposed during hacking competition | TechRadar
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 20 December 2024
Black Arrow Cyber Threat Intelligence Briefing 20 December 2024:
-Mobile Spear Phishing Targets Executive Teams
-From Digital Risk to Physical Threat: Why Cyber Security Must Evolve for Executives
-Why HNWIs are Seeking Personal Cyber Security Consultants
-Ransomware in 2024: New Players, Bigger Payouts, and Smarter Tactics
-Credential Phishing Attacks Up Over 700 Percent
-All Major European Financial Firms Suffer Supplier Breaches
-Phishers Cast Wide Net with Spoofed Google Calendar Invites
-Security Leaders Say Machine Identities Are Next Big Target for Cyber Attack
-Ransomware Defences are Weakened by Backup Technology
-Cyber Security is Never Out-of-Office: Protecting Your Business Anytime, Anywhere
-Ransomware, Deepfakes, and Scams: The Digital Landscape in 2024
-UK Companies Face Increasing Cyber Security Risks Across a Range of Threats
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Mobile Spear Phishing Targets Executive Teams
Over the past few months, sophisticated spear phishing campaigns have intensified, targeting corporate executives via mobile devices and trusted business platforms. These attacks leverage advanced redirection techniques, PDF-based phishing links and compromised domains to bypass traditional defences. Mobile devices represent a distinct and often unsecured attack surface, enabling threat actors to harvest high-value corporate credentials with alarming efficiency. To protect against these evolving threats, organisations require education and awareness as well as advanced, on-device detection and prevention measures. Recent research has shown that zero-day protection and adaptive, mobile-specific security solutions are now critical to safeguarding sensitive enterprise data.
From Digital Risk to Physical Threat: Why Cyber Security Must Evolve for Executives
Protecting executives goes beyond digital measures, as these leaders’ personal safety and actions directly affect company valuation, investor confidence, and regulatory scrutiny. The US Securities and Exchange Commission (SEC)’s emphasis on governance and risk transparency underscores the importance of securing executives against both cyber and physical threats. Proactive approaches - blending digital and physical security, continuous monitoring of key terms, and behavioural science insights - are vital. By identifying threats early, understanding their social context, and ensuring senior leaders appreciate these vulnerabilities, organisations can strengthen resilience, reassure stakeholders, and meet regulatory expectations in evolving threat landscape.
Why HNWIs are Seeking Personal Cyber Security Consultants
High net worth individuals (HNWIs) are facing increasingly complex and evolving cyber threats, from phishing and ransomware to social engineering. Their wealth, influence and public profile make them prime targets, exposing them to severe financial, reputational and personal risks. HNWIs need to ensure they have conducted tailored risk assessments, and ensure appropriate security controls, constant monitoring, and privacy management for individuals and families. With global cyber crime costs projected to reach $10.5 trillion annually by 2025, these actions help safeguard digital assets, protect reputations, and ensure peace of mind in an ever more volatile online environment.
Ransomware in 2024: New Players, Bigger Payouts, and Smarter Tactics
Ransomware remains the leading global cyber security threat in 2024, with new groups rising after criminal takedowns. Demands soared, including a record-breaking $75 million ransom. Attacks span multiple sectors, with the construction industry hit hardest, and often occur overnight or at weekends. Over three-quarters paid ransoms, with average demands exceeding $1.5 million, and recovery costs surpassing $2.7 million. Smaller enterprises are especially vulnerable.
Credential Phishing Attacks Up Over 700 Percent
Phishing remains a top concern for organisations worldwide, with a new report showing credential-based attacks increasing by 703% in late 2024. Overall email threats rose by 202%, exposing employees to up to six threats per week and as many as 600 mobile threats annually. 80% of malicious links were previously unknown, underscoring limitations in static defences. Social engineering-based attacks surged by 141%, forcing leaders to reconsider their approach. Experts anticipate continued escalation in 2025, stressing the need for comprehensive and proactive security strategies backed by real-time detection and adaptable mitigation measures to outpace increasingly agile attackers.
All Major European Financial Firms Suffer Supplier Breaches
New research found that all major European financial firms experienced supplier-related breaches last year. Only a quarter achieved top-tier cyber security resilience ratings, while nearly all suffered from third- and fourth-party breaches. Around a fifth also endured a direct breach. Some 33% of financial services companies received a lower rating, with pending EU regulations like DORA adding urgency. Scandinavian firms outperformed peers, whereas French organisations reported the highest rate of supply chain breaches. Improving domain name system (DNS) configurations, endpoint security and patching cycles were recommended to strengthen defences.
Phishers Cast Wide Net with Spoofed Google Calendar Invites
A recent phishing campaign has spoofed Google Calendar invites, reaching about 300 organisations with more than 4,000 malicious emails over four weeks. Fraudsters trick users into clicking bogus links that eventually lead to fake sites designed to steal personal and financial details. Such attacks are lucrative: last year, victims in one country lost nearly $19 million to phishing scams. Security experts advise verifying links before clicking, and using two-factor authentication. As criminals easily adapt their methods, staying vigilant and questioning unusual requests remain vital for safeguarding against these persistent social engineering threats.
Security Leaders Say Machine Identities Are Next Big Target for Cyber Attack
New research shows many organisations faced cloud related security incidents last year, causing delays for over half, service outages for almost half, and data breaches for nearly a third. Security leaders warn that machine identities, especially access tokens and service accounts, are the next major target. They also predict more sophisticated supply chain attacks involving AI. Conflicts persist between security and development teams, and complexity grows as machine identities proliferate. Experts say securing these identities, along with automated protection and comprehensive controls, is now essential to safeguard cloud environments and ensure stable, secure business operations.
Ransomware Defences are Weakened by Backup Technology
Recent research by Object First shows ransomware attacks increasingly target backup data and exploit vulnerabilities. Research participants said their outdated systems (34%), limited encryption (31%) and failed backups (28%) weaken defences. Immutable storage is seen as vital, with 93% agreeing it is essential and 97% planning to invest. Zero Trust principles are widely supported, but managing these technologies poses challenges. Nearly 41% lack the necessary skills and 69% cannot afford extra expertise. The findings underscore the urgency for resilient, ransomware-proof backup systems and highlight the need for robust cyber security measures to mitigate these evolving threats.
Cyber Security is Never Out-of-Office: Protecting Your Business Anytime, Anywhere
With many staff away during the festive season, cyber criminals see an ideal opportunity to strike. Ransomware attacks surge by around 30% on public holidays and weekends, with 89% of security professionals worried about off-hours threats. As payment rates have fallen from around 80% to 36% over five years, attackers now exploit vulnerable times such as night shifts to make their attacks more effective. Organisations must ensure year-round vigilance, including strong authentication, continuous patching, and clear incident response plans. Proper training, supply chain security, data encryption and processes to verify money transfers are essential. In short, robust cyber security plans cannot afford an “out of office.”
Ransomware, Deepfakes, and Scams: The Digital Landscape in 2024
ESET’s 2024 threat report highlights a surge in investment and crypto scams, often using deepfakes and celebrity images to enhance credibility. New ransomware operators have emerged to fill the void left by ransomware gangs such as Lockbit, with RansomHub alone claiming nearly 500 victims, including major companies. Infostealer activity has shifted as infostealers RedLine and Meta were taken down, boosting their competitor Lumma’s popularity by 368%. Malware trends are mixed, with the detection of Agent Tesla malware down by 26% but Formbook malware showing a dramatic spike of up to 7,000 daily detections. Despite some law enforcement successes, the cyber security landscape remains unpredictable and continuously evolving.
UK Companies Face Increasing Cyber Security Risks Across a Range of Threats
New findings from Horizon3.ai’s "Cyber Security Report UK 2024/2025" show a growing risk environment across various industries, with nearly half of UK organisations (48%) citing stolen user credentials as a top cyber security threat. Insufficiently secured or unknown data stores were noted by 42%, and almost a third (29%) flagged attacks exploiting known but unpatched software vulnerabilities. In the survey of 150 executives and IT professionals, 69% reported at least one cyber attack in the past two years, yet 66% lack adequate defences. Experts advise continuous penetration testing and more proactive, attacker-focused security measures to strengthen resilience, given the escalation in attack complexity and severity.
Sources:
https://securityboulevard.com/2024/12/mobile-spear-phishing-targets-executive-teams/
https://securityboulevard.com/2024/12/why-hnwis-are-seeking-personal-cybersecurity-consultants/
https://www.helpnetsecurity.com/2024/12/19/ransomware-surveys-2024/
https://betanews.com/2024/12/18/credential-phishing-attacks-up-over-700-percent/
https://www.infosecurity-magazine.com/news/all-europes-top-financial-firms/
https://www.theregister.com/2024/12/18/google_calendar_spoofed_in_phishing_campaign/
https://www.techradar.com/pro/security/ransomware-deepfakes-and-scams-the-digital-landscape-in-2024
Governance, Risk and Compliance
Why HNWIs are Seeking Personal Cyber Security Consultants - Security Boulevard
From digital risk to physical threat: Why cyber security must evolve for executives | SC Media
Innovation, insight and influence: the CISO playbook for 2025 and beyond | Computer Weekly
77% of IT leaders cite cyber security as top challenge in global survey
ISC2 Survey Reveals Critical Gaps in Cyber Security Leadership Skills - Infosecurity Magazine
How to turn around a toxic cyber security culture | CSO Online
The evolution of incident response: building a successful strategy | TechRadar
The Importance of Empowering CFOs Against Cyber Threats
How the cyber security landscape affects the financial sector
Threat of personal liability has CISOs sweating | ITPro
70% of cyber security leaders influenced by personal liability concerns | Security Magazine
CISO accountability: Navigating a landscape of responsibility - Help Net Security
How weaponized AI drives CISO burnout – and what to do about it | SC Media
CISO Challenges for 2025: Overcoming Cyber Security Complexities - Security Boulevard
MSSP Market Update: Fortune 500 Firms Fail at Cyber Security | MSSP Alert
2025 is set to bring changes in technology adoption and the evolving attack surface
Cyber security In 2025 – A New Era Of Complexity
To Defeat Cyber Criminals, Understand How They Think
The evolution of incident response: building a successful strategy | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware threat shows no sign of slowing down | Microscope
Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop
The year in ransomware: Security lessons to help you stay one step ahead - Security Boulevard
Ransomware in 2024: New players, bigger payouts, and smarter tactics - Help Net Security
‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful… | Intel 471
Cyber security is never out-of-office: Protecting your business anytime, anywhere
46% of financial institutions had a data breach in the past 24 months - Help Net Security
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High - Infosecurity Magazine
Clop ransomware claims responsibility for Cleo data theft attacks
Ransomware, deepfakes, and scams: the digital landscape in 2024 | TechRadar
RansomHub emerges as dominant ransomware group as 2024 ends | SC Media
LockBit ransomware gang teases February 2025 return | Computer Weekly
How Cyber Attacks Hold Patient Care Hostage | MedPage Today
Ransomware Gang Says Deloitte Sucks at Their Job - Going Concern
How Do We Build Ransomware Resilience Beyond Just Backups?
Romanian Netwalker ransomware affiliate sentenced to 20 years in prison
How to mitigate wiper malware | TechTarget
Ransomware Victims
46% of financial institutions had a data breach in the past 24 months - Help Net Security
Clop ransomware claims responsibility for Cleo data theft attacks
How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch
The Bookseller - News - Waterstones hit by Blue Yonder ransomware gang attack
Ransomware Gang Says Deloitte Sucks at Their Job - Going Concern
Rhode Island confirms data breach after Brain Cipher ransomware attack
Major Auto Parts Firm LKQ Hit by Cyber Attack - SecurityWeek
Phishing & Email Based Attacks
How Companies Lose Millions Of Dollars To Phishing
Credential phishing attacks up over 700 percent
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets
Phishing Attacks Double in 2024 - Infosecurity Magazine
Credential phishing attacks rose by 703% in H2 of 2024 | Security Magazine
Mobile Spear Phishing Targets Executive Teams - Security Boulevard
MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security
Organisations Warned of Rise in Okta Support Phishing Attacks - SecurityWeek
Google Calendar invites spoofed in phishing campaign • The Register
Crooks use Docusign lures to attempt Azure account takeovers • The Register
Credential phishing attacks surge, report reveals | SC Media
Executives targeted in mobile spearphishing attacks | Security Magazine
YouTube Channels Targeted With Windows Malware Phishing Attacks
Inside the latest phishing campaigns: dissecting CarPhish, EDG, Tpass, and Mamba2FA kits - VMRay
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
HubSpot phishing targets 20,000 Microsoft Azure accounts
European firms subjected to HubSpot-exploiting phishing | SC Media
New fake Ledger data breach emails try to steal crypto wallets
New Gmail Security Warning For 2.5 Billion—Second Attack Wave Incoming
Other Social Engineering
FTC warns of online task job scams hooking victims like gambling
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
Cyber Criminals Exploit Google Calendar to Spread Malicious Links - Infosecurity Magazine
Microsoft Teams Vishing Spreads DarkGate RAT
Mobile Spear Phishing Targets Executive Teams - Security Boulevard
MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security
DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media
Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System
‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful… | Intel 471
Cyber security is never out-of-office: Protecting your business anytime, anywhere
Interpol: Stop calling it 'pig butchering' • The Register
Now Scammers Are Abusing Legitimate Services to Show You Fake CAPTCHAs
Watch Out for These Holiday Cyber Attacks
Artificial Intelligence
The threat of AI-driven cyber warfare is real and it can disrupt the world
Ransomware, deepfakes, and scams: the digital landscape in 2024 | TechRadar
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
Bosses struggle to police workers’ use of AI
How weaponized AI drives CISO burnout – and what to do about it | SC Media
With 'TPUXtract,' Attackers Can Steal Orgs' AI Models
Identity fraud attacks using AI are fooling biometric security systems | TechRadar
Cloud Threat Landscape Report: AI-generated attacks low for the cloud
2024 Cyber Review: Trump Re-Election Eclipses AI and Ransomware Stories
AI is becoming the weapon of choice for cyber criminals - Help Net Security
Cyber leaders are bullish on generative AI despite risks: report | CIO Dive
Malvertisers Fool Google With AI-Generated Decoys
Malware
How infostealers are used in targeted cyber attacks
Microsoft Teams Vishing Spreads DarkGate RAT
DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media
Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System
Winnti hackers target other threat actors with new Glutton PHP backdoor
PHP backdoor looks to be work of Chinese-linked APT group | CyberScoop
Google, Amnesty International uncover new surveillance malware | SC Media
FBI spots HiatusRAT malware attacks targeting web cameras, DVRs
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection
Malvertising on steroids serves Lumma infostealer - Help Net Security
That cheap webcam? HiatusRAT may be targeting it, FBI warns | CSO Online
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
YouTube Creators Targeted in Major Phishing Campaign - Infosecurity Magazine
How to mitigate wiper malware | TechTarget
Evasive Node.js loader masquerading as game hack - Help Net Security
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems - SecurityWeek
A new antivirus model to fight against evasive malware - Diari digital de la URV
Critical flaw in WordPress plugin exploited to install malicious software | SC Media
Bitter APT Targets Turkish Defence Sector with WmRAT and MiyaRAT Malware
Thai Police Systems Under Fire From 'Yokai' Backdoor
Lazarus targets nuclear-related organisation with new malware | Securelist
Malicious Microsoft VSCode extensions target devs, crypto community
Bots/Botnets
Mirai botnet targets SSR devices, Juniper Networks warns
Juniper Warns of Mirai Botnet Targeting Session Smart Routers - SecurityWeek
Mobile
Mobile Spear Phishing Targets Executive Teams - Security Boulevard
Addressing BYOD Vulnerabilities in the Workplace - Security Boulevard
This Nasty Android Malware Is Picking Up Pace and Targeting Certain Devices
Executives targeted in mobile spearphishing attacks | Security Magazine
BadBox malware botnet infects 192,000 Android devices despite disruption
Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch
Authorities abroad use phone-cracking tools to install spyware, report says - The Washington Post
New Android NoviSpy spyware linked to Qualcomm zero-day bugs
Internet of Things – IoT
Chinese wi-fi tech used in British homes investigated over hacking fears
Concerns over consumer surveillance in some smart devices | News UK Video News | Sky News
Multiple flaws in Volkswagen Group's infotainment unit allow for vehicle compromise
FBI spots HiatusRAT malware attacks targeting web cameras, DVRs
That cheap webcam? HiatusRAT may be targeting it, FBI warns | CSO Online
Zero Day Initiative — Detailing the Attack Surfaces of the Tesla Wall Connector EV Charger
Mirai botnet targets SSR devices, Juniper Networks warns
Juniper Warns of Mirai Botnet Targeting Session Smart Routers - SecurityWeek
FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems - SecurityWeek
Germany blocks BadBox malware loaded on 30,000 Android devices
Data Breaches/Leaks
46% of financial institutions had a data breach in the past 24 months - Help Net Security
Huge cyber crime attack sees 390,000 WordPress websites hit, details stolen | TechRadar
Hacker Leaks Cisco Data - SecurityWeek
Consumers wrongly attribute all data breaches to cyber criminals - Help Net Security
Millions stolen from LastPass users in massive attack — what you need to know | Tom's Guide
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
LastPass threat actor steals $5.4M from victims just a week before Xmas
Deloitte handling 'major' cyber attack on Rhode Island system • The Register
Nearly 400,000 WordPress credentials stolen | Security Magazine
LastPass Hackers Allegedly Stole $5 Million This Week—Report
How common are consumer data breaches? | Chain Store Age
Texas Tech University System data breach impacts 1.4 million patients
Meta Fined $264M for Security Breach in Facebook's 'View As' Feature - CNET
International Development Firm Chemonics Sued Over Breach (1)
900,000 People Impacted by ConnectOnCall Data Breach - SecurityWeek
Regional Care Data Breach Impacts 225,000 People - SecurityWeek
Organised Crime & Criminal Actors
Consumers wrongly attribute all data breaches to cyber criminals - Help Net Security
UK’s internet watchdog unveils online criminal crackdown
Ofcom Issues Guidance for Tech Firms to Tackle Online Harms - Infosecurity Magazine
Major cyber crime crackdowns signal a shift in global cyber security strategies - Policing Insight
Texan man gets 30 years in prison for running CSAM exchange • The Register
Bobbies on the beat won't stop the cyber crime wave | The Spectator
Why Are Crypto Scammers (And Not Hackers) Looking For You? | HackerNoon
Hacker sentenced to 69 months for stealing payment card info | SC Media
Cryptocurrency hackers stole $2.2 billion from platforms in 2024 - Help Net Security
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
Cyber Criminals and the SEC: What Companies Need to Know
Trump to Wage War on Cyber Criminals, Says Advisor
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
LastPass threat actor steals $5.4M from victims just a week before Xmas
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection
Why Are Crypto Scammers (And Not Hackers) Looking For You? | HackerNoon
Cryptocurrency hackers stole $2.2 billion from platforms in 2024 - Help Net Security
North Korean Hackers Stole $1.3 Billion in Crypto in 2024
New fake Ledger data breach emails try to steal crypto wallets
Crypto Hacks in 2024: Centralized Exchanges Are Now the Top Targets for Cyber Criminals
Interpol: Stop calling it 'pig butchering' • The Register
Crypto holder loses assets priced at $2.5 million
Malicious Microsoft VSCode extensions target devs, crypto community
Insider Risk and Insider Threats
Kroll Settles With Ex-Employees Over Cyber Security Trade Secrets
GCHQ worker accused of taking top secret data home - BBC News
Insurance
Lloyd's of London Launches New Cyber Insurance Consortium
What will happen in the cyber insurance space during 2025? | Insurance Business America
Supply Chain and Third Parties
Supply Chain Risk Mitigation Must Be a Priority in 2025
Deloitte handling 'major' cyber attack on Rhode Island system • The Register
Harnessing Threat Intel and Automation to Counter Supply Chain Risks | MSSP Alert
Property deals hit by IT security failure at search service
CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army
Cloud/SaaS
Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop
Crooks use Docusign lures to attempt Azure account takeovers • The Register
SaaS: The Next Big Attack Vector | Grip Security - Security Boulevard
DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media
Crooks use Docusign lures to attempt Azure account takeovers • The Register
CISA issues new directive to bolster cloud security – and Microsoft was singled out | ITPro
Ransomware attacks exploit Cleo bug as Cl0p claims it • The Register
US Government Issues Cloud Security Requirements for Federal Agencies - Infosecurity Magazine
Cloud Threat Landscape Report: AI-generated attacks low for the cloud
HubSpot phishing targets 20,000 Microsoft Azure accounts
European firms subjected to HubSpot-exploiting phishing | SC Media
Microsoft 365 users hit by random product deactivation errors
Identity and Access Management
Why Role-Based Access Control is Critical to Your Security Stack | MSSP Alert
Proactive Approaches to Identity and Access Management - Security Boulevard
Machine identity attacks will be top of mind for security leaders in 2025 | ITPro
Encryption
The Simple Math Behind Public Key Cryptography | WIRED
Why 2025 Will Be Pivotal in Our Defence Against Quantum Threat
Passwords, Credential Stuffing & Brute Force Attacks
"Password Era is Ending " Microsoft to Delete 1 Billion Password to Replace "Passkey"
Millions stolen from LastPass users in massive attack — what you need to know | Tom's Guide
Credential phishing attacks rose by 703% in H2 of 2024 | Security Magazine
LastPass threat actor steals $5.4M from victims just a week before Xmas
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
LastPass 2022 hack fallout continues with millions of dollars more reportedly stolen | TechRadar
Nearly 400,000 WordPress credentials stolen | Security Magazine
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
What is a Compromised Credentials Attack? - Security Boulevard
MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security
Social Media
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
Study reveals vulnerability of metaverse platforms to cyber attacks
YouTube Creators Targeted in Major Phishing Campaign - Infosecurity Magazine
European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine
Meta fined for 2018 breach that exposed 30M accounts • The Register
Malvertising
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
Fake Captcha Campaign Highlights Risks of Malvertising Networks - Infosecurity Magazine
Malvertising on steroids serves Lumma infostealer - Help Net Security
Malvertisers Fool Google With AI-Generated Decoys
Regulations, Fines and Legislation
UK’s internet watchdog unveils online criminal crackdown
Ofcom Issues Guidance for Tech Firms to Tackle Online Harms - Infosecurity Magazine
Why We Should Insist on Future-Proofing Cyber Security Regulatory Frameworks - Security Boulevard
Why the UK's "outdated" cyber security legislation needs an urgent refresh | ITPro
Hundreds of websites to shut down under UK's 'chilling' internet laws
The Top Cyber Security Agency in the US Is Bracing for Donald Trump | WIRED
EU Sanctions Russian Cyber Actors for “Destabilizing Actions” - Infosecurity Magazine
Understanding NIS2: Essential and Important Entities - Security Boulevard
Study finds ‘significant uptick’ in cyber security disclosures to SEC | CyberScoop
Meta Fined $264M for Security Breach in Facebook's 'View As' Feature - CNET
Meta fined for 2018 breach that exposed 30M accounts • The Register
Trump Looks to Go 'On the Offense' Against Cyber Attackers
Models, Frameworks and Standards
How the cyber security landscape affects the financial sector
An easy to follow NIST Compliance Checklist - Security Boulevard
Understanding NIS2: Essential and Important Entities - Security Boulevard
Using CIS Benchmarks to Assess Your System Security Posture | MSSP Alert
NIS2 Penetration Testing and Compliance - Security Boulevard
Backup and Recovery
Careers, Working in Cyber and Information Security
Closing the SMB cyber security skills gap: Key steps | SC Media
Leadership in Cyber Security: A Guide to Your First Role
The key to growing a cyber security career are soft skills - Security Boulevard
Law Enforcement Action and Take Downs
Major cyber crime crackdowns signal a shift in global cyber security strategies - Policing Insight
Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop
Texan man gets 30 years in prison for running CSAM exchange • The Register
Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence - SecurityWeek
Hacker sentenced to 69 months for stealing payment card info | SC Media
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
Dodgy Firestick crackdown: full list of UK areas targeted by police
Germany blocks BadBox malware loaded on 30,000 Android devices
Romanian Netwalker ransomware affiliate sentenced to 20 years in prison
Misinformation, Disinformation and Propaganda
Romania’s election was target of cyber attacks and misinformation, parliament finds
European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Chinese wi-fi tech used in British homes investigated over hacking fears
Feds Investigate, Mull Ban on Chinese-Made Routers | Newsmax.com
TP-Link routers could be banned in the US over national security concerns | TechSpot
European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine
PHP backdoor looks to be work of Chinese-linked APT group | CyberScoop
Trump security advisor urges offensive cyber attacks on China • The Register
Russia
Russia Recruits Ukrainian Children for Sabotage and Reconnaissance - Infosecurity Magazine
Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets
EU Sanctions Russian Cyber Actors for “Destabilizing Actions” - Infosecurity Magazine
Romania’s election was target of cyber attacks and misinformation, parliament finds
Russian hackers use RDP proxies to steal data in MiTM attacks
APT29 group used red team tools in rogue RDP attacks
CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army
Ukraine's Defence Minister agrees with US to deepen cooperation in cyber security | Ukrainska Pravda
Russian FSB relies on Ukrainian minors for criminal activities disguised as "quest games"
Recorded Future CEO applauds "undesirable" designation by Russia
US Organisations Still Using Kaspersky Products Despite Ban - Infosecurity Magazine
Iran
Iran crew used 'cyberweapon' against US critical infra • The Register
North Korea
North Korean Hackers Stole $1.3 Billion in Crypto in 2024
Lazarus targets nuclear-related organisation with new malware | Securelist
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
Bitter APT Targets Turkish Defence Sector with WmRAT and MiyaRAT Malware
Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch
Authorities abroad use phone-cracking tools to install spyware, report says - The Washington Post
New Android NoviSpy spyware linked to Qualcomm zero-day bugs
Tools and Controls
From digital risk to physical threat: Why cyber security must evolve for executives | SC Media
Why Role-Based Access Control is Critical to Your Security Stack | MSSP Alert
Addressing BYOD Vulnerabilities in the Workplace - Security Boulevard
DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media
Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System
Hackers Scanning RDP Services Especially Port 1098 For Exploitation
To Defeat Cyber Criminals, Understand How They Think
Are threat feeds masking your biggest security blind spot? - Help Net Security
The evolution of incident response: building a successful strategy | TechRadar
New APIs Discovered by Attackers in Just 29 Seconds - Infosecurity Magazine
Harnessing Threat Intel and Automation to Counter Supply Chain Risks | MSSP Alert
Penetration testing – a critical component of financial cyber security in 2025
Machine identity attacks will be top of mind for security leaders in 2025 | ITPro
The pros and cons of biometric authentication | TechTarget
Wallarm Releases API Honeypot Report Highlighting API Attack Trends
Might need a mass password reset one day? Read this first.
The evolution of incident response: building a successful strategy | TechRadar
Making smart cyber security spending decisions in 2025
Why You Must Replace Your Legacy SIEM and Migrate to Modern SIEM Analytics? - IT Security Guru
Russian hackers use RDP proxies to steal data in MiTM attacks
APT29 group used red team tools in rogue RDP attacks
What will happen in the cyber insurance space during 2025? | Insurance Business America
Is Your Cloud Infrastructure Truly Protected? - Security Boulevard
The Feds Have Some Advice for 'Highly Targeted' Individuals: Don't Use a VPN
Gaining Confidence Through Effective Secrets Vaulting - Security Boulevard
NCSC Mail Check Changes & Their Impact on UK Public Sector Email Security - Security Boulevard
Reports Published in the Last Week
Other News
Hackers Scanning RDP Services Especially Port 1098 For Exploitation
Travel Cyber Security Threats and How to Stay Protected - Security Boulevard
Schools Need Improved Cyber Education (Urgently) - IT Security Guru
Study reveals vulnerability of metaverse platforms to cyber attacks
WiFi hacking for the everyday spy | Cybernews
Leadership skills for managing cyber security during digital transformation - Help Net Security
UK businesses risk disruption as PSTN switch-off approaches | Computer Weekly
MSSP Market Update: Fortune 500 Firms Fail at Cyber Security | MSSP Alert
2025 is set to bring changes in technology adoption and the evolving attack surface
Cyber Security In 2025 – A New Era Of Complexity
The Feds Have Some Advice for 'Highly Targeted' Individuals: Don't Use a VPN
Resolve to Be Resilient: Top Cyber Priorities for State and Local Government
Cyber Security Threats to Our Most Basic Needs
Cyber Security in the legal sector: awareness & proactive strategies - Legal News
Global cyber security impact on food and drink firms
Inform: The cyber complexities facing local government | UKAuthority
Santa-hacking - how to carry out a cyber attack on Father Christmas - Prolific North
Watch Out for These Holiday Cyber Attacks
How to tell if a USB cable is hiding malicious hacker hardware | PCWorld
Inform: The cyber complexities facing local government | UKAuthority
The Education Industry: Why Its Data Must Be Protected
How fan engagement impacts cyber security in sports - Verdict
Why cyber security is critical to energy modernization - Help Net Security
Vulnerability Management
Are threat feeds masking your biggest security blind spot? - Help Net Security
No, Microsoft has not 'reversed course' on Windows 11 hardware requirements | ZDNET
Vulnerabilities
2024 Sees Sharp Increase in Microsoft Tool Exploits - Infosecurity Magazine
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog - SecurityWeek
Citrix shares mitigations for ongoing Netscaler password spray attacks
Cleo MFT Zero-Day Exploits Are About Escalate
Over 25,000 SonicWall VPN Firewalls exposed to critical flaws
Windows kernel bug now exploited in attacks to gain SYSTEM privileges
Clop ransomware group claims responsibility for exploiting Cleo file transfer vulnerabilities
Over 300 orgs compromised through several DrayTek exploits | SC Media
Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM
Chrome 131 Update Patches High-Severity Memory Safety Bugs - SecurityWeek
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools
Hackers are abusing Microsoft tools more than ever before | TechRadar
BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe - SecurityWeek
New Apache Tomcat Vulnerabilities Let Attackers Execute Remote Code
Undocumented DrayTek Vulnerabilities Exploited to Hack Hundreds of Orgs - SecurityWeek
Critical flaw in WordPress plugin exploited to install malicious software | SC Media
Researchers claim an AMD security flaw could let hackers access encrypted data | ITPro
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 13 December 2024
Black Arrow Cyber Threat Intelligence Briefing 13 December 2024:
-Cyber Security Risks Rise During Mergers & Acquisitions
-Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry
-AI & Cyber Security to Shape the Tech Landscape in 2025
-Phishing: The Silent Precursor to Data Breaches
-Business Cyber Understanding Gap Creates New Vulnerabilities
-Cyber Defence vs Cyber Resilience: Why It's Time to Prioritise Recovery
-UK SMEs Are Concerned About Preparedness for Cyber Attacks as Fraud Rises
-Cyber Risk to Intensify in 2025 as Attackers Switch Tactics
-Companies Pull Company and Board Leadership Bios from Their Websites After Insurance Executive’s Killing
-Boardroom Risks Revealed in Latest Beazley Report
-Employee Visits to Adult or Gambling Sites Doubles Risk of Infection by Malware
-North Korea's Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Security Risks Rise During Mergers & Acquisitions
ReliaQuest’s analysis reveals heightened cyber security risks during mergers and acquisitions, with half of incidents stemming from threat actors exploiting potential security gaps, and the remainder from non-malicious employee issues. The manufacturing, finance and retail sectors were the hardest hit. One private equity CISO observed a 400% surge in phishing attempts post-M&A announcements. Key risks include phishing attacks, data leaks, and vulnerabilities due to legacy systems. ReliaQuest recommends proactive strategies like pre-due-diligence assessments, training, network segmentation, and unified logging to mitigate these risks and ensure smoother integration during M&As.
Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry
Ransomware attacks surged by 70% in 2023, hitting 4,611 reported incidents according to industry research, with one gang alone extorting an estimated $42 million. Around 80% of victims are small and medium-size organisations. Many rely on cyber security insurance with limits around £1 million, yet the median ransom soared to $6.5 million this year. This gap between insurance coverage and actual costs has driven some companies into administration. Experts warn that, although attackers often use unsophisticated techniques, they remain ruthless. Robust monitoring software, password protection and comprehensive incident response plans can provide critical defences against this escalating threat.
AI & Cyber Security to Shape the Tech Landscape in 2025
The tech landscape of 2025 will be defined by the growth of specialised AI solutions and evolving cyber security measures, according to sector leaders from Nutanix, Rubrik, Snowflake, Obsidian Security, ManageEngine, and Infoblox. Cloud-based AI agents will automate threat detection, but also heighten risks of data leaks and identity-based attacks. Industry-specific models will transform finance, healthcare, manufacturing, and hospitality, offering faster, more precise services. Organisations must enhance data access controls, involve all staff in cyber security, and align IT and business goals. Government regulations and platform-based strategies will play a critical role in supporting innovation and safeguarding operations.
Phishing: The Silent Precursor to Data Breaches
Phishing remains a silent precursor to destructive data breaches, accounting for 31% of cyber security incidents - outdone only by weak or compromised credentials and pretexting. By exploiting human psychology, phishing bypasses technological safeguards, enabling the theft of sensitive data and triggering large-scale cyber attacks. One major infrastructure breach was initiated through a phishing-driven compromise, underscoring the threat’s far-reaching impact. Organisations can reduce phishing risks by prioritising employee training, filtering malicious emails, and implementing multi-factor authentication. This multi-layered approach, combined with a strong incident response plan, is essential to help safeguard systems and protect sensitive information in the modern cyber threat landscape.
Business Cyber Understanding Gap Creates New Vulnerabilities
Cyber security insurance provider Resilience has found that many UK mid-to-large businesses lack a clear grasp of cyber security as a financial risk, despite 74% having experienced cyber crime. The survey of IT and financial leaders highlighted a worrying gap between media focus on data breaches (cited by 72% as their main worry) and the larger financial impact of ransomware (responsible for more than 80% of losses). Limited use of quantitative risk registries (54%) further hampers businesses’ ability to mitigate cyber threats.
Cyber Defence vs Cyber Resilience: Why It's Time to Prioritise Recovery
AI-driven cyber attacks are prevalent, with intruders able to remain undetected for months and most ransomware campaigns targeting backup repositories. This demands a shift from solely cyber defence to holistic cyber resilience. A strategy includes a robust backup approach, active monitoring, and an isolated recovery environment to ensure data remains clean and recoverable. Equally important is cross-functional collaboration between IT and security teams to flag and respond to breaches quickly. By prioritising recovery and resilience, organisations can maintain business operations, minimise downtime, and stay ahead of evolving cyber threats in today’s borderless IT landscape.
UK SMEs Are Concerned About Preparedness for Cyber Attacks as Fraud Rises
Online payment provider Mollie has reported that five and a half million UK SMEs lost an average of £10,800 to fraud this year, leaving nine in 10 C-Suite executives concerned about their survival. Fraud types included phishing (58%), refund scams (42%), account takeovers (30%) and carding attacks (23%). Firms spent around 15 days annually handling these threats, diverting critical resources from core operations. This underscores a growing need for effective cyber security measures that combat rising threats without stifling business growth. Mollie’s research highlights the importance of equipping smaller enterprises with balanced solutions to safeguard revenue and productivity, protecting them from ever-evolving forms of cyber attack.
Cyber Risk to Intensify in 2025 as Attackers Switch Tactics - Moody’s
According to Moody’s 2025 cyber security outlook, the threat environment is evolving as attackers target bigger businesses and harness AI for more potent attacks. Ransomware soared by 70% from 2022 to 2023, with ransom payments hitting a record $1.1 billion. Meanwhile, the share of victims paying ransoms is falling, driving cyber criminals to focus on larger organisations. Supply chain incidents are growing in parallel with the proliferation of AI-enabled scams and greater reliance on external providers. Moody’s recommends warns that robust risk assessments and improved cyber security measures, including passkeys, can help address these mounting challenges.
Companies Pull Leadership Bios from Their Websites After Insurance Executive’s Killing
Following the tragic shooting of a leading insurance executive in New York City, major health insurers have swiftly removed leadership bios from their websites. Archived versions of UnitedHealthcare, Anthem Blue Cross Blue Shield, and Elevance Health pages show these details were public until shortly after the incident. Faced with heightened security concerns, organisations are reinforcing protective measures, while private security firms report a surge in new business. This underscores an evolving risk landscape for senior leaders, prompting companies to carefully manage executive information online and reassess personal safety protocols.
Boardroom Risks Revealed in Latest Beazley Report
Beazley’s latest report highlights cyber security as the top boardroom concern, cited by 45% of executives. Regulatory compliance (41%) and ESG (35%) follow closely, yet 60% of respondents feel only moderately or poorly prepared for cyber attacks. ESG influences are expected to surge, with 68% foreseeing major board impact, but just 39% feel ready. The report urges proactive risk management, encouraging boards to strengthen internal expertise, invest in technology, and align governance strategies with shifting priorities.
Employee Visits to Adult or Gambling Sites Doubles Risk of Infection by Malware
According to new research, employees visiting gambling or adult sites can double the risk of malware infections, including coinminers, trojans, and hacking tools. Browsing illegal sites may increase malware threats by up to five times, while frequent visits to unknown websites also raise infection odds. By identifying how specific user behaviours relate to distinct malware types, organisations can tailor their cyber security defences accordingly. Governments might prioritise hacktools, whereas healthcare could focus on ransomware. Overall, the study suggests that targeted, behaviour-based cyber security measures can help organisations reduce risks cost-effectively for their unique threat profiles.
North Korea's Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years
North Korea’s covert IT workforce has reportedly generated $88 million over six years by posing as remote tech professionals, according to the US Department of Justice. Hiding their true identities and locations, these “IT warriors” channel their earnings into Pyongyang’s coffers, while some leverage access privileges to steal proprietary data and extort employers. Even cyber security businesses have been duped. Authorities have uncovered over 130 participants, linked to firms in China and Russia. Officials warn the threat persists, with continued guidance on detecting the scam and a multimillion-dollar reward in place to disrupt North Korea’s illicit revenue streams.
Sources:
https://securitybrief.co.nz/story/cybersecurity-risks-rise-during-mergers-acquisitions
https://www.claimsjournal.com/news/national/2024/12/06/327772.htm
https://securitybrief.co.nz/story/ai-cybersecurity-to-shape-the-tech-landscape-in-2025
https://www.securityweek.com/phishing-the-silent-precursor-to-data-breaches/
https://www.emergingrisks.co.uk/business-cyber-understanding-gap-creates-new-vulnerabilities/
https://www.reinsurancene.ws/cyber-risk-to-intensify-in-2025-as-attackers-switch-tactics-moodys/
https://www.theregister.com/2024/12/13/doj_dpkr_fake_tech_worker_indictment/
Governance, Risk and Compliance
Cyber security risks rise during mergers & acquisitions
Boardroom risks revealed in latest Beazley report | Insurance Business America
Dear CEO: It’s time to rethink security leadership and empower your CISO | CSO Online
Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks
We must adjust expectations for the CISO role - Help Net Security
Cyber defence vs cyber resilience: why it's time to prioritize recovery
Business cyber understanding gap creates new vulnerabilities
Cyber risk to intensify in 2025 as attackers switch tactics: Moody's - Reinsurance News
Cyber Security In The Digital Frontier: Reimagining Organisational Resilience
Charges Against CISOs Create Worries, Hope in Security Industry: Survey - Security Boulevard
The skills that cyber security leaders need
70 percent of cyber security leaders worry about personal liability
CISOs need to consider the personal risks associated with their role - Help Net Security
Cultivating a Hacker Mindset in Cyber Security Defence
Blackbaud Appoints Bradley Pyburn, Former Chief of Staff of US Cyber Command, to Board of Directors
Heed the warnings on cyber security threats - James McGachie
How to Improve Your Cyber Security On a Lower Budget | Mimecast
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
Cleo Vulnerability Exploitation Linked to Termite Ransomware Group - SecurityWeek
New Windows Drive-By Security Attack—What You Need To Know
What Do We Know About the New Ransomware Gang Termite?
Ransomware Victims
Blue Yonder SaaS giant breached by Termite ransomware gang
8Base hacked port operating company Luka Rijeka - Help Net Security
Separate ransomware attacks hit Japanese firms’ US subsidiaries | SC Media
Deloitte Responds After Ransomware Group Claims Data Theft - SecurityWeek
Anna Jaques Hospital ransomware breach exposed data of 300K patients
National Museum of the Royal Navy hit by cyber attack - Museums Association
Ransomware Disrupts Operations At Leading Heart Surgery Device Maker
Krispy Kreme admits there's a hole in its security • The Register
Phishing & Email Based Attacks
Businesses plagued by constant stream of malicious emails - Help Net Security
Phishing: The Silent Precursor to Data Breaches - SecurityWeek
A new report shows QR code phishing is on the rise | Security Magazine
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
Cyber criminals are using virtual hard drives to drop RATs in phishing attacks | TechRadar
European Police Disrupt Phone Phishing Gang with Arrests - Infosecurity Magazine
Eight Suspected Phishers Arrested in Belgium, Netherlands - SecurityWeek
Millionaire Airbnb Phishing Ring Busted Up by Police
Brand Impersonations Surge 2000% During Black Friday
Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down - Security Boulevard
New Advanced Email Attack Warning Issued—5 Things To Know
Email security: Why traditional defences fall short in today's threat landscape
Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam
Businesses received over 20 billion spam emails this year | TechRadar
Phishing Scam Targets Ukrainian Defence Companies - Infosecurity Magazine
5 Email Attacks You Need to Know for 2025 | Abnormal
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Understanding the Shifting Anatomy of BEC Attacks
Notorious Nigerian cyber criminal tied to BEC scams extradited to US | CyberScoop
Other Social Engineering
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)
Cyber criminals Impersonate Dubai Police to Defraud Consumers in the UAE - Smishing Triad in Action
Spain busts voice phishing ring for defrauding 10,000 bank customers
Fake IT Workers Funnelled Millions to North Korea, DOJ Says - SecurityWeek
Artificial Intelligence
AI & cyber security to shape the tech landscape in 2025
AI is a gamble we cannot afford without cyber security
Compromised AI Library Delivers Cryptocurrency Miner via PyPI - Infosecurity Magazine
AI fakes, cyber attacks threaten German election – DW – 12/06/2024
Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI
2FA/MFA
Microsoft Azure MFA Flaw Allowed Easy Access Bypass - Infosecurity Magazine
Microsoft MFA Bypassed via AuthQuake Attack - SecurityWeek
No User Interaction, No Alerts: Azure MFA Cracked In An Hour
Researchers Crack Microsoft Azure MFA in an Hour
Snowflake Rolls Out Mandatory MFA Plan
Malware
Employee Visits to Adult or Gambling Sites Doubles | Newswise
Windows, macOS users targeted with crypto-and-info-stealing malware - Help Net Security
Cyber criminals are using virtual hard drives to drop RATs in phishing attacks | TechRadar
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)
Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek
Open source malware surged by 156% in 2024 | ITPro
Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam
Remcos RAT Malware Evolves with New Techniques - Infosecurity Magazine
More advanced Zloader malware variant emerges | SC Media
This devious new malware technique looks to hijack Windows itself to avoid detection | TechRadar
New stealthy Pumakit Linux rootkit malware spotted in the wild
RedLine info-stealer campaign targets Russian businesses
Ongoing Phishing and Malware Campaigns in December 2024
Bots/Botnets
It’s Beginning To Look A Lot Like Grinch Bots
Mobile
Lookout Discovers New Spyware Deployed by Russia and China - Infosecurity Magazine
Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States
'EagleMsgSpy' Android Spyware Linked to Chinese Police
New Smartphone Warning—Forget What You’ve Been Told About Security
Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017
Experts discovered the first mobile malware families linked to Russia's Gamaredon
Telegram founder Pavel Durov questioned in Paris court for first time: Report
Apple’s iPhone Hit By FBI Warning And Lawsuit Before iOS 18.2 Release
Denial of Service/DoS/DDoS
Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested
Internet of Things – IoT
EU cyber security rules for smart devices enter into force | TechCrunch
DoD Digital Forensics: Unlocking Evidence In Cars, Wearables, And IoT
The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era
Vulnerabilities in Skoda & Volkswagen Cars Let Hackers Remotely Track Users
Data Breaches/Leaks
Phishing: The Silent Precursor to Data Breaches - SecurityWeek
Deloitte Denies Breach, Claims Cyber-Attack Targeted Single Client - Infosecurity Magazine
Deloitte sues 3 partners who 'leaked secrets' to rival firm
Public Reprimands, an Effective Deterrent Against Data Breaches - Infosecurity Magazine
Salt Typhoon recorded 'very senior' US officials' calls • The Register
446,000 Impacted by Center for Vein Restoration Data Breach - SecurityWeek
Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users
Cyber security expert Abi Waddell hacked huntsmen to leak their names and addresses
Attackers can abuse the Windows UI Automation framework to steal data from apps | CSO Online
Cyber security Lessons From 3 Public Breaches
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
New Atrium Health data breach impacts 585,000 individuals
US Bitcoin ATM operator Byte Federal suffered a data breach
Organised Crime & Criminal Actors
Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks
Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks - SecurityWeek
Cyber crime gang arrested after turning Airbnbs into fraud centres
Russian government spies targeted Ukraine using tools developed by cyber criminals | TechCrunch
Emulating the Financially Motivated Criminal Adversary FIN7 – Part 1 - Security Boulevard
Alleged Scattered Spider hacker arrested, indicted | SC Media
Cyber security expert Abi Waddell hacked huntsmen to leak their names and addresses
Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down - Security Boulevard
Cyber criminal marketplace Rydox seized in international law enforcement operation | CyberScoop
FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized
He Investigates the Internet’s Most Vicious Hackers—From a Secret Location - WSJ
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Windows, macOS users targeted with crypto-and-info-stealing malware - Help Net Security
Radiant links $50 million crypto heist to North Korean hackers
"CP3O" pleads guilty to multi-million dollar cryptomining scheme
North Korean Group UNC4736 Blamed for Radiant Capital Breach
Compromised AI Library Delivers Cryptocurrency Miner via PyPI - Infosecurity Magazine
US Bitcoin ATM operator Byte Federal suffered a data breach
Insider Risk and Insider Threats
Employee Visits to Adult or Gambling Sites Doubles | Newswise
Deloitte sues 3 partners who 'leaked secrets' to rival firm
How To Flip the Script on the Latest Insider Threat Trends
Insurance Worker Sentenced After Illegally Accessing Claimants’ Data - Infosecurity Magazine
7 types of insider threats | University of Strathclyde
Insurance
How to make your clients less attractive to cyber criminals | Insurance Business America
Supply Chain and Third Parties
Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks
Blue Yonder SaaS giant breached by Termite ransomware gang
Containers are a weak link in supply chain security
Lessons From the Largest Software Supply Chain Incidents
Cloud/SaaS
Blue Yonder SaaS giant breached by Termite ransomware gang
Who handles what? Common misconceptions about SaaS security responsibilities - Help Net Security
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)
Thousands of AWS credentials stolen from misconfigured sites • The Register
Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek
Microsoft MFA Bypassed via AuthQuake Attack - SecurityWeek
No User Interaction, No Alerts: Azure MFA Cracked In An Hour
Outages
Microsoft 365 outage takes down Office web apps, admin center
Facebook, Instagram, WhatsApp hit by massive worldwide outage
ChatGPT and Sora experienced a major outage | TechCrunch
Encryption
Telegram founder Pavel Durov questioned in Paris court for first time: Report
Google says its breakthrough Willow quantum chip can’t break modern cryptography - The Verge
Apple’s iPhone Hit By FBI Warning And Lawsuit Before iOS 18.2 Release
Linux and Open Source
Open source malware surged by 156% in 2024 | ITPro
New stealthy Pumakit Linux rootkit malware spotted in the wild
Passwords, Credential Stuffing & Brute Force Attacks
Thousands of AWS credentials stolen from misconfigured sites • The Register
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
Hackers Target Global Sporting Events With Fake Domains To Steal Logins
Social Media
The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek
Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine
Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok
Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users
Training, Education and Awareness
Opinion: Why cyber security awareness is everyone's responsibility | Calgary Herald
Regulations, Fines and Legislation
EU cyber security rules for smart devices enter into force | TechCrunch
The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek
Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine
Why Americans must be prepared for cyber security’s worst | CyberScoop
The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era
US Telco Security Efforts Ramp Up After Salt Typhoon
Experts Call for Overhaul of National Cyber Director Role
Cyprus financial sector gears up for stricter cyber security | Cyprus Mail
Models, Frameworks and Standards
The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era
Understanding ISO 27001: The Backbone of Information Security Management: By Kajal Kashyap
Careers, Working in Cyber and Information Security
HR Magazine - Lock it in: How to close the cyber security training gap
What makes for a fulfilled cyber security career - Help Net Security
Law Enforcement Action and Take Downs
Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks - SecurityWeek
Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested
European Police Disrupt Phone Phishing Gang with Arrests - Infosecurity Magazine
Eight Suspected Phishers Arrested in Belgium, Netherlands - SecurityWeek
Spain busts voice phishing ring for defrauding 10,000 bank customers
Notorious Nigerian cyber criminal tied to BEC scams extradited to US | CyberScoop
Cyber criminal marketplace Rydox seized in international law enforcement operation | CyberScoop
Millionaire Airbnb Phishing Ring Busted Up by Police
"CP3O" pleads guilty to multi-million dollar cryptomining scheme
Telegram founder Pavel Durov questioned in Paris court for first time: Report
Jersey police help disrupt multi-billion money laundering networks | Bailiwick Express
Misinformation, Disinformation and Propaganda
Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok
AI fakes, cyber attacks threaten German election – DW – 12/06/2024
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Keep cash at home due to cyber attack risks, Dutch Central Bank warns – The Irish Times
NATO Offensive cyber operations exercise Crossed Swords gets underway in Tallinn
Nation State Actors
China
Salt Typhoon recorded 'very senior' US officials' calls • The Register
Counterintelligence director reveals extent of damage from China telecom hacks - Washington Times
The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek
Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine
How Chinese insiders exploit its surveillance state • The Register
Compromised Software Code Poses New Systemic Risk to US Critical Infrastructure
Chinese hackers use Visual Studio Code tunnels for remote access
US Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
US Telco Security Efforts Ramp Up After Salt Typhoon
Why did China hack the world’s phone networks?
Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017
Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok
As US finally details Chinese Salt Typhoon attack, FCC Chair proposes new rules for telcos
'EagleMsgSpy' Android Spyware Linked to Chinese Police
Russia
Lookout Discovers New Spyware Deployed by Russia and China - Infosecurity Magazine
Keep cash at home due to cyber attack risks, Dutch Central Bank warns – The Irish Times
The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek
Russian hacktivists target oil, gas and water sectors worldwide | SC Media
Russian government spies targeted Ukraine using tools developed by cyber criminals | TechCrunch
EU envoys to discuss first sanctions targeting Russian hybrid threats
Exploring Cyber-Darkness: How Moscow Undermines the West via the Dark Web | Geopolitical Monitor
NATO Offensive cyber operations exercise Crossed Swords gets underway in Tallinn
Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States
Ukraine Weighs Telegram Security Risks Amid War With Russia - The New York Times
Romania Exposes Propaganda Campaign Supporting Pro-Russian Candidate - Infosecurity Magazine
AI fakes, cyber attacks threaten German election – DW – 12/06/2024
Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok
Experts discovered the first mobile malware families linked to Russia's Gamaredon
Threat hunting case study: Cozy Bear | Intel 471
Phishing Scam Targets Ukrainian Defence Companies - Infosecurity Magazine
Russia disconnects several regions from the global internet to test its sovereign net | TechRadar
Russia takes unusual route to hack Starlink-connected devices in Ukraine - Ars Technica
RedLine info-stealer campaign targets Russian businesses
North Korea
North Korea's fake IT worker scam hauled in $88 million • The Register
Radiant links $50 million crypto heist to North Korean hackers
North Korean Group UNC4736 Blamed for Radiant Capital Breach
Tools and Controls
Who handles what? Common misconceptions about SaaS security responsibilities - Help Net Security
Security researchers set up an API honeypot to dupe hackers – and the results were startling | ITPro
Neglect of endpoints presents a major security gap for enterprises
Conquering the Complexities of Modern BCDR
Safe Handling of Data: Why Secrets Sprawl is a Risk - Security Boulevard
Why don’t security leaders get the funds they need to succeed? | SC Media
What is Cyber Threat Detection and Response? | UpGuard
US Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
Bug bounty programs: Why companies need them now more than ever | CSO Online
Cyber Security Products or Platforms - Which is More Effective? - Security Boulevard
AI is a gamble we cannot afford without cyber security
Exposed APIs and issues in the world's largest organisations - Help Net Security
WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies
Microsoft enforces defences preventing NTLM relay attacks - Help Net Security
Businesses struggle with IT security, Kaspersky reports
Unlocking the Value of DSPM: What You Need to Know - IT Security Guru
7 Must-Know IAM Standards in 2025
Mastering PAM to Guard Against Insider Threats - Security Boulevard
The Future of Network Security: Automated Internal and External Pentesting
How to Make the Case for Network Security Audits - Security Boulevard
Strengthening security posture with comprehensive cyber security assessments - Help Net Security
Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge - Infosecurity Magazine
TPM 2.0: The new standard for secure firmware - Help Net Security
How to Improve Your Cyber Security On a Lower Budget | Mimecast
Other News
TfL cyber attack cost over £30m to date | Computer Weekly
50% Of M&A Security Issues Are Non-Malicious
Cyber Security In The Digital Frontier: Reimagining Organisational Resilience
Attackers can abuse the Windows UI Automation framework to steal data from apps | CSO Online
Microsoft enforces defences preventing NTLM relay attacks - Help Net Security
Businesses struggle with IT security, Kaspersky reports
IT pros say hackers could compromise device supply chain, firmware security | SC Media
Non-Human Identities: The Silent Threat - InfoRiskToday
The Big Question: Is the UK doing enough when it comes to cyber risks? - Emerging Risks Media Ltd
From Europe to South Africa: Where Is the World on Cyber Defence?
You Don’t Talk to Strangers, So Why Does Your Internet? | SC Media
Drowning in spam? Stop giving out your email address - do this instead | ZDNET
Heed the warnings on cyber security threats - James McGachie
Utility Companies Face 42% Surge in Ransomware Attacks - Infosecurity Magazine
Safeguarding Charities From Cyber Crime l Blog l Nelsons Solicitors
Vulnerability Management
What Is an Application Vulnerability? 8 Common Types - Security Boulevard
Containers have 600+ vulnerabilities on average - Help Net Security
Vulnerabilities
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability
SonicWall Patches 6 Vulnerabilities in Secure Access Gateway - SecurityWeek
Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek
SAP Patches Critical Vulnerability in NetWeaver - SecurityWeek
Adobe Patches Over 160 Vulnerabilities Across 16 Products - SecurityWeek
Apple Pushes Major iOS, macOS Security Updates - SecurityWeek
Apache issues patches for critical Struts 2 RCE bug • The Register
Security Flaws in WordPress Woffice Theme Prompts Urgent Update - Infosecurity Magazine
New Windows zero-day exposes NTLM credentials, gets unofficial patch
Unauthorized file access possible with chained Mitel MiCollab flaws | SC Media
New Windows Warning As Zero-Day With No Official Fix Confirmed For All Users
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
Microsoft Azure MFA Flaw Allowed Easy Access Bypass - Infosecurity Magazine
Multiple Ivanti CSA Vulnerabilities Let Attackers Bypass Admin Web Console Remotely
WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies
QNAP Patches Vulnerabilities Exploited at Pwn2Own - SecurityWeek
OpenWrt supply chain attack scare prompts urgent upgrades • The Register
Atlassian, Splunk Patch High-Severity Vulnerabilities - SecurityWeek
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 11 December 2024 – Microsoft, Ivanti, Adobe, and Chrome Security Updates
Black Arrow Cyber Advisory 11 December 2024 – Microsoft, Ivanti, Adobe, and Chrome Security Updates
Executive summary
In line with Microsoft’s November Patch Tuesday, several vendors, including Ivanti, Adobe, and Google, have released security updates to fix vulnerabilities in their products. Microsoft has addressed 72 security issues, including a critical Windows Common Log File System (CLFS) vulnerability that is being actively exploited. Ivanti’s updates cover its Cloud Services Application (CSA), Connect Secure, Policy Secure, and Sentry products, fixing multiple critical vulnerabilities, one of which has the highest severity rating of 10, allowing unauthorised remote attackers to gain administrative access. Adobe has released patches for 168 security issues across various products, including Experience Manager, Connect, Animate, and InDesign. Google has updated Chrome to fix three high-severity vulnerabilities in the browser.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
Ivanti
Further details on specific updates across affected Ivanti products can be found here:
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540?language=en_US
Adobe
Further details of the vulnerabilities in affected Adobe products can be found here under ‘Recent bulletins and advisories’:
https://helpx.adobe.com/security/security-bulletin.html
Chrome
Further details of the vulnerabilities in the Chrome Browser products can be found here:
https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 06 December 2024
Black Arrow Cyber Threat Intelligence Briefing 06 December 2024:
-Generative AI Makes Phishing Attacks More Believable and Cost-Effective
-Nearly Half a Billion Emails to Businesses Contain Malicious Content
-65% of Office Workers Bypass Cyber Security to Boost Productivity
-Cyber Warfare Rising Across EU in Bid to 'Destabilise' Member States
-INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million
-Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences
-Russian Money Laundering Networks Uncovered Linking Narco Traffickers, Ransomware Gangs and Kremlin Spies
-UK Underestimates Threat of Cyber Attacks from Hostile States and Gangs
-Why You Must Beware of Dangerous New Scam-Yourself Cyber Attacks
-Security Must Be Used as a Springboard, Not Just a Shield
-Why Your Cyber Insurance May Not Cover Everything: Finding and Fixing Blind Spots
-Cyber Criminals Already Using AI for Most Types of Scams, FBI Warns
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Generative AI Makes Phishing Attacks More Believable and Cost-Effective
In a survey of 14,500 executives, IT and security professionals, and office workers, Avanti found that phishing is the top threat that is increasing due to generative AI. Training is a vital element of security, and although 57% of organisations say they use anti-phishing training to protect themselves from sophisticated social engineering attacks, only 32% believe that such training is “very effective”. Lack of skills is a major challenge for one in three security professionals. Real-time, accessible data is essential, yet 72% of IT and security data remain siloed.
Nearly Half a Billion Emails to Businesses Contain Malicious Content
A report by Hornetsecurity shows that over a third of all business emails in 2024 were unwanted, with 2.3% (around 427.8 million) containing malicious content. Phishing drove a third of all cyber attacks, while malicious URLs accounted for nearly a quarter. Reverse-proxy credential theft rose, using links instead of file attachments. Shipping brands like DHL and FedEx were the most impersonated. The data underscores the need for a zero-trust mindset and improved user awareness to strengthen defences against increasingly sophisticated threats.
65% of Office Workers Bypass Cyber Security to Boost Productivity
CyberArk found that 65% of office staff circumvent policies to improve their productivity, with half frequently reusing passwords and nearly a third sharing credentials. Over a third ignore important updates, and many use AI tools, often feeding sensitive data without adhering to guidelines. Senior executives are twice as likely to fall victim to phishing. The findings highlight the urgent need for identity-focused security strategies that enable efficient work while reducing risk.
Cyber Warfare Rising Across EU in Bid to 'Destabilise' Member States
EU cyber body ENISA reports a surge in hostile cyber activity across Europe, warning that escalating espionage, sabotage, violence, and disinformation threaten essential services and strategic interests. A successful attack on Europe’s key supply chains could have catastrophic cascading effects. Germany has formed a new task force to counter these threats before the federal election, while the UK’s national cyber agency confirms increased and more sophisticated hostile activity. Russia and China remain prominent cyber espionage threats. ENISA rates the threat to EU entities as “substantial”, as malicious cyber activity is deployed to manipulate events, destabilise societies, and undermine EU democracy and values.
INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million
INTERPOL’s latest global cyber crime crackdown led to over 5,500 arrests and seized more than $400 million in assets. Involving 40 countries, it dismantled a voice phishing operation that stole $1.1 billion from over 1,900 victims. Criminals impersonated law enforcement, exploiting digital currencies and undermining trust in financial systems. INTERPOL also warned of new scams using stablecoins and romance-themed lures to drain victims’ wallets. These results highlight the urgent need for international collaboration to counter large-scale cyber crime and protect individuals, businesses, and the integrity of digital economies.
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences
A new phishing campaign is using corrupted ZIP archives and Office documents to bypass email security measures. Since August 2024, attackers have exploited the built-in recovery features of popular software to open seemingly broken files. Users are tricked by false promises like employee benefits, and once opened, these documents contain QR codes redirecting victims to malicious websites. The files evade most security filters while appearing to function normally. This highlights how attackers continually search for new techniques to slip past cyber security tools and compromise organisations’ systems and data.
Russian Money Laundering Networks Uncovered Linking Narco Traffickers, Ransomware Gangs and Kremlin Spies
British authorities uncovered a vast Russian-linked money laundering system connecting drug traffickers, cyber criminals and sanctioned elites, resulting in over 80 arrests worldwide. This billion-dollar operation relied on two Moscow-based firms to shift value across 30 countries using cryptocurrency, property and other assets. More than £20 million in cash and cryptocurrency has already been seized. New sanctions target senior figures behind the networks, aiming to disrupt their access to global financial systems. The investigation revealed that narcotics gangs, Russian state-linked espionage activities and cyber criminals all benefited, posing a significant threat to global security and financial stability.
UK Underestimates Threat of Cyber Attacks from Hostile States and Gangs
The UK’s National Cyber Security Centre (NCSC) warns organisations are underestimating state and criminal cyber threats. Hostile activities have increased, with severe incidents trebling to 12 last year. Ransomware attacks remain a major concern, targeting sectors from academia to healthcare. The centre responded to 430 serious incidents, up from 371 previously. Russia’s “aggression and recklessness” and China’s “sophisticated” attacks highlight how critical national infrastructure and key services remain vulnerable. The call is clear: organisations must strengthen defences to address these evolving threats, which pose a growing risk to both economic stability and public services.
Why You Must Beware of Dangerous New Scam-Yourself Cyber Attacks
The latest report from cyber security provider Gen shows a 614% quarterly rise in ‘scam-yourself’ cyber attacks, where victims unwittingly paste malicious code themselves. Tactics include fake tutorials, deceptive tech support, false CAPTCHA prompts and bogus updates. This spike coincides with a 39% surge in data-stealing malware and a 1154% increase in a popular information stealer. Such threats are reshaping the landscape, catching millions off-guard and driving urgent attention to robust cyber security solutions. Business leaders must foster greater awareness and invest in proactive, multilayered cyber security strategies to protect their organisations.
Security Must Be Used as a Springboard, Not Just a Shield
Many organisations still view cyber security as a necessary expense rather than a growth catalyst. Research suggests that embracing it as a strategic enabler can boost productivity, build customer trust, and strengthen competitiveness. It found that nearly half of surveyed organisations suffered more than 12 hours of downtime after a cyber attack, with a third experiencing a full day’s disruption. As more connected environments emerge, security leaders must highlight metrics like uptime and customer satisfaction to board members. By doing so, cyber security becomes a driver of operational resilience and long-term success, not just a shield against threats.
Why Your Cyber Insurance May Not Cover Everything: Finding and Fixing Blind Spots
Only 1% of organisations recently surveyed received full reimbursement from their cyber insurance, and the average payout covered just 63% of incurred costs. Nearly half lacked clarity about what their policies covered. Common shortfalls arose when remediation expenses exceeded coverage limits or were not pre-approved, and when required security measures were not fully implemented. Strengthening cyber security practices increased the likelihood of better coverage, with more than three-quarters seeing improved terms after boosting cyber defences. Involving IT and security teams in insurance decisions and improving internal protections can help deliver more comprehensive and cost-effective cyber insurance in the future.
Cyber Criminals Already Using AI for Most Types of Scams, FBI Warns
The FBI warns that cyber criminals increasingly use generative AI to create believable text, images, audio, and video. This allows them to scale their cyber crime operations and trick victims by avoiding usual warning signs. Criminals impersonate trusted individuals, forge identification, and run convincing investment or donation scams. The FBI suggests using a secret word with loved ones, being cautious with personal details, and watching for subtle inconsistencies. Confirm unsolicited calls or messages by independently contacting banks or authorities, and limit sharing personal images or voice recordings online as a precaution.
Sources:
https://www.helpnetsecurity.com/2024/12/06/genai-phishing-attacks-concerns/
https://www.helpnetsecurity.com/2024/12/04/employees-privileged-access-security-risk/
https://www.irishexaminer.com/news/arid-41529398.html
https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html
https://thehackernews.com/2024/12/hackers-use-corrupted-zips-and-office.html
https://therecord.media/russian-money-laundering-networks-trafficking-cybercrime-kremlin
https://betanews.com/2024/11/29/security-must-be-used-as-a-springboard-not-just-a-shield/
https://cybernews.com/security/cybercriminals-using-ai-for-most-types-of-scams-fbi/
Governance, Risk and Compliance
Many small businesses are falling well short when it comes to cyber security plans | TechRadar
Security must be used as a springboard, not just a shield
NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News
6 Considerations to Determine if a Cyber Incident Is Material | Troutman Pepper - JDSupra
CISOs will face growing challenges in 2025 and beyond | Computer Weekly
CISOs in 2025: Evolution of a High-Profile Role
65% of employees bypass cyber security policies, driven by hybrid work and flexible access
Why Operational Risk Planning Is Crucial For Every SME
Large And Small Businesses Face More Serious Repercussions From Cyber Threats | HackerNoon
Incident Response Playbooks: Are You Prepared?
63% of companies plan to pass data breach costs to customers | CSO Online
Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media
How to talk to your board about tech debt | CIO
Navigating the Changing Cyber Security Regulations Landscape
The Rising Tide of Cyber Threats: Stay Ahead, Fortify Defences - The Futurum Group
Employees suffering compliance and security fatigue | theHRD
Building a robust security posture with limited resources - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Strikes when Organisations Unknowingly Open the Door | Security Info Watch
Does Cyber Insurance Drive Up Ransom Demands?
Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek
No company too small for Phobos ransomware gang, indictment reveals | Malwarebytes
Storm-1811 exploits RMM tools to drop Black Basta ransomware
Ransomware attacks on critical sectors ramped up in November | TechTarget
Hackers are pivoting from data breaches to business shutdowns
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
Ransomware's Grip on Healthcare
Ransomware Costs Manufacturing Sector $17bn in Downtime - Infosecurity Magazine
Ransomware Victims
UK hospital resorts to paper and postpones procedures after cyber attack
Arrowe Park: 'Longer A&E wait times' continue after cyber attack - BBC News
Cyber attack hits three NHS Liverpool hospitals | UKAuthority
Blue Yonder Confirms Reports of Recent Ransomware Attack | Console and Associates, P.C. - JDSupra
Ransomware Attack Disrupts Operations at US Contractor ENGlobal - Infosecurity Magazine
Bologna FC Hit By 200GB Data Theft and Ransom Demand - Infosecurity Magazine
Stoli Vodka and Kentucky Owl File for Bankruptcy Following Cyber Attack, Russian Seizures | NTD
Vodka maker Stoli files for bankruptcy in US after ransomware attack
Phishing & Email Based Attacks
Novel phising campaign uses corrupted Word documents to evade security
Corrupted Word Files Fuel Sophisticated Phishing Campaign - Infosecurity Magazine
This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar
This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences
Nearly half a billion emails to businesses contain malicious content, Hornet Security report finds
KnowBe4 Releases the Latest Phishing Trends Report
GenAI makes phishing attacks more believable and cost-effective - Help Net Security
New Rockstar 2FA phishing service targets Microsoft 365 accounts
North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks
HR and IT are among top-clicked phishing subjects
Top Five Industries Aggressively Targeted By Phishing Attacks
Don't Fall For This "Sad Announcement" Phishing Scam
Defending Against Email Attachment Scams - Security Boulevard
Widespread RAT compromise via bogus emails, JavaScript payloads detailed | SC Media
This sneaky phishing attack is a new take on a dirty old trick | PCWorld
Phishing attacks rose by more than 600% in the buildup to Black Friday | Security Magazine
Other Social Engineering
Why You Must Beware Of Dangerous New Scam-Yourself Cyber Attacks
North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC
Spotting the Charlatans: Red Flags for Enterprise Security Teams - SecurityWeek
How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn
Artificial Intelligence
GenAI makes phishing attacks more believable and cost-effective - Help Net Security
Cyber criminals already using AI for most types of scams, FBI warns | Cybernews
How laws strain to keep pace with AI advances and data theft | ZDNET
FBI Warns GenAI is Boosting Financial Fraud - Infosecurity Magazine
Teenagers leading new wave of cyber crime - Help Net Security
Cyber security professionals call for AI regulations
Cyber security in 2025: AI threats & zero trust focus
Microsoft's Vasu Jakkal on how gen AI is redefining cyber security | VentureBeat
Treat AI like a human: Redefining cyber security - Help Net Security
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records
25% of enterprises using AI will deploy AI agents by 2025 | ZDNET
2FA/MFA
This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar
This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How
Malware
North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks
Code found online exploits LogoFAIL to install Bootkitty Linux backdoor - Ars Technica
Venom Spider Spins Web of MaaS Malware
Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
New Windows Backdoor Security Warning For Bing, Dropbox, Google Users
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader
Widespread RAT compromise via bogus emails, JavaScript payloads detailed | SC Media
SmokeLoader Malware Campaign Targets Companies in Taiwan - Infosecurity Magazine
ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan
Security Bite: Threat actors are widely using AI to build Mac malware - 9to5Mac
'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims
Mobile
8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play
SMEs put at risk by poor mobile security practices
New DroidBot Android malware targets 77 banking, crypto apps
Android's December 2024 Security Update Patches 14 Vulnerabilities - SecurityWeek
FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews
The FBI now says encryption is good for you – Computerworld
NSO Group's Pegasus Spyware Detected in New Mobile Devices
Business leaders among Pegasus spyware victims, says security firm | TechCrunch
Smartphone Security Warning—Make Changes Now Or Become A Victim
Many small businesses are falling well short when it comes to cyber security plans | TechRadar
Top 5 Mobile Security Risks for Enterprises - Zimperium
Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges
This is why the FBI is warning iOS users not to text Android users and vice versa - PhoneArena
Banking apps can now require recent Android security updates
Denial of Service/DoS/DDoS
Misconfigured WAFs Heighten DoS, Breach Risks
How DDoS attacks are shaping esports security and risk management | Insurance Business America
Internet of Things – IoT
From Patchwork to Framework: Towards a Global IoT Security Paradigm - Infosecurity Magazine
Chinese LIDAR Dominance a Cyber Security Threat, Warns Think Tank - Infosecurity Magazine
Data Breaches/Leaks
Russian hacking software used to steal hundreds of MoD log-ins
760,000 Employee Records From Several Major Firms Leaked Online - SecurityWeek
Sadiq Khan admits some commuters may never be refunded after TfL cyber attack
Hundreds of UK Ministry of Defence passwords found circulating on the dark web | CSO Online
White FAANG Data Export Attack: A Gold Mine for PII Threats
63% of companies plan to pass data breach costs to customers | CSO Online
Deloitte Hacked - Brain Cipher Group Allegedly Stolen 1 TB of Data
Process over top-down enforcement: prevent data leaks
Lessons in cyber security from the Internet Archive Breaches | TechRadar
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records
Israeli tech firm Silicom denies Iranian claims of Mossad and Unit 8200 links after c | Ctech
Controversial Andrew Tate ‘War Room’ Videos Leaked By Hackers
Organised Crime & Criminal Actors
INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million
How laws strain to keep pace with AI advances and data theft | ZDNET
UK Justice System Failing Cyber Crime Victims, Cyber Helpline Finds - Infosecurity Magazine
Alleged Snowflake Hacker ‘Danger’ to the Public
Russia gives life sentence to Hydra dark web kingpin • The Register
Venom Spider Spins Web of MaaS Malware
Teenagers leading new wave of cyber crime - Help Net Security
Cyber criminals already using AI for most types of scams, FBI warns | Cybernews
German Police Shutter Country’s Largest Dark Web Market - Infosecurity Magazine
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
Eurocops red pill the Matrix 'secure' criminal chat systems • The Register
Police seizes largest German online crime marketplace, arrests admin
Record-Breaking $2 Million Bounty Offered To Crypto.com Hackers
Scattered Spider Hacking Gang Arrests Mount with California Teen
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024 - SecurityWeek
How North Korean hackers stole billions in crypto while posing as VCs, IT workers – Firstpost
North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC
New DroidBot Android malware targets 77 banking, crypto apps
How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn
Record-Breaking $2 Million Bounty Offered To Crypto.com Hackers
Insider Risk and Insider Threats
65% of employees bypass cyber security policies, driven by hybrid work and flexible access
Inside threats: How can companies improve their cyber hygiene?
Insider Threats vs. Privacy: A Dilemma for IT Professionals
Process over top-down enforcement: prevent data leaks
Macy’s found a single employee hid up to $154 million worth of expenses | CNN Business
Insurance
Does Cyber Insurance Drive Up Ransom Demands?
Cyber insurance checklist: 12 must-have security features | SC Media
Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media
Supply Chain and Third Parties
Report shows the threat of supply chain vulnerabilities from third-party products | TechRadar
Blue Yonder Confirms Reports of Recent Ransomware Attack | Console and Associates, P.C. - JDSupra
Hardening Links in Supply Chain Security | SC Media UK
Fear of cyber attack outweighs investment in security along the supply chain - The Loadstar
Cloud/SaaS
This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar
This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How
CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media
New Rockstar 2FA phishing service targets Microsoft 365 accounts
5 things you should never back up to the cloud
New Windows Backdoor Security Warning For Bing, Dropbox, Google Users
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Outages
Identity and Access Management
The New Cyber Frontier: Managing Risks in Distributed Teams - Infosecurity Magazine
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Encryption
The Growing Quantum Threat to Enterprise Data: What Next?
FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews
The FBI now says encryption is good for you – Computerworld
This is why the FBI is warning iOS users not to text Android users and vice versa - PhoneArena
Linux and Open Source
70% of open-source components are poorly or no longer maintained - Help Net Security
Code found online exploits LogoFAIL to install Bootkitty Linux backdoor - Ars Technica
New Report Highlights Open Source Trends And Security Challenges
Passwords, Credential Stuffing & Brute Force Attacks
Hundreds of UK Ministry of Defence passwords found circulating on the dark web | CSO Online
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
Six password takeaways from the updated NIST cybersecurity framework
Microsoft's Vasu Jakkal on how gen AI is redefining cyber security | VentureBeat
Social Media
Tech Support Scams Exploit Google Ads to Target Users | Tripwire
How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn
Romania to recount votes as TikTok slammed for election role | Stars and Stripes
Meta says it has taken down about 20 covert influence operations in 2024 | Meta | The Guardian
Malvertising
Tech Support Scams Exploit Google Ads to Target Users | Tripwire
Regulations, Fines and Legislation
How laws strain to keep pace with AI advances and data theft | ZDNET
EC takes action as member states miss NIS2 directive deadline
NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News
6 Considerations to Determine if a Cyber Incident Is Material | Troutman Pepper - JDSupra
DORA Demystified: Dispelling 5 Myths for ICT Service Providers | Morrison & Foerster LLP - JDSupra
New EU Regulation Establishes European 'Cyber Security Shield' - SecurityWeek
Cyber Security: Council of EU formally adopts Cybersecurity and Cyber Solidarity Act | Practical Law
Cyber security professionals call for AI regulations
Navigating the Changing Cyber Security Regulations Landscape
Employees suffering compliance and security fatigue | theHRD
Models, Frameworks and Standards
EC takes action as member states miss NIS2 directive deadline
NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News
New NIST Guidance Offers Update on Gauging Cyber Performance
DORA Demystified: Dispelling 5 Myths for ICT Service Providers | Morrison & Foerster LLP - JDSupra
Six password takeaways from the updated NIST cybersecurity framework
Careers, Working in Cyber and Information Security
Human Intelligence is the Key to Combating the UK’s Cyber Skills Crisis | SC Media UK
Optimism About Cyber Workforce Advancements | AFCEA International
World Wide Work: Landing a Cyber Security Career Overseas
Law Enforcement Action and Take Downs
INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million
Alleged Snowflake Hacker ‘Danger’ to the Public
Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek
German Police Shutter Country’s Largest Dark Web Market - Infosecurity Magazine
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
US arrests Scattered Spider suspect linked to telecom hacks
UK Justice System Failing Cyber Crime Victims, Cyber Helpline Finds - Infosecurity Magazine
Misinformation, Disinformation and Propaganda
Cyber Attacks Could Impact Romanian Presidential Race, Officials Claim - Infosecurity Magazine
German intelligence agency warns of 'foreign interference' in upcoming elections
Meta says it has taken down about 20 covert influence operations in 2024 | Meta | The Guardian
Romania to recount votes as TikTok slammed for election role | Stars and Stripes
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyberwarfare 2025: The rise of AI weapons, zero-days, and state-sponsored chaos
Cyber warfare rising across EU in bid to 'destablise' member states
NATO promises better strategy against cyber attacks and undersea cables – Euractiv
UK Underestimates Threat Of Cyber-Attacks, NCSC | Silicon UK
Nation State Actors
China
Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks
US government says Salt Typhoon is still in telecom networks | CyberScoop
Microsoft spots another China spy crew stealing US data • The Register
US org suffered four month intrusion by Chinese hackers
FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews
Government Guidance on Chinese Telco Hacking Highlights Threat to Cisco Devices - SecurityWeek
The FBI now says encryption is good for you – Computerworld
US shares tips to block hackers behind recent telecom breaches
T-Mobile CSO: Cyber spies' initial access method 'is novel' • The Register
US critical infrastructure, military at risk of Chinese LiDAR tech compromise | SC Media
Finland: Outage reported after fiber optic cable damaged – DW – 12/03/2024
Romania to recount votes as TikTok slammed for election role | Stars and Stripes
SmokeLoader Malware Campaign Targets Companies in Taiwan - Infosecurity Magazine
Russia
NATO promises better strategy against cyber attacks and undersea cables – Euractiv
‘Russia can turn the lights off’: how the UK is preparing for cyberwar | Cyberwar | The Guardian
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
Germany’s cyber security and infrastructure under attack by Russia, chancellor says – POLITICO
Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe - Infosecurity Magazine
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
NCA Disrupts Multi-Billion Dollar Russian Money Laundering Network
She Was a Russian Socialite and Influencer. Cops Say She’s a Crypto Laundering Kingpin | WIRED
Finland: Outage reported after fiber optic cable damaged – DW – 12/03/2024
Russian programmer says FSB agents planted spyware on his Android phone | TechCrunch
Spy v Spy: Russian APT Turla Caught Stealing From Pakistani APT - SecurityWeek
Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek
Ransomware suspect Wazawaka reportedly arrested by Russia | The Record from Recorded Future News
Russia gives life sentence to Hydra dark web kingpin • The Register
Putin and ransomware blamed for Stoli US bankruptcy filing • The Register
'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims
Romania's election systems targeted in over 85,000 cyber attacks
Russian hacking software used to steal hundreds of MoD log-ins
Iran
Kash Patel, Trump's pick to lead FBI, hit with Iranian cyber attack, sources say - ABC News
North Korea
North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks
How North Korean hackers stole billions in crypto while posing as VCs, IT workers – Firstpost
North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC
How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
Kimsuky Group Adopts New Phishing Tactics to Target Victims - Infosecurity Magazine
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe - Infosecurity Magazine
Polish Central Banker Testifies in Pegasus Spyware Case – BNN Bloomberg
How widespread is mercenary spyware? More than you think - Help Net Security
Study shows potentially higher prevalence of spyware infections than previously thought | CyberScoop
NSO Group's Pegasus Spyware Detected in New Mobile Devices
Business leaders among Pegasus spyware victims, says security firm | TechCrunch
A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections | WIRED
How a Russian man’s harrowing tale shows the physical dangers of spyware | CyberScoop
Tools and Controls
65% of office workers bypass cyber security to boost productivity - Help Net Security
Storm-1811 exploits RMM tools to drop Black Basta ransomware
5 reasons to double down on network security - Help Net Security
Misconfigured WAFs Heighten DoS, Breach Risks
CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media
Incident Response Playbooks: Are You Prepared?
Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Why Robust API Security is a Must for Your Business - Security Boulevard
Many small businesses are falling well short when it comes to cyber security plans | TechRadar
Human Intelligence is the Key to Combating the UK’s Cyber Skills Crisis | SC Media UK
Six password takeaways from the updated NIST cybersecurity framework
Does Cyber Insurance Drive Up Ransom Demands?
Insider Threats vs. Privacy: A Dilemma for IT Professionals
New NIST Guidance Offers Update on Gauging Cyber Performance
Shorter Lifespan Reduces Digital Certificate Vulns
How to talk to your board about tech debt | CIO
Modernizing incident response in the era of cloud and AI - TechTalks
Other News
Hackers Can Access Laptop Webcams Without Activating LED Indicator
Many small businesses are falling well short when it comes to cyber security plans | TechRadar
71% of US Adults Have Dangerous Online Security Habits This Year, CNET Survey Finds - CNET
Sadiq Khan admits some commuters may never be refunded after TfL cyber attack
Your Kids Are Probably Compromising Your Online Security | Next Avenue
As Device Dependency Grows, So Do The Risks
Nordics move to deepen cyber security cooperation | Computer Weekly
Re/insurers’ operations exposed to cyber threats, says S&P - Reinsurance News
The UK’s cyber security strategy is no longer fit for purpose
Christmas is Coming: Cyber Security Lessons from the Holidays - Security Boulevard
In the new space race, hackers are hitching a ride into orbit
SQL Injection Prevention: 6 Strategies - Security Boulevard
The Legal Landscape Of Privacy: Why Lawyers Must Keep Up With Change - Above the Law
Microsoft confirms the Windows 11 TPM security requirement isn't going anywhere
Why OT environments are vulnerable – and what to do about it | SC Media
Almost all top US retailers were hacked in 2024 | Chain Store Age
Data-rich universities are both targets and treasure troves | Times Higher Education (THE)
Vulnerability Management
Microsoft Warns 400 Million PC Owners—This Ends Your Windows Updates
70% of open-source components are poorly or no longer maintained - Help Net Security
Report shows the threat of supply chain vulnerabilities from third-party products | TechRadar
Want to Grow Vulnerability Management into Exposure Management? Start Here!
Vulnerabilities
Cisco ASA flaw CVE-2014-2120 is being exploited in the wild
Android's December 2024 Security Update Patches 14 Vulnerabilities - SecurityWeek
Bootloader Vulnerability Impacts Over 100 Cisco Switches - SecurityWeek
Critical Vulnerability Found in Zabbix Network Monitoring Tool - SecurityWeek
CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
TP-Link Archer Zero-Day Vulnerability Let Attackers Inject Malicious Commands
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) - Help Net Security
CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks - SecurityWeek
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
Japan warns of IO-Data zero-day router flaws exploited in attacks
Rather than fixing its old routers, D-Link is telling customers to upgrade
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.