Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 12 March 2025 – Security Updates from Microsoft, Fortinet, Apple, Adobe, Zoom and SAP

Black Arrow Cyber Advisory 12 March 2025 – Security Updates from Microsoft, Fortinet, Apple, Adobe, Zoom and SAP

Executive Summary

Microsoft’s Patch Tuesday for March 2025 delivered 57 security updates across its product line, including 6 actively exploited zero-day vulnerabilities. This month, several other major software and hardware vendors also released critical security updates to address vulnerabilities that could be exploited by attackers.

Fortinet issued 17 security advisories with updates addressing various high, medium, and low severity vulnerabilities across multiple product ranges, including FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiAnalyzer, FortiManager, FortiAnalyzer-BigData, FortiSandbox, FortiNDR, FortiWeb, FortiSIEM, and FortiADC.

Apple released updates to address zero-day security issues across its iPhone, iPad, macOS, and visionOS product ranges, specifically targeting vulnerabilities in WebKit, the browser engine used within Safari and other Apple products.

Adobe provided updates addressing 35 vulnerabilities, including critical issues in various product lines such as Acrobat and Reader, InDesign, and Substance 3D Sampler.

Zoom patched five vulnerabilities in its applications, including four rated ‘high severity’, affecting Zoom Workplace, Rooms Controller, Rooms Client, and Meeting SDK products.

SAP also released 21 new security notes, covering high, medium, and low severity vulnerabilities addressed by security patches.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar

Apple, Adobe, Fortinet, Zoom, SAP

Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:

https://helpx.adobe.com/security/security-bulletin.html

https://support.apple.com/en-us/100100

https://fortiguard.fortinet.com/psirt

https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 07 March 2025

Black Arrow Cyber Threat Intelligence Briefing 07 March 2025:

-Cyber Security's Future Is All About Governance, Not More Tools

-'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

-Why Cyber Drills are as Vital as Fire Drills

-Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%

-Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview

-Old Unpatched Vulnerabilities Among the Most Widely Exploited

-Chinese State Back Threat Actor ‘Silk Typhoon’ Shifted to Specifically Targeting Outsourced IT Providers

-Social Engineering and Stolen Credential Threats Continue to Dominate Cyber Attacks

-Security CEOs Warn Your Voicemail Greeting is the Latest Target for Cyber Criminals

-Would-be Extortionists Send “BianLian” Ransom Notes in the Mail

-Cyber Threat Highest It’s Ever Been, Ex-Five Eyes Leader Warns

-Trump Administration Retreats in Fight Against Russian Cyber Threats

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Our review this week includes the evolving shift in cyber security, where governance and proactive risk management is becoming more critical than tool proliferation as exemplified by the inclusion of the ‘Govern’ function in the NIST Cyber Security Framework. Businesses still face a cocktail of cyber risks as geopolitical tensions, misinformation, and AI-driven threats continue to evolve. Despite increased awareness, cyber risk integration remains insufficient at the executive level, leaving many organisations, particularly smaller businesses, exposed.

Vulnerability management remains a pressing concern. 40% of vulnerabilities leveraged in 2024 date back to 2020 or earlier, while ransomware and botnet expansion thrive on unpatched systems. Meanwhile, the financial sector continues to be a target for cyber attacks, with European regulators responding through stricter risk management frameworks like DORA. The rise of state-sponsored actors such as China-backed Silk Typhoon, which targets IT service providers, further underscores the importance of securing supply chains and third-party dependencies.

Our review this week also highlights the importance of rehearsing how to respond to a cyber incident, as well as the changing tactics of attackers such as the use of AI voice cloning from voicemail recordings to impersonate individuals, and false extortion demands. These, and other observations from our threat intelligence briefings, highlight the need for comprehensive security awareness. With cyber threats at an all-time high, organisations must adopt a strategic, governance-led approach to resilience, ensuring robust defences against both sophisticated adversaries and opportunistic cyber criminals.

Top Cyber Stories of the Last Week

Cyber Security's Future Is All About Governance, Not More Tools

The cyber security landscape is shifting from tool-centric procurement to strategic governance, with CISOs taking a more prominent role in business decision-making. Despite growth in the number of security tools that organisations deploy, fragmented workflows and diminishing returns persist. The focus is now on aligning security with business objectives, regulatory expectations, and operational efficiency. The NIST Cyber Security Framework 2024 update introduced a "Govern" function, underscoring proactive risk management. As cyber security becomes integral to corporate strategy, CISOs must prioritise transparency, accountability, and resilience over simply expanding their security stack.

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

The World Economic Forum's ‘Global Cybersecurity Outlook 2025’ highlights the evolving risk landscape, where cyber security threats are increasingly intertwined with geopolitical and economic risks. Misinformation and AI-related threats are now among the top concerns, while cyber espionage is reportedly declining. Despite growing awareness, only 60% of CEOs and CISOs integrate cyber risk into enterprise risk management. Smaller businesses are particularly vulnerable, with 35% admitting their cyber resilience is insufficient. The report stresses that CISOs must navigate shifting board priorities, regulatory changes, and supply chain risks while ensuring cyber security remains a core business consideration.

Why Cyber Drills are as Vital as Fire Drills

Cyber resilience is becoming a business imperative, with human error remaining the leading cause of cyber incidents and the average cost of a cyber attack reaching a record $4.88 million in 2024. A recent study found that 94% of organisations have implemented or plan to implement cyber drills within three years, recognising their role in strengthening defences and ensuring business continuity. Yet, decision-makers spend only 39% of their time on cyber readiness. As nearly half of businesses faced an attack in the past year, routine cyber drills, like fire drills, are essential to preparing teams for real-world threats.

Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%

Nonprofit organisations have experienced a sharp rise in cyber attacks, with email threats increasing by 35% over the past year. A report by Abnormal Security highlights that limited cyber security resources and high-trust environments make nonprofits prime targets. Credential phishing has surged by 50%, compromising donor databases and enabling financial fraud, while malware attacks have risen by 26%, often leading to ransomware incidents. As cyber criminals refine their tactics, nonprofits must prioritise email security, leveraging AI-driven solutions to detect threats and protect sensitive data, ensuring operational resilience and maintaining public trust.

Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview

The latest report from the European Network and Information Security Agency (ENISA) highlights a surge in cyber threats targeting Europe’s financial sector, with 488 reported incidents between January 2023 and June 2024. Banks bore the brunt of attacks (46%), followed by public financial institutions (13%) and individual customers (10%). DDoS attacks were the most common, accounting for 58% of incidents, often linked to geopolitical tensions. Data breaches, ransomware, and fraud also saw a rise, exposing sensitive financial records and disrupting operations. In response, regulators have strengthened cyber security policies, with initiatives like DORA aiming to enhance resilience through stricter risk management and incident response frameworks.

Old Unpatched Vulnerabilities Among the Most Widely Exploited

GreyNoise’s latest report highlights that 40% of vulnerabilities exploited in 2024 were from 2020 or earlier, with some dating back over two decades. Attackers are also accelerating their exploitation of newly disclosed flaws, with some targeted within hours. Home internet routers and enterprise solutions from vendors like Ivanti, D-Link, and VMware were among the most affected. Ransomware groups remain the primary exploiters, leveraging 28% of newly listed vulnerabilities in the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalogue. Key attacker objectives include botnet expansion, cryptocurrency mining, and ransomware deployment, underscoring the risks posed by unpatched legacy systems.

Chinese State Back Threat Actor ‘Silk Typhoon’ Shifted to Specifically Targeting Outsourced IT Providers

Microsoft has reported that Silk Typhoon, a Chinese state-backed espionage group, has shifted focus to targeting IT management firms, aiming to infiltrate downstream customers. The group exploits stolen API keys, credentials, and unpatched software to access cloud and on-premises systems. By compromising IT providers and privileged access tools, they steal sensitive data from sectors including government, healthcare, and energy. Microsoft highlights Silk Typhoon’s ability to swiftly adapt, making it one of the most pervasive Chinese threat actors. This report coincides with US indictments of 12 Chinese nationals linked to cyber espionage, including two alleged Silk Typhoon members.

Social Engineering and Stolen Credential Threats Continue to Dominate Cyber Attacks

CrowdStrike’s 2025 Global Threat Report highlights a sharp rise in social engineering attacks, with credential theft surging by 442% in the latter half of 2024. Stolen credentials remain a primary attack vector, while adversaries operate with increasing speed: the average time to move within a compromised network has fallen to just 48 minutes, with some breaches occurring in as little as 51 seconds. The report underscores the need for enhanced employee training, stronger credential protection, and improved detection capabilities to counter these evolving threats, particularly as cyber criminals leverage AI and target cloud environments with greater sophistication.

Security CEOs Warn Your Voicemail Greeting is the Latest Target for Cyber Criminals

Cyber security leaders are warning that AI voice cloning is a growing threat, with criminals using voicemail recordings to impersonate individuals. Experts highlight that just three seconds of audio is enough to create a convincing deepfake, which can be exploited in scams targeting employees, families, and businesses. C-suite executives are particularly at risk, with attacks mimicking their voices to manipulate staff. To mitigate this risk, security professionals recommend replacing personal voicemail greetings with automated defaults, limiting voice recordings online, and using a family-safe word to verify urgent requests.

Would-be Extortionists Send “BianLian” Ransom Notes in the Mail

Executives are being targeted in a new ransomware scam involving physical letters falsely claiming to be from the BianLian ransomware group. The letters demand ransoms of $250,000 to $350,000, threatening to leak sensitive data unless payment is made within 10 days. However, security experts have found no evidence of actual network intrusions, suggesting the campaign is a fraudulent extortion attempt. The FBI has issued a warning, confirming no links to the real BianLian group. Organisations are advised to inform executives, review incident response procedures, and report any such letters to law enforcement.

Cyber Threat Highest It’s Ever Been, Ex-Five Eyes Leader Warns

The cyber threat to critical infrastructure is at an all-time high, driven by geopolitical tensions, financial incentives, and technological advancements, warns the former head of the UK’s National Cyber Security Centre (NCSC). Organised criminals and state-backed hacking groups pose a growing risk to essential services. Artificial intelligence is making cyber attacks more efficient, cost-effective, and accessible, potentially enabling new threat actors to launch large-scale campaigns. While financial motives remain unchanged, the increasing role of AI in cyber warfare is a key concern, as it lowers barriers to entry for malicious actors, amplifying the risks faced by organisations globally.

Trump Administration Retreats in Fight Against Russian Cyber Threats

The Trump administration has shifted its stance on cyber threats, no longer publicly recognising Russia as a major cyber security risk to US national security and critical infrastructure. This policy change marks a significant departure from long-standing intelligence assessments and contrasts with the positions of US allies. Experts warn that deprioritising Russia as a cyber threat could leave the US vulnerable to attacks. Reports indicate internal directives have limited efforts to monitor Russian cyber activities, raising concerns that adversaries may exploit weakened defences. Meanwhile, job cuts across key agencies may have further reduced cyber security capabilities, compounding the risks.

Sources:

https://www.darkreading.com/cyber-risk/cybersecurity-future-governance-not-more-tools

https://www.darkreading.com/cyber-risk/thinking-outside-box-cyber-risk

https://www.forbes.com/sites/jameshadley/2025/03/04/why-cyber-drills-are-as-vital-as-fire-drills/

https://www.infosecurity-magazine.com/news/nonprofits-email-threats-rise-35/

https://www.jdsupra.com/legalnews/rising-cyber-threats-in-europe-s-7746792/

https://www.infosecurity-magazine.com/news/old-vulnerabilities-widely/

https://cyberscoop.com/silk-typhoon-targets-it-services/

https://natlawreview.com/article/social-engineering-stolen-credential-threats-continue-dominate-cyber-attacks

https://cybernews.com/security/cybercriminals-use-voicemail-greetings-ai-voice-cloning-attacks/

https://www.infosecurity-magazine.com/news/extortionists-bianlian-ransom/

https://www.nzherald.co.nz/business/markets-with-madison/cyber-threat-highest-its-ever-been-ex-five-eyes-leader-warns/F4G6TUDZ3JAT7PNZNFBVBXXPF4/

https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security


Governance, Risk and Compliance

Cybersecurity’s Future Is All About Governance, Not More Tools

Why Employee Training Is A Critical Component Of Effective Business Cybersecurity - Minutehack

Why Cyber Drills Are As Vital As Fire Drills

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

SolarWinds CISO says security execs are ‘nervous’ about individual liability for data breaches  | CyberScoop

Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews

Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine

Third-Party Risk Top Cybersecurity Claims

Cyber risks see SME focus but big risks remain

Board Oversight of Cyber Security Incidents

How to create an effective incident response plan | CSO Online

CFOs’ Risk Outlook—The Economy, Cyber and Talent Are Top Concerns

What CISOs need from the board: Mutual respect on expectations | CSO Online

The evolving landscape of regulatory compliance in cybersecurity - Digital Journal

WTF? Why the cyber security sector is overrun with acronyms | CSO Online

The 5 stages of incident response grief - Help Net Security

A Shield of Defensibility Protecting CISOs and Their Companies

CISO Liability Risks Spur Policy Changes at 93% of Organisations - Infosecurity Magazine

Are cybersecurity chiefs focusing too much on legal liability—and not enough on fixing vulnerabilities? | Fortune

CISO vs. CIO: Where security and IT leadership clash (and how to fix it) - Help Net Security

Cyber Threats Are Evolving Faster Than Defences

Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Evolution: From Encryption to Extortion

Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever

Cyber criminals picked up the pace on attacks last year | CyberScoop

Ransomware 2025: Lessons from the Past Year and What Lies Ahead

Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs | MSSP Alert

Ransomware activity surged last year, report finds | SC Media

Ransomware Attacks Appear to Keep Surging - InfoRiskToday

Inside the Minds of Cyber Criminals: A Deep Dive into Black Basta’s Leaked Chats   - Security Boulevard

Your New Car Could Be the Next Ransomware Target

Ransomware scum abusing Microsoft Windows-signed driver • The Register

VulnCheck Exposes CVEs From Black Bastas' Chats

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Would-be Extortionists Send “BianLian” Ransom Notes in the Mail - Infosecurity Magazine

Cactus Ransomware: What You Need To Know | Tripwire

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Emulating the Relentless RansomHub Ransomware - Security Boulevard

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks

Ransomware: from REvil to Black Basta, what do we know about Tramp? | Computer Weekly

Schools Vs Ransomware: Lessons Learned From A Cyber Attack - TeachingTimes

Ransomware Victims

Hunters International ransomware claims attack on Tata Technologies

Qilin claims attacks on cancer, women's clinics • The Register

Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Ransomware Group Takes Credit for Lee Enterprises Attack - SecurityWeek

Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine

Phishing & Email Based Attacks

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

Phishing Campaign Uses Havoc Framework to Control Infected Systems - Infosecurity Magazine

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them

Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert

How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ

Business Email Compromise (BEC)/Email Account Compromise (EAC)

From Event to Insight Unpacking a B2B Business Email Compromise BEC Scenario | Trend Micro (US)

Other Social Engineering

2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft

How QR code attacks work and how to protect yourself - Help Net Security

Vishing attacks surged 442% last year - how to protect yourself | ZDNET

The Hidden Risks Of Job Hunting: Recruitment Fraud And Cybersecurity

What is vishing? Voice phishing is surging - expert tips on how to spot it and stop it | ZDNET

North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds

Digital nomads and risk associated with the threat of infiltred employees

YouTube warns of AI-generated video of its CEO used in phishing attacks

Scammers take over social media - Help Net Security

Fake police call cryptocurrency investors to steal their funds

Artificial Intelligence

Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews

89% of enterprise AI usage is invisible to the organisation - Help Net Security

Deepfake cyber attacks proliferated in 2024, iProov claims • The Register

Nearly 12,000 API keys and passwords found in AI training dataset

The Urgent Need to Address Cyber Security in the GenAI Market

Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar

How New AI Agents Will Transform Credential Stuffing Attacks

YouTube warns of AI-generated video of its CEO used in phishing attacks

New Report Finds that 78% of Chief Information Security Officers Globally are Seeing a Significant Impact from AI-Powered Cyber Threats - up 5% from last year

Private 5G Networks Face Security Risks Amid AI Adoption - Infosecurity Magazine

Anorexia coaches, self-harm buddies and sexualized minors: How online communities are using AI chatbots for harmful behavior  | CyberScoop

Police arrests suspects tied to AI-generated CSAM distribution ring

Innovation vs. security: Managing shadow AI risks - Help Net Security

Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows | Kaspersky official blog

Malware

Microsoft says malvertising campaign impacted 1 million PCs

Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

Hackers Weaponizing PowerShell & Microsoft Legitimate Apps To Deploy Malware

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Devs beware: fake Golang packages target Mac users | Cybernews

Polyglot files used to spread new backdoor | CSO Online

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED

5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them

Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert

26 Million Devices Hit By Infostealers—Bank Cards Leaked To Dark Web

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows | Kaspersky official blog

Russian-Speaking Hackers Goad Users Into Installing Havoc

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Bots/Botnets

Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet | TechRadar

Widespread network edge device targeting conducted by PolarEdge botnet | SC Media

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Mobile

Over 500K Android, iOS, iPadOS, Devices Impacted By Spyzie Stalkerware | MSSP Alert

Governments can't seem to stop asking for secret backdoors • The Register

New Android RAT Dubbed “AndroRAT” Attacking to Steal Pattern, PIN & Passcodes

Do you really need to worry about spyware on your phone?

Google’s 'consent-less' Android tracking probed by academics • The Register

Google confirms mass app deletion on Play Store after ad fraud | Android Central

Denial of Service/DoS/DDoS

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar

New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek

Internet of Things – IoT

Top risks produced by old wireless routers and smart home devices

8 ways to secure your smart home from hackers

Your New Car Could Be the Next Ransomware Target

BadBox Botnet Powered by 1 Million Android Devices Disrupted - SecurityWeek

How Can Your Smart Washer Pose A Threat To Your Privacy?

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Goodbye Kia - this is the serious vulnerability that affects all vehicles registered after this date

Data Breaches/Leaks

Inside a cyber attack: How hackers steal data

Lost luggage data leak exposes nearly a million records | Cybernews

75% of US government websites experienced data breaches | Cybernews

Angel One Breach Compromises Client Data | MSSP Alert

Organised Crime & Criminal Actors

Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever

Cyber criminals picked up the pace on attacks last year | CyberScoop

Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald

Online crime-as-a-service skyrockets with 24,000 users selling attack tools - Help Net Security

US Soldier Intends to Admit Hacking 15 Telecom Carriers

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement | CyberScoop

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence

International cops seize Russian crypto exchange Garantex • The Register

Bybit hackers resume laundering activities, moving another 62,200 ETH

US recovers $31 million stolen in 2021 Uranium Finance hack

$51,300,000,000: Crypto Scams 2025 Report by Chainalysis is Out

Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan

North Korea’s $1.5 billion heist puts the crypto world on notice - The Japan Times

Shape-shifting Chrome extensions target wallets​ | Cybernews

Fake police call cryptocurrency investors to steal their funds

Insider Risk and Insider Threats

Digital nomads and risk associated with the threat of infiltred employees

Insurance

Third-Party Risk Top Cyber Security Claims

Supply Chain and Third Parties

Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine

Third-Party Risk Top Cyber Security Claims

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access

Why Vendor Risk Management Can't Be a One-Time Task | UpGuard

Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register

Cloud/SaaS

How to plan your cloud migration with security in mind | SC Media

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

New Microsoft 365 outage impacts Teams, causes call failures

Microsoft Teams and other Windows tools hijacked to hack corporate networks | TechRadar

Attackers Leverage Microsoft Teams and Quick Assist for Access - Infosecurity Magazine

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Outages

New Microsoft 365 outage impacts Teams, causes call failures

Barclays: bank to pay £12.5m compensation for online outage

Microsoft Blames Widespread Outage On “Problematic Code Change”

How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ

Identity and Access Management

Misconfigured access management systems expose global enterprises to security risks | CSO Online

Identity: The New Cyber Security Battleground

Prioritising data and identity security in 2025 - Help Net Security

Encryption

The UK will neither confirm nor deny that it’s killing encryption | The Verge

Encryption Wars: Governments Want a Backdoor, but Hackers Are Watching | HackerNoon

"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections | TechRadar

France pushes for law enforcement access to Signal, WhatsApp and encrypted email  | Computer Weekly

Governments can't seem to stop asking for secret backdoors • The Register

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Why a push for encryption backdoors is a global security risk - Help Net Security

UK cyber security damaged by “clumsy Home Office political censorship” | Computer Weekly

Linux and Open Source

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS

Open Source Security Risks Continue To Rise

Passwords, Credential Stuffing & Brute Force Attacks

2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft

How New AI Agents Will Transform Credential Stuffing Attacks

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Social Media

UK probes TikTok, Reddit over child data privacy concerns • The Register

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

YouTube warns of AI-generated video of its CEO used in phishing attacks

Scammers take over social media - Help Net Security

USCIS mulls policing social media of all would-be citizens • The Register

Malvertising

Microsoft says malvertising campaign impacted 1 million PCs

Training, Education and Awareness

Why Employee Training Is A Critical Component Of Effective Business Cyber Security - Minutehack

Regulations, Fines and Legislation

Former intelligence officials denounce job cuts to federal cyber roles - Nextgov/FCW

Cyber resilience under DORA – are you prepared for the challenge? | TechRadar

The Crime and Policing Bill Explained

Governments can't seem to stop asking for secret backdoors • The Register

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Why a push for encryption backdoors is a global security risk - Help Net Security

What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget

The evolving landscape of regulatory compliance in cyber security - Digital Journal

Is Trump risking US national security to woo Putin? US no longer sees Russia as major cyber threat, tweaks foreign policy- The Week

CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek

UK security in shock as America signals end to cyber operations against Russia

The Wiretap: How Trump, Hegseth And DOGE Are Undermining Ukrainian Security

DoD, CISA Deny Reports of Pausing Cyber Operations Against Russia | MSSP Alert

Gadgets Used By American Presidents (And Why They Were A Security Nightmare)

National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert

CISA Cuts: A Dangerous Gamble in a Dangerous World

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation - Help Net Security

Trump's Staffing Overhauls Hit Nation's Cyber Defense Agency

Strengthening Telecommunications Security: A Call to Action for Cyber Resilience

Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard

Google asks US government to drop breakup plan over national security fears | TechRadar

Models, Frameworks and Standards

Cyber resilience under DORA – are you prepared for the challenge? | TechRadar

What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget

Financial Organisations Urge CISA to Revise Proposed CIRCIA Implementation - SecurityWeek

Navigating NIS 2 compliance [Q&A]

Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard

Careers, Working in Cyber and Information Security

New 2025 SANS Threat Hunting Survey Reveals 61% of Organisations Struggle with Staffing Shortages

The days of easy hiring in cyber security coming to an end • The Register

Stress and Burnout Impacting Vast Majority of IT Pros - Infosecurity Magazine

Cyber Security Job Satisfaction Plummets, Women Hit Hardest - Infosecurity Magazine

Why Cyber Security Jobs Are Hard to Find in a Worker Shortage

Will AI Start Taking Cyber Security Professionals' Jobs?

Law Enforcement Action and Take Downs

International cops seize Russian crypto exchange Garantex • The Register

US seizes domain of Garantex crypto exchange used by ransomware gangs

US Soldier Intends to Admit Hacking 15 Telecom Carriers

Police arrests suspects tied to AI-generated CSAM distribution ring

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement | CyberScoop

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

Will Chinese cyberespionage be more aggressive in 2025? CrowdStrike thinks so | TechRadar

Silk Typhoon shifted to specifically targeting IT management companies | CyberScoop

In case we forgot, Typhoon attacks remind us of China’s cyber capability—and intent | The Strategist

Chinese cyber espionage growing across all industry sectors | CSO Online

Defence, not more assertive cyber activity, is the right response to Salt Typhoon | The Strategist

US Charges Members of Chinese Hacker-for-Hire Group i-Soon - Infosecurity Magazine

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Russia

The Trump Administration Is Deprioritizing Russia as a Cyber Threat | WIRED

As Trump warms to Putin, U.S. halts offensive cyber operations against Moscow - The Washington Post

Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters

France has ‘trouble understanding’ US halt on cyber operations against Russia – POLITICO

Is Trump risking US national security to woo Putin? US no longer sees Russia as major cyber threat, tweaks foreign policy- The Week

CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek

US Cyber Command Russia stand-down: Strategic diplomacy or security gamble? | SC Media

DHS says CISA won’t stop looking at Russian cyber threats | CyberScoop

UK security in shock as America signals end to cyber operations against Russia

National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert

CISA Cuts: A Dangerous Gamble in a Dangerous World

Russian telecom Beeline facing outages after cyber attack | The Record from Recorded Future News

Russian-Speaking Hackers Goad Users Into Installing Havoc

International cops seize Russian crypto exchange Garantex • The Register

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Ukraine's intel service honors civilian hackers for the first time with military award | The Record from Recorded Future News

Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine

Iran

Large cyber attack emanated from Iran days after Trump sanctions - watchdogs | Iran International

Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector

Crafty Camel APT Targets Aviation, OT With Polygot Files

North Korea

How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence

Bybit hackers resume laundering activities, moving another 62,200 ETH

North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds

Digital nomads and risk associated with the threat of infiltred employees

Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan

The rise of Lazarus Group from Sony hacks to billion dollar crypto heists



Other News

Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview | HaystackID - JDSupra

Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35% - Infosecurity Magazine

Cyber risks see SME focus but big risks remain

Attackers could hack smart solar systems and cause serious damages

Popular Chrome extensions hijacked by hackers in widespread cyber attack — 3.2 million at risk | Tom's Guide

This Browser-Based Attack Can Dodge Security Protections to Take Over Your Account

What is cyber stalking and how to prevent it? | Definition from TechTarget

The More You Care, The More You Share: Information Sharing And Cyber Awareness

What is a Watering Hole Attack? | Definition from TechTarget

WTF? Why the cyber security sector is overrun with acronyms | CSO Online

If you want security, start with secure products – Computerworld

ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report - SecurityWeek

Over Half of Organisations Report Serious OT Security Incidents - Infosecurity Magazine

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation - Help Net Security

Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters

Polish Space Agency offline as it recovers from cyber attack

Hackers breach military walls as funding falls short | Cybernews

Why Decommissioned Nuclear Sites Must Stay on the Security Agenda | SC Media UK

15 Percent of Healthcare PCs Fail Security Test, Increasing Risk of Ransomware, Breaches, and Compliance Violations | Business Wire

3 Cyber Security Steps Every Local Government Should Take

First EU “cyber” Council focusses on crisis management and critical infrastructure security – ministry - Delfi EN

Google asks US government to drop breakup plan over national security fears | TechRadar



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 28 February 2025

Black Arrow Cyber Threat Intelligence Briefing 28 February 2025:

-Cyber Security's Biggest Blind Spot - Third-Party Risk

-Cyber Criminals Can Now Clone Any Legitimate Website, and It’s Pretty Terrifying

-Over 25 New Malware Variants Created Every Single Hour

-Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour

-Only a Fifth of Ransomware Attacks Now Encrypt Data

-Biggest Crypto Heist in History, Worth $1.5Bn, Linked to North Korea Hackers

-89% of Enterprise GenAI Usage is Invisible to Organisations, Exposing Critical Security Risks

-Combating Deepfakes in Financial Services: A Call to Action

-Threat Actors Are Increasingly Trying to Grind Business to a Halt

-With AI and Automation, Hackers are Stealing Data at Unprecedented Speeds

-Mobile Phishing Attacks on the Rise

-With Millions Upon Millions of Victims, Scale of Info-Stealer Malware Laid Bare

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

The last week has identified several critical cyber security threats that demand immediate attention from business leaders. Third-party risk has become a major concern, with supply chain vulnerabilities now driving 31% of cyber insurance claims. Attackers are also leveraging new techniques, such as MFA fatigue and AI-powered phishing, to bypass traditional defences. The emergence of sophisticated phishing toolkits and deepfake fraud highlights the growing challenge of verifying digital identities, while mobile phishing (mishing) is increasingly targeting employees through personal devices.

The accelerating pace of cyber threats is evident, with 25 new malware variants created every hour and cyber criminals leveraging AI and automation to exfiltrate data at unprecedented speeds, sometimes within minutes. Meanwhile, ransomware actors are shifting strategies, focusing 80% of attacks on data theft rather than encryption, making traditional defences less effective. The surge in generative AI usage within enterprises, often without IT oversight, introduces further risks, including data leakage and code exposure.

Black Arrow Cyber believes that businesses must adopt a proactive, layered security approach. This includes real-time threat detection, robust vendor risk management, AI-driven fraud prevention, and enhanced employee training. With cyber extortion demands rising sharply and operational disruptions increasing, organisations that fail to adapt will face significant financial, operational, and reputational consequences.


Top Cyber Stories of the Last Week

Cyber Security's Biggest Blind Spot: Third-Party Risk

Cyber insurer Resilience has identified third-party risk as a leading driver of cyber insurance claims, accounting for 31% of all claims in 2024. Notably, for the first time, these risks led to direct financial losses, making up 23% of incurred claims. Ransomware remained a major cause, linked to 61% of losses, while transfer fraud increased to 18%. Sectors such as healthcare, finance, and manufacturing were most affected. The findings highlight the growing need for businesses to assess not just their own cyber security, but also that of their vendors to mitigate financial and operational risks.

Cyber Criminals Can Now Clone Any Legitimate Website, and It’s Pretty Terrifying

Researchers have identified a surge in activity around a new phishing toolkit, called Darcula-suite 3.0, which enables cyber criminals to clone legitimate websites with ease. This development significantly lowers the barrier for less technical attackers, allowing them to impersonate trusted brands and steal sensitive information. The toolkit includes an admin panel to track successful attacks and even generate fraudulent payment card details. As phishing scams grow more sophisticated with AI-driven enhancements, organisations must strengthen their cyber security measures to mitigate the risk of falling victim to these increasingly convincing attacks.

Over 25 New Malware Variants Created Every Single Hour

SonicWall’s latest research highlights an alarming rise in cyber threats, with 637 new malware variants detected daily; more than 25 every hour. Encrypted threats have surged by 92%, with attackers leveraging TLS encryption to bypass defences. Security teams are under increasing strain, with burnout and mental health concerns on the rise. Despite the urgency, some organisations take up to 150 days to apply critical patches, leaving them exposed. With cyber attacks doubling in cost in 2024, businesses must move beyond legacy defences and adopt real-time threat monitoring and security operations centre (SOC) capabilities to stay ahead of increasingly sophisticated threats.

Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour

MFA fatigue attacks are emerging as a critical cyber security threat, exploiting human behaviour rather than technical vulnerabilities. Attackers overwhelm users with repeated MFA prompts, hoping frustration or confusion will lead to accidental approval. High-profile breaches, including Uber in 2022, highlight the risks. Cyber criminals often pair push spamming with social engineering to increase success rates. Organisations must move beyond reliance on MFA alone by implementing phishing-resistant authentication, monitoring for excessive login attempts, and training staff to recognise and report unusual activity. A layered security approach is essential to counter these evolving tactics and protect critical systems.

Only a Fifth of Ransomware Attacks Now Encrypt Data

ReliaQuest’s latest report reveals that ransomware actors are increasingly abandoning encryption, with 80% of attacks in 2024 focused solely on data exfiltration, which is 34% faster. Service accounts were a key vulnerability, implicated in 85% of breaches, while insufficient logging was identified as the leading cause of security failures. Two-thirds of critical intrusions involved legitimate software, and a quarter stemmed from exploited public-facing applications. The report urges organisations to enhance monitoring, deploy AI-driven automation, and strengthen endpoint security to keep pace with increasingly rapid cyber threats.

Biggest Crypto Heist in History, Worth $1.5Bn, Linked to North Korea Hackers

A cyber attack on the Dubai-based cryptocurrency exchange Bybit resulted in the theft of an estimated $1.5bn, with analysts attributing the breach to North Korea’s Lazarus Group. Experts report that malware was used to authorise fraudulent transactions, with the stolen funds allegedly laundered to support North Korea’s missile programme. Bybit has offered a $140m bounty to trace and freeze the stolen assets. Blockchain analysis indicates North Korea-linked hackers were responsible for one in five crypto breaches in 2024, stealing $1.34bn across 47 incidents, up from $660m across 20 incidents the previous year.

89% of Enterprise GenAI Usage is Invisible to Organisations, Exposing Critical Security Risks

A new report by LayerX highlights a significant blind spot in enterprise security, revealing that nearly 90% of generative AI (GenAI) usage occurs without IT oversight. This lack of visibility increases risks such as data leakage and unauthorised access. While only 15% of employees use GenAI daily, 50% engage with these tools at least biweekly. Notably, 39% of frequent users are software developers, raising concerns over proprietary code exposure. Additionally, half of all data pasted into GenAI tools contains corporate information, underscoring the urgent need for robust security measures to manage ‘shadow AI’ and protect sensitive business data.

Combating Deepfakes in Financial Services: A Call to Action

Deepfake fraud is emerging as a critical threat to financial institutions. Criminals use AI-generated video and audio to bypass traditional security measures, impersonating executives and manipulating high-value transactions. One incident saw an organisation transfer $25 million following a deepfake video call. To combat this, financial firms must adopt advanced identity verification, including liveness detection and AI-driven fraud analysis. A layered security approach, combined with employee awareness and customer education, is essential to mitigating risk and maintaining trust in digital banking.

Threat Actors Are Increasingly Trying to Grind Business to a Halt

Palo Alto Networks’ Unit 42 found that nearly 9 in 10 cyber attacks it responded to last year led to business disruption, with organisations facing operational downtime, fraud-related losses and reputational damage. Attackers increasingly use disruption as leverage, alongside encryption and data theft, to pressure victims into paying. The median extortion demand surged by almost 80% to $1.25 million in 2024, though negotiated payments averaged $267,500. Critical infrastructure sectors, including health care and manufacturing, were particularly targeted. These findings highlight the growing threat of cyber extortion and the increasing financial and operational toll on businesses.

With AI and Automation, Hackers are Stealing Data at Unprecedented Speeds

ReliaQuest’s Annual Cyber-Threat Report highlights how AI and automation are accelerating cyber attacks, with hackers now exfiltrating critical data in record time. On average, attackers achieve lateral movement within 48 minutes, with the fastest observed data theft occurring in just 4 hours and 29 minutes. Ransomware groups increasingly prioritise data exfiltration over encryption, with 80% of attacks focused on stealing information. In 60% of cases, stolen data is sent to legitimate cloud platforms. With the threat landscape evolving rapidly, organisations must rethink their response strategies to detect and mitigate attacks before critical assets are compromised.

Mobile Phishing Attacks on the Rise

Mishing (mobile phishing) attacks have risen sharply, with one major global campaign compromising over 600 organisations. Attackers are increasingly using advanced social engineering tactics, including device-aware phishing and geolocation-based redirection, making scams more targeted and harder to detect. The rise in Bring Your Own Device policies and reduced user verification of URLs have contributed to this trend. Security experts highlight the need for organisations to adapt, recommending mobile threat defence, phishing-resistant multi-factor authentication, clear Bring Your Own Device policies, and strong password management to counter the growing risk of credential-based attacks.

With Millions Upon Millions of Victims, Scale of Info-Stealer Malware Laid Bare

A vast trove of stolen credentials has been added to the privacy-breach-notification service ‘Have I Been Pwned’ (HIBP) after a government agency tipped off its founder, Troy Hunt. The dataset, linked to the "Alien Txtbase" Telegram channel, comprises 1.5TB of data, including 23 billion records and 284 million unique email addresses, harvested by info-stealer malware. HIBP has integrated 244 million new passwords and updated 199 million existing ones. Attackers increasingly exploit stolen credentials to bypass security, with new HIBP APIs now enabling organisations to check if their domains are compromised, reinforcing the need for strong cyber security measures.

Sources:

https://www.prnewswire.com/news-releases/cybersecuritys-biggest-blind-spot-third-party-risk-new-resilience-analysis-finds-302386804.html

https://www.xda-developers.com/cybercriminals-clone-legitimate-website/

https://www.techradar.com/pro/security/over-25-new-malware-variants-created-every-single-hour-as-smart-device-cyberattacks-more-than-double-in-2024

https://www.itsecurityguru.org/2025/02/25/understanding-mfa-fatigue-why-cybercriminals-are-exploiting-human-behaviour/

https://www.infosecurity-magazine.com/opinions/healthcare-ai-fight-cyber-attacks/

https://news.sky.com/story/biggest-crypto-heist-in-history-worth-1-5bn-linked-to-north-korea-hackers-13317301

https://thehackernews.com/2025/02/89-of-enterprise-genai-usage-is.html

https://www.finextra.com/blogposting/27927/combating-deepfakes-in-financial-services-a-call-to-action

https://cyberscoop.com/cyberattacks-business-disruption-2025-unit-42-palo-alto-networks/

https://cybernews.com/security/hackers-stealing-data-at-unprecedented-speeds/

https://www.scworld.com/brief/mobile-phishing-attacks-on-the-rise

https://www.theregister.com/2025/02/26/hibp_adds_giant_infostealer_trove/



Threats

Ransomware, Extortion and Destructive Attacks

Only a Fifth of Ransomware Attacks Now Encrypt Data - Infosecurity Magazine

AI is helping hackers get access to systems quicker than ever before | TechRadar

FBI Has Warned About 'Ghost' Cyber Attacks. What You Need to Know. - Business Insider

Warning issued over prolific 'Ghost' ransomware group | ITPro

Arctic Wolf Threat Report: 96 Percent of Ransomware Cases Included Data Theft as Cyber Criminals Double Down on Extortion

New Anubis Ransomware Could Pose Major Threat to Organisations - SecurityWeek

EncryptHub breaches 618 orgs to deploy infostealers, ransomware

With AI and automation, hackers are stealing data at unprecedented speeds | Cybernews

23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild

CL0P Ransomware Attacking Telecommunications & Healthcare Sectors In Large Scale

Threat actors are increasingly trying to grind business to a halt | CyberScoop

Massive leak exposes the inner workings of top ransomware syndicate Black Basta | TechSpot

Black Basta ransomware leak sheds light on targets, tactics | TechTarget

NCC Group tracks alarming ransomware surge in January | TechTarget

A landscape forever altered? The LockBit takedown one year on | Computer Weekly

Should ransomware payments be illegal? | TechRadar

Black Basta Goes Dark Amid Infighting, Chat Leaks Show

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail | Malwarebytes

Targeted by Ransomware, Middle East Banks Shore Up Security

Dragos: Ransomware attacks against industrial orgs up 87% | TechTarget

Ransomware Victims

Ransomware attack on Southern Water cost £4.5 million – DataBreaches.Net

Hackers claim responsibility for NHS provider attack - BBC News

DISA took a year to disclose a breach affecting 3.3M+ people • The Register

DragonForce Ransomware Group is Targeting Saudi Arabia

British celebs warned their private details could be leaked online after cyber criminals hacked agency | Daily Mail Online

'Paddington' victim of Russian cyber attack

Ransomware Gang Publishes Stolen Genea IVF Patient Data - Infosecurity Magazine

LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat

Home Depot Refutes Clop Ransomware Attack Claims | MSSP Alert

‘Cyber incident’ shuts down Cleveland Municipal Court for third straight day | The Record from Recorded Future News

Phishing & Email Based Attacks

Cyber criminals can now clone any legitimate website, and it's pretty terrifying

Cyber Crooks Exploit URL Manipulation In Sophisticated Phishing Scam

Forget phishing, now "mishing" is the new security threat to worry about | TechRadar

Cyber Criminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3

Job Application Spear Phishing - Security Boulevard

Deceptive Signatures: Advanced Techniques in BEC Attacks

Beware: PayPal "New Address" feature abused to send phishing emails

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

Be careful! That legit PayPal email might be a phishing scam | PCWorld

How I Keep Myself Safe From Phishing When I Work From Home

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Deceptive Signatures: Advanced Techniques in BEC Attacks

Other Social Engineering

Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour - IT Security Guru

CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks

One wrong SMS can wipe your savings, thanks to this Android Trojan | Cybernews

Pump.fun X account hacked to promote scam governance token

DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert

Artificial Intelligence

Deep trouble: Deepfakes and their implications for cyber security - Verdict

4 Low-Cost Ways to Defend Your Organisation From Deepfakes

Combating Deepfakes in Financial Services: A Call to Action: By Adam Preis

AI is helping hackers get access to systems quicker than ever before | TechRadar

With AI and automation, hackers are stealing data at unprecedented speeds | Cybernews

CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks

The truth about GenAI security: your business can't afford to “wait and see” | TechRadar

The First International AI Safety Report: A Call To Action

89% of Enterprise GenAI Usage Is Invisible to Organisations Exposing Critical Security Risks, New Report Reveals

Quarter of Brits Report Deepfake Phone Scams - Infosecurity Magazine

Microsoft names cyber criminals behind AI deepfake network

AI-Powered Deception is a Menace to Our Societies

Why AI deployment requires a new level of governance - Help Net Security

AI Is Everywhere Since October 7, From the Battlefield to the Cyber Arena - The Media Line

DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert

OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns

Nearly a third of UK public sector IT professionals anxious about AI security risks

2FA/MFA

Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour - IT Security Guru

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to know | ITPro

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Why Gmail is replacing SMS codes with QR codes - and what it means for you | ZDNET

Malware

Scale of unstoppable info-stealer malware laid bare • The Register

Cyber criminals prefer remote tools over malware, says CrowdStrike | SC Media

Why ‘malware as a service’ is becoming a serious problem | ITPro

Over 25 new malware variants created every single hour as smart device cyber attacks more than double in 2024 | TechRadar

Have I Been Pwned adds 284M accounts stolen by infostealer malware

Is your email or password among the 240+ million compromised by infostealers? - Help Net Security

3.9 Billion Passwords Stolen—Infostealer Malware Blamed

EncryptHub breaches 618 orgs to deploy infostealers, ransomware

AI malware pioneers | Cybernews

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

5 Active Malware Campaigns in Q1 2025

2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets

New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems

Hundreds of GitHub repos served up malware for years - Help Net Security

Mac malware masks as job interview to steal crypto | Cybernews

‘Auto-Color’ Linux Malware Uses Advanced Stealth Tactics To Evade Detection

Two new pieces of Mac malware in the wild – one being fixed this week

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

Vo1d malware botnet grows to 1.6 million Android TVs worldwide

Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks - Infosecurity Magazine

New malware disrupts critical industrial processes • The Register

Bots/Botnets

Massive botnet hits Microsoft 365 accounts - Help Net Security

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to know | ITPro

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Vo1d malware botnet grows to 1.6 million Android TVs worldwide

Mobile

Mobile phishing attacks on the rise | SC Media

Forget phishing, now "mishing" is the new security threat to worry about | TechRadar

SpyLend Android malware downloaded 100,000 times from Google Play

Apple currently only able to detect Pegasus spyware in half of infected iPhones

Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors

Flaw found in stalkerware apps, exposing millions of people. Here's how to find out if your phone is being spied upon

One wrong SMS can wipe your savings, thanks to this Android Trojan | Cybernews

Unmanaged Devices: The Overlooked Threat CISOs Must Confront

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail | Malwarebytes

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

Security flaw in popular stalkerware apps is exposing phone data of millions | TechRadar

Why this Android image-scanning feature is controversial - and how to get rid of it | ZDNET

A Major Security Flaw Has Been Discovered in Samsung's Secure Folder Feature | Extremetech

Denial of Service/DoS/DDoS

How DDoS Attacks Work and How You Can Protect Your Business From Them - Security Boulevard

Web DDoS attacks up over 500 percent

Radware’s Cyber Threat Report: Web DDoS Attacks Surge 550%

Internet of Things – IoT

Cyber Attacks On EV Chargers Pose A Growing Threat | The Truth About Cars

Vo1d malware botnet grows to 1.6 million Android TVs worldwide

Hackers Can Crack Into Car Cameras in Minutes Flat

Data Breaches/Leaks

Orange Group confirms breach after hacker leaks company documents

Cyber Security's Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds

Third parties now dominant cyber-attack point

Background check, drug testing provider DISA suffers data breach - Help Net Security

Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek

DISA took a year to disclose a breach affecting 3.3M+ people • The Register

Top digital loan firm security slip-up puts data of 36 million users at risk | TechRadar

Organised Crime & Criminal Actors

B1ack’s Stash released 1 Million credit cards - Security Affairs

Thailand Targets Cyber Sweatshops to Free 1000s of Captives

Microsoft names cyber criminals behind AI deepfake network

INSIGHT: Fraud-as-a-Service: Creating a new breed of fraudsters - AML Intelligence

10 cyber security insights from ex hacker and FBI agent who arrested him

2025 CrowdStrike Global Threat Report: Cyber Criminals Are Shifting Tactics – Are You Ready? - Security Boulevard

Data: Cyber threats skyrocket as attackers think like businesses | Capacity Media

'Silver Fox' APT Skirts Windows Blocklist in BYOVD Attack

26 New Threat Groups Spotted in 2024: CrowdStrike - SecurityWeek

Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies | CyberScoop

Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek

Leader of cyber blackmail gang faces jail – Court News UK

The evolution of Russian cyber crime | Intel 471

Beware of Fake Cyber Security Audits: Cyber Criminals Use Scams to Breach Corporate Systems | Tripwire

How Anonymous Actually Works, According to a Founding Member - Business Insider

Criminal hacker known as ALTDOS, DESORDEN, GHOSTR and 0mid16B arrested – DataBreaches.Net

US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Biggest crypto heist in history, worth $1.5bn, linked to North Korea hackers | Science, Climate & Tech News | Sky News

Lazarus Group moves funds to multiple wallets as Bybit offers bounty

Lazarus Group launches ‘QinShihuang’ meme coin to launder $26M more from Bybit stash | Cryptopolitan

AI Tricksters Spin Up Fake DeepSeek Sites to Steal Crypto

Mac malware masks as job interview to steal crypto | Cybernews

Inside the Lazarus Group money laundering strategy

Fake CS2 tournament streams used to steal crypto, Steam accounts

Pump.fun X account hacked to promote scam governance token

DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert

Argentina’s $4.6 Billion Crypto Scandal; Largest-Ever Crypto Theft

Insider Risk and Insider Threats

The Time to Speak to Employees About Insider Risk Is Now

US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

Insurance

Insurers still concerned over cyber risk unknowns

Supply Chain and Third Parties

Cyber Security's Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds

Third parties now dominant cyber-attack point

Survey: Nearly Half of Data Breaches Involved Third-Party Remote Access - Security Boulevard

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

Russia warns financial sector organisations of IT service provider LANIT compromise

Cloud/SaaS

UK backdoor order forces Apple to disable cloud encryption | Digital Trends

Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand - SecurityWeek

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Are False Positives Killing Your Cloud Security? Veriti Research Reveals  - Security Boulevard

The Future of Auditing: What to Look for in 2025 - Security Boulevard

Encryption

Apple Pulls Encrypted iCloud Security Feature in UK Amid Government Backdoor Demands - MacRumors

Government has made UK user data ‘less secure’ with Apple row – experts - LBC

How end-to-end encryption will and won't change for Apple users in the UK | Tech News - Business Standard

Experts Slam Government After “Disastrous” Apple Encryption Move - Infosecurity Magazine

Public told to use Apple security tool Advanced Data Protection that Home Office tried to crack

Quantum Computing Has Arrived; We Need To Prepare For Its Impact

The encryption backdoor debate: Why are we still here?

The Case for Encryption | Open Rights Group

Google Says Its Encryption Has Not Changed—Does Android Now Beat iPhone?

FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data

UK blindsided US intelligence by asking for Apple backdoor, "a violation of American’s privacy and civil liberties" | TechRadar

Signal May Exit Sweden If Government Imposes Encryption Backdoor - Infosecurity Magazine

Privacy tech firms warn France’s encryption and VPN laws threaten privacy

Linux and Open Source

New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems

‘Auto-Color’ Linux Malware Uses Advanced Stealth Tactics To Evade Detection

OpenSSF Releases Security Baseline for Open Source Projects - SecurityWeek

Passwords, Credential Stuffing & Brute Force Attacks

Scale of unstoppable info-stealer malware laid bare • The Register

Hackers stole this engineer's 1Password database. Could it happen to you? | ZDNET

Is your email or password among the 240+ million compromised by infostealers? - Help Net Security

3.9 Billion Passwords Stolen—Infostealer Malware Blamed

HaveIBeenPwned Adds 244 Million Passwords Stolen By Infostealers - Infosecurity Magazine

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics - SecurityWeek

Social Media

As Meta gets rid of fact-checkers, misinformation is going viral | TechCrunch

How new Facebook policies incentivize spreading misinformation | ZDNET

Pump.fun X account hacked to promote scam governance token

Regulations, Fines and Legislation

Government has made UK user data ‘less secure’ with Apple row – experts - LBC

Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace | CyberScoop

Cyber security Needs to Stay Nonpartisan in the Age of DOGE

UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution | The Record from Recorded Future News

DOGE must halt all ‘negligent cyber security practices,’ House Democrats tell Trump | The Record from Recorded Future News

House Dems say DOGE is leaving publicly exposed entry points into government systems | CyberScoop

Firing of 130 CISA staff worries cyber security industry | CSO Online

Federal cyber security layoffs could leave U.S. vulnerable to hackers - CBS News

Why we need an expanded CISA to fight today’s cyber threats | SC Media

UK blindsided US intelligence by asking for Apple backdoor, "a violation of American’s privacy and civil liberties" | TechRadar

Gabbard Calls for Investigation of UK’s Apple Backdoor Request

The Future of Auditing: What to Look for in 2025 - Security Boulevard

Trump 2.0 Brings Cuts to Cyber, Consumer Protections – Krebs on Security

Fake video of Trump kissing Musk's toes beamed to federal computers

China compromised GOP emails ahead of Republican convention • The Register

NIST Purge Puts US Semiconductors, AI Safety At Risk

Models, Frameworks and Standards

We must all safeguard against cyber attacks

UK businesses should look to Ireland amid EU cyber security overhaul | Computer Weekly

How To Take Your Firm From Risk To Resilience In 8 DORA-compliant Steps

Careers, Working in Cyber and Information Security

The CISO's dilemma of protecting the enterprise while driving innovation - Help Net Security

The cyber security skills gap reality: We need to face the challenge of emerging tech | CSO Online

Many cyber security pros report low job satisfaction—all while trying to fend off increasing threats from hackers | Fortune

Cyber security professionals face expanding responsibilities, with 61% covering multiple domains

Law Enforcement Action and Take Downs

Microsoft names cyber criminals behind AI deepfake network

Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek

Leader of cyber blackmail gang faces jail – Court News UK

Criminal hacker known as ALTDOS, DESORDEN, GHOSTR and 0mid16B arrested – DataBreaches.Net

US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

Misinformation, Disinformation and Propaganda

As Meta gets rid of fact-checkers, misinformation is going viral | TechCrunch

How new Facebook policies incentivize spreading misinformation | ZDNET

AI-Powered Deception is a Menace to Our Societies

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

Opinion | The right-wing media machine hits a wall - The Washington Post


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Aggressive Tactics, Weaponization of AI-powered Deception Rises | Business Wire

The Growing Threat of Cyber Warfare from Nation-States - PaymentsJournal

Nation State Actors

A pivotal year for geopolitical cyber attacks – how should businesses manage the risks? | Insurance Business America

Geopolitical Tension Fuels APT and Hacktivism Surge - Infosecurity Magazine

How APT Naming Conventions Make Us Less Safe

China

It's not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills | CyberScoop

FBI Has Warned About 'Ghost' Cyber Attacks. What You Need to Know. - Business Insider

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

A Tale of Two Typhoons: Properly Diagnosing Chinese Cyber Threats - War on the Rocks

2025 CrowdStrike Global Threat Report: China’s Cyber Espionage Surges 150% with Increasingly Aggressive Tactics, Weaponization of AI-powered Deception Rises | Business Wire

CrowdStrike: China hacking has reached 'inflection point' | TechTarget

Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)'s staff emails

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics - SecurityWeek

China compromised GOP emails ahead of Republican convention • The Register

Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks - Infosecurity Magazine

Russia

The evolution of Russian cyber crime | Intel 471

Ukrainian hackers claim breach of Russian loan company linked to Putin’s ex-wife | The Record from Recorded Future News

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

Russia warns financial sector organisations of IT service provider LANIT compromise

Cyber Attacks Hits Leading Russian IT Service Provider’s Subsidiaries | MSSP Alert

Russia warns financial sector of major IT service provider hack

Australia Bans Kaspersky Software Over National Security and Espionage Concerns

Apple Cuts Off Russian Developers from Enterprise Program Amid Ongoing Sanctions - gHacks Tech News

Sweden investigates suspected sabotage of undersea telecoms cable - BBC News

Germany takes the fight to Russia in undersea cable war

Drone-Equipped U.S. Marines Now Helping Protect Baltic Sea Submarine Cables

Putin’s secret weapon: The threat to the UK lurking on our sea beds - BBC News

North Korea

Biggest crypto heist in history, worth $1.5bn, linked to North Korea hackers | Science, Climate & Tech News | Sky News

Lazarus Group launches ‘QinShihuang’ meme coin to launder $26M more from Bybit stash | Cryptopolitan

FBI Confirms North Korea’s Lazarus Group as Bybyit Hackers - Infosecurity Magazine

Inside the Lazarus Group money laundering strategy

FBI fingers North Korea for $1.5B Bybit cryptocurrency heist • The Register

Lazarus Group moves funds to multiple wallets as Bybit offers bounty

EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war | The Record from Recorded Future News

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Modern Approach to Attributing Hacktivist Groups - Check Point Research

How Anonymous Actually Works, According to a Founding Member - Business Insider





Vulnerability Management

23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild

Software Vulnerabilities Take Almost Nine Months to Patch - Infosecurity Magazine

UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution | The Record from Recorded Future News

61% of Hackers Use New Exploit Code Within 48 Hours of Attack - Infosecurity Magazine

Software security debt is spiralling out of control – remediation times have surged 47% in the last five years, and it’s pushing teams to breaking point | ITPro

What is VMaaS? Why You Should Consider Vulnerability-Management-as-a-Service

Misconfigured Access Systems Expose Hundreds Of Thousands Of Employees And Organisations

US Government Supercharges Security Vulnerabilities

Vulnerabilities

Atlassian fixed critical flaws in Confluence and Crowd

Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls - SecurityWeek

Huge cyber attack found hitting vulnerable Microsoft-signed legacy drivers to get past security | TechRadar

Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

Cisco Patches Vulnerabilities in Nexus Switches - SecurityWeek

Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers - SecurityWeek

Mac security researchers expose two new exploits | Macworld

Max Severity RCE Vuln in All Versions of MITRE Caldera

Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) - Help Net Security


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 21 February 2025

Black Arrow Cyber Threat Intelligence Briefing 14 February 2025:

-Supply Chain Cyber Attacks Surge Over 400%, Expected to Continue Rising

-98% of Business Leaders Can't Spot a Phishing Scam

-Two-Thirds of UK Businesses Still Failing on Cyber Security

-44% of Middle-Market Firms Invest in Cyber Crime Protection

-A Deepfake Epidemic Is Coming: People Are Simply Not Good Enough at Identifying Fakes

-Cyber Security Gaps Exposed as 96% of S&P 500 Firms Hit by Data Breaches

-Cyber Criminals Shift Focus to Social Media as Attacks Reach Historic Highs

-Is a Lack of Supply Chain Visibility Undermining Board-Level Confidence in Cyber Security Programs?

-Ransomware Gangs Extort Victims 17 Hours After Intrusion on Average

-Over 330 million Credentials Compromised by Infostealers

-Mobile Phishing Attacks Surge, Accounting for 16% of Phishing Incidents

-Phishing-as-a-Service (PhaaS) Can Now Auto-Generate Phishing Kits for Any Brand

-This Open Text-to-Speech Model Needs Just Seconds of Audio to Clone Your Voice

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Black Arrow Cyber has identified a significant surge in cyber threats targeting organisations worldwide, with supply chain vulnerabilities, phishing scams, and ransomware tactics evolving at an alarming rate. Supply chain cyber attacks have increased by 431% in just two years, exposing weaknesses in third-party security oversight and operational dependencies. Simultaneously, phishing attacks remain a major risk, with 98% of senior business leaders unable to recognise key warning signs. The rapid rise of deepfake technology, infostealer malware, and mobile phishing further exacerbates these threats, with cyber criminals leveraging AI and automation to enhance their attack strategies.

Corporate cyber security measures remain insufficient, as evidenced by 96% of S&P 500 firms experiencing data breaches and 69% of UK businesses failing to implement basic network security protections. Ransomware gangs are accelerating their attacks, demanding ransoms within 17 hours of infiltration, while Phishing-as-a-Service platforms are making sophisticated attacks accessible to criminals with little technical knowledge. Social media has also become a prime target, with 2.55 billion threats blocked in a single quarter.

Black Arrow Cyber believes that urgent action is required. Businesses must prioritise proactive security strategies, including continuous supply chain monitoring, robust phishing awareness training, and advanced authentication measures to mitigate these growing risks. As cyber threats evolve, only a strong, multi-layered defence will ensure operational resilience and data security in an increasingly volatile digital landscape.

Top Cyber Stories of the Last Week

Supply Chain Cyber Attacks Surge Over 400%, Expected to Continue Rising

A new cyber risk report by Cowbell has revealed a 431% surge in supply chain cyber attacks between 2021 and 2023, with further increases expected by 2025. Businesses with revenues over $50 million are 2.5 times more likely to be targeted, with manufacturing, public administration, and education among the most at-risk sectors. Key vulnerabilities stem from reliance on third-party suppliers, poor visibility into vendor security, and weaknesses in operating systems and business applications. To mitigate these risks, organisations must enhance supplier oversight, conduct regular cyber risk assessments, and implement proactive security measures across their supply chains.

98% of Business Leaders Can't Spot a Phishing Scam

A new report from Tech.co has revealed that 98% of senior business leaders struggle to recognise all the warning signs of phishing, despite such attacks accounting for 40% of data breaches in 2024, a sharp rise from the previous year. Nearly half of respondents failed to identify urgency or threats as key phishing indicators, while 19% could not correctly define two-factor authentication. With the global average cost of a data breach reaching $4.88M, the findings highlight a critical gap in cyber security awareness at the highest levels, underscoring the need for improved training across all leadership roles.

Two-Thirds of UK Businesses Still Failing on Cyber Security

Beaming’s latest research reveals that 69% of UK businesses, equating to 3.6 million companies, are at heightened risk of cyber attack due to poor network security practices. Many fail to encrypt data in transit, isolate traffic from public infrastructure, or monitor for malicious activity. While the majority are micro businesses, over 7,000 medium-sized and nearly 1,000 large organisations also fall short. With corporate networks now critical to business operations, the report highlights a widespread failure to recognise their role in safeguarding sensitive data and maintaining operational resilience.

44% of Middle-Market Firms Invest in Cyber Crime Protection

A recent PYMNTS Intelligence report highlights that cyber security is a growing concern for middle-market CFOs, with 44% of high-uncertainty firms (facing fluctuating demand, supply chain disruptions, or macroeconomic volatility) investing in AI-driven threat detection. Rising cyber threats are diverting budgets away from innovation, forcing firms to prioritise security over growth. Nearly a third of high-uncertainty organisations have conducted third-party security assessments, while just 13% have implemented multifactor authentication. Despite these measures, optimism about cyber security improvements remains mixed, with 31% of high-uncertainty firms expecting risks to worsen in 2025, while 74% of low-uncertainty firms anticipate improvements.

A Deepfake Epidemic Is Coming: People Are Simply Not Good Enough at Identifying Fakes

A new study by iProov highlights the growing threat of deepfakes, revealing that most people struggle to distinguish AI-generated content from reality. In a test of 2,000 participants, only 0.1% correctly identified all deepfakes, with older adults being particularly vulnerable and 39% of those over 65 had never heard of deepfakes. While younger generations showed greater confidence, their detection accuracy did not improve. Social media was identified as a key risk area, with nearly half of respondents pointing to Meta and TikTok. Experts warn that traditional detection methods are insufficient, calling for biometric security solutions to combat rising deepfake threats.

Cyber Security Gaps Exposed as 96% of S&P 500 Firms Hit by Data Breaches

Nearly all S&P 500 firms have experienced data breaches, with 96% impacted, highlighting critical cyber security gaps across industries. A new report reveals widespread deficiencies in software patching, SSL configurations, and system hosting, with nearly 90% of companies affected by hosting vulnerabilities and over 80% exposed to web application security risks. Manufacturing, Finance, and Healthcare rank among the most vulnerable sectors. Nearly 63% of Finance sector employees reuse compromised passwords. The findings underscore the urgent need for stronger encryption, better patch management, and stricter credential security to mitigate risks and prevent further breaches.

Cyber Criminals Shift Focus to Social Media as Attacks Reach Historic Highs

Cyber criminals are increasingly exploiting social media platforms, with attacks reaching record highs in 2024. A new report from Gen revealed that 2.55 billion threats were blocked in Q4 alone, equating to 321 per second. Social engineering accounted for 86% of these, highlighting the growing sophistication of scams. Malvertising drove 41% of threats, while Facebook was the most targeted platform, linked to 56% of social media attacks. Financial scams surged, with mobile banking malware infections rising by 236%. As AI-driven fraud increases, businesses must prioritise cyber security awareness and robust defences to mitigate evolving digital risks.

Is a Lack of Supply Chain Visibility Undermining Board-Level Confidence in Cyber Security Programs?

Many UK organisations are struggling with supply chain cyber security. 95% of C-level executives reported being negatively impacted by supply chain cyber breaches, yet 34% have no way of knowing when an incident occurs. As supply chains grow (some organisations engage with over 10,000 third parties) so too does risk, with nearly every firm with 10,000+ suppliers suffering a breach in the past year. Boards must prioritise continuous monitoring and structured oversight to mitigate risk and ensure operational resilience amidst increasing regulatory pressures.

Ransomware Gangs Extort Victims 17 Hours After Intrusion on Average

Ransomware groups are accelerating their attacks, reducing the time organisations have to detect intrusions. Analysis shows the average time from breach to ransom demand is now just 17 hours, with some groups acting in as little as 4 to 6 hours. Groups with the fastest attack times have also seen the highest growth in victims. A shift towards data theft over encryption is emerging, exploiting gaps in data loss prevention tools. Multiple sectors remain primary targets, with attackers increasingly abusing remote monitoring tools to maintain access and evade detection.

Over 330 million Credentials Compromised by Infostealers

Infostealer malware emerged as a major initial access threat in 2024, with over 330 million credentials compromised across at least 4.3 million machines, according to a new report. These stolen credentials grant access to critical corporate services, heightening cyber security risks. While law enforcement efforts disrupted key infostealer operations, including RedLine, threats persist due to the growth of malware-as-a-service models. The report also highlighted a 10.5% rise in ransomware victims and a 28.5% increase in active threat groups, underscoring the escalating cyber crime landscape organisations must navigate.

Mobile Phishing Attacks Surge, Accounting for 16% of Phishing Incidents

Mobile phishing attacks, or “mishing,” have surged, with daily incidents peaking at over 1,000 in August 2024. A report by Zimperium zLabs found that 16% of these attacks occurred in the US, with India leading global susceptibility at 37%. Attackers are increasingly exploiting mobile-first channels such as SMS, QR codes and messaging apps to bypass traditional security measures, often using geolocation-targeted campaigns. With 82% of phishing sites now designed for mobile devices, experts stress the need for mobile-specific security strategies, including phishing-resistant multi-factor authentication, real-time URL analysis and targeted user training.

Phishing-as-a-Service (PhaaS) Can Now Auto-Generate Phishing Kits for Any Brand

The latest version of the Darcula phishing-as-a-service (PhaaS) platform removes technical barriers, enabling cyber criminals to launch highly sophisticated phishing attacks with minimal effort. The platform's new DIY phishing kit generator allows users to clone any brand's website automatically, streamlining credential theft. Additional features include enhanced anti-detection measures, real-time campaign monitoring, and tools for automating credit card fraud. Netcraft reports that in the past 10 months, it has blocked nearly 100,000 Darcula-related domains and 20,000 phishing sites, warning that the ease of use and growing adoption of this platform will significantly increase phishing attack volumes.

This Open Text-to-Speech Model Needs Just Seconds of Audio to Clone Your Voice

Zyphra has released an open-source text-to-speech model capable of cloning a voice with just five seconds of sample audio. The Zonos models, trained on 200,000 hours of multilingual speech data, generate convincing voice replicas, though subtle pacing inconsistencies remain detectable. Unlike competitors, Zyphra has made the models freely available under an open licence. While the technology has legitimate applications in accessibility and audiobook production, it also raises security concerns, such as its potential use in scams and misinformation campaigns. Given the minimal effort required to create realistic clones, organisations should be alert to emerging threats in voice-based authentication and fraud.

Sources:

https://www.insurancebusinessmag.com/us/news/cyber/supply-chain-cyber-attacks-surge-over-400-expected-to-continue-rising--cowbell-report-525369.aspx

https://www.businesswire.com/news/home/20250220627260/en/98-of-Business-Leaders-Cant-Spot-a-Phishing-Scam-Tech.co-Report-Reveals

https://totaltele.com/two-thirds-of-uk-businesses-still-failing-on-cyber-security/

https://www.pymnts.com/cybersecurity/2025/44percent-middle-market-firms-invest-cybercrime-protection/

https://www.techradar.com/pro/in-a-test-2000-people-were-shown-deepfake-content-only-one-of-them-managed-to-get-a-perfect-score

https://www.techmonitor.ai/technology/cybersecurity/cybersecurity-gaps-exposed-96-sp-500-firms-data-breaches

https://www.helpnetsecurity.com/2025/02/18/cybercriminals-social-media-attacks/

https://betanews.com/2025/02/16/is-a-lack-of-supply-chain-visibility-undermining-board-level-confidence-in-cyber-security-programs/

https://www.csoonline.com/article/3825444/ransomware-gangs-extort-victims-17-hours-after-intrusion-on-average.html

https://www.infosecurity-magazine.com/news/330-million-credentials/

https://www.infosecurity-magazine.com/news/mobile-phishing-attacks-surge-16/

https://www.bleepingcomputer.com/news/security/darcula-phaas-can-now-auto-generate-phishing-kits-for-any-brand/

https://www.theregister.com/2025/02/16/ai_voice_clone/



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware gangs extort victims 17 hours after intrusion on average | CSO Online

Ransomware and reputation | Professional Security Magazine

Ransomware Detection: Attack Types & Latest Techniques in 2025 - Security Boulevard

BlackLock ransomware onslaught: What to expect and how to fight it - Help Net Security

Ransomware Spike Driven By RaaS Operations | MSSP Alert

The new ransomware groups worrying security researchers in 2025 | ITPro

Ransomware Attacks on Critical Infrastructure, AI Use to Grow in 2025 | MSSP Alert

Dozens of Orgs Claimed To Be Hacked by Cl0p Ransomware | MSSP Alert

Ending the Ransomware Scourge Requires Punishing Its Enablers

There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victims | ITPro

BlackLock On Track to Be 2025’s Most Prolific Ransomware Group - Infosecurity Magazine

The growing cyber threat: Ransomware, China, and state-sponsored attacks - GZERO Media

Feds warn Ghost ransomware crew remains active, potent • The Register

CISA and FBI: Ghost ransomware breached orgs in 70 countries

Inside A LockBit Ransomware Attack: A Firsthand Account Of Financial And Security Fallout

Updated Shadowpad Malware Leads to Ransomware Deployment | Trend Micro (US)

Darktrace Report Highlights The Growing Power Of MaaS, Sneaky Evasion Tactics

Black Basta ransomware gang's internal chat logs leak online

Acronis H2 2024 Cyber Threats Report Unveils Rise in

The complete story of the 2024 ransomware attack on UnitedHealth

Consultation launched to protect critical national infrastructure from ransomware | New Civil Engineer

Is Russia Reining In Ransomware-Wielding Criminals?

Ransomware losses tumble but threat remains: Chainalysis

NailaoLocker ransomware targets EU healthcare-related entities

Ransomware Victims

Dozens of Orgs Claimed To Be Hacked by Cl0p Ransomware | MSSP Alert

Lee Enterprises newspaper disruptions caused by ransomware attack

Cyber attack likely to have ‘material impact’ on media giant Lee Enterprises’ bottom line | The Record from Recorded Future News

Christie's Ransomware Hack Settlement Pact Wins Court's Approval

Army soldier linked to Snowflake extortion to plead guilty • The Register

The complete story of the 2024 ransomware attack on UnitedHealth

Medusa extortion gang demands $2M from UK's HCRG Care Group • The Register

NailaoLocker ransomware targets EU healthcare-related entities

Phishing & Email Based Attacks

Darcula PhaaS can now auto-generate phishing kits for any brand

Mobile Phishing Attacks Surge with 16% of Incidents in US - Infosecurity Magazine

98% of Business Leaders Can't Spot a Phishing Scam Tech.co Report Reveals | Business Wire

Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine

What is device code phishing, and why are Russian spies so successful at it? - Ars Technica

Suspected Russian spies caught spoofing Teams invites • The Register

Threat actors are using legitimate Microsoft feature to compromise M365 accounts - Help Net Security

Hackers are using this new phishing technique to bypass MFA | ITPro

What is barrel phishing? All you need to know | NordVPN

Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains

Phishing with AI is cyber security’s new hook

This New Email Attack Can Bypass Spam Filters: Here's How to Protect Against It

Amazon Phish Hunts for Security Answers and Payment Information - Security Boulevard

Phishing attack hides JavaScript using invisible Unicode trick

Russian phishing campaigns exploit Signal's device-linking feature

A Signal Update Fends Off a Phishing Technique Used in Russian Espionage | WIRED

200 businesses take part in first nationwide phishing test as part of Exercise SG Ready | The Straits Times

Spear Phishing vs Phishing: What Are the Main Differences?

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Mining Company NioCorp Loses $500,000 in BEC Hack - SecurityWeek

Other Social Engineering

Zypher's speech model can clone your voice with 5s of audio • The Register

Cyber criminals shift focus to social media as attacks reach historic highs - Help Net Security

Venture capital giant Insight Partners hit by cyber attack

Cyber Investor Insight Partners Suffers Security Breach - Infosecurity Magazine

Insight Partners, VC Giant, Falls to Social Engineering

A deepfake epidemic is coming as survey shows that people are simply not good enough at identifying fakes | TechRadar

Artificial Intelligence

Zypher's speech model can clone your voice with 5s of audio • The Register

The AI Hype Frenzy Is Fueling Cyber Security Risks

IT spending will be driven by cyber security and AI

The Hidden Cyber Security Crisis: How GenAI is Fueling the Growth of Unchecked Non-Human Identities - Security Boulevard

Cyber security pros are preparing for a new adversary: AI agents | Fortune

Ransomware Attacks on Critical Infrastructure, AI Use to Grow in 2025 | MSSP Alert

Why Regulating AI Is So Hard — And Necessary - The Good Men Project

The overlooked cyber security threat of AI

UK’s AI Safety Institute Rebrands Amid Government Strategy Shift - Infosecurity Magazine

The risks of autonomous AI in machine-to-machine interactions - Help Net Security

Sounding the alarm on AI-powered cyber security threats in 2025 | TechRadar

AI vs. Endpoint Attacks: What Security Leaders Need To Know | VentureBeat

Phishing with AI is cyber security’s new hook

A deepfake epidemic is coming as survey shows that people are simply not good enough at identifying fakes | TechRadar

Russia’s AI-Powered Cyber Attacks Threaten to Outpace Western Defences

The cyber insurance reckoning: Why AI-powered attacks are breaking coverage (and what comes next) | VentureBeat

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

UK’s AI Security Institute to protect against AI risks to national security

DarkMind: A new backdoor attack that leverages the reasoning capabilities of LLMs

Controlling Shadow AI: Protecting Knowledge Management From Cyber Threats

How to run DeepSeek AI locally to protect your privacy - 2 easy ways | ZDNET

US AI Safety Institute will be 'gutted,' Axios reports | ZDNET

Europe Mounts the Artificial-Intelligence Barricades - Bloomberg

Yikes: Jailbroken Grok 3 can be made to say and reveal just about anything | ZDNET

2FA/MFA

Hackers are using this new phishing technique to bypass MFA | ITPro

Malware

Microsoft Outlook targeted by new malware attacks allowing sneaky hijacking | TechRadar

New FinalDraft Malware Spotted in Espionage Campaign - SecurityWeek

ESentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms

Malware-as-a-Service accounts for 57 percent of all threats

300% increase in endpoint malware detections - Help Net Security

Why ‘malware as a service’ is becoming a serious problem | ITPro

Over 330 Million Credentials Compromised by Infostealers - Infosecurity Magazine

Beware of Fake BSOD Delivered by Malicious Python Script

PirateFi game on Steam caught installing password-stealing malware

Microsoft Detects New XCSSET MacOS Malware Variant - Infosecurity Magazine

Telegram Used as C2 Channel for New Golang Malware - Infosecurity Magazine

Russian malware discovered with Telegram hacks for C2 operations | CSO Online

Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer - Infosecurity Magazine

Evolving Snake Keylogger Variant Targets Windows Users - Infosecurity Magazine

Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

Hackers used free Steam game to steal passwords, Valve warns affected users | TechSpot

US military and defence contractors hit with Infostealer malware | TechRadar

Updated Shadowpad Malware Leads to Ransomware Deployment | Trend Micro (US)

Darktrace Report Highlights The Growing Power Of MaaS, Sneaky Evasion Tactics

Google Calendar Malware Is on the Rise. Here’s How to Stay Safe | WIRED

Hide and Seek in Memory: Outsmarting Sneaky Malware with Data Magic | HackerNoon

Phishing attack hides JavaScript using invisible Unicode trick

Chinese hackers use custom malware to spy on US telecom networks

Mobile

Mobile Phishing Attacks Surge with 16% of Incidents in US - Infosecurity Magazine

The 6 most notorious and dangerous Android malware of all time

Chrome for Android adds new protection against malicious apps | Digital Trends

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Apple resists UK regulator demands to open up iOS browsers, citing security risks | TechSpot

Your Android phone could have stalkerware — here's how to remove it | TechCrunch

Denial of Service/DoS/DDoS

Qualys Identifies Critical Vulnerabilities That Enable DDoS, MITM Attacks 

Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites - Security Affairs

Pro-Russian hackers target Italy for the third consecutive day in retaliation for Mattarella’s remarks - Euractiv

Internet of Things – IoT

Massive Data Exposure At Mars Hydro Highlights IoT Security Risks

Connected vehicle hacking on the increase

Data Breaches/Leaks

Cyber security gaps exposed as 96% of S&P 500 firms hit by data breaches

N Ireland police charges suspected terrorists using FoI data • The Register

Insight Partners, VC Giant, Falls to Social Engineering

When Brand Loyalty Trumps Data Security

Massive data breach in France: Protect yourself from cyber attacks

Zacks Investment hit in data breach - 12 million users potentially at risk | TechRadar

Fintech giant Finastra notifies victims of October data breach

Massive Data Exposure At Mars Hydro Highlights IoT Security Risks

Zacks Investment Research Breach Hits 12 Million - Infosecurity Magazine

US Coast Guard paychecks delayed by cyber attack | TechRadar

Cyber attack compromises leading Australian IVF provider’s data | SC Media

Data breach risk confirmed - Bailiwick Express News Guernsey

Organised Crime & Criminal Actors

Malware-as-a-Service accounts for 57 percent of all threats

Why ‘malware as a service’ is becoming a serious problem | ITPro

127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police - SecurityWeek

Black Basta ransomware gang's internal chat logs leak online

Thousands of trafficked scammers await return to Thailand • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

Two arrested after pensioner scammed out of crypto nest egg • The Register

Insider Risk and Insider Threats

The Bourne Insecurity: When Defence Employees Unwittingly Help Attackers

Forrester Report: The Complexities Of Human-Element Breaches

Insurance

The cyber insurance reckoning: Why AI-powered attacks are breaking coverage (and what comes next) | VentureBeat

Supply Chain and Third Parties

Is a lack of supply chain visibility undermining board-level confidence in cyber security programs?

Supply chain cyber attacks surge over 400%, expected to continue rising – Cowbell report | Insurance Business America

Third party delegation risk - IT Security Guru

Cloud/SaaS

Hackers are using this new phishing technique to bypass MFA | ITPro

Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine

What is device code phishing, and why are Russian spies so successful at it? - Ars Technica

Suspected Russian spies caught spoofing Teams invites • The Register

Threat actors are using legitimate Microsoft feature to compromise M365 accounts - Help Net Security

ZEST Security's Cloud Risk Exposure Impact Report Reveals 62% of Incidents are Related to Risks Known to the Organisation

Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media

New "whoAMI" Attack Exploits AWS AMI Name Confusion for Remote Code Execution

How CISOs can balance security and business agility in the cloud - Help Net Security

Identity and Access Management

The Hidden Cyber Security Crisis: How GenAI is Fueling the Growth of Unchecked Non-Human Identities - Security Boulevard

Identity is the Breaking Point—Get It Right or Zero Trust Fails | VentureBeat

Encryption

What is an encryption backdoor? | TechCrunch

Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media

10 years on after Data and Goliath warned of data collection • The Register

Rethinking the Debate on Encryption Backdoors | SC Media UK

Quantum computing in cyber security: A double-edged sword | Computer Weekly

Passwords, Credential Stuffing & Brute Force Attacks

Over 330 Million Credentials Compromised by Infostealers - Infosecurity Magazine

PirateFi game on Steam caught installing password-stealing malware

The Bourne Insecurity: When Defence Employees Unwittingly Help Attackers

Hackers used free Steam game to steal passwords, Valve warns affected users | TechSpot

US military and defence contractors hit with Infostealer malware | TechRadar

Hundreds of US Military and Defence Credentials Stolen - Infosecurity Magazine

Credential Theft Becomes Cyber Criminals' Favorite Target

Social Media

Cyber criminals shift focus to social media as attacks reach historic highs - Help Net Security

Training, Education and Awareness

How Slashing the SAT Budget Is Appreciated By Hackers - Security Boulevard

Regulations, Fines and Legislation

Why Regulating AI Is So Hard — And Necessary - The Good Men Project

Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media

UK’s AI Safety Institute Rebrands Amid Government Strategy Shift - Infosecurity Magazine

Insider threat: cyber security experts on giving Elon Musk and DOGE the keys to US government IT systems

UK’s AI Security Institute to protect against AI risks to national security

SEC creates Cyber and Emerging Technologies Unit

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

Top US Election Security Watchdog Forced to Stop Election Security Work | WIRED

Elon Musk's DOGE launched its website. It was hacked within days | Fortune

Why dismantling the PCLOB and CSRB threatens privacy and national security

DoD's new CISO once had clearance revoked for data leak • The Register

DOGE Now Has Access to the Top US Cyber Security Agency | WIRED

DOGE access to Social Security, IRS data could create privacy and security risks, experts say | The Record from Recorded Future News

Consultation launched to protect critical national infrastructure from ransomware | New Civil Engineer

US AI Safety Institute will be 'gutted,' Axios reports | ZDNET

Europe Mounts the Artificial-Intelligence Barricades - Bloomberg

Models, Frameworks and Standards

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

PCI DSS 4.0 Mandates DMARC By 31st March 2025

Careers, Working in Cyber and Information Security

Cyber security jobs are on the rise as digital threats continue to evolve - The Globe and Mail

Cyber security Salaries Stay Competitive, Retention Challenges Persist - Security Boulevard

Cyber security is tough: 4 steps leaders can take now to reduce team burnout | CSO Online

Q&A: Tackling the cyber skills gap — Financier Worldwide

Cyber security professionals not happy in their jobs

West Coast Cyber Security Salaries Outshine Rest of Country - Infosecurity Magazine

Law Enforcement Action and Take Downs

127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police - SecurityWeek

US Army soldier pleads guilty to AT&T and Verizon hacks | TechCrunch

The Zservers takedown is another big win for law enforcement | ITPro

Two arrested after pensioner scammed out of crypto nest egg • The Register

Thousands of trafficked scammers await return to Thailand • The Register

Ending the Ransomware Scourge Requires Punishing Its Enablers

Is Russia Reining In Ransomware-Wielding Criminals?


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Banking sector wrestling with cyber concerns amid spectre of geopolitical impacts

ESentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms

Latest EY and IIF survey reveals cyber security as top risk for global CROs amid geopolitical tensions | EY - Global

Spies Eye AUKUS Nuclear Submarine Secrets - Infosecurity Magazine

Nation State Actors

China

Salt Typhoon telecom breach remarkable for its ‘indiscriminate’ targeting, FBI official says | CyberScoop

The growing cyber threat: Ransomware, China, and state-sponsored attacks - GZERO Media

China-Linked Threat Group Targets Japanese Orgs' Servers

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

Chinese hackers use custom malware to spy on US telecom networks

Salt Typhoon used custom malware JumbledPath to spy on US telecom providers

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

AI Could Help the US Evade a Crippling Cyber Attack on Its Satellites - Business Insider

How to run DeepSeek AI locally to protect your privacy - 2 easy ways | ZDNET

Russia

Hackers are using this new phishing technique to bypass MFA | ITPro

Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine

Suspected Russian spies caught spoofing Teams invites • The Register

Russian malware discovered with Telegram hacks for C2 operations | CSO Online

Russia’s AI-Powered Cyber Attacks Threaten to Outpace Western Defences

Russian Groups Target Signal Messenger in Spy Campaign

Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites - Security Affairs

Ending the Ransomware Scourge Requires Punishing Its Enablers

Russian phishing campaigns exploit Signal's device-linking feature

Is Russia Reining In Ransomware-Wielding Criminals?

North Korea

North Korea's Kimsuky Attacks Rivals' Trusted Platforms

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

N Ireland police charges suspected terrorists using FoI data • The Register




Vulnerability Management

Cyber security experts defend CVSS amid criticism | SC Media

Edge device vulnerabilities fuelled attack sprees in 2024 | CyberScoop

Microsoft reminds admins to prepare for WSUS driver sync deprecation

Vulnerabilities

Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure - SecurityWeek

SonicWall firewalls under attack. Patch now • The Register

Palo Alto Networks and SonicWall Firewalls Under Attack - Infosecurity Magazine

Microsoft is pushing a security update to Windows 11 that breaks File Explorer

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability

Ivanti endpoint manager can become endpoint ravager • The Register

Xerox Versalink Printer Vulnerabilities Enable Lateral Movement - SecurityWeek

Qualys Identifies Critical Vulnerabilities That Enable DDoS, MITM Attacks 

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products

OpenSSH bugs threaten enterprise security, uptime • The Register

Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities - SecurityWeek

Palo Alto warns firewalls flaws are under active attack • The Register

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

WordPress Plugin Vulnerability Exposes 90,000 Sites to Attack - Infosecurity Magazine

Firefox 135.0.1: important security update and bug fixes - gHacks Tech News

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target US Telecom Networks


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 14 February 2025

Black Arrow Cyber Threat Intelligence Briefing 14 February 2025:

-Russian State Threat Group Shifts Focus to US, UK Targets

-Majority of Businesses Expect a Cyber Breach in 2025

-The Hidden Cyber Threat Lurking in Your Supply Chain

-Cyber Resilience: A C-Suite Game Plan for Balancing Innovation, Compliance and Risk

-NIS2: the GDPR of Cyber Security

-Hackers Ramp Up Efficiency, Speed, and Scale in 2024, Targeting Business of All Sizes

-Number of Active Dark Web Ransomware Groups Up 38% in 2024

-Nation State Hackers Want in on the Ransomware Action – Ransomware Isn’t Always About the Money: Government Spies Have Objectives, Too

-Enterprises Under Growing Pressure to Demonstrate Readiness for Cyber Threats

-Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks

-The UK’s Secret iCloud Backdoor Request Raises Concerns from Critics

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

There has been a clear surge in cyber threats targeting UK and US organisations in recent weeks, particularly from state-backed and criminal ransomware groups. Russian state-affiliated actors are exploiting vulnerabilities in critical infrastructure sectors, while nation-state groups from China, Iran, and North Korea increasingly use ransomware for espionage and financial gain. The number of active ransomware groups rose by 38% in 2024, with attacks becoming more efficient through automation. The evolving threat landscape demands proactive cyber defence, including robust endpoint protection, threat intelligence, and rapid incident response.

Despite growing awareness, organisations remain vulnerable due to inadequate investment and outdated security strategies. Research shows that 60% of businesses expect a cyber breach in 2025, yet nearly half have not reviewed their security posture recently. Supply chain risks are particularly pressing, with financial services firms facing repeated third-party breaches. The EU’s NIS2 directive is set to impose stricter cyber security standards, with UK firms working with EU partners already required to comply. Leadership alignment is crucial, as gaps between CIOs, CTOs, and CISOs continue to hinder cyber resilience.

Regulatory pressure is mounting, with the UK government reportedly seeking backdoor access to encrypted data. Meanwhile, cyber criminals are exploiting seasonal events, such as Valentine’s Day, to launch sophisticated scams. As cyber threats intensify, Black Arrow Cyber advises organisations to adopt a ‘Resilient by Design’ approach, prioritising zero trust security models, continuous monitoring, and executive-level collaboration to mitigate risks and safeguard long-term business continuity.


Top Cyber Stories of the Last Week

Russian State Threat Group Shifts Focus to US, UK Targets

Microsoft has identified a shift in focus by a Russian state-backed cyber threat group, Seashell Blizzard, towards targets in the US and UK. The group, linked to the Russian military intelligence, has exploited vulnerabilities in widely used internet-facing systems to gain persistent access, steal credentials, and move laterally within networks. Their indiscriminate approach has impacted critical infrastructure sectors, including energy and defence. The campaign aligns with Russia’s broader strategy of destabilising Western institutions, with Microsoft warning that such activity is likely to continue, presenting a significant cyber security challenge for organisations globally.

Majority of Businesses Expect a Cyber Breach in 2025

Zscaler’s latest research highlights a stark reality: 60% of global organisations expect a significant cyber breach in 2025. Despite 94% of IT leaders expressing confidence in their resilience measures, nearly half have not reviewed their strategies recently. The report underscores the need for a shift towards ‘Resilient by Design’, embedding cyber resilience into security strategies from the outset. However, 49% of leaders say investment is inadequate. Zscaler advocates for a zero-trust approach to mitigate threats and ensure business continuity in an evolving cyber landscape.

The Hidden Cyber Threat Lurking in Your Supply Chain

More than half of large UK financial services firms suffered a third-party supply chain attack in 2024, with nearly a quarter facing three or more incidents, according to research by Orange Cyberdefense. The study found that firms relying on one-time onboarding risk assessments were twice as likely to be attacked as those with continuous monitoring. With 92% of UK cyber security leaders calling for stronger regulations, many argue that aligning with EU standards could enhance resilience. While sentiment on UK regulation remains mixed, firms failing to rigorously assess third-party risks face the greatest exposure to cyber threats.

Cyber Resilience: A C-Suite Game Plan for Balancing Innovation, Compliance and Risk

LevelBlue’s latest report highlights the disconnect between CIOs, CTOs, and CISOs, which is undermining cyber resilience. While 66% of CISOs believe budgets lack proactive security funding, only around half of CIOs and CTOs agree. Compliance is another divide, with 73% of CTOs seeing it as a barrier to competitiveness, while most CISOs and CIOs view it as essential for risk management. Encouragingly, cloud adoption is a shared priority. However, with 63% of executives stating leadership does not prioritise cyber resilience, organisations must foster collaboration at the top to treat it as a strategic business imperative, not just a technical concern.

NIS2: the GDPR of Cyber Security

The EU’s NIS2 directive introduces stringent cyber security standards, yet only 30% of member states have fully implemented it. This legislation mandates 24-hour reporting of major cyber incidents and stricter accountability for supply chain security. UK businesses working with EU partners are already being asked to comply, as contracts are being updated to reflect these requirements. With open-source software making up 90% of modern applications and cyber threats rising, aligning with NIS2 principles is not just about compliance but about safeguarding long-term resilience. Early adoption helps businesses avoid operational strain and remain competitive in an evolving regulatory landscape.

Hackers Ramp Up Efficiency, Speed, and Scale in 2024, Targeting Business of All Sizes

Hackers are accelerating their tactics, deploying ransomware faster and at greater scale across businesses of all sizes. The Huntress 2025 Cyber Threat Report found that ransomware incidents from key groups increased by up to 15% in 2024, with some attacks executed in under six hours. Automation played a major role, with 87% of attacks relying on automated tools before shifting to hands-on activity. Education, healthcare, and technology were prime targets, while infostealers enabled initial access. As cyber criminals refine their techniques, organisations must adopt proactive security measures, including strong incident response plans and robust endpoint protection.

Number of Active Dark Web Ransomware Groups Up 38% in 2024

A new report highlights a 38% rise in active ransomware groups in 2024, with 94 groups listing victims and 49 new groups emerging. The total number of victims posted on ransomware leak sites also increased by 11% to 5,728. The ransomware landscape is shifting, with newer groups like RansomHub, now the most prolific, overtaking previously dominant players. This evolving threat environment presents challenges for security teams, making it essential for organisations to apply threat intelligence to anticipate attack techniques and focus defences on the most likely adversaries based on their industry and risk profile.

Nation State Hackers Want in on the Ransomware Action – Ransomware Isn’t Always About the Money: Government Spies Have Objectives, Too

Nation-state actors are increasingly adopting ransomware, not just for financial gain but also for espionage and geopolitical disruption. Threat groups linked to Russia, China, Iran, and North Korea are blurring the lines between cyber crime and state-sponsored hacking. Russian-linked Sandworm has disguised destructive attacks as ransomware, while North Korea uses ransomware profits to fund weapons programmes. Chinese and Iranian groups have leveraged ransomware as a distraction to mask intelligence gathering. With over $3 billion stolen in cryptocurrency-related cyber attacks, these operations highlight the evolving threats beyond traditional financially motivated cyber crime.

Enterprises Under Growing Pressure to Demonstrate Readiness for Cyber Threats

A new study by Immersive Labs highlights that 96% of cyber leaders see effective communication of cyber readiness to boards as crucial for 2025, driven by regulatory pressures and rising cyber threats. Nearly half of organisations surveyed experienced a cyber attack in the past year, with software and cloud vulnerabilities (51%) and ransomware (46%) cited as the biggest risks. To improve resilience, 94% are deploying cyber drills, yet 76% face readiness barriers, mainly due to competing business priorities. Encouragingly, 55% report strong cyber awareness at board level, reflecting a growing recognition of cyber risk at the highest levels.

Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks

Cyber criminals are exploiting Valentine’s Day with romance scams, phishing attacks and fraudulent e-commerce offers. A report found that 58,734 people in the US fell victim to romance scams in 2024, resulting in losses of $697 million. AI-driven scams are becoming more sophisticated, with chatbots and deepfake videos increasing fraud success rates. Valentine-themed phishing emails have doubled since last year, with half now classified as scams. Businesses are urged to monitor brand impersonation and educate customers. McAfee blocked over 321,000 fraudulent URLs, highlighting the growing cyber threat as criminals exploit emotions for financial gain.

The UK’s Secret iCloud Backdoor Request Raises Concerns from Critics

The UK government has reportedly issued a secret order requiring Apple to create a backdoor into its iCloud encryption, raising concerns from some quarters about privacy and security. The request, made under the Investigatory Powers Act 2016, would give authorities unrestricted access to users’ private data, bypassing Apple’s end-to-end encryption safeguards. Apple has historically resisted similar demands and has suggested it may withdraw services from the UK rather than compromise security. Critics warn that such backdoors weaken encryption for all users, set a dangerous global precedent, and risk enabling mass surveillance under the guise of national security.

Sources:

https://cyberscoop.com/russian-state-threat-group-shifts-focus/

https://www.silicon.co.uk/security/cyberwar/majority-of-businesses-expect-a-cyber-breach-in-2025-599573

https://www.accountancyage.com/2025/02/10/the-hidden-cyber-threat-lurking-in-your-supply-chain/

https://www.scworld.com/resource/cyber-resilience-a-c-suite-game-plan-for-balancing-innovation-compliance-and-risk

https://www.techradar.com/pro/nis2-the-gdpr-of-cybersecurity

https://www.globenewswire.com/news-release/2025/02/11/3024266/0/en/Hackers-Ramp-Up-Efficiency-Speed-and-Scale-in-2024-Targeting-Business-of-All-Sizes.html

https://betanews.com/2025/02/11/number-of-active-dark-web-ransomware-groups-up-38-percent-in-2024/

https://www.theregister.com/2025/02/12/ransomware_nation_state_groups/

https://betanews.com/2025/02/12/enterprises-under-growing-pressure-to-demonstrate-readiness-for-cyber-threats/

https://securityboulevard.com/2025/02/cybercriminals-exploit-valentines-day-with-romance-scams-phishing-attacks/

https://www.helpnetsecurity.com/2025/02/13/uk-government-icloud-backdoor-request/



Threats

Ransomware, Extortion and Destructive Attacks

2024 Breaks Records With Highest Ever Ransomware Attacks

Number of active dark web ransomware groups up 38 percent in 2024

Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks - Infosecurity Magazine

Ransomware attacks spiked in 2024—but they're nothing compared to what's coming this year, tech expert warns. 'I’m very afraid of the things we’re going to see in 2025' | Fortune

Hackers Ramp Up Efficiency, Speed, and Scale in 2024,

Cyber crime is helping fund rogue nations across the world - and it's only going to get worse, Google warns | TechRadar

Nation-state hackers want in on the ransomware action • The Register

Chinese Cyber Spy Possibly Launching Ransomware Attacks as Side Job - SecurityWeek

Triplestrength hits with ransomware, cloud crypto mining • The Register

Google says policymakers must stem upward cyber crime trend • The Register

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Warning: Cyber Crime Services Underpin National Security Risk

‘We Don’t Negotiate with Terrorists’: Ransomware Strategy in Modern Cyber Security | MSSP Alert

Cyber attacks targeting medical organisations up 32% in 2024 | SC Media

US indicts 8Base ransomware operators for Phobos encryption attacks

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Thai authorities detain four Europeans in ransomware crackdown | CyberScoop

Ransomware Victims

Label maker Avery says ransomware investigation also found credit-card scraper | The Record from Recorded Future News

Was Cisco Just Hit By Ransomware? What Happened And What To Do

Cisco Hacked – Ransomware Group Allegedly Breached & Gained AD Access

Cisco Says Ransomware Group's Leak Related to Old Hack - SecurityWeek

Cisco dispels Kraken data breach claims, insists stolen data came from old attack | ITPro

120K Compromised in Memorial Hospital Ransomware Attack

'Cyber event' delaying US newspaper prints enters 2nd week • The Register

Phishing & Email Based Attacks

SVG files are offering cyber criminals an easy way in with new phishing attacks | TechRadar

Cyber Criminals Weaponize Graphics Files in Phishing Attacks - Infosecurity Magazine

AI-Powered Social Engineering: Reinvented Threats

Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks - Security Boulevard

Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques - Infosecurity Magazine

Google's DMARC Push Pays Off, but Challenges Remain

A new Facebook phishing campaign looks to trick you with emails sent from Salesforce | TechRadar

Cloudflare outage caused by botched blocking of phishing URL

Phishing Season 2025: The Latest Predictions Unveiled - Security Boulevard

Study: Workplace Phishing Tests Only Have a 2% Success Rate

Other Social Engineering

DPRK hackers dupe targets into typing PowerShell commands as admin

Windows, Mac And Linux Users Given New LinkedIn Security Warning

I'm a security expert and I almost fell for this IT job scam • The Register

Artificial Intelligence

Malicious AI Models on Hugging Face Exploit Novel Attack Technique - Infosecurity Magazine

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

AI-Powered Social Engineering: Reinvented Threats

Bad Actors Target DeepSeek In LLMJacking Attacks

DeepSeek-R1: A Smorgasbord Of Security Risks

CISOs Brace for LLM-Powered Attacks: Key Strategies to Stay Ahead   - Security Boulevard

How to Steer AI Adoption: A CISO Guide

AI-Driven Cyber Threats Require New Defence Strategies | MSSP Alert

Biz Beware: DeepSeek AI Fails Multiple Security Tests

AI chatbots distort the news, BBC finds - see what they get wrong | ZDNET

A review of the UK Government AI security guidance

How fake security reports are swamping open-source projects, thanks to AI | ZDNET

Rapid growth of AI poses ‘profound’ threat to privacy – The Irish Times

In Paris, US signals shift from AI safety to deregulation | CyberScoop

ChatGPT maker OpenAI taking claims of data breach ‘seriously’ | The Independent

20 million OpenAI users hacked? Here's how to stay safe | PCWorld

2FA/MFA

Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques - Infosecurity Magazine

Inside The Söze Syndicate: MFA Flaws, And The Battle For SMB Security

4 Ways to Keep MFA From Becoming too Much of a Good Thing

Malware

North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe | TechRadar

DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects

Millions of Mac owners urged to be on alert for info-stealing malware | Tom's Guide

Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Microsoft IIS servers targeted for malware deployment | SC Media

Hackers are targeting your password manager app | Mashable

Microsoft warns hackers have a new and devious way of distributing malware | TechRadar

Linux running in a PDF? This hack is as bizarre as it is brilliant | ZDNET

Bots/Botnets

Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog

Denial of Service/DoS/DDoS

DDoS Attack Volume and Magnitude Continues to Soar - Infosecurity Magazine

Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks

Internet of Things – IoT

Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records - Infosecurity Magazine

Data Breaches/Leaks

Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire

Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records - Infosecurity Magazine

Silent breaches are happening right now, most companies have no clue - Help Net Security

Over 3 million Fortune 500 employee accounts compromised since 2022 - Help Net Security

14 State AGs to Sue DOGE Over Payment System Access | MSSP Alert

Judge: DOGE made US Treasury ‘more vulnerable to hacking’ • The Register

Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire

20 million OpenAI users hacked? Here's how to stay safe | PCWorld

HPE notifies employees of data breach after Russian Office 365 hack

Over 882K Impacted By Hospital Sisters Health System Breach | MSSP Alert

Georgia Hospital Alerts 120,000 Individuals of Data Breach - Infosecurity Magazine

OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials - SecurityWeek

Lexipol Data Leak: Hackers Drop Police Training Manuals

Cisco dispels Kraken data breach claims, insists stolen data came from old attack | ITPro

Additional Details on PowerSchool Breach Impact Emerge | MSSP Alert

120K Compromised in Memorial Hospital Ransomware Attack

Organised Crime & Criminal Actors

Cyber crime is helping fund rogue nations across the world - and it's only going to get worse, Google warns | TechRadar

Nation-state hackers want in on the ransomware action • The Register

Google says policymakers must stem upward cyber crime trend • The Register

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Warning: Cyber Crime Services Underpin National Security Risk

Russian cyber criminal Alexander Vinnik is being released from US custody in exchange for Marc Fogel

Russia taps cyber criminals to keep military pressure on Ukraine – POLITICO

Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog

Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Triplestrength hits with ransomware, cloud crypto mining • The Register

US: Man Gets 20 Years for $37m Crypto Heist - Infosecurity Magazine

Insider Risk and Insider Threats

Human Risk Management Will Be the Hot Topic of 2025 | Mimecast

Behavioural Analytics in Cyber Security: Who Benefits Most?

Insurance

Tips for Maximizing Your Cyber Insurance Program | Goodwin - JDSupra

Supply Chain and Third Parties

Nearly half of organisations suffer third-party security incidents

58% of UK financial firms targeted in supply chain cyber attacks, survey reveals

Third-Party Risk Management Failures Expose UK Finance Sector - Infosecurity Magazine

The hidden cyber threat lurking in your supply chain - Accountancy Age

Inconsistent security strategies fuel third-party threats - Help Net Security

Should the UK Take Note of EU Digital Resilience Rules as Supply Chain Attacks Continue asks Orange | The Fintech Times

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

It's time to secure the extended digital supply chain - Help Net Security

Why CFOs and CISOs Should Care About B2B Cyber Audits

IT reliance leaves insurers open to attack

Cloud/SaaS

Triplestrength hits with ransomware, cloud crypto mining • The Register

Cyber criminals Are Moving into the Cloud and Making Your Active Directory Their New Home | Ankura - JDSupra

Labour's Demand to Spy on Apple Users Undermines the Security and Privacy of Us All – The Daily Sceptic

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance - Help Net Security

Outages

PlayStation Network Outage: A Wake-Up Call For Cyber Security?

Cloudflare outage caused by botched blocking of phishing URL

Encryption

UK's secret Apple iCloud backdoor order is a global emergency, say critics | TechCrunch

Apple’s ‘Dangerous’ iPhone Update Is Much Worse Than You Think

Experts Dismayed at UK’s Apple Encryption Demands - Infosecurity Magazine

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance - Help Net Security

The UK’s war on encryption affects all of us | The Verge

Europol Warns Financial Sector of “Imminent” Quantum Threat - Infosecurity Magazine

Passwords, Credential Stuffing & Brute Force Attacks

Over 3 million Fortune 500 employee accounts compromised since 2022 - Help Net Security

Security attacks on password managers have soared | TechRadar

Massive brute force attack uses 2.8 million IPs to target VPN devices

Huge cyber attack under way - 2.8 million IPs being used to target VPN devices | TechRadar

Social Media

North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe | TechRadar

Windows, Mac And Linux Users Given New LinkedIn Security Warning

What to do if your social media accounts are hacked | The Independent

Google fixes flaw that could unmask YouTube users' email addresses

A new Facebook phishing campaign looks to trick you with emails sent from Salesforce | TechRadar

Malvertising

Magecart Attackers Abuse Google Ad Tool to Steal Data

Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores

Chinese-Speaking Group Manipulates SEO with BadIIS | Trend Micro (US)

Regulations, Fines and Legislation

The UK’s war on encryption affects all of us | The Verge

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

Apple ordered to open encrypted user accounts globally to UK spying | The Verge

NIS2: the GDPR of cyber security | TechRadar

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance - Help Net Security

Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 - Infosecurity Magazine

Treasury Curtails Musk-led DOGE’s Government Access | MSSP Alert

Musk’s DOGE teen was fired by cyber security firm for leaking company secrets

Judge: DOGE made US Treasury ‘more vulnerable to hacking’ • The Register

Should the UK Take Note of EU Digital Resilience Rules as Supply Chain Attacks Continue asks Orange | The Fintech Times

Elon Musk's DOGE Is a Cyber Security Nightmare

The Government’s Computing Experts Say They Are Terrified - The Atlantic

A review of the UK Government AI security guidance

Cyber security group sues DOGE over data access | Mashable

Trump White House Dismantles Key Data Security Safeguards

In Paris, US signals shift from AI safety to deregulation | CyberScoop

Coast Guard falls short on maritime cyber security, GAO says • The Register

Trump Order Grants DOGE Hiring Powers, Raising Cyber Fears

Models, Frameworks and Standards

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

NIS2: the GDPR of cyber security | TechRadar

Should the UK Take Note of EU Digital Resilience Rules as Supply Chain Attacks Continue asks Orange | The Fintech Times

Data Protection

Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 - Infosecurity Magazine

Careers, Working in Cyber and Information Security

Data reveals sharpest tech skills shortages in software engineering, data science and cyber security | theHRD

Tackling the UK's cyber security skills shortage | TechRadar

Cyber Security Challenge Announces Plans for Closure | SC Media UK

UK Military Fast-Tracks Cyber Security Recruitment - Infosecurity Magazine

Law Enforcement Action and Take Downs

US: Man Gets 20 Years for $37m Crypto Heist - Infosecurity Magazine

US indicts 8Base ransomware operators for Phobos encryption attacks

District of Maryland | Phobos Ransomware Affiliates Arrested in Coordinated International Disruption | United States Department of Justice

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster

US woman faces years in federal prison for running laptop farm for N Korean IT workers

Alabama Man Pleads Guilty to Hacking SEC's X Account - SecurityWeek

Misinformation, Disinformation and Propaganda

AI chatbots distort the news, BBC finds - see what they get wrong | ZDNET


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets

Nation State Actors

Nation-state hackers want in on the ransomware action • The Register

Cyber crime is helping fund rogue nations across the world - and it's only going to get worse, Google warns | TechRadar

Google says policymakers must stem upward cyber crime trend • The Register

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Warning: Cyber Crime Services Underpin National Security Risk

China

Chinese Cyber Spy Possibly Launching Ransomware Attacks as Side Job - SecurityWeek

Chinese espionage tools deployed in RA World ransomware attack

Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers | TechRadar

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

New Chinese Hacking Campaign Targets Manufacturing Firms to Steal IP - Infosecurity Magazine

China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers | WIRED

DeepSeek-R1: A Smorgasbord Of Security Risks

We’re In for a Rude Awakening on Cyber Security

Security Researchers Warn of New Risks in DeepSeek AI App

Chinese-Speaking Group Manipulates SEO with BadIIS | Trend Micro (US)

Russia

Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft - SecurityWeek

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks | WIRED

Russian state threat group shifts focus to US, UK targets | CyberScoop

Russia's intelligence recruits Ukrainians for terror attacks via messaging apps

Salt Typhoon's Impact on the US and Beyond

Russia taps cyber criminals to keep military pressure on Ukraine – POLITICO

23 Companies, 120 Servers Down: Ukraine’s Cyber Strike Shakes Russia’s Energy Sector | Defense Express

Russian military hackers deploy malicious Windows activators in Ukraine

US, UK and Australia Hit Bulletproof Hoster Zservers with Sanctions - Infosecurity Magazine

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog

HPE notifies employees of data breach after Russian Office 365 hack

Russian cyber criminal Alexander Vinnik is being released from US custody in exchange for Marc Fogel

Russia Says Baltic Sea Cable Damaged by ‘External Impact' - The Moscow Times

TeamViewer's CISO on Thriving After Russian Cyber-Attack - Infosecurity Magazine

North Korea

DPRK hackers dupe targets into typing PowerShell commands as admin

North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe | TechRadar

Researchers Unveiled Tactics, Techniques, and Procedures Used by North Korean Hackers

I'm a security expert and I almost fell for this IT job scam • The Register

US woman faces years in federal prison for running laptop farm for N Korean IT workers




Vulnerability Management

XE Group shifts from credit card skimming to exploiting zero-days

How fake security reports are swamping open-source projects, thanks to AI | ZDNET

Vulnerabilities

Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks - SecurityWeek

SonicWall firewall exploit lets hackers hijack VPN sessions, patch now

Fortinet 0-Day in FortiOS & FortiProxy Let Attackers Hijack Firewall to Gain Super Admin Access

SAP Releases 21 Security Patches - SecurityWeek

PAN-OS 0-day Vulnerability Let Attackers Bypass Web Interface Authentication

High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks - SecurityWeek

Apple’s security patch highlights the growing security threat – Computerworld

Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now

Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities - SecurityWeek

Additional Details on PowerSchool Breach Impact Emerge | MSSP Alert

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Apple fixes iPhone and iPad bug actively exploited in ‘extremely sophisticated attacks’

Progress Software fixed multiple high-severity LoadMaster flaws

Intel Patched 374 Vulnerabilities in 2024 - SecurityWeek

Security Researchers Warn of New Risks in DeepSeek AI App

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Surge in attacks exploiting old ThinkPHP and ownCloud flaws


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 12 February 2025 – Comprehensive Security Updates from Microsoft, Adobe, Apple, and More

Black Arrow Cyber Advisory 12 February 2025 – Microsoft, Adobe, Fortinet, Apple, Ivanti, OpenSSL, SAP, Zyxel, Intel, AMD & Nvidia Security Updates

Executive Summary

Microsoft’s Patch Tuesday for February 2025 included 63 security updates for its product line, including 2 actively exploited zero-day vulnerabilities. Several other major software and hardware vendors released critical security updates this month to address vulnerabilities that could be exploited by attackers.

Ivanti patched several critical flaws within its Connect Secure and Policy Secure products. Apple issued patches for its iOS and iPadOS devices to address a USB vulnerability that could allow for data exfiltration. Adobe provided updates addressing 45 vulnerabilities for several products, including InDesign, Commerce, Magento, Substance, Photoshop Elements, and Illustrator.

Fortinet published nine security advisories with updates addressing high, medium, and low severity security issues. They also updated a previous advisory from January with additional information and reference to CVE-2025-24472, which Arctic Wolf had previously highlighted in their breakdown of the attack pattern against Fortinet Fortigate Firewalls since November 2024.

OpenSSL released patches to address a vulnerability related to raw public keys, introduced with OpenSSL 3.2. Patches were released within versions 3.4.1, 3.3.2, and 3.2.4 to address the issue. As OpenSSL is utilised by many vendors, it may take some time for the updates to propagate to affected products.

SAP released 19 new security notes, including high, medium, and low vulnerabilities addressed by security patches. Zyxel recently released a security advisory on three reported vulnerabilities, informing customers to replace affected devices as they have reached end of life and are no longer supported.

Additionally, Intel, AMD, and Nvidia published new security advisories addressing high-severity vulnerabilities in their products. Intel released 34 security advisories across their product line, including a critical issue in their Server Board BMC Firmware. AMD released 11 security bulletins which included firmware patches for several high-severity vulnerabilities affecting their embedded processors. Nvidia issued four advisories for vulnerabilities within their Container, Triton, Jetson, and JPEG2000 products.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb

Ivanti, Apple, Adobe, Fortinet, OpenSSL, SAP, Zyxel, Intel, AMD & Nvidia

Further details of the vulnerabilities in affected Ivanti, Apple, Adobe, Fortinet, OpenSSL, SAP, Zyxel, Intel, AMD and Nvidia products can be found here:

https://www.ivanti.com/blog/february-security-update

https://support.apple.com/en-us/100100

https://helpx.adobe.com/security/security-bulletin.html

https://fortiguard.fortinet.com/psirt

https://openssl-library.org/news/secadv/20250211.txt

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.html

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025

https://www.intel.com/content/www/us/en/security-center/default.html

https://www.amd.com/en/resources/product-security.html

https://www.nvidia.com/en-us/security/

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 7 February 2025

Black Arrow Cyber Threat Intelligence Briefing 07 February 2025:

-Destructive Attacks on Financial Institutions Surge

-AI, Cyber Crime Perceived as Top Insurance Risks

-Ransomware Victims Increased by 26% in 2024

-Over 60 Percent of Enterprise Cyber Security Incidents Relate to Known Risks

-CISOs Drive the Intersection between Cyber Maturity and Business Continuity

-Cyber Criminals Entice Traitorous Insiders via Ransom Notes

-Phishing Up Almost 50% Since 2021 with AI Attacks on the Rise

-The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses

-Board Directors Are Taking the Lead on Cyber Security Oversight

-Credential-Stealing Malware Surges in 2024

-How Agentic AI will be Weaponised for Social Engineering Attacks

-LinkedIn Has Become a Prime Hunting Ground for Cyber Criminals

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Black Arrow Cyber's review of threat intelligence identified further evidence of an alarming increase in cyber threats targeting financial institutions, insurers, and enterprises, and the consequences that can include financial ruin.

Destructive cyber attacks have risen by over 12%, often erasing evidence rather than merely disrupting operations. Ransomware attacks surged by 26% in 2024, while phishing attacks have grown by nearly 50% since 2021, with AI-driven threats becoming more sophisticated. Insider threats are also on the rise, with ransomware gangs recruiting employees to facilitate breaches. Business leaders need to be aware that over 60% of enterprise cyber incidents stem from previously identified but unresolved risks, highlighting the need for proactive risk management. These trends underscore the evolving threat landscape and the critical need for a cohesive security strategy that includes continuous monitoring, the timely remediation of vulnerabilities, and employee awareness programmes.

The financial sector faces dual challenges from AI and cyber crime, with insurers ranking cyber attacks as an immediate risk. The weaponisation of AI in cyber attacks is accelerating, enabling adaptive, multi-stage social engineering campaigns. Meanwhile, credential-stealing malware now accounts for 25% of all malware activity, making identity protection a top priority. Cyber security governance is evolving to address this, with CISOs increasingly influencing business strategy and board directors taking a more proactive role in oversight.

As cyber risks intensify, Black Arrow Cyber advises businesses to prioritise cyber resilience, integrate security into corporate strategy, and enhance threat detection to safeguard operations, reputation, and financial stability.


Top Cyber Stories of the Last Week

Destructive Attacks on Financial Institutions Surge

Over half (54%) of financial institutions faced destructive cyber attacks last year, marking a 12.5% rise from 2023, according to Contrast Security. These attacks often serve to erase evidence rather than purely disrupt services. Two-thirds (64%) of firms reported cyber incidents, with cloud environments and APIs identified as key attack vectors. Despite strong detection rates (94%), attackers still bypassed defences, with 46 major breaches per month evading web application firewalls. Customer account takeovers rose by 48%, while 43% suffered ‘island hopping’ attacks where attackers exploit trusted relationships between organisations. The report highlights the need for continuous monitoring and application defence to counter evolving threats.

AI, Cyber Crime Perceived as Top Insurance Risks

The latest report from law firm Kennedys identifies artificial intelligence (AI) adoption and cyber crime as major risks for insurers. While AI is seen as the highest long-term risk, cited by over 85% of respondents, its full impact is expected to emerge over the next three to five years. Meanwhile, cyber attacks present a more immediate threat, with 27% of European, Middle Eastern, and African partners ranking it as their top concern for 2025. AI is also being exploited in cyber crime, increasing insurers’ exposure to data breaches. The report warns that inadequate cyber security could lead to severe financial, legal, and reputational consequences.

Ransomware Victims Increased by 26% in 2024

Ransomware attacks surged by 26% in 2024, with nearly 5,300 reported victims, according to a new analysis. The number of active ransomware gangs also grew, with LockBit remaining the most prolific despite a 50% drop in its victims. RansomHub rapidly scaled operations to take second place, while the Play gang continued to focus on manufacturing, real estate, and technology. Seasonal trends showed peak activity in spring and autumn, with summer seeing a decline. The US remained the most targeted country, with over 1,700 victims, more than ten times the number seen in Canada or the UK.

Over 60% of Enterprise Cyber Security Incidents Relate to Known Risks

A new report from ZEST Security reveals that 62% of enterprise cyber security incidents stem from previously identified risks that remain unresolved. Security teams struggle with long remediation times, taking 10 times longer to fix vulnerabilities than attackers take to exploit them. The financial burden is significant, exceeding $2 million annually. Backlogs are a key issue, with 87% of organisations managing over 100 critical security tickets. While automation and effort-based prioritisation are gaining traction, stricter SLAs and regulatory pressure are expected to drive faster remediation to mitigate the growing risk of cloud security incidents.

CISOs Drive the Intersection between Cyber Maturity and Business Continuity

The role of the CISO is evolving beyond IT, with one in five now reporting directly to the CEO, according to Deloitte’s latest cyber survey. High-cyber-maturity organisations are embedding cyber security into business strategy, enhancing resilience and enabling business continuity. Budget allocations are shifting, with cyber spending increasingly integrated into digital transformation and IT investments, reflecting its cross-functional impact. As regulatory pressures grow, particularly with new SEC disclosure requirements in the US, CISOs are playing a key role in risk management and compliance. Organisations with mature cyber strategies recover faster from incidents, protecting revenue, reputation and operations in an increasingly interconnected digital landscape.

Cyber Criminals Entice Traitorous Insiders via Ransom Notes

Ransomware gangs are now targeting employees with financial incentives to betray their and other organisations, embedding recruitment messages within ransom notes. Threat groups, including Sarcoma and DoNex, have begun soliciting insider access, offering substantial rewards for login credentials, network access, and sensitive data of any organisation. Security researchers note this tactic is a recent development, with threat actors exploiting disgruntled staff to bypass defences. While such offers may seem lucrative, experts warn that cyber criminals operate with no accountability, making payment unlikely. The shift highlights the evolving sophistication of ransomware operations, reinforcing the need for robust insider threat detection and employee awareness programmes.

Phishing Up Almost 50% Since 2021 with AI Attacks on the Rise

Phishing attacks have surged by 49% since 2021, with AI-driven threats emerging as a growing concern, according to Hoxhunt’s latest report. AI-generated phishing emails, while currently under 5% of reported cases, have risen sharply in just six months. On average, organisations with 1,000 employees face 2,330 phishing attempts that bypass filters each year, leading to 466 malicious clicks. Attackers frequently impersonate Microsoft, Docusign, and HR departments to exploit urgency and curiosity. Encouragingly, phishing awareness training can reduce incidents by 86% in six months, significantly enhancing organisational resilience against social engineering threats.

The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses

A recent case involving Stoli Group highlights how cyber incidents can push financially vulnerable businesses into bankruptcy. Following a severe ransomware attack that disrupted financial reporting, Stoli was unable to provide lenders with key data, contributing to an $84 million debt burden and its eventual collapse. This case underscores the growing risk, which is especially high for small and medium-sized businesses (SMBs) that often lack the resources to recover from cyber attacks. With nearly 60% of SMBs failing within six months of an attack, organisations must prioritise cyber security resilience to prevent financial and operational ruin.

Board Directors Are Taking the Lead on Cyber Security Oversight

Board directors are increasingly taking a proactive role in cyber security oversight, shifting responsibility from IT teams to a company-wide approach. BDO’s 2024 board survey found that 37% of directors are broadening accountability, while many are investing in incident response strategies and regulatory compliance. The US SEC’s enhanced disclosure rules are driving the need for clear cyber incident reporting. Boards are also prioritising expertise, with 27% seeking cyber security knowledge in 2025. Directors are dedicating 42 hours annually to education, while external assessments, benchmarking, and evolving response plans are strengthening resilience against emerging threats.

Credential-Stealing Malware Surges in 2024

Credential-stealing malware now represents 25% of all malware activity, marking a threefold surge in this type of threat. Picus Security’s annual cyber security report found that credential theft has, for the first time, entered the top 10 techniques in the MITRE ATT&CK framework. Analysis of over one million malware samples revealed that just 10 attack techniques accounted for 93% of all malicious actions. Attackers are increasingly using stealthy multi-stage operations to extract credentials and leveraging encrypted channels to evade detection. Security teams can mitigate risk by focusing on the most prevalent attack techniques and enforcing strong authentication practices.

How Agentic AI will be Weaponised for Social Engineering Attacks

AI-driven social engineering attacks are evolving rapidly, with cyber criminals leveraging agentic AI to create highly personalised, adaptive, and multi-stage phishing campaigns. These AI agents can autonomously gather data, refine attack strategies, and deploy deepfake audio and video to deceive employees. Unlike traditional phishing, these threats are dynamic, adjusting to real-time responses. As AI becomes more autonomous, organisations must enhance defences by deploying AI-powered security tools, investing in adaptive awareness training, and fostering a cyber-aware culture. With AI-driven attacks set to rise, proactive measures are essential to mitigate risks and safeguard against increasingly sophisticated social engineering threats.

LinkedIn Has Become a Prime Hunting Ground for Cyber Criminals

LinkedIn has become a key target for cyber criminals using fake job offers to conduct social engineering attacks. A recent Bitdefender report highlights tactics used by the Lazarus Group, a North Korean state-sponsored threat actor, to deploy malware via fraudulent recruitment messages. Attackers trick victims into running malicious code disguised as job evaluation documents, ultimately stealing cryptocurrency wallet data and establishing persistence on systems. The group has also targeted sensitive industries such as aviation and defence. Experts warn professionals to remain vigilant, verify job offers, and avoid running unverified code outside secure environments like virtual machines.

Sources:

https://www.infosecurity-magazine.com/news/destructive-attacks-banks-surge-13/

https://www.insurancejournal.com/news/national/2025/02/04/810573.htm

https://betanews.com/2025/01/31/ransomware-victims-increased-by-26-percent-in-2024/

https://betanews.com/2025/02/04/over-60-percent-of-enterprise-cybersecurity-incidents-relate-to-known-risks/

https://securityintelligence.com/articles/cisos-drive-intersection-between-cyber-maturity-and-business-continuity/

https://www.darkreading.com/threat-intelligence/cybercriminals-traitorous-insiders-ransom-notes

https://betanews.com/2025/02/06/phishing-up-almost-50-percent-since-2021-with-ai-attacks-on-the-rise/

https://www.msspalert.com/perspective/the-cyber-driven-domino-effect-how-financial-and-security-crises-bankrupt-businesses

https://news.bloomberglaw.com/privacy-and-data-security/board-directors-are-taking-the-lead-on-cybersecurity-oversight

https://informationsecuritybuzz.com/credential-stealing-malware-surges-in/

https://www.securityweek.com/how-agentic-ai-will-be-weaponized-for-social-engineering-attacks/

https://www.itpro.com/security/cyber-attacks/linkedin-social-engineering-attacks


Governance, Risk and Compliance

AI, Cyber Ccrime Perceived as Top Insurance Risks: Kennedys

CISO stature gains traction as global cyber risk escalates | CIO Dive

CISOs drive the intersection between cyber maturity and business continuity

21% of CISOs Have Been Pressured Not to Report a Compliance Issue

Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine

It pays to know how your cyber security stacks up | CSO Online

Infosec pros struggle under growing compliance - Help Net Security

The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses | MSSP Alert

Boardroom cyber expertise comes under scrutiny

Board Directors Are Taking the Lead on Cyber Security Oversight

Critical Questions For Boards: Are You Prepared For Ransomware?

Study warns on "head-in-the-sand" approach to cyber security

Why cyber hygiene should be a priority for every business in 2025 - Digital Journal

Why Cyber Security Is Everyone’s Responsibility

What Is Acceptable Risk?

EMEA CISOs Plan 2025 Cloud Security Investment

Under Pressure: Why Companies Must Mitigate the Churn of Cyber Security Leaders   - Security Boulevard

The CISO’s role in advancing innovation in cyber security | CSO Online

Over 60 percent of enterprise cyber security incidents relate to known risks

Security Teams Pay the Price: The Unfair Reality of Cyber Incidents - SecurityWeek

Overconfident execs are making their companies vulnerable to fraud - Help Net Security

Why Cyber Security Needs Probability — Not Predictions

Budgets and Awareness Up, Impersonation Attacks Still Prominent | SC Media UK

2024: The Year Data Security Took A Beating

Different Position, Different Challenge: AuditBoard Reveals Why Firms Struggle With Compliance | The Fintech Times


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware victims increased by 26 percent in 2024

2024 Breaks Records with Highest Ever Ransomware Attacks, as Cyber Criminals Target Critical Infrastructure

Ransomware Groups Weathered Raids, Profited in 2024

Ransomware and the Impact on Human Lives

Less than half of ransomware incidents end in payment - but you should still be on your guard | TechRadar

Critical Questions For Boards: Are You Prepared For Ransomware?

Cyber Criminals Court Traitorous Insiders via Ransom Notes

How to combat exfiltration-based extortion attacks | TechRadar

Top 3 Ransomware Threats Active in 2025

New AI "agents" could hold people for ransom in 2025 | Malwarebytes

Destructive Attacks on Financial Institutions Surge 13% - Infosecurity Magazine

Cyber Security Risks for Financial Services Firms: Proactive Strategies to Stay Ahead | BCLP - JDSupra

More destructive cyber attacks target financial institutions - Help Net Security

Ransomware recovery payments fell in 2024 • The Register

Ransomware Victims

Tata Technologies reports ransomware attack to Indian stock exchange | The Record from Recorded Future News

Indian tech giant Tata Technologies hit by ransomware attack

Tata Technologies confirms ransomware attack, says investigation still ongoing | TechRadar

Wirral NHS cyberattack leads to missed cancer care targets • The Register

Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden | WIRED

Data breach disclosed by Mizuno after BianLian claims | SC Media

Engineering group IMI latest UK firm to be hit by cyber attack

Phishing & Email Based Attacks

How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek

Phishing up almost 50 percent since 2021 with AI attacks on the rise

Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA - Infosecurity Magazine

High-profile X Accounts Targeted in Phishing Campaign - Infosecurity Magazine

1-Click Phishing Campaign Targets High-Profile X Accounts

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe | TechRadar

Cyberhaven: A Wake-Up Call for Consent Phishing Risks | Grip - Security Boulevard

Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank - Infosecurity Magazine

Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks - Security Boulevard

Business Email Compromise (BEC)/Email Account Compromise (EAC)

US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

Wembley Multi-Academy Trust Scammed Out of £385,000

Other Social Engineering

How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek

Top 5 AI-Powered Social Engineering Attacks

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe | TechRadar

LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to look out for | ITPro

How to Protect Yourself from the Growing Threat of Spam Calls and Robocalls

Artificial Intelligence

How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek

Top 5 AI-Powered Social Engineering Attacks

AI, Cyber Crime Perceived as Top Insurance Risks: Kennedys

Why employees smuggle AI into work - BBC News

AI jailbreaking techniques prove highly effective against DeepSeek | Computer Weekly

DeepSeek’s Flagship AI Model Under Fire for Security Vulnerabilities - Infosecurity Magazine

Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices - SecurityWeek

UK Announces “World-First” AI Security Standard - Infosecurity Magazine

DeepSeek R1 has taken the world by storm, but security experts claim it has 'critical safety flaws' that you need to know about | ITPro

Protect your data as cyber criminals use AI to target Mac in 2025

Risk Matters: Cyber Risk and AI – The Changing Landscape

Researchers Link DeepSeek’s Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US - SecurityWeek

Video Cyber Security expert discovers DeepSeek using ‘digital fingerprinting technology’ - ABC News

Qualys Report Raises Red Flags In DeepSeek-RI Security

New AI "agents" could hold people for ransom in 2025 | Malwarebytes

How Are Threat Actors Using Adversarial GenAI?

Invisible Threats: The Rise of AI-Powered Steganography Attacks - Security Boulevard

AI Rise: Can We Still Trust What We See? - InfoRiskToday

You Could Get 5 Years In Prison For Possessing These AI Tools

Cyber Threat Defence Code of Practice Announced by UK Government | SC Media UK

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

Scotland at risk of major AI hack, expert warns

Charges mount in former ex-Googler's AI theft case • The Register

2FA/MFA

Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA - Infosecurity Magazine

Malware

Credential-stealing Malware Surges In 2024 

Macs targeted by almost two dozen newly emergent payloads last year | SC Media

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

DaggerFly-Linked Linux Malware Targets Network Appliances - Infosecurity Magazine

Threefold Increase in Malware Targeting Credential Stores - Infosecurity Magazine

Mac Users Warned As “Fully Undetectable” Security Backdoor Confirmed

Surge in Infostealer Attacks Threatens EMEA Organisations - Infosecurity Magazine

AI Malware Dressed Up as DeepSeek Lurks in PyPi

Protect your data as cyber criminals use AI to target Mac in 2025

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

22 New Mac Malware Families Seen in 2024 - SecurityWeek

New Microsoft script updates Windows media with bootkit malware fixes

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

Microsoft says attackers use exposed ASP.NET keys to deploy malware

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

The RAT Pack Returns: ValleyRAT's Devious Delivery Methods 

Chinese cyber spies use new SSH backdoor in network device hacks

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

Russian cyber research companies post alerts about infostealer, industrial threats | The Record from Recorded Future News

Bots/Botnets

Akamai warns of active attacks from new Mirai variant | SC Media

Mobile

Screenshot-reading malware cracks iPhone security for the first time | Digital Trends

Malware With Screen Reading Code Found in iOS Apps for the First Time - MacRumors

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe | TechRadar

Security and Privacy on Your Android Phone: Features You Should Know About - CNET

Why rebooting your phone daily is your best defence against zero-click hackers | ZDNET

Gravy Analytics soaks up another sueball over data breach • The Register

Wiping your iPhone? Here's the easiest way to erase all personal data | ZDNET

Denial of Service/DoS/DDoS

Akamai warns of active attacks from new Mirai variant | SC Media

Internet of Things – IoT

Akamai warns of active attacks from new Mirai variant | SC Media

Backdoor uncovered in China-made patient monitors — Contec CMS8000 raises questions about healthcare device security | Tom's Hardware

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

Data Breaches/Leaks

Credential Theft Becomes Cyber Criminals' Favourite Target

Gravy Analytics soaks up another sueball over data breach • The Register

OpenAI Data Breach: Threat Actor Allegedly Claims 20 Million Logins for Sale

International Civil Aviation Organisation (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

Mizuno USA says hackers stayed in its network for two months

NorthBay Health Data Breach Impacts 569,000 Individuals - SecurityWeek

Globe Life data breach may impact an additional 850,000 clients

US healthcare provider data breach impacts 1 million patients

Cover-up Follow-up: Westend Dental starts notifying patients of October 2020 ransomware attack – DataBreaches.Net

1 Million Impacted by Data Breach at Connecticut Healthcare Provider - SecurityWeek

Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden | WIRED

Data breach disclosed by Mizuno after BianLian claims | SC Media

Data Purportedly Stolen From Trump Hotels In Cyberattack | MSSP Alert

Taliban deny cyber security breach, claim leaked documents were not confidential | Amu TV

Organised Crime & Criminal Actors

US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

DOJ: Over 17M Americans Impacted By Seized Cyber Crime Forums | MSSP Alert

From credit card fraud to zero-day exploits: Xe Group expanding cyber criminal efforts | CyberScoop

Crazy Evil gang runs over 10 highly specialized social media scams

Police dismantles HeartSender cyber crime marketplace network

2 Arrested in Takedown of Nulled, Cracked Hacking Forums - SecurityWeek

Two of the world's largest cyber crime forums knocked offline | ITPro

FBI, Europol shut down hacking sites selling personal info, tools for cyber criminals | News Brief | Compliance Week

California man steals $50 million using fake investment sites, gets 7 years

US accuses Canadian math prodigy of $65M crypto scheme • The Register

LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to look out for | ITPro

Dangerous hacker responsible for more than 40 cyberattacks on strategic organisations arrested – DataBreaches.Net

Man Sentenced to 7 Years in Prison for Role in $50M Internet Scam | Tripwire

Charges mount in former ex-Googler's AI theft case • The Register

Fraud factories, cyber criminals and corruption: The Economist's new podcast, "Scam Inc", uncovers a new, global, underground economy worth more than illicit drug trade

Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs

Nigeria Touts Cyber Success as African Cyber Crime Rises

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

Even the US government can fall victim to cryptojacking | FedScoop

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

US accuses Canadian math prodigy of $65M crypto scheme • The Register

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

Insider Risk and Insider Threats

Why employees smuggle AI into work - BBC News

Cyber Criminals Court Traitorous Insiders via Ransom Notes

Charges mount in former ex-Googler's AI theft case • The Register

What you can do to prevent workforce fraud - Help Net Security

How to Root Out Malicious Employees - Security Boulevard

Human error an overlooked cyber risk for SMEs

Insurance

AI, Cyber Crime Perceived as Top Insurance Risks: Kennedys

Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine

UK’s Cyber Monitoring Centre begins incident classification work | Computer Weekly

Supply Chain and Third Parties

Over a dozen firms compromised in BeyondTrust breach | SC Media

Tata Technologies confirms ransomware attack, says investigation still ongoing | TechRadar

Cyberhaven: A Wake-Up Call for Consent Phishing Risks | Grip - Security Boulevard

How to create a third-party risk management policy | TechTarget

Cloud/SaaS

EMEA CISOs Plan 2025 Cloud Security Investment

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform

Watch Out For These 8 Cloud Security Shifts in 2025

Here’s all the ways an abandoned cloud instance can cause security issues | CyberScoop

Only 3% of organisations have a dedicated budget for SaaS security - Help Net Security

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Abandoned AWS Cloud Storage: A Major Cyberattack Vector

Outages

Familiar failings as Barclays outage delays transactions | Today's Conveyancer 

Encryption

Cyber Insights 2025: Quantum and the Threat to Encryption - SecurityWeek

If you're not working on quantum-safe encryption now, it's already too late | ZDNET

Linux and Open Source

Linux Foundation Europe and OpenSSF launch initiative for EU Cyber Resilience Act compliance - Tech.eu

DaggerFly-Linked Linux Malware Targets Network Appliances - Infosecurity Magazine

Linux Security: Scan Your Servers for Rootkits With Ease - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

Credential Theft Becomes Cyber Criminals' Favorite Target

Millions Of Password Manager Users On Red Alert—Act Now To Stay Safe

Threefold Increase in Malware Targeting Credential Stores - Infosecurity Magazine

Cyber Criminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

Stop saving your email login info in your password manager | PCWorld

Social Media

These Are the Accounts Most Targeted By Hackers: Here's How to Secure Them

High-profile X Accounts Targeted in Phishing Campaign - Infosecurity Magazine

1-Click Phishing Campaign Targets High-Profile X Accounts

LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to look out for | ITPro

Malvertising

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

Fraudulent Google ads seek to breach Microsoft advertisers’ credentials | SC Media

Regulations, Fines and Legislation

“Vámonos!” Declares DORA, But 43% Of UK Financial Services Say “No” 

Infosec pros struggle under growing compliance - Help Net Security

UK Announces “World-First” AI Security Standard - Infosecurity Magazine

It's Time to Consolidate Cyber Security Regulations

Critical Questions For Boards: Are You Prepared For Ransomware?

Is DOGE a cyber security threat? A security expert explains the dangers of violating protocols and regulations that protect government computer systems

Musk' DOGE leashed by court after digging up Treasury data • The Register

Protecting the US from hackers apparently isn't in Trump's budget

Ireland responds to EU infringement notice on cyber security directive | Business Post

21% of CISOs Have Been Pressured Not to Report a Compliance Issue

Resolutions for Healthcare Providers: Part 1 of 2 – Cyber Security, Privacy and HIPAA Compliance | Bodman - JDSupra

Recent US Executive Order Calls for Encrypting DNS - ISC

Different Position, Different Challenge: AuditBoard Reveals Why Firms Struggle With Compliance | The Fintech Times

Trump’s anti-DEI efforts damage national security, former officials say - Nextgov/FCW

DORA Compliance Must be a Top Priority for US Financial Institutions - Security Boulevard

House Democrats demand answers over DOGE OPM server • The Register

Musk, DOGE Move into Treasury Systems Raises Security, Privacy Concerns | MSSP Alert

The biggest breach of US government data is under way | TechCrunch

Cyber Threat Defence Code of Practice Announced by UK Government | SC Media UK

Talks begin to move National Cyber Security Centre to Department of Justice

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

DeepSeek users could face million-dollar fine and prison time under new law | The Independent

USCG Final Rule on Cyber Security in Marine Transportation

Models, Frameworks and Standards

“Vámonos!” Declares DORA, But 43% Of UK Financial Services Say “No” 

Linux Foundation Europe and OpenSSF launch initiative for EU Cyber Resilience Act compliance - Tech.eu

Ireland responds to EU infringement notice on cyber security directive | Business Post

DORA Compliance Must be a Top Priority for US Financial Institutions - Security Boulevard

Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks - Security Boulevard

Resolutions for Healthcare Providers: Part 1 of 2 – Cyber Security, Privacy and HIPAA Compliance | Bodman - JDSupra

Careers, Working in Cyber and Information Security

The cyber security skills gap reality: We need to face the challenge of emerging tech | CSO Online

Shaping The Next Generation Of Cyber Security Professionals

The Cyber Security Crisis: Companies Can’t Fill Roles, Workers Shut Out

Under Pressure: Why Companies Must Mitigate the Churn of Cyber Security Leaders   - Security Boulevard

Government must address cyber security staffing shortage, NAO warns

Why Diversity Should not be Removed from Cyber in 2025 | SC Media UK

Public sector pay gap threatens UK cyber resilience

The hidden dangers of a toxic cyber security workplace - Help Net Security

Law Enforcement Action and Take Downs

Ransomware Groups Weathered Raids, Profited in 2024

US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

DOJ: Over 17M Americans Impacted By Seized Cyber Crime Forums | MSSP Alert

Police dismantles HeartSender cyber crime marketplace network

2 Arrested in Takedown of Nulled, Cracked Hacking Forums - SecurityWeek

FBI, Europol shut down hacking sites selling personal info, tools for cyber criminals | News Brief | Compliance Week

California man steals $50 million using fake investment sites, gets 7 years

Identity thief whose deception led to his victim’s incarceration gets a 12-year prison term | AP News

US accuses Canadian math prodigy of $65M crypto scheme • The Register

Dangerous hacker responsible for more than 40 cyberattacks on strategic organisations arrested – DataBreaches.Net

Man Sentenced to 7 Years in Prison for Role in $50M Internet Scam | Tripwire

Charges mount in former ex-Googler's AI theft case • The Register

Europol Cracks Down on Global Child Abuse Network “The Com” - Infosecurity Magazine

Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs

Nigeria Touts Cyber Success as African Cyber Crime Rises

Misinformation, Disinformation and Propaganda

Mis/Disinformation: The Skew of Information and Its Impacts on You | AFCEA International


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Britain to boost cyber warfare capabilities

Exploring The Cyber Security Battlefield Of 2025

The Weaponization of Operational Technology

International Civil Aviation Organisation (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

Nation State Actors

China

Is DeepSeek a national security threat? New research highlights ties with Chinese telecom raising data security concerns | Mint

Researchers Link DeepSeek’s Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US - SecurityWeek

Video Cyber Security expert discovers DeepSeek using ‘digital fingerprinting technology’ - ABC News

Qualys Report Raises Red Flags In DeepSeek-RI Security

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Chinese cyber spies use new SSH backdoor in network device hacks

Backdoor uncovered in China-made patient monitors — Contec CMS8000 raises questions about healthcare device security | Tom's Hardware

DeepSeek Jailbreak Reveals Its Entire System Prompt

AI jailbreaking techniques prove highly effective against DeepSeek | Computer Weekly

DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot | WIRED

Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices - SecurityWeek

DeepSeek R1 has taken the world by storm, but security experts claim it has 'critical safety flaws' that you need to know about | ITPro

Australia bans DeepSeek over security... - Mobile World Live

Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks

Russia

Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank - Infosecurity Magazine

CVE-2025-0411: Ukrainian Organisations Targeted in Zero-Day Campaign and Homoglyph Attacks | Trend Micro (US)

British PM scrapped ‘dangerously obvious’ email after Russian hacking | Cybernews

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

British PM Keir Starmer’s Personal Email Allegedly Hacked by Russian Operatives

Russian cyber research companies post alerts about infostealer, industrial threats | The Record from Recorded Future News

North Korea

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

WhatsApp claims that 100 journalists and activists were the targets of Israeli-made spyware

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

WhatsApp: Global spyware campaign conducted by Israeli firm | SC Media


Tools and Controls

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

Risk Matters: Cyber Risk and AI – The Changing Landscape

Enterprises invest heavily in AI-powered solutions - Help Net Security

What Is Acceptable Risk?

EMEA CISOs Plan 2025 Cloud Security Investment

Watch Out For These 8 Cloud Security Shifts in 2025

Here’s all the ways an abandoned cloud instance can cause security issues | CyberScoop

Future of Cyber Security: Will XDR Absorb SIEM & SOAR? | Trend Micro (US)

How AI-driven SOC co-pilots will change security center operations

Only 3% of organisations have a dedicated budget for SaaS security - Help Net Security

The API security crisis and why businesses are at risk - Help Net Security

Beware cyber security tech that’s past its prime — 5 areas to check or retire | CSO Online

Recent US Executive Order Calls for Encrypting DNS - ISC

Financial services to increase AI spending with cyber security a top priority, finds Nvidia report - FStech

How to build an effective purple team playbook | TechTarget

Security Teams Pay the Price: The Unfair Reality of Cyber Incidents - SecurityWeek

One breach to rule them all: The security perils of digital consolidation | SC Media

Budgets and Awareness Up, Impersonation Attacks Still Prominent | SC Media UK

Why streamlining cyber security is essential for success - Verdict

How to create a third-party risk management policy | TechTarget

Is Your Antivirus Spying on You? Yes, and Some Are Worse Than Others

What does it mean to build in security from the ground up? • The Register

Why honeypots deserve a spot in your cyber security arsenal | CSO Online



Vulnerability Management

Navigating the Future: Key IT Vulnerability Management Trends 

Transforming Vulnerability Management with Threat Intelligence: A Vision for MSSPs | MSSP Alert

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

Over 60 percent of enterprise cyber security incidents relate to known risks

Managing Software Risk in a World of Vulnerabilities

Infosec pros: We need CVSS, warts and all | CyberScoop

From credit card fraud to zero-day exploits: Xe Group expanding cyber criminal efforts | CyberScoop

Vulnerabilities

New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

A worrying security flaw could have left Microsoft SharePoint users open to attack | TechRadar

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities - SecurityWeek

Google warns Android users of a kernel flaw under attack • The Register

Critical RCE bug in Microsoft Outlook now exploited in attacks

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

Zyxel won’t patch newly exploited flaws in end-of-life routers

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers | TechCrunch

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

AMD patches high severity security flaw affecting Zen chips | TechRadar

Microsoft Patches Critical Azure AI Face Security Bug | MSSP Alert

New Microsoft script updates Windows media with bootkit malware fixes

CISA orders agencies to patch Linux kernel bug exploited in attacks

Cisco Patches Critical Vulnerabilities in Enterprise Security Product - SecurityWeek

BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

Netgear warns users to patch critical WiFi router vulnerabilities


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 31 January 2025

Black Arrow Cyber Threat Intelligence Briefing 31 January 2025:

-More Than Half of UK Workplaces Faced Cyber Attacks Last Year

-Cyber Security Responsibilities Across the C-Suite: A Breakdown for Every Executive

-Hackers Use Generative AI to Attack More Frequently and Effectively

-74% of Organisations are Increasing Crisis Simulation Budgets

-Only 13% of Organisations Fully Recover Data After a Ransomware Attack

-Cyber Security Threats Hit Mid-Market Firms Where It Hurts: The Bottom Line

-GhostGPT Can Write Malicious Code, Create Malware, and Create Convincing Phishing Emails for Just $50/Week

-New Phishing Campaign Targets Mobile Devices with Malicious PDFs

-The Clock is Ticking: Hackers Can Take You Down in 48 Minutes

-Security Threats Top Concerns for UK SMEs

-SaaS (Cloud) Breaches Skyrocket 300% as Traditional Defences Fall Short

-Rise of AI is Causing Many Firms to Worry About Their Cyber Security

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Looking at open source reporting this week, and indeed from our own work, it is clear that UK businesses are facing an alarming rise in cyber attacks, with over half experiencing an incident in 2024. Despite this, only a minority have structured risk assessments or incident response plans in place. AI-driven phishing attacks have surged by over 4,000%, yet just 17% of organisations invest in cyber security training. Meanwhile, the rapid adoption of generative AI is both strengthening defences and empowering attackers. Tools like GhostGPT, available for as little as $50 per week, are automating malware development and phishing campaigns, reducing the technical barrier for cyber criminals. The time from initial breach to full compromise has shrunk to just 48 minutes, highlighting the need for faster response times and automated defences.

Cyber security is no longer just a technical challenge but a critical business issue requiring C-suite engagement. CEOs must integrate security into corporate strategy, particularly for mid-market firms where breaches threaten growth and innovation. The escalating ransomware crisis has led to 58% of victims shutting down operations, yet only 13% fully recover their data, exposing gaps in resilience. The surge in SaaS breaches, up 300% in the past year, further underscores the importance of identity protection and continuous monitoring to mitigate risk.

As cyber threats intensify, Black Arrow Cyber advises organisations to prioritise crisis simulations, proactive investment, and cross-functional collaboration. With 74% of CISOs increasing crisis simulation budgets and AI reshaping the threat landscape, businesses must act now to build resilience. Strengthening mobile security, enforcing least privilege access, and rapidly addressing vulnerabilities are crucial to preventing financial and reputational harm. The cyber security clock is ticking, and businesses must move swiftly to stay ahead of evolving threats.


Top Cyber Stories of the Last Week

More Than Half of UK Workplaces Faced Cyber Attacks Last Year

More than half of UK businesses experienced a cyber attack in 2024, yet only 31% had conducted a cyber risk assessment, and just 15% had a formal incident response plan. Phishing attacks, fuelled by AI advancements, have surged by over 4,000% since 2022, making cyber resilience essential. Despite the evolving threat landscape, only 17% of businesses provide cyber security training to staff. Organisations must prioritise continuous monitoring, attack simulations, and structured incident response plans to mitigate risks. A strong cyber resilience strategy ensures businesses can not only prevent attacks but also respond effectively, minimising disruption and financial impact.

Cyber Security Responsibilities Across the C-Suite: A Breakdown for Every Executive

Cyber security is a core business concern requiring engagement from the entire C-suite, not just the Chief Information Security Officer (CISO). With cyber threats growing in complexity and regulations becoming stricter, organisations must integrate security into their business strategies. A single cyber attack can cause severe financial losses, operational disruption, and reputational damage. Every member of the C-suite plays a key role: CEOs set strategic business priorities that require a secure business environment, CFOs manage financial risks, and a good CISO establishes security defences across people, operations and technology with the CHRO, COO, and CIO. Cross-functional collaboration is essential, ensuring cyber security is embedded in operations, innovation, and culture to protect the organisation’s future.

Hackers Use Generative AI to Attack More Frequently and Effectively

The latest Splunk CISO Report highlights the growing role of Generative AI (GenAI) in cyber security, with over half (52%) of CISOs prioritising emerging technologies. However, only a third (33%) of board members share this view, exposing a strategic gap. Attackers are leveraging GenAI to enhance the effectiveness (32%) and volume (28%) of cyber attacks, making AI-driven threats a top concern for 36% of CISOs. Budget constraints remain an issue, with 64% of CISOs linking underfunding to increased cyber risks.

74% of Organisations are Increasing Crisis Simulation Budgets

Following a series of high-profile cyber incidents in 2024, CISOs are increasing investment in crisis simulations to strengthen organisational resilience. A report by Hack The Box found that 74% of CISOs are raising budgets for crisis preparedness in 2025, with 16% of security budgets being reallocated to these exercises. Key drivers include the growing frequency of cyber incidents (31%) and gaps in incident response planning (20%). With AI reshaping the cyber threat landscape, organisations are prioritising realistic, stress-tested simulations to ensure both technical and non-technical teams can respond decisively to evolving threats.

Only 13% of Organisations Fully Recover Data After a Ransomware Attack

Ransomware attacks are becoming more disruptive, with 58% of organisations forced to shut down operations, up from 45% in 2021. Business impacts are severe: 40% reported revenue losses, 41% lost customers, and 35% suffered significant brand damage. Despite 29% of IT budgets allocated to ransomware defences, 88% of organisations have been victims, with only 13% fully recovering their data. Poor visibility in hybrid environments and unpatched systems are key vulnerabilities. With only 27% adopting microsegmentation, organisations must prioritise containment strategies to protect critical systems and avoid the rising costs of downtime, lost business, and reputational harm.

Cyber Security Threats Hit Mid-Market Firms Where It Hurts: The Bottom Line

Middle-market firms, especially those facing high uncertainty due to fluctuating demand, supply chain disruptions, or macroeconomic volatility, face growing cyber security threats that directly impact their financial stability and innovation. According to PYMNTS Intelligence’s 2025 Certainty Project, 72% of firms are concerned about financial losses due to cyber incidents, rising to 88% for those experiencing heightened uncertainty. High-uncertainty firms are also 81% more likely to delay or cancel technology initiatives, stalling growth. Despite constrained resources, CFOs are shifting cyber security from an IT concern to a business priority, recognising its role in resilience and competitive advantage. As cyber threats escalate, proactive investment in security is essential to safeguard operations and drive innovation.

GhostGPT Can Write Malicious Code, Create Malware, and Create Convincing Phishing Emails for Just $50/Week

Hackers are using an AI chatbot, GhostGPT, to automate cyber attacks, enabling them to write malware, craft phishing emails, and develop exploits with ease. Unlike mainstream AI tools, GhostGPT lacks ethical safeguards and is marketed openly on cyber crime forums. Available as a Telegram bot for as little as $50 per week, it lowers the barrier for attackers with minimal technical skills. Security researchers warn that AI-driven threats like GhostGPT will make cyber attacks more sophisticated and harder to detect, underscoring the need for organisations to adapt their defences to counter AI-enabled cyber crime.

New Phishing Campaign Targets Mobile Devices with Malicious PDFs

A newly discovered phishing campaign is targeting mobile users by impersonating known brands and delivering malicious PDF files via SMS. Researchers uncovered over 20 malicious PDFs and 630 phishing pages, highlighting a large-scale operation spanning more than 50 countries. The campaign employs a sophisticated obfuscation technique to bypass detection, tricking users into providing sensitive information. As mobile phishing threats grow, organisations must prioritise mobile security investments, implement multi-factor authentication and adopt a layered security approach to mitigate risks posed by increasingly advanced social engineering tactics.

The Clock is Ticking: Hackers Can Take You Down in 48 Minutes

Hackers are accelerating their attacks, with the average time from initial access to lateral movement now just 48 minutes; 22% faster than last year. The quickest observed incident took only 27 minutes. A key driver is the rise of information-stealing malware, aiding initial access brokers in expediting attacks. Additionally, the ransomware-as-a-service ecosystem has become more efficient, and AI is enhancing hacking tools. Alarmingly, the time from vulnerability discovery to exploitation has dropped from 47 days to just 18 days; a 62% decrease. Automated defences and rapid patching are critical to mitigating these evolving threats.

Security Threats Top Concerns for UK SMEs

JumpCloud’s latest report highlights that 61% of UK SMEs see security as their top challenge in 2025, with 45% having suffered a cyber security attack, and phishing accounting for 53% of incidents. IT teams are under pressure, with 90% concerned about unauthorised apps expanding their attack surface, and 60% fearing AI threats will outpace their defences. Despite security concerns, nearly half (48%) hesitate to strengthen protections due to user experience trade-offs. Tool sprawl remains an issue, driving 83% to seek unified platforms. Budgets are increasing, with 76% expecting cyber security investment to rise and MSP adoption growing to 79%.

SaaS (Cloud) Breaches Skyrocket 300% as Traditional Defences Fall Short

Software-as-a-Service (SaaS) breaches have surged by 300% in the past year as cyber criminals and nation-state actors increasingly target these platforms. A report by Obsidian Security found that 85% of incidents stemmed from compromised identities, with adversary-in-the-middle attacks accounting for 39%. The healthcare sector was the most affected (14%), followed by government (13%) and financial services (11%). Traditional security tools are struggling to protect SaaS environments, with MFA failing in 84% of cases due to weak implementation or adversary-in-the-middle (AiTM) techniques. To mitigate risk, firms must enhance visibility over SaaS usage, enforce least privilege access controls, and implement continuous monitoring to detect and respond to threats swiftly.

Rise of AI is Causing Many Firms to Worry About Their Cyber Security

A Sophos report highlights growing concerns about AI's impact on cyber security, with 89% of IT leaders fearing flaws in generative AI could weaken defences. Despite this, 99% now see AI as essential when selecting a cyber security provider. While AI enhances threat capabilities, one in five IT leaders hopes it will strengthen protection, and 14% hope it will relieve employee burnout. However, four in five anticipate rising costs, though 87% expect long-term savings. With 98% already embedding AI in security solutions, firms are urged to adopt a human-first approach and carefully assess AI vendors for data quality and effectiveness.

Sources:

https://www.thehrdirector.com/business-news/digitalisation/half-uk-workplaces-faced-cyberattacks-last-year/

https://securityboulevard.com/2025/01/cybersecurity-responsibilities-across-the-c-suite-a-breakdown-for-every-executive/

https://www.techradar.com/pro/security/hackers-use-genai-to-attack-more-frequently-and-effectively

https://www.helpnetsecurity.com/2025/01/28/cisos-crisis-simulation-budgets/

https://www.helpnetsecurity.com/2025/01/29/ransomware-attacks-business-operations-disruption/

https://www.pymnts.com/cybersecurity/2025/cybersecurity-threats-hit-mid-market-firms-where-it-hurts-the-bottom-line/

https://www.itpro.com/security/cyber-crime/hackers-are-using-a-new-ai-chatbot-to-wage-cyber-attacks-ghostgpt-lets-users-write-malicious-code-create-malware-and-curate-phishing-emails-and-it-costs-just-usd50-to-use

https://www.infosecurity-magazine.com/news/phishing-campaign-targets-mobile/

https://www.forbes.com/sites/daveywinder/2025/01/28/hackers-are-getting-faster-48-minutes-and-youre-cooked/

https://pcr-online.biz/2025/01/29/security-threats-top-concerns-for-uk-smes/

https://www.infosecurity-magazine.com/news/saas-breaches-defenses-short/

https://www.techradar.com/pro/security/rise-of-ai-is-causing-many-firms-to-worry-about-their-cybersecurity


Governance, Risk and Compliance

CISOs boost board presence by 77% over two years | Computer Weekly

Cyber Security Responsibilities Across the C-Suite: A Breakdown for Every Executive - Security Boulevard

CISOs are gaining more influence in the boardroom, and it’s about time | ITPro

74% of CISOs are increasing crisis simulation budgets - Help Net Security

Rise of AI is causing many firms to worry about their cyber security | TechRadar

Hackers Are Getting Faster—48 Minutes And You’re Cooked

Cyber security crisis in numbers - Help Net Security

Cyber security Threats Hit Mid-Market Firms in the Bottom Line

CISOs Are Gaining C-Suite Swagger

88% of High-Uncertainty Firms Report Cyber Security Risks

UK Organisations Boosting Cyber Security Budgets - Infosecurity Magazine

UK's small businesses underestimating risk of cyber attacks

Security threats top concerns for UK SMEs – PCR

It’s time to catch up with cyber attackers | TechRadar

More than half of UK workplaces faced cyber attacks last year | theHRD

How to improve cyber resilience across your workforce | theHRD

Cyber Resilience: Sorry Vendors, It’s About Leadership, Not Tech

Crisis Simulation: The New Frontier for CISOs in 2025

How CISOs can forge the best relationships for cyber security investment | CSO Online

Old Ways of Vendor Risk Management Are No Longer Enough

We're losing the battle against complexity, and AI may or may not help | ZDNET

Revealed – top emerging threats for banks and insurers | Insurance Business America

Acronis Data Privacy Survey Reveals 64% of Global Consumers

Cyber trends set to influence business strategies - Help Net Security


Threats

Ransomware, Extortion and Destructive Attacks

TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert

Don't count on ransomware insurance to save you - Tech Monitor

Survey Surfaces Extent of Financial Damage Caused by Ransomware Scourge - Security Boulevard

58% of Ransomware Victims Forced to Shut Down Operations - Infosecurity Magazine

Illumio Research Reveals 58% of Companies Hit With

Only 13% of organisations fully recover data after a ransomware attack - Help Net Security

Another banner year for ransomware gangs • The Register

Ransomware Gangs Linked by Shared Code and Ransom Notes - Infosecurity Magazine

The rising tide of ransomware and what it means for small and medium-sized businesses [Q&A]

Lynx Ransomware Infrastructure To Attack Windows, Linux, ESXi & Affiliate Panel Uncovered

Baguettes bandits strike again with ransomware, humiliation • The Register

New Hellcat Ransomware Gang Employs Humiliation Tactics - Infosecurity Magazine

Revealed – top emerging threats for banks and insurers | Insurance Business America

New report warns of sophisticated techniques being used by ransomware group Arcus Media - SiliconANGLE

How Interlock Ransomware Infects Healthcare Organisations

What we know about the AI-powered ransomware group, FunkSec - Raconteur

UK: Consultation on Ransomware payments | DLA Piper - JDSupra

Lynx ransomware infiltration reveals affiliate panel details | SC Media

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

Ransomware Victims

MGM to pay $45m to data breach and ransomware victims

Let’s Secure Insurance failed to secure their own data storage. Now they have a breach. – DataBreaches.Net

152,000 Impacted by Data Breach at Berman & Rabin - SecurityWeek

'A poignant reminder of the devastating impact': The steps to take to safeguard your business against ransomware attack - Business MK

Healthcare Sector Charts 2 More Ransomware Attacks

Ransomware Attack Disrupts Blood Donation Services in US - Infosecurity Magazine

Smiths Group Scrambling to Restore Systems Following Cyber Attack - SecurityWeek

Phishing & Email Based Attacks

New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine

Google forced to step up phishing defences following ‘most sophisticated attack’ it has ever seen | TechRadar

The top 10 brands exploited in phishing attacks - and how to protect yourself | ZDNET

Hidden Text Salting Disrupts Brand Name Detection Systems - Infosecurity Magazine

Hidden in Plain Sight: PDF Mishing Attack - Security Boulevard

Threat Actors Exploit Government Websites for Phishing - Infosecurity Magazine

Phishing Campaign Baits Hook With Malicious Amazon PDFs

Nine out of ten emails are spam - Help Net Security

Other Social Engineering

New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine

Scammers Are Creating Fake News Videos to Blackmail Victims | WIRED

DoJ Busts Up Another Multinational DPRK IT Worker Scam

Don't Fall For These Reddit Scam Pages Waiting to Install Malware On Your Computer

Reddit, WeTransfer pages spoofed in Lumma Stealer campaign | SC Media

British Vishing-as-a-Service Trio Sentenced - Infosecurity Magazine

Artificial Intelligence

Prompt Injection Tricks AI Into Downloading And Executing Malware | Hackaday

Hackers use GenAI to attack more frequently and effectively | TechRadar

Hackers are using a new AI chatbot to wage attacks: GhostGPT lets users write malicious code, create malware, and curate phishing emails – and it costs just $50 to use | ITPro

Rise of AI is causing many firms to worry about their cyber security | TechRadar

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

89% of IT Leaders Worry GenAI Flaws Could Negatively Impact Their Organisation’s Cyber Security Strategies, Sophos Survey Finds

DeepSeek's popularity exploited by malware peddlers, scammers - Help Net Security

AI-powered Chrome extensions are watching you…

AI security posture management will be needed before agentic AI takes hold - Help Net Security

DeepSeek’s Popular AI App Is Explicitly Sending US Data to China | WIRED

DeepSeek Blames Disruption on Cyber Attack as Vulnerabilities Emerge - SecurityWeek

The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find

Nation-State Hackers Abuse Gemini AI Tool - Infosecurity Magazine

What we know about the AI-powered ransomware group, FunkSec - Raconteur

The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar

DeepSeek database left open, exposing sensitive info • The Register

Hackers Are Using Google's AI Chatbot to Make Attacks More Efficient - Business Insider

Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics

Risk Matters: Cyber Risk and AI – The Changing Landscape | Newswise

Preparing financial institutions for the next generation of cyber threats - Help Net Security

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

Former OpenAI safety researcher brands pace of AI development ‘terrifying’ | Artificial intelligence (AI) | The Guardian

2FA/MFA

How hackers bypass MFA – and what to do about it | ITPro

Malware

Over a billion credentials stolen were stolen in malware attacks in 2024 | TechRadar

Prompt Injection Tricks AI Into Downloading And Executing Malware | Hackaday

Hacker infects 18,000 "script kiddies" with fake malware builder

Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Phishing Campaign Baits Hook With Malicious Amazon PDFs

Don't Fall For These Reddit Scam Pages Waiting to Install Malware On Your Computer

Reddit, WeTransfer pages spoofed in Lumma Stealer campaign | SC Media

18,459 Devices Compromised Worldwide Via XWorm RAT Builder | MSSP Alert

Cyber Insights 2025: Malware Directions - SecurityWeek

Secondary payloads delivered via MintsLoader attacks | SC Media

The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find

Over 10,000 WordPress sites found showing fake Google browser update pages to spread malware | TechRadar

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyber Attacks

Phishing campaign in Poland and Germany deploys TorNet backdoor | SC Media

What Happens When Students Bring Malware to Campus? | EdTech Magazine

Bots/Botnets

Aquabot Botnet Targeting Vulnerable Mitel Phones - SecurityWeek

Mobile

New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More

Google Play security teams used AI in 92% of app reviews in 2024 - Android Authority

Google blocked 2.36 million risky Android apps from Play Store in 2024

Denial of Service/DoS/DDoS

The Undercurrent Behind the Rise of DeepSeek: DDoS Attacks in the Global AI Technology Game - Security Boulevard

Internet of Things – IoT

Cyber Security Threats To Modern Cars: How Hackers Are Taking Control

Data Breaches/Leaks

MGM to pay $45m to data breach and ransomware victims

TalkTalk confirms data breach involving a third-party platform

UK telco TalkTalk launches probe into alleged data grab • The Register

1 in 2 Americans affected by UnitedHealth cyber attack, new disclosure shows | Rock Hill Herald

UnitedHealth estimates 190M people impacted by Change Healthcare cyber attack – DataBreaches.Net

Mega Data Breaches Push US Victim Count to 1.7 Billion - Infosecurity Magazine

Millions of airline customers possibly affected by OAuth security flaw | TechRadar

DeepSeek database left open, exposing sensitive info • The Register

312% Surge in Breach Notices That Could Have Been Prevented

PowerSchool starts notifying victims of massive data breach

Reporting a Breach? Make Sure Your Lawyer's on Call

152,000 Impacted by Data Breach at Berman & Rabin - SecurityWeek

Cyber security Event at Benefits Management Group Results in Data Breach | Console and Associates, P.C. - JDSupra

Organised Crime & Criminal Actors

Cyber security crisis in numbers - Help Net Security

Hackers Are Getting Faster—48 Minutes And You’re Cooked

Man arrested after climate activists cut UK insurance firms’ fibre optic cables | UK news | The Guardian

FBI nominee Kash Patel gets questions on cyber crime investigations, Silk Road founder, surveillance powers | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert

At least $69 million stolen from crypto platform Phemex in suspected cyber attack | The Record from Recorded Future News

Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine

What's Yours is Mine: Is Your Business Ready for Cryptojacking Attacks?

Insider Risk and Insider Threats

How to improve cyber resilience across your workforce | theHRD

British Museum says ex-contractor 'shut down' IT systems • The Register

HR Magazine - Former employee shuts down British Museum IT systems

CrowdStrike Highlights Magnitude of Insider Risk

Insurance

Don't count on ransomware insurance to save you - Tech Monitor

Cyber Insights 2025: Cyberinsurance – The Debate Continues - SecurityWeek

Supply Chain and Third Parties

TalkTalk confirms data breach involving a third-party platform

Revealed – top emerging threats for banks and insurers | Insurance Business America

How Lazarus Group built a cyber espionage empire - Help Net Security

Third-Party Vendors Are the Supply Chain’s Ignored Vulnerability | HackerNoon

Building Resilience Against Zero-Day Threats In Third-Party Risk Management

Old Ways of Vendor Risk Management Are No Longer Enough

Companies told to enhance third party cyber security efforts

GoDaddy’s Cyber Security Called Into Question

Cloud/SaaS

TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert

SaaS Breaches Skyrocket 300% as Traditional Defences Fall Short - Infosecurity Magazine

MITRE's Latest ATT&CK Simulations Tackles Cloud Defences

Microsoft investigates Microsoft 365 outage affecting users, admins

Outages

Man arrested after climate activists cut UK insurance firms’ fibre optic cables | UK news | The Guardian

Microsoft investigates Microsoft 365 outage affecting users, admins

Identity and Access Management

Hackers use Windows RID hijacking to create hidden admin account

Staying Ahead with Enhanced IAM Protocols - Security Boulevard

Microsoft Details Key Strategies for Proactive Identity Management

Encryption

"Anonymity is not a fundamental right": experts disagree with Europol chief's request for encryption back door | TechRadar

Linux and Open Source

Lynx Ransomware Infrastructure To Attack Windows, Linux, ESXi & Affiliate Panel Uncovered

Lazarus Group's latest heist hits hundreds globally • The Register

Facebook flags Linux topics as 'cyber security threats' — posts and users being blocked | Tom's Hardware

Passwords, Credential Stuffing & Brute Force Attacks

Over a billion credentials stolen were stolen in malware attacks in 2024 | TechRadar

Multiple Git flaws led to credentials compromise

Social Media

Is TikTok a national security threat – or is the ban a smokescreen for superpower rivalry? | TikTok | The Guardian

Microsoft Eyes TikTok’s US Operations Amid National Security Concerns - gHacks Tech News

facebook flags Linux topics as threats

Facebook flags Linux topics as 'cyber security threats' — posts and users being blocked | Tom's Hardware

Trump’s bigger China cyber threat isn’t TikTok - The Japan Times

Malvertising

Security Bite: How hackers are still using Google Ads to spread malware - 9to5Mac

Training, Education and Awareness

How to improve cyber resilience across your workforce | theHRD

Regulations, Fines and Legislation

National security risks in routers, modems targeted in bipartisan Senate bill | CyberScoop

SEC and FCA fines: Issues jump - Help Net Security

312% Surge in Breach Notices That Could Have Been Prevented

UK: Consultation on Ransomware payments | DLA Piper - JDSupra

Strengthening National Security in the AI Era

FBI nominee Kash Patel gets questions on cyber crime investigations, Silk Road founder, surveillance powers | CyberScoop

Trump Administration Faces Security Balancing Act in Borderless Cyber Landscape - SecurityWeek

Gutting US cyber advisory boards 'foolish' • The Register

Models, Frameworks and Standards

MITRE's Latest ATT&CK Simulations Tackles Cloud Defences

Careers, Working in Cyber and Information Security

Hackers allegedly stole $69M from cryptocurrency platform Phemex

Nine human-centric strategies that strengthen security teams | SC Media

How to make sure you’ve got the cyber security people you need

Law Enforcement Action and Take Downs

Another banner year for ransomware gangs • The Register

British Vishing-as-a-Service Trio Sentenced - Infosecurity Magazine

Brit fraudsters sentenced over account takeover operation • The Register

Authorities Seize Domains of Popular Hacking Forums in Major Cyber Crime Crackdown

Nulled, Other Cyber Crime Websites Seized by Law Enforcement - SecurityWeek

FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent

Law enforcement continues efforts to disrupt cyber crime forums and services – DataBreaches.Net

Misinformation, Disinformation and Propaganda

AI, disinformation and cyber security - POST


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

The Private Sector on the Front Line | Foreign Affairs

Nation State Actors

China

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables | Computer Weekly

As Russian Spy Ship Yantar Enters British Waters, the Deep-Sea Battle Over Undersea Cables Heats Up - WSJ

Vessel seized on suspicion of cutting Baltic internet cable

Latvia: Undersea cable likely damaged by external influence – DW – 01/27/2025

One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years | TechRadar

DeepSeek’s Popular AI App Is Explicitly Sending US Data to China | WIRED

Inside China's 'hacking capital' that has ignited global cyber security alarms | ITV News

Is TikTok a national security threat – or is the ban a smokescreen for superpower rivalry? | TikTok | The Guardian

Are We Serious About Chinese Spying? - SMERCONISH

DeepSeek Blames Disruption on Cyber Attack as Vulnerabilities Emerge - SecurityWeek

National security risks in routers, modems targeted in bipartisan Senate bill | CyberScoop

The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find

Hackers Are Using Google's AI Chatbot to Make Attacks More Efficient - Business Insider

Baltic undersea pipes and cables keep getting damaged. What’s going on? | CNN Business

Trump’s bigger China cyber threat isn’t TikTok - The Japan Times

UK launches inquiry into threats to subsea cable systems

Sweden seizes vessel after another undersea cable damaged • The Register

DeepSeek's popularity exploited by malware peddlers, scammers - Help Net Security

Gutting US cyber advisory boards 'foolish' • The Register

Microsoft Eyes TikTok’s US Operations Amid National Security Concerns - gHacks Tech News

Russia

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables | Computer Weekly

As Russian Spy Ship Yantar Enters British Waters, the Deep-Sea Battle Over Undersea Cables Heats Up - WSJ

Vessel seized on suspicion of cutting Baltic internet cable

Latvia: Undersea cable likely damaged by external influence – DW – 01/27/2025

Cross-Party Inquiry Examines Threats to Undersea UK Internet Cables - ISPreview UK

Nation-State Hackers Abuse Gemini AI Tool - Infosecurity Magazine

Baltic undersea pipes and cables keep getting damaged. What’s going on? | CNN Business

UK launches inquiry into threats to subsea cable systems

Sweden seizes vessel after another undersea cable damaged • The Register

Exclusive: Baltic Sea shipping tax could pay for undersea cable protection, says Estonian minister | Reuters

Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine

European Union Sanctions Russian Nationals for Hacking Estonia - SecurityWeek

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

Iran

Google details nefarious Gemini use by Iranian spies • The Register

North Korea

How Lazarus Group built a cyber espionage empire - Help Net Security

DoJ Busts Up Another Multinational DPRK IT Worker Scam

Lazarus Group's latest heist hits hundreds globally • The Register

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks


Tools and Controls

74% of CISOs are increasing crisis simulation budgets - Help Net Security

Crisis Simulations: A Top 2025 Concern for CISOs

CISOs Boost Crisis Simulation Budgets Amid High-Profile Cyber-Attacks - Infosecurity Magazine

Crisis Simulation: The New Frontier for CISOs in 2025

How to improve cyber resilience across your workforce | theHRD

Attackers exploit SimpleHelp RMM Software flaws for initial access

Building Resilience Against Zero-Day Threats In Third-Party Risk Management

Hackers exploiting flaws in SimpleHelp RMM to breach networks

Risk Matters: Cyber Risk and AI – The Changing Landscape | Newswise

UK Organisations Boosting Cyber Security Budgets - Infosecurity Magazine

PrintNightmare Aftermath: Windows Print Spooler is Better. What's Next?

Old Ways of Vendor Risk Management Are No Longer Enough

Cyber Resilience: Sorry Vendors, It’s About Leadership, Not Tech

How CISOs can forge the best relationships for cyber security investment | CSO Online

Prepare to be breached: the radical cyber-security strategy that might save your business | The Independent

Microsoft Teams phishing attack alerts coming to everyone next month

Man arrested after climate activists cut UK insurance firms’ fibre optic cables | UK news | The Guardian

How to Choose the Right Cyber Security Software: A Comprehensive Guide - Security Boulevard

Remote Monitoring and Management (RMM) Abuse | Intel 471

Staying Ahead with Enhanced IAM Protocols - Security Boulevard

We're losing the battle against complexity, and AI may or may not help | ZDNET

WFH with privacy? 85% of Brit bosses are snooping on staff • The Register

Fragmented cyber security is costing businesses billions, and putting them at risk | TechRadar

Nine out of ten emails are spam - Help Net Security



Vulnerability Management

Building Resilience Against Zero-Day Threats In Third-Party Risk Management

NCSC Calls on Vendors to Eradicate “Unforgivable” Vulnerabilities - Infosecurity Magazine

Microsoft to deprecate WSUS driver synchronization in 90 days

The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar

UK’s NCSC Proposes New Vulnerability Classification System | MSSP Alert

Vulnerabilities

Fortinet Zero-Day Gives Attackers Super-Admin Privileges

TeamViewer Patches High-Severity Vulnerability in Windows Applications - SecurityWeek

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

Palo Alto Networks firewalls have UEFI flaws, Secure Boot bypasses | CSO Online

One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years | TechRadar

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity - SecurityWeek

Vulnerabilities in Telecom Networks Let Hackers Gain Access to 3,000 Companies 

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More

SonicWall says hackers are exploiting a new zero-day bug to breach customer networks | TechCrunch

Aquabot Botnet Targeting Vulnerable Mitel Phones - SecurityWeek

Multiple Git flaws led to credentials compromise

Apple Silicon flaws could make your private data vulnerable

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Apple's in-house chips have security flaws that could expose your Gmail inbox to attackers

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

VMware plugs credential-leaking bugs in Cloud Foundation • The Register

TeamViewer fixed a bug in Windows client and host applications

Hackers exploiting flaws in SimpleHelp RMM to breach networks

Millions of airline customers possibly affected by OAuth security flaw | TechRadar

Critical remote code execution bug found in Cacti framework

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow’s Key Cyber Predictions for 2025

Black Arrow’s Key Cyber Predictions for 2025

At Black Arrow, we see significant cyber risks escalating in 2025 as attackers’ technology and tactics develop, and geopolitical tensions increase. Our cyber threat intelligence, including our weekly briefing for our newsletter subscribers, shows a sharp rise in attacks during 2024, which continues into 2025. This includes increasingly sinister phishing and other AI-enabled attacks as part of ransomware and extortion, which in some cases lead to the collapse of the victim organisation.

At Black Arrow, we see significant cyber risks escalating in 2025 as attackers’ technology and tactics develop, and geopolitical tensions increase. Our cyber threat intelligence, including our weekly briefing for our newsletter subscribers, shows a sharp rise in attacks during 2024, which continues into 2025. This includes increasingly sinister phishing and other AI-enabled attacks as part of ransomware and extortion, which in some cases lead to the collapse of the victim organisation.

Phishing in 2025, Powered by AI

In 2025, we see phishing continuing its alarming rise. Attackers are using AI to amplify the dangers of phishing, not just in emails but also in Teams and other messaging platforms. AI-generated messages adapt to bypass existing controls, with greater success in landing in employees' inboxes. Gone are the days of spotting phishing through bad spelling and grammar; AI will generate perfect communications tailored to specific sectors and will flex to penetrate victims' security.

Deepfake: A Growing Threat in 2025

Deepfake audio and video calls form part of a modern attack scenario, no longer limited to sophisticated attackers. The deepfake video attack on Arup last year, which resulted in USD 25 million in fraudulent bank payments, was a trailblazing example. With the rapid development of AI, we predict that deepfake attacks will affect small and medium-sized businesses as much as large organisations. The technology and kits for such attacks are set to become cheaper and more accessible in 2025.

Supply Chain Risks: No Company is an Island

Organisations heavily rely on other companies to manage key activities or systems, including outsourced payroll, IT, accounting, legal services, and marketing. This trend will continue to grow in 2025, along with substantial cyber security risks. Attackers will increasingly focus on supply chains as an easy way to access data for ransom or payment fraud. An example of the most popular attack we see would be where an attacker gains access to your third party’s email account (known as business email compromise, or BEC), and then interacts with you from that trusted email account to make changes to bank account details for upcoming payments. BEC and other attacks often start with phishing emails which we see will be enhanced by AI and deepfake in 2025.

Quantum Computing: On the Horizon

With many organisations developing quantum computing, we expect advances in 2025 and beyond that will present opportunities for both organisations and attackers. Quantum computers have the potential to solve highly complex problems at high speed, but this capability could also be used by attackers to break encryption. We see 2025 as the year when many organisations start to reexamine their security approaches to withstand the malicious use of quantum computing.

Constant Innovation: The Need for Threat Intelligence

The sudden appearance of DeepSeek AI in late January 2025, which sent shockwaves through the global technology sector, reminds us that all businesses need to stay abreast of technological developments and understand their cyber security implications. We encourage you to subscribe to our free weekly threat intelligence briefing, sent by email every Monday, to help keep up to date.

Visit our website at www.blackarrowcyber.com/subscribe for more information.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 24 January 2025

Black Arrow Cyber Threat Intelligence Briefing 24 January 2025:

-Russian Ransomware Groups Deploy Email Bombing and Teams Vishing

-Cyber Security Breaches Are Increasing Business Insolvency Risks

-Companies Seek Specialised Expertise to Combat Artificial Intelligence (AI) Cyber Threats

-When Risk Becomes Habit: Employee Behaviour and Organisational Security

-New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing

-Global Cyber Attacks Jumped 44% Last Year

-Phishing Campaigns Became a Lot More Sinister in 2024

-CISOs Dramatically Increase Boardroom Influence but Many Still Lack Soft Skills

-Bad News - Businesses Who Pay Ransomware Attackers Aren’t Very Likely to Get Their Data Back

-Deepfakes Force a New Era in Fraud Detection, Identity Verification

-Misinformation Is No. 1 Global Risk, Cyber Espionage in Top 5

-Educate, Prepare, and Mitigate: The Keys to Unlocking Cyber Resilience

-What is ‘Security Theatre’ and How Can Firms Move Beyond It?

-SMEs Face Rising Cyber Threats Amid AI and Training Concerns

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week, our cyber threat intelligence reports on new and evolving tactics of attackers and the devastating impact of attacks, as well as how organisations should act to improve their security including rehearsing how they will react when they experience an incident.

Recent reports highlight a surge in attacks whereby the attacker overwhelms their victim with emails and then contacts them on Teams posing as IT support to gain access to the victim’s systems. These attacks underscore the need for organisations to restrict external communications, limit remote access, and enhance employee awareness to prevent breaches. Furthermore, the growing use of artificial intelligence (AI) by cyber criminals has necessitated a focus on specialised expertise, with companies investing in both internal training and external cyber security support to counter AI-driven threats.

Behind the stories of attacks and data breaches, there are the real lives of individuals and organisations who suffer the heart-breaking catastrophic impact, including organisations that have closed or filled for insolvency. Studies indicate that the average cost of a breach is now nearly $5 million, while paying ransom demands often fails to recover data, leading to further losses. The increasing sophistication of phishing campaigns and deepfake technology is further complicating fraud detection and identity verification processes. To mitigate these risks, firms must adopt a proactive approach that includes robust incident response plans, enhanced employee training, and the adoption of zero-trust security frameworks.

Organisations must move beyond 'security theatre' by focusing on practical, risk-based strategies that address core vulnerabilities rather than relying on superficial measures. The rise in nation-state cyber espionage, misinformation, and AI-enabled threats highlights the importance of collaboration between public and private sectors to enhance resilience. As cyber security gains greater prominence at the boardroom level, business leaders must ensure they are equipped with the necessary knowledge and strategic vision to navigate this rapidly changing threat landscape effectively.

Top Cyber Stories of the Last Week

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing

Security experts have identified two ransomware groups using email bombing and Teams-based social engineering to gain remote access to corporate systems. Victims receive thousands of spam emails followed by a fraudulent Teams call from someone posing as IT support. The attackers then attempt to install remote access tools to steal data and extort organisations. At least 15 attacks have been observed in the past three months, with a significant increase recently. Businesses are advised to restrict external Teams calls, limit remote access tools, and enhance employee awareness to mitigate these evolving threats.

Cyber Security Breaches Are Increasing Business Insolvency Risks

Cyber attacks are increasingly pushing businesses into financial distress, with data breaches and ransomware incidents significantly raising operational costs and even leading to bankruptcy. A 2024 IBM study found that data breaches cost companies an average of $4.9 million globally, nearly doubling in the US. High-profile cases, such as Stoli Group and National Public Data, highlight the devastating impact, with disrupted operations and mounting legal expenses. Despite the rising risks, 75% of small US businesses remain underinsured for cyber events, underscoring the growing need for robust cyber insurance and proactive security measures to ensure business resilience.

Companies Seek Specialised Expertise to Combat Artificial Intelligence (AI) Cyber Threats

Kaspersky's latest study highlights growing concerns over AI-driven cyber attacks, with 92% of IT and security professionals expecting an escalation in such threats within the next two years. In response, organisations are prioritising cyber security expertise, with 94% focusing on internal training and 93% seeking external support from cyber security vendors. The report reveals that 61% of companies already utilise external expertise, while 62% have internal training programs in place, reflecting a dual approach to strengthening cyber defences across various sectors.

When Risk Becomes Habit: Employee Behaviour and Organisational Security

A recent report highlights that a small number of employees account for a disproportionate share of cyber security risks within organisations. Just 5% of users are responsible for 75% of detected security incidents, with 1% clicking on nearly half of phishing emails. While most employees engage in only one type of risky behaviour, a small group repeatedly commit multiple infractions. The study suggests that shielding high-risk roles, such as managers and executives, from frequent phishing attempts may be more effective than additional training, helping organisations better mitigate human-related cyber threats.

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing

Researchers have identified a new malicious AI chatbot, GhostGPT, which is being sold on Telegram to assist cyber criminals with activities such as malware creation and phishing. Unlike earlier tools, GhostGPT offers easy access without the need to jailbreak existing AI models. Thousands of views on online forums highlight growing interest in such tools, which enable low-skilled attackers to launch sophisticated campaigns with ease. The chatbot is marketed for a range of criminal activities, including exploit development and business email compromise, with claims of anonymity and fast response times to aid efficiency.

Global Cyber Attacks Jumped 44% Last Year

Check Point Software’s latest report reveals a 44% rise in cyber attacks globally last year, driven by evolving nation-state tactics and the growing use of generative AI. Threat actors are shifting from short-term attacks to sustained campaigns aimed at undermining trust and stability. AI-driven disinformation targeted a third of global elections, while ransomware groups increasingly focus on data extortion over encryption. Healthcare saw a 47% surge in ransomware attacks, and compromised edge devices became key entry points. The report stresses the need for resilience, urging firms to enhance bring-your-own-device (BYOD) security, threat intelligence, and patch management.

Phishing Campaigns Became a Lot More Sinister in 2024

Phishing attacks surged by 202% in the second half of 2024, with some individuals receiving at least one sophisticated phishing attempt each week capable of bypassing security controls. The rise in advanced tactics, such as leveraging legitimate services to mask malicious intent, has made detection increasingly challenging. To counter these threats, organisations must focus on employee awareness, regular software updates, and adopting a zero-trust security approach to mitigate risks effectively.

CISOs Dramatically Increase Boardroom Influence but Many Still Lack Soft Skills

Splunk's latest research reveals that Chief Information Security Officers (CISOs) are gaining greater influence in the boardroom, with 82% now reporting directly to the CEO, up from 47% in 2023. However, board members highlight a need for improved business acumen, communication, and emotional intelligence among CISOs. Budget concerns persist, with only 29% of CISOs feeling adequately funded, while 64% reported that financial constraints led to a cyber attack. The report underscores the need for better alignment between CISOs and boards to position cyber security as a business enabler and drive digital resilience.

Bad News - Businesses Who Pay Ransomware Attackers Aren’t Very Likely to Get Their Data Back

A recent Hiscox study has revealed that paying ransomware demands rarely leads to full data recovery, with only 7% of businesses successfully retrieving all their data. 1 in 10 firms that paid still experienced data leaks. Beyond financial losses, ransomware attacks have a significant impact on reputation, with 47% of affected firms facing challenges in attracting new customers and 43% reporting customer losses. Additionally, 21% lost business partners due to reputational damage. With ransomware attacks becoming more frequent, a company’s response strategy is critical to minimising long-term harm and ensuring operational resilience.

Deepfakes Force a New Era in Fraud Detection, Identity Verification

Deepfake technology is posing a significant challenge for businesses globally, with nearly half affected by its growing sophistication. To combat this, organisations are enhancing their identity verification processes by incorporating liveness checks and strengthening biometric methods such as facial recognition and fingerprint scanning. However, traditional fraud methods, including fake IDs, remain prevalent. The industry is adapting to rising regulatory pressures and evolving workforce needs, with AI and machine learning playing an increasing role in fraud prevention. Moving forward, businesses must strike a balance between robust security measures and user-friendly solutions to meet compliance demands and customer expectations.

Misinformation Is No. 1 Global Risk, Cyber Espionage in Top 5

The World Economic Forum's Global Risks Report 2025 highlights misinformation and disinformation as the top global risk over the next two years, driven by the rise of generative AI and geopolitical tensions. Cyber espionage ranks fifth, with one in three CEOs citing it as a major concern. Despite growing threats, cyber resilience remains inadequate, particularly among small and mid-sized firms, with 35% feeling underprepared. Larger organisations face challenges with supply chain vulnerabilities, while AI presents both opportunities and risks, with 47% of firms concerned about its misuse. Public-private partnerships are crucial to enhancing cyber resilience and regulatory alignment.

Educate, Prepare, and Mitigate: The Keys to Unlocking Cyber Resilience

Recent cyber incidents have highlighted the real-world impact of poor cyber security, affecting healthcare services and retail supply chains, eroding public trust, and damaging brand reputations. With threats increasing year over year, organisations must focus on education, preparation, and mitigation to enhance resilience. Employee training, regular risk assessments, and penetration testing are crucial to identifying and addressing vulnerabilities. Additionally, having a robust incident response plan and business continuity plan, regularly tested and updated, ensures operational resilience and safeguards customer trust in the face of potential cyber attacks.

What is ‘Security Theatre’ and How Can Firms Move Beyond It?

Many organisations are trapped in ‘security theatre,’ relying on an increasing number of alerts and tools that create an illusion of protection rather than addressing the root causes of cyber threats. In 2024 alone, over 1 billion individuals were impacted by data breaches, a 409% rise from the previous year. Despite rising investments in cyber security, human error remains the primary attack vector, with 99% of identity attacks targeting passwords. To move beyond performative security, organisations must focus on reducing the attack surface by eliminating static credentials and minimising standing privileges.

SMEs Face Rising Cyber Threats Amid AI and Training Concerns

Sharp Europe’s latest study highlights the growing cyber security risks facing European SMEs, with 84% of employees now more concerned than a year ago. AI-driven threats are a major worry, with 43% citing AI as a key factor in their unease, while 72% lack confidence in identifying cyber threats. 41% of SME workers have not received cyber security training in the past two years. With over half of SMEs fearing they could go out of business within a week of a major incident, the report underscores the urgent need for improved training and proactive cyber security measures.

Sources:

https://www.infosecurity-magazine.com/news/ransomware-email-bombing-teams/

https://news.bloomberglaw.com/privacy-and-data-security/cybersecurity-breaches-are-increasing-business-insolvency-risks

https://www.satelliteevolution.com/post/companies-seek-specialised-expertise-to-combat-artificial-intelligence-ai-cyber-threats

https://www.mimecast.com/blog/when-risk-becomes-habit-employee-behavior-and-organizational-security/

https://www.infosecurity-magazine.com/news/ghostgpt-ai-chatbot-malware/

https://www.itpro.com/security/cyber-attacks/global-cyber-attacks-jumped-44-percent-last-year

https://hackernoon.com/phishing-campaigns-became-a-lot-more-sinister-in-2024

https://www.infosecurity-magazine.com/news/cisos-increase-boardroom-influence/

https://www.techradar.com/pro/security/only-1-in-10-who-pay-ransomware-attackers-actually-retrieve-their-data

https://www.helpnetsecurity.com/2025/01/24/identity-fraud-rise/

https://www.govinfosecurity.com/misinformation-no-1-global-risk-cyberespionage-in-top-5-a-27358

https://informationsecuritybuzz.com/the-keys-to-unlocking-cyber-resilience/

https://cyberscoop.com/security-theater-cybersecurity-tooling-ev-kontsevoy-op-ed/

https://www.therecycler.com/posts/smes-face-rising-cyber-threats-amid-ai-and-training-concerns/


Governance, Risk and Compliance

Many firms see cyber attacks as their top business concern this year | TechRadar

Experts fire security warning as EU’s DORA comes into play

DORA Takes Effect: Financial Firms Navigating Compliance Headwinds - Infosecurity Magazine

Cyber disruptions remain top business risk concern in US, globally | CIO Dive

The WEF forecasts a rocky year ahead in cyber security - Verdict

When risk becomes habit Employee behaviour and organisational security | Mimecast

Why CISOs Must Think Clearly Amid Regulatory Chaos

The CFO may be the CISO’s most important business ally | CSO Online

Global cyber attacks jumped 44% last year | ITPro

Security chiefs whose companies operate in the EU should be exploring DORA now | CSO Online

Cyber security Breaches Are Increasing Business Insolvency Risks

Educate, Prepare, & Mitigate: The Keys To Unlocking Cyber Resilience

What is ‘security theatre’ and how can we move beyond it? | CyberScoop

Security Need to Start Saying 'No' Again

CISOs Dramatically Increase Boardroom Influence but Still Lack Soft Sk - Infosecurity Magazine

CISOs are juggling security, responsibility, and burnout - Help Net Security

Splunk Report: CISOs Gain Influence in the C-Suite and Boardrooms Worldwide

Nearly half of CISOs now report to CEOs, showing their rising influence - Help Net Security

Businesses prepare to update their cyber security playbooks for Trump era amid increasing threats | Fortune

SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025

JPMorgan’s CISO on Overcoming Surging Threats and Regulatory Hurdles - Infosecurity Magazine

Cyber security is tough: 4 steps leaders can take now to reduce team burnout | CSO Online

The UK's cyber security landscape: Key trends and challenges for 2025

CISO Top 10 Priorities for Q1 2025: Key Findings and Evolving Focus | SC Media

Top Priorities for Cyber Security Leaders in 2025: Info-Tech Research Group Publishes Annual Report


Threats

Ransomware, Extortion and Destructive Attacks

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks

Ransomware Attacks Surge to Record High in December 2024 - Infosecurity Magazine

Microsoft services exploited in separate ransomware campaigns | SC Media

Bad news - businesses who pay ransomware attackers aren’t very likely to get their data back | TechRadar

Record Number of Ransomware Attacks in December 2024 - SecurityWeek

Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment | MSSP Alert

HP Wolf Security Threat Intelligence: AI-Fueled Cyber Attackers - The Futurum Group

FBI: North Korean IT workers steal source code to extort employers

Russian couple on trial for large-scale ransomware attacks

35 years on: The history and evolution of ransomware | TechRadar

The impact of the cyber insurance industry in resilience against ransomware | TechRadar

Medusa Ransomware: What You Need To Know | Tripwire

A floppy disk launched world's first ransomware attack 35 years ago | TechSpot

New Ransomware Attacking VMware ESXi Hosts Via SSH Tunneling to Evade Detection

Next Steps for the International Counter Ransomware Initiative

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

Ransomware Victims

Ransomware costs at NHS provider Synnovis far outstrip profits

59 organisations reportedly victim to breaches caused by Cleo software bug | TechRadar

PowerSchool hackers have your kid's info. These 3 steps protect them | PCWorld

Ransomware attack forces Brit high school to shut doors • The Register

Phishing & Email Based Attacks

Ransomware Groups Abuse Microsoft Services for Initial Access - SecurityWeek

Microsoft Teams abused in Russian email bombing ransomware campaign | TechRadar

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine

Phishing Campaigns Became a Lot More Sinister in 2024 | HackerNoon

Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks - Infosecurity Magazine

When risk becomes habit Employee behaviour and organisational security | Mimecast

Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures - Infosecurity Magazine

Phishing Attacks Are Top Security Issue for Consumers

Account Compromise and Phishing Top Healthcare Security Incidents - Infosecurity Magazine

Other Social Engineering

Microsoft Teams abused in Russian email bombing ransomware campaign | TechRadar

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine

FBI: North Korean IT workers steal source code to extort employers

Scam Yourself attacks: How social engineering is evolving - Help Net Security

Hundreds of fake Reddit sites push Lumma Stealer malware

Artificial Intelligence

Why the 'Bring Your Own AI' trend could mean big trouble for business leaders | ZDNET

Employees Enter Sensitive Data Into GenAI Prompts Too Often

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine

HP Wolf Security Threat Intelligence: AI-Fueled Cyber Attackers - The Futurum Group

Companies seek specialised expertise to combat Artificial Intelligence (AI) cyber threats

Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment | MSSP Alert

Invisible Prompt Injection: A Threat to AI Security | Trend Micro (US)

The Security Risk of Rampant Shadow AI

Deepfakes force a new era in fraud detection, identity verification - Help Net Security

CISA releases AI cyber security playbook

World Economic Forum Provides Guidance on AI Use | SC Media UK

One in ten GenAI prompts puts sensitive data at risk - Help Net Security

SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025

Trump Overturns Biden Rules on AI Development, Security

Misinformation Is No. 1 Global Risk, Cyberespionage in Top 5

UK Ministry of Defence enlists sci-fi writers to prepare for dystopian futures | Ministry of Defence | The Guardian

Sage Copilot grounded briefly to fix AI misbehaviour • The Register

2FA/MFA

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Sneaky 2FA Kit Exposes Vulnerabilities In 2FA Security

Microsoft to Mandate MFA for Accessing Microsoft 365 Admin Center

Malware

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine

Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment | MSSP Alert

Fake Homebrew Google ads target Mac users with malware

Enterprise Juniper Routers Tagged with 'Magic' Backdoor

Pumakit - A Sophisticated Linux Rootkit Attack Critical Infrastructure

Hundreds of fake Reddit sites push Lumma Stealer malware

Telegram captcha tricks you into running malicious PowerShell scripts

Chinese Hackers Hijack VPN's Website to Spread Malware

Bots/Botnets

Botnet Unleashes Record-Breaking 5.6Tbps DDoS Attack

Mirai Botnet Spinoffs Unleash Global DDoS Attack Wave

Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers

Mobile

Mobile Cyber Security Trends for 2025: Key Predictions and Preparations - Security Boulevard

New Porn Ban Threat—Millions Of iPhone, iPad, Android Users Now At Risk

Novel Android Malware Leveraged By DoNot Team | MSSP Alert

Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

WhatsApp Security Alert—Broken Link Hackers Strike

Phishing Attacks Are Top Security Issue for Consumers

Denial of Service/DoS/DDoS

Botnet Unleashes Record-Breaking 5.6Tbps DDoS Attack

Cloudflare blocks 21.3 million DDoS attacks in 2024, reports record 53% surge

Standing strong against hyper-volumetric DDoS attacks | TechRadar

Critical Vulnerability In ChatGPT API Enables Reflective DDoS Attacks

Several Swiss municipalities and banks hit by cyber attack - SWI swissinfo.ch

Spooks of the internet came alive this Halloween | CSO Online

Who is DDoSing you? Competitors, most likely • The Register

How to Stop Layer 7 DDoS Attacks in 2025 - Security Boulevard

The Internet is (once again) awash with IoT botnets delivering record DDoSes

Internet of Things – IoT

Mirai Botnet Spinoffs Unleash Global DDoS Attack Wave

Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers

Home exercise companies like Peloton, NordicTrack harvest your sensitive data, watchdog finds - WTOP News

The Internet is (once again) awash with IoT botnets delivering record DDoSes

FTC orders GM to stop collecting and selling driver’s data

Experts found multiple flaws in Mercedes-Benz infotainment system

Subaru’s poor security left troves of vehicle data easily accessible

Data Breaches/Leaks

Otelier data breach exposes info, hotel reservations of millions

Hackers Likely Stole FBI Call Logs From AT&T That Could Compromise Informants | WIRED

Major Cyber Security Vendors’ Credentials Found on Dark Web - Infosecurity Magazine

Fortinet: FortiGate config leaks are genuine but misleading • The Register

Wolf Haldenstein Data Breach Impacts 3.4 Million People - SecurityWeek

HPE’s sensitive data exposed in alleged IntelBroker hack | CSO Online

PowerSchool hacker claims they stole data of 62 million students

Organised Crime & Criminal Actors

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine

US President Donald Trump granted a "full and unconditional pardon" to Ross Ulbricht

Telegram boss Pavel Durov admits 'seriousness' of French allegations

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

"Crazy Evil" Cryptoscam Gang: Unmasking a Global Threat in 2024

Insider Risk and Insider Threats

When risk becomes habit Employee behaviour and organisational security | Mimecast

Former CIA Analyst Pleads Guilty to Sharing Top Secret Files - Infosecurity Magazine

When risky cyber security behaviour becomes a habit among employees - Help Net Security

Insurance

The impact of the cyber insurance industry in resilience against ransomware | TechRadar

Report highlights urgent need for cyber insurance | Insurance Business America

Supply Chain and Third Parties

Supply chain attack strikes array of Chrome Extensions • The Register

The critical need for watertight security across the IT supply chain | TechRadar

Biden order gives CISA software supply chain 'teeth' | TechTarget

Cloud/SaaS

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks

Why some companies are backing away from the public cloud | ZDNET

Fortinet's 2025 State Of Cloud Security: Insights On Multi-Cloud Adoption, Security Challenges, And Future Trends

Cloud challenges | Professional Security Magazine

Staying Ahead: Key Cloud-Native Security Practices - Security Boulevard

Outages

Bitbucket services “hard down” due to major worldwide outage

Identity and Access Management

How Secure Is Your PAM Strategy? - Security Boulevard

Will 2025 See a Rise of NHI Attacks?

Linux and Open Source

Pumakit - A Sophisticated Linux Rootkit Attack Critical Infrastructure

Passwords, Credential Stuffing & Brute Force Attacks

Major Cyber Security Vendors’ Credentials Found on Dark Web - Infosecurity Magazine

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

Social Media

Has the TikTok Ban Already Backfired on US Cyber Security?

TikTok among six tech firms under fire for sending Europeans' personal data to China | TechRadar

Hundreds of fake Reddit sites push Lumma Stealer malware

Trump dismisses concerns over TikTok's potential security risks

TikTok Restores Service for US Users Based on Trump's Promised Executive Order - SecurityWeek

Meta confirms it will keep fact-checkers outside the US 'for now' | TechCrunch

TikTok users posting cat videos do not threaten UK national security, minister says | TikTok | The Guardian

Meta's pay-or-consent model criticized by EU consumer groups • The Register

Donald Trump’s bigger China cyber threat isn’t TikTok

Malvertising

Fake Homebrew Google ads target Mac users with malware

Understanding and avoiding malvertizing attacks | TechRadar

Training, Education and Awareness

Companies seek specialised expertise to combat Artificial Intelligence (AI) cyber threats

Outside Expertise or In House Training? Kaspersky Reveals How Firms Prepare for Growing AI Threat | The Fintech Times

Educate, Prepare, & Mitigate: The Keys To Unlocking Cyber Resilience

SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025

Regulations, Fines and Legislation

Experts fire security warning as EU’s DORA comes into play

DORA Takes Effect: Financial Firms Navigating Compliance Headwinds - Infosecurity Magazine

Security chiefs whose companies operate in the EU should be exploring DORA now | CSO Online

GDPR Fines Total €1.2bn in 2024 - Infosecurity Magazine

Why CISOs Must Think Clearly Amid Regulatory Chaos

EU’s DORA could further strain cyber security skills gap | CSO Online

Executive Order 14144 on Cyber Security: Building on 2021's Foundation with Advanced NHI Security - Security Boulevard

Trump axes TSA chief who led pipeline, airline, rail cyber security rules | SC Media

Government battles against tech could leave consumers less secure | CyberScoop

Biden's Cyber Security EO Leaves Trump a Comprehensive Blueprint for Defence

CISA should abandon disinformation fight, Trump’s DHS pick says - Defense One

TikTok among six tech firms under fire for sending Europeans' personal data to China | TechRadar

TikTok Restores Service for US Users Based on Trump's Promised Executive Order - SecurityWeek

Trump Overturns Biden Rules on AI Development, Security

Trump’s disbanding of Cyber Safety Review Board draws ire | SC Media

Under Trump, US Cyber Defence Loses Its Head | WIRED

Trump Has Had a Light Touch on Cyber Security – So Far - Security Boulevard

Trump has fired a major cyber security investigations body. It’s a risky move

PayPal fined by New York for cyber security failures | Reuters

Trump’s Digital Footprint: Unveiling Malicious Campaigns Amid Political Milestones - Security Boulevard

Donald Trump’s bigger China cyber threat isn’t TikTok

Models, Frameworks and Standards

Experts fire security warning as EU’s DORA comes into play

DORA Takes Effect: Financial Firms Navigating Compliance Headwinds - Infosecurity Magazine

Security chiefs whose companies operate in the EU should be exploring DORA now | CSO Online

EU’s DORA could further strain cyber security skills gap | CSO Online

MITRE Launches D3FEND 1.0 to Standardize Cyber Security Techniques

GDPR Fines Total €1.2bn in 2024 - Infosecurity Magazine

EU Strengthens Cyber Security with Enhanced NIS2 Directive | MSSP Alert

76% of Irish businesses will struggle to meet NIS2 requirements

OWASP Top 10 2025 - Most Critical Weaknesses Exploited/Discovered in Smart Contract

Cyber Essentials NHS and Healthcare Organisations - Security Boulevard

Irish companies 'a mixed bag' on new cyber attack laws

Backup and Recovery

Acronis CISO on why backup strategies fail and how to make them resilient - Help Net Security

Data Protection

GDPR Fines Total €1.2bn in 2024 - Infosecurity Magazine

Privacy professionals feel more stressed than ever - Help Net Security

Careers, Working in Cyber and Information Security

EU’s DORA could further strain cyber security skills gap | CSO Online

Law Enforcement Action and Take Downs

Former CIA Analyst Pleads Guilty to Sharing Top Secret Files - Infosecurity Magazine

Telegram boss Pavel Durov admits 'seriousness' of French allegations

Washington Man Admits to Role in Multiple Cyber Crime, Fraud Schemes - SecurityWeek

Russian couple on trial for large-scale ransomware attacks

Misinformation, Disinformation and Propaganda

Misinformation Is No. 1 Global Risk, Cyberespionage in Top 5

Meta confirms it will keep fact-checkers outside the US 'for now' | TechCrunch

CISA should abandon disinformation fight, Trump’s DHS pick says - Defense One

Trump’s Digital Footprint: Unveiling Malicious Campaigns Amid Political Milestones - Security Boulevard


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Misinformation Is No. 1 Global Risk, Cyberespionage in Top 5

Understanding Cyber Effects in Modern Warfare - War on the Rocks

Taking the fight to the enemy: Cyber persistence strategy gains momentum

Let’s get creative to protect undersea cables from sabotage – POLITICO

Nation State Actors

Businesses prepare to update their cyber security playbooks for Trump era amid increasing threats | Fortune

Are attackers already embedded in US critical infrastructure networks?

China

Nato flotilla assembles off Estonia to protect undersea cables in Baltic Sea | Nato | The Guardian

ProxyLogon, one of Salt Typhoon's favorites, still wide open • The Register

FCC says US telcos by law must secure networks from spies • The Register

US Names One of the Hackers Allegedly Behind Massive Salt Typhoon Breaches | WIRED

Treasury Breach by Chinese Sponsored Hackers Focused on Sanctions, Report Says - Bloomberg

Trump Fires DHS Board Probing Salt Typhoon Hacks

Trump dismisses concerns over TikTok's potential security risks

Trump ‘waved a white flag to Chinese hackers,’ senator says • The Register

Chinese Hackers Hijack VPN's Website to Spread Malware

How Taiwan Balances Cyber Security With Human Rights in Resisting China – The Diplomat

TikTok among six tech firms under fire for sending Europeans' personal data to China | TechRadar

TikTok Restores Service for US Users Based on Trump's Promised Executive Order - SecurityWeek

New Chinese cyberespionage campaign targeted South Korean VPN service | SC Media

US Supreme Court Gives Green Light to TikTok Ban - Infosecurity Magazine

TikTok Says It Will 'Go Dark' Unless It Gets Clarity From Biden Following Supreme Court Ruling - SecurityWeek

Has the TikTok Ban Already Backfired on US Cyber Security?

Trump Faces Unique Challenges Due to Chinese Hackers | Newsmax.com

TikTok users posting cat videos do not threaten UK national security, minister says | TikTok | The Guardian

Trump has fired a major cyber security investigations body. It’s a risky move

Donald Trump’s bigger China cyber threat isn’t TikTok

Hackers game out infowar against China with the US Navy • The Register

Russia

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine

Microsoft Teams abused in Russian email bombing ransomware campaign | TechRadar

Nato flotilla assembles off Estonia to protect undersea cables in Baltic Sea | Nato | The Guardian

Shutting down the net: The growing threat of Russian internet censorship · Global Voices

Russian Hackers Target WhatsApp Accounts, Microsoft | Silicon UK

Several Swiss municipalities and banks hit by cyber attack - SWI swissinfo.ch

Increased cyber security cooperation forged by Russia, Iran | SC Media

CERT-UA warns against "security audit" requests via AnyDesk - Help Net Security

Ukraine's State Registers Restored Following Cyber Attack - Infosecurity Magazine

Massive Russian hack on government database shows cracks in Ukraine's digitalization drive

Russian APT Phishes Kazakh Gov't for Strategic Intel

Russian telecom giant Rostelecom investigates suspected cyber attack on contractor | The Record from Recorded Future News

Iran

Increased cyber security cooperation forged by Russia, Iran | SC Media

North Korea

FBI: North Korean IT workers steal source code to extort employers

The hacker state: How North Korea weaponised internet - India Today


Tools and Controls

An estimated 46,000 VPN servers are vulnerable to being hijacked | Tom's Guide

Educate, Prepare, & Mitigate: The Keys To Unlocking Cyber Resilience

Companies seek specialised expertise to combat Artificial Intelligence (AI) cyber threats

Unsecured Tunnelling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Outside Expertise or In House Training? Kaspersky Reveals How Firms Prepare for Growing AI Threat | The Fintech Times

Deepfakes force a new era in fraud detection, identity verification - Help Net Security

How Secure Is Your PAM Strategy? - Security Boulevard

Chinese Hackers Hijack VPN's Website to Spread Malware

How Can Generative AI be Used in Cyber Security - Security Boulevard

SDLC Gap Analysis: Requirement For Organisation - Security Boulevard

Fortinet's 2025 State Of Cloud Security: Insights On Multi-Cloud Adoption, Security Challenges, And Future Trends

Using your own laptop or phone for work? Why it’s a security hazard for businesses

Cyber Insights 2025: Attack Surface Management - SecurityWeek

Cyber Insights 2025: APIs – The Threat Continues - SecurityWeek

Acronis CISO on why backup strategies fail and how to make them resilient - Help Net Security

CISA releases AI cyber security playbook

SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025

Will 2025 See a Rise of NHI Attacks?

Staying Ahead: Key Cloud-Native Security Practices - Security Boulevard

2025 Prediction 1: The Rise In Physical Threats To Corporate Executives Will Continue In 2025 - Security Boulevard

Microsoft to Mandate MFA for Accessing Microsoft 365 Admin Center

Think like an attacker: Increase attack surface visibility with integrated exposure management | SC Media

AI-driven insights transform security preparedness and recovery - Help Net Security



Vulnerability Management

Exploits on the rise: How defenders can combat sophisticated threat actors | TechRadar

Microsoft: Exchange 2016 and 2019 reach end of support in October

How to Perform a Website Security Scan: A Vulnerabilities Guide

Vulnerabilities

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Microsoft Outlook has a new ‘critical’ flaw that spreads malware easily | Digital Trends

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

Unsecured Tunnelling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Critical Vulnerability In ChatGPT API Enables Reflective DDoS Attacks

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

7-Zip bug could allow a bypass of a Windows security feature. Update now | Malwarebytes

Cisco addresses a critical privilege escalation bug in Meeting Management

FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know - SecurityWeek

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw - Help Net Security

Six vulnerabilities in rsync announced and fixed in a day • The Register

50K Fortinet firewalls still vulnerable to latest zero-day • The Register

Yubico Issues Security Advisory As 2FA Bypass Vulnerability Confirmed

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app

Asus lets chip fix slip out early, AMD says patch is inbound • The Register


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 17 January 2025

Black Arrow Cyber Threat Intelligence Briefing 17 January 2025:

-New EU Cyber Rules for Financial Institutions Came into Force on Friday 17 January

-Cyber Attacks Considered Top Business Concern for 2025: Allianz

-How CISOs Can Elevate Cyber Security in Boardroom Discussions

-Cyber Security is Stepping into a New Era of Complexity

-Ransomware Victim Numbers Hit an All-Time High

-The Current State of Ransomware: Weaponising Disclosure Rules and More

-The Top SME Security Worries for 2025

-What They Don’t Tell You About Cyber Attacks – the Emotional Impact on Staff

-The Hybrid Workforce Crisis: How it has Weakened Enterprise Security, and What to Do About It

-New Ransomware Group Uses AI to Develop Nefarious Tools

-'Arson, Sabotage, Cyber Attacks': UK Enters New Era of Threats from Hostile States

-NATO Launches New Mission to Protect Crucial Undersea Cables

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week, the EU’s Digital Operational Resilience Act (DORA) has come into effect, imposing stringent cyber security requirements on over 22,000 financial institutions. This regulation strengthens incident reporting, risk management, and IT third-party oversight, aiming to create a unified approach to mitigating ICT-related risks. As cyber security incidents are identified as the top business concern for 2025, organisations are urged to adopt holistic strategies that address interconnected risks like supply chain vulnerabilities, geopolitical tensions, and the increasing role of AI in threat landscapes.

Our selection of threat intelligence news this week shows how emerging threats highlight the need for enhanced resilience. Ransomware attacks reached record highs in 2024, with attackers weaponising disclosure rules and leveraging AI tools for sophisticated phishing and extortion tactics. SMEs face rising concerns over AI-driven risks, while hybrid working has expanded the corporate attack surface, necessitating adaptive security solutions. Meanwhile, geopolitical risks are complicating the global cyber landscape, driving NATO’s efforts to protect critical infrastructure, such as undersea cables essential for internet traffic and financial transactions.

To navigate this era of escalating complexity, organisations must prioritise proactive measures. These include integrating cyber resilience into business strategies, fostering a culture of security awareness, and addressing the often-overlooked emotional impact of cyber attacks on staff. Effective collaboration, innovation, and investment are critical to safeguarding operations and enabling sustained growth.


Top Cyber Stories of the Last Week

New EU Cyber Rules for Financial Institutions Came into Force on Friday 17 January

The EU's Digital Operational Resilience Act (DORA) came into effect on Friday, introducing stringent cyber security requirements for over 22,000 financial institutions, including banks, insurers, and investment firms. Designed to enhance resilience against severe disruptions such as cyber attacks, DORA mandates robust risk management, incident reporting, resilience testing, and oversight of IT third-party risks. It also encourages the sharing of cyber threat intelligence between firms to strengthen collective defences. The new framework aims to create a unified, cross-sectoral approach to mitigating Information and Communications Technology (ICT) related risks, setting strict standards to limit the impact of potential vulnerabilities.

Cyber Attacks Considered Top Business Concern for 2025: Allianz

The Allianz Risk Barometer highlights cyber incidents as the top global business risk for 2025, with 38% of respondents ranking it as their primary concern. Business interruption follows closely, exacerbated by events such as natural disasters, geopolitical instability, and cyber attacks, which increasingly disrupt supply chains. Climate change has risen to fifth place, reflecting its growing significance amid record-breaking global temperatures and extreme weather events in 2024, which caused insured losses exceeding $100 billion for the fifth consecutive year. The interconnected nature of risks underscores the need for holistic, resilient strategies to address evolving challenges.

How CISOs Can Elevate Cyber Security in Boardroom Discussions

Cyber security leaders must align their boardroom presentations with business priorities by highlighting the direct impact of security initiatives on revenue and customer confidence. Metrics like risk reduction trends, cost per incident, and ROI resonate well with non-technical audiences. Persistent challenges include limited board time, misconceptions about spending or certifications, and unclear ownership of security practices. Effective strategies include using concrete examples, such as improved customer experiences through streamlined authentication, and maintaining ongoing dialogue via executive committees or regular updates. This approach fosters deeper understanding and sustained support for security programs, framing them as enablers of business growth and resilience.

Cyber Security is Stepping into a New Era of Complexity

The World Economic Forum’s Global Cybersecurity Outlook 2025 highlights escalating complexity in cyber security driven by technological advances, geopolitical uncertainty, supply chain interdependencies, and a growing skills gap. Over half of large organisations cite supply chain vulnerabilities as a critical barrier to cyber resilience, while 66% predict AI will significantly impact cyber security by 2025, yet only 37% assess AI tool security before deployment. Regulatory fragmentation also challenges 76% of CISOs. Meanwhile, the cyber insurance market is forecast to double from $14 billion in 2023 to $29 billion by 2027, underscoring its growing role in managing cyber risks. The report calls for a shift from cyber security to cyber resilience, emphasising resource allocation.

Ransomware Victim Numbers Hit an All-Time High

Ransomware victim numbers reached a record high in 2024, with over 1,600 reported in Q4 alone, reflecting a 40% year-on-year increase in active threat groups, now totalling 88 globally. The US accounted for 52% of victims. Despite a surge in published vulnerabilities, averaging 110 per day, attackers predominantly exploited older ones. Law enforcement made notable gains, disrupting threat actors, but ransomware-as-a-service remains resilient. Effective risk mitigation in 2025 will depend on robust vulnerability management, attack surface awareness, and actionable intelligence.

The Current State of Ransomware: Weaponising Disclosure Rules and More

Ransomware remains a significant and evolving threat in 2025, with cyber criminals exploiting AI, legal frameworks, and geopolitical tensions to devastating effect. Phishing attacks, now enhanced by AI, have become highly personalised, increasing their success rates, while "living-off-the-land" techniques evade traditional defences. A striking development is the weaponisation of disclosure regulations, where ransomware groups leverage legal obligations to pressure victims. Attack rates continue to rise, with industries like healthcare and public administration heavily targeted. Recovery costs now average $2.73 million, more than double 2023 figures, highlighting the urgent need for proactive measures to mitigate these escalating risks.

The Top SME Security Worries for 2025

Smaller businesses are just as vulnerable to cyber security issues as larger ones, more so in some cases as they have fewer resources to devote to protection. Research by Six Degrees highlights that 35 percent of UK SMEs now view AI-driven threats as their top concern, surpassing malware, phishing, and ransomware. AI is amplifying risks, such as personalised phishing attacks, rather than introducing entirely new methods. The report warns that tools alone are insufficient; effective protection requires active management and integration into a broader organisational strategy.

What They Don’t Tell You About Cyber Attacks – the Emotional Impact on Staff

Cyber attacks often focus attention on financial and operational damage, but the emotional toll on staff involved in recovery is a critical yet overlooked aspect. Frontline employees frequently experience intense stress, fear of failure, isolation, and burnout during recovery efforts, with prolonged hours and high-pressure environments exacerbating these effects. Organisations must proactively support staff by ensuring clear communication, offering mental health resources, and recognising contributions. Addressing the emotional impact not only aids recovery but also strengthens team resilience and preparedness for future incidents.

The Hybrid Workforce Crisis: How it has Weakened Enterprise Security, and What to Do About It

The shift to hybrid working has significantly expanded the corporate attack surface, exposing organisations to heightened cyber security risks. An October 2024 report by the Institute for Critical Infrastructure Technology highlights key vulnerabilities, including unsecured home networks, weak passwords, and unmanaged personal devices. Traditional identity and access management systems struggle to cope, with adaptive solutions like continuous authentication proving essential. Third-party risks require dynamic, real-time monitoring, replacing outdated static assessments. Emerging technologies such as SD-WAN and behavioural biometrics can bolster security while enhancing user convenience. Strategic investment and fostering a culture of cyber security awareness are critical to safeguarding hybrid operations.

New Ransomware Group Uses AI to Develop Nefarious Tools

Check Point Research has identified a new ransomware group, FunkSec, which claims to have targeted 85 organisations in December 2024. FunkSec, a ransomware-as-a-service operation, uses AI-assisted tools to develop malware, enabling even low-skilled operators to create sophisticated attacks. Despite its claims, many of its leaked datasets are recycled from previous hacktivist campaigns, raising doubts about its impact. The group employs double extortion tactics and demands unusually low ransoms, sometimes as little as $10,000. FunkSec’s tools reflect limited technical expertise but showcase the growing use of AI in cyber attacks.

'Arson, Sabotage, Cyber Attacks': UK Enters New Era of Threats from Hostile States

The UK faces an escalating range of threats from hostile states, including cyber attacks, arson, and sabotage, with state-backed criminal groups increasingly adopting terrorist-like tactics. The UK’s Foreign, Commonwealth and Development Office reports a 50% rise in state threat investigations over the past year, highlighting the urgency of rebuilding lost expertise and capability. Cyber attacks, described as the “new normal,” have severely impacted public services, with incidents like the NHS cyber attack disrupting thousands of procedures and appointments. Experts stress the need for a coordinated, whole-of-society response to address these threats and adapt to an evolving global landscape.

NATO Launches New Mission to Protect Crucial Undersea Cables

NATO has launched "Baltic Sentry", a mission to enhance surveillance of the Baltic Sea following a rise in damage to critical undersea cables. The initiative will involve increased deployment of patrol aircraft, warships, and drones, with a focus on monitoring Russia's "shadow fleet." Over 95% of internet traffic and $10 trillion in daily financial transactions depend on undersea cables, making their protection vital. NATO leaders emphasised the potential for hostile intent behind recent incidents, noting that such damage is unlikely to be accidental.

Sources:

https://www.rte.ie/news/business/2025/0117/1491313-banks-cyber-rules/

https://www.reinsurancene.ws/cyber-attacks-considered-top-business-concern-for-2025-allianz/

https://www.helpnetsecurity.com/2025/01/16/ross-young-team8-cybersecurity-boardroom-discussions/

https://www.helpnetsecurity.com/2025/01/15/cybersecurity-complexity-era/

https://betanews.com/2025/01/16/ransomware-victim-numbers-hit-an-all-time-high/

https://securityintelligence.com/articles/the-current-state-of-ransomware-weaponizing-disclosure-rules/ [TC1] 

https://betanews.com/2025/01/14/the-top-sme-security-worries-for-2025/

https://www.computerweekly.com/opinion/What-they-dont-tell-you-about-cyber-tatacks-The-Emotional-Impact-on-Staff

https://www.scworld.com/resource/the-hybrid-workforce-crisis-how-it-has-weakened-enterprise-security-and-what-to-do-about-it

https://www.infosecurity-magazine.com/news/new-ransomware-group-uses-ai/

https://inews.co.uk/news/arson-sabotage-cyber-attacks-uk-threats-hostile-states-3481620

https://www.bbc.co.uk/news/articles/c4gx74d06ywo



Threats

Ransomware, Extortion and Destructive Attacks

New Ransomware Group Uses AI to Develop Nefarious Tools - Infosecurity Magazine

The current state of ransomware: Weaponizing disclosure rules and more

85 Victims and Counting: What To Know About FunkSec Ransomware

Ministers consider ban on all UK public bodies making ransomware payments | Cybercrime | The Guardian

‘Millions’ in taxpayer money paid to cyber criminals in recent years – minister | The Standard

Ransomware Victims and Threat Groups Have Reached An All-Time High, GuidePoint Security Finds | Business Wire

US charges operators of cryptomixers linked to ransomware gangs

Ako Ransomware Abusing Windows API Calls To Detect Infected System Locations

New Ransomware Encrypts Amazon S3 Buckets Using SSE-C Encryption

New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment

Ransomware on ESXi: The Mechanization of Virtualized Attacks

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Ongoing Play Ransomware Attack—What You Need To Know

Inside a 90-Minute Attack: Breaking Ground with All-New AI Defeating Black Basta Tactics - Security Boulevard

Ransomware Victims

£33m cost of cyber-attack revealed | News | Health Service Journal

Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches | TechCrunch

Personal data compromised in Gateshead Council cyber attack | ITPro

UnitedHealth hid its Change Healthcare data breach notice for months | TechCrunch

OneBlood confirms personal data stolen in July ransomware attack

Phishing & Email Based Attacks

Phishing click rates tripled in 2024 despite user training | CSO Online

Beware of These Microsoft Teams Phishing Scams

This Phishing Attack Disables Your iPhone Security: Here's How to Protect Yourself

Google Search ads are being hacked to steal account info | TechRadar

Accelerated BlackBasta-like email attack examined | SC Media

Fancy Bear spotted using real Kazak government documents in spearpishing campaign | CyberScoop

Browser-Based Cyber-Threats Surge as Email Malware Declines - Infosecurity Magazine

Other Social Engineering

Scammers have a new phishing trick for iPhone users – here’s how to avoid falling victim | TechRadar

Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine

Artificial Intelligence

New Ransomware Group Uses AI to Develop Nefarious Tools - Infosecurity Magazine

How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET

85 Victims and Counting: What To Know About FunkSec Ransomware

Microsoft takes legal action against bad actors using AI for sophisticated exploitation - Neowin

Tech giants told UK online safety laws ‘not up for negotiation’ | Artificial intelligence (AI) | The Guardian

Addressing the Security Risks of AI in the Cloud

Ensuring U.S. Security and Economic Strength in the Age of Artificial Intelligence | The White House

CyberCube predicts AI will amplify cyber attacks in 2025 - Reinsurance News

What Enterprises Need to Know About Agentic AI Risks

Microsoft AI Red Team says security work will never be done • The Register

AI hallucinations can pose a risk to your cyber security

In-House Lawyers Are Focused on Employment and Cyber Security Disputes, But Looking Out for Conflict Over AI

CISA's AI Playbook Pushes For More Information Sharing

Second Biden cyber executive order directs agency action on fed security, AI, space | CyberScoop

EU AI Act and NIS2 Directive 2025 Compliance Challenges

Law Firm Leads 15,000 to Sue Google and Microsoft over AI Data - Infosecurity Magazine

Trump, Musk Discuss AI, Cyber Security With Microsoft CEO

2FA/MFA

Microsoft MFA outage blocking access to Microsoft 365 apps

MFA Failures - The Worst is Yet to Come

Malware

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

MikroTik botnet relies on DNS misconfiguration to spread malware

Browser-Based Cyber Threats Surge as Email Malware Declines - Infosecurity Magazine

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe | Tom's Guide

Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine

Microsoft: macOS bug lets hackers install malicious kernel drivers

Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely

Cyber Attackers Hide Infostealers in YouTube Comments

FBI wipes Chinese PlugX malware from over 4,000 US computers

Apple devices at risk after security researcher hacks ACE3 USB-C controller - SiliconANGLE

Bots/Botnets

MikroTik botnet uses misconfigured SPF DNS records to spread malware

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)

Mobile

Millions of people's 'intimate' location data stolen in major hack | Science, Climate & Tech News | Sky News

Mobile apps exploited to harvest location data on massive scale, hacked files reveal | TechSpot

This Phishing Attack Disables Your iPhone Security: Here's How to Protect Yourself

Researchers disclosed details of a now-patched Samsung zero-click flaw

Denial of Service/DoS/DDoS

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)

Internet of Things – IoT

Homeowners are clueless about how smart devices collect their data - Help Net Security

GM settles charges it shared driver location data • The Register

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)

Allstate car insurer sued for tracking drivers without permission

Data Breaches/Leaks

2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records - SecurityWeek

Cyber Security Breaches Degrade Consumer Trust, but Apathy Rises - Security Boulevard

Telefonica Breach Hits 20,000 Employees and Exposes Jira Details - Infosecurity Magazine

EU law enforcement training agency data breach: Data of 97,000 individuals compromised - Help Net Security

Personal data stolen in cyber-attack on Gateshead Council - BBC News

60 Million Students and Teachers Targeted in PowerSchool Data Breach

GoDaddy Accused of Serious Security Failings by FTC - Infosecurity Magazine

Largest US addiction treatment provider notifies patients of data breach

OneBlood confirms personal data stolen in July ransomware attack

Prominent US law firm Wolf Haldenstein disclosed a data breach

183M Patient Records Exposed: Fortified Health Security Releases 2025 Healthcare Cyber Security Report

Organised Crime & Criminal Actors

How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET

The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says | WIRED

The Wiretap: At $24 Billion In Sales, The Biggest Illicit Marketplace Ever Is On Telegram

How to protect yourself from the social media cyber crime boom - Digital Journal

The Insider Threat Digital Recruitment Marketplace - Security Boulevard

Online Gambling Unleashed Transnational Crime in Philippines (2)

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Pastor who saw crypto project in his "dream" indicted for fraud

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists - SecurityWeek

US govt says North Korea stole over $659 million in crypto last year

New Web3 attack exploits transaction simulations to steal crypto

US charges operators of cryptomixers linked to ransomware gangs

Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine

Transaction simulation spoofing attack targets cryptocurrency wallets | SC Media

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Pastor who saw crypto project in his "dream" indicted for fraud

Insider Risk and Insider Threats

Phishing click rates tripled in 2024 despite user training | CSO Online

Former Disney Employee Admits to Hacking Menu System to Change Allergy Information – DataBreaches.Net

The Insider Threat Digital Recruitment Marketplace - Security Boulevard

Human Factors in Cyber Security in 2025 | UpGuard

Concern over staff blame for cyber breaches - survey

73% of office workers say staff get blamed for cyber security incidents - survey

Insurance

Cyber attacks considered top business concern for 2025: Allianz - Reinsurance News

89% of executives plan to expand cyber insurance for technological vulnerabilities: Chubb - Reinsurance News

Supply Chain and Third Parties

£33m cost of cyber-attack revealed | News | Health Service Journal

Cloud/SaaS

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Google OAuth flaw lets attackers gain access to abandoned accounts

Beware of These Microsoft Teams Phishing Scams

Addressing the Security Risks of AI in the Cloud

Are Your Cloud Security Strategies Effective in 2025? | HackerNoon

New Ransomware Encrypts Amazon S3 Buckets Using SSE-C Encryption

New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

Azure and M365 MFA outage leaves logins lost • The Register

How snack giant Mondelez is trying to keep pace in the fast-changing realm of AI, cyber security, and cloud | Fortune

Outages

Azure and M365 MFA outage leaves logins lost • The Register

What the 2024 CrowdStrike Glitch Can Teach Us About Cyber Risk

GitHub Git downtime caused by bad configuration update • DEVCLASS

Identity and Access Management

2025: The year of evolution in identity security

First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released

Linux and Open Source

The Shifting Landscape of Open Source Security

Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely

Passwords, Credential Stuffing & Brute Force Attacks

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Google OAuth flaw lets attackers gain access to abandoned accounts

A Deep Dive into ISO 27001 Password Requirements - Security Boulevard

Social Media

How to protect yourself from the social media cyber crime boom - Digital Journal

TikTok warns of broad consequences if Supreme Court allows ban | Reuters

Tech giants told UK online safety laws ‘not up for negotiation’ | Artificial intelligence (AI) | The Guardian

'How to quit Facebook?' searches spike after Meta's fact-checking ban | ZDNET

Meta's fact-checking end raises concerns about disinformation

Cyber Attackers Hide Infostealers in YouTube Comments

The Looming Crisis: Meta, Misinformation, And Public Trust

TikTok, five other Chinese firms hit by EU privacy complaints | Reuters

Trump’s Truth Social Users Targeted by Rampant Scams Online - Infosecurity Magazine

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

Experts Unpack The Truth Behind TikTok’s Data Collection | HuffPost Life

'Free Our Feeds' campaign aims to billionaire-proof Bluesky’s tech | TechCrunch

Malvertising

Google Search ads are being hacked to steal account info | TechRadar

Training, Education and Awareness

Phishing click rates tripled in 2024 despite user training | CSO Online

Regulations, Fines and Legislation

New EU cyber rules for financial institutions from today

DORA Comes Into Force: Experts Weigh In On Its Impact And Opportunities

UK Considers Banning Ransomware Payment by Public Sector and CNI - SecurityWeek

The UK's Online Safety Act applies to Small Tech too • The Register

DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses - Infosecurity Magazine

Tech giants told UK online safety laws ‘not up for negotiation’ | Artificial intelligence (AI) | The Guardian

The EU Cyber Resilience Act - What You Need to Know | A&O Shearman - JDSupra

Biden signs executive order inspired by lessons from recent cyber attacks - Nextgov/FCW

EU AI Act and NIS2 Directive 2025 Compliance Challenges

A Deeper Dive into the Proposed Modifications to the HIPAA Security Rule | Stoel Rives - Global Privacy & Security Blog® - JDSupra

Last-Minute Biden EO Reportedly Prompted By Chinese Cyber Attacks | MSSP Alert

Governments call for spyware regulations in UN Security Council meeting | TechCrunch

TikTok warns of broad consequences if Supreme Court allows ban | Reuters

Trump and others want to ramp up cyber offense, but there’s plenty of doubt about the idea | CyberScoop

New ‘cyber security’ law in Turkey could criminalize reporting on data leaks - Turkish Minute

Models, Frameworks and Standards

European finance readying itself for DORA implementation

DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses - Infosecurity Magazine

New EU cyber rules for financial institutions from today

First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released

The EU Cyber Resilience Act - What You Need to Know | A&O Shearman - JDSupra

A Deep Dive into ISO 27001 Password Requirements - Security Boulevard

A Deeper Dive into the Proposed Modifications to the HIPAA Security Rule | Stoel Rives - Global Privacy & Security Blog® - JDSupra

Backup and Recovery

Backup technology explained: The fundamentals of enterprise backup | Computer Weekly

Careers, Working in Cyber and Information Security

Career Opportunities in Cyber Security: A Guide for Aspiring Professionals | BCS

Microsoft is Laying Off Employees Across its Sales, Security, and Gaming Divisions

ISC2 Cyber Security Workforce Study: Shortage of AI skilled workers

Law Enforcement Action and Take Downs

Former Disney Employee Admits to Hacking Menu System to Change Allergy Information – DataBreaches.Net

US charges operators of cryptomixers linked to ransomware gangs

FBI wipes Chinese PlugX malware from over 4,000 US computers

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Pastor who saw crypto project in his "dream" indicted for fraud

Misinformation, Disinformation and Propaganda

Meta's fact-checking end raises concerns about disinformation

The Looming Crisis: Meta, Misinformation, And Public Trust

Mark Zuckerberg’s end to Meta factchecking is a desperate play for engagement | Mark Zuckerberg | The Guardian

'Free Our Feeds' campaign aims to billionaire-proof Bluesky’s tech | TechCrunch


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

'Arson, sabotage, cyber attacks': UK enters new era of threats from hostile states

‘Hybrid threats’, ‘grey zones’, ‘competition’, and ‘proxies’: When is it actually war?

Nation State Actors

China

US Telecom, Zero-Day Attacks Highlight Cyber Hygiene Need

China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again

Salt Typhoon spies spotted on US govt networks before telcos • The Register

US has responded to Chinese-linked cyber attacks on telecoms firms, Sullivan says | Reuters

ISMG Editors: The Coming Battle Over Chinese Cyberthreats

Last-Minute Biden EO Reportedly Prompted By Chinese Cyber Attacks | MSSP Alert

Strengthening America’s Resilience Against the PRC Cyber Threats | CISA

Nato launches 'Baltic Sentry' mission to protect undersea cables - BBC News

China Targeted Foreign Investment, Sanctions Offices in Treasury Hack: Reports - SecurityWeek

As Tensions Mount With China, Taiwan Sees Surge in Attacks

FBI wipes Chinese PlugX malware from over 4,000 US computers

TikTok, five other Chinese firms hit by EU privacy complaints | Reuters

Experts Unpack The Truth Behind TikTok’s Data Collection | HuffPost Life

Chinese hackers accessed Yellen's computer in US Treasury breach, Bloomberg News reports | Reuters

TikTok warns of broad consequences if Supreme Court allows ban | Reuters

Chinese cyber-spies target CFIUS investigations • The Register

Russia

Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says | The Record from Recorded Future News

Russia Carves Out Commercial Surveillance Success

Nato launches 'Baltic Sentry' mission to protect undersea cables - BBC News

Russia-linked APT Star Blizzard targets WhatsApp accounts

Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups - SecurityWeek

Ukraine’s PM discusses defence, cyber security, sanctions with Estonia’s Foreign Minister

Fancy Bear spotted using real Kazak government documents in spearpishing campaign | CyberScoop

Russia Targets Kazakhstan in Espionage Campaign

Suspected Ukrainian hackers impersonating Russian ministries to spy on industry | The Record from Recorded Future News

North Korea

US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists - SecurityWeek

North Korean Hackers Targeting Freelance Software Developers - SecurityWeek

Treasury sanctions North Korea over remote IT worker schemes | CyberScoop

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Governments call for spyware regulations in UN Security Council meeting | TechCrunch

How Barcelona became an unlikely hub for spyware startups | TechCrunch


Tools and Controls

Phishing click rates tripled in 2024 despite user training | CSO Online

What they don’t tell you about cyber attacks – the emotional impact on staff | Computer Weekly

How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET

2025 Informed: Cyber Security and AI

How “right-sizing” cyber security initiatives can prevent data Loss | theHRD

The hybrid workforce crisis: How it has weakened enterprise security, and what to do about it | SC Media

Home Office rolls out cyber crime protections for data centres 

How CTEM is providing better cyber security resilience for organisations

Backup technology explained: The fundamentals of enterprise backup | Computer Weekly

Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities - ISPreview UK

A cyber-resilient culture: Key to adapting to evolving cyber threats - SiliconANGLE

Breaking the Cycle of Isolated Risk Management | MSSP Alert

How CISOs Can Build a Disaster Recovery Skillset

Are Your Cloud Security Strategies Effective in 2025? | HackerNoon

Ransomware on ESXi: The Mechanization of Virtualized Attacks

What Security Leaders Get Wrong About Zero-Trust Architecture

First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

The AI Conundrum In Security: Why The Future Belongs To The Bold

How AI and ML are transforming digital banking security - Help Net Security

North Korean Hackers Targeting Freelance Software Developers - SecurityWeek

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

What the 2024 CrowdStrike Glitch Can Teach Us About Cyber Risk

Cyber Risk Quantification: Use Cases and Best Practices | MSSP Alert

Risk, Reputational Scoring Services Enjoy Mixed Success

AI hallucinations can pose a risk to your cyber security

A Deep Dive into ISO 27001 Password Requirements - Security Boulevard

Balancing usability and security in the fight against identity-based attacks - Help Net Security

Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges - Infosecurity Magazine

Enabling confident cyber resilience and recovery with CyberSense - SiliconANGLE

Cyber security on a shoestring: maximizing your ROI | TechRadar




Vulnerability Management

Vulnerability Remediation vs Mitigation: Which Strategy Wins in Cyber Security? - Security Boulevard

What 2024 taught us about security vulnerabilities - Help Net Security

89% of executives plan to expand cyber insurance for technological vulnerabilities: Chubb - Reinsurance News

Critical vulnerabilities remain unresolved due to prioritization gaps - Help Net Security

Vulnerabilities

Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days - SecurityWeek

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws

China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

Google Chrome 132 update fixes 16 unique security issues - gHacks Tech News

Fortinet warns a critical vulnerability in its systems could let attackers breach company networks | TechRadar

Fortinet Releases Security Updates for Multiple Products | CISA

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities - SecurityWeek

Ivanti Patches Critical Vulnerabilities in Endpoint Manager - SecurityWeek

Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader

Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS - SecurityWeek

UK Registry Nominet Breached Via Ivanti Zero-Day - Infosecurity Magazine

Nominet probes possible Ivanti zero-day exploit • The Register

SAP Patches Critical Vulnerabilities in NetWeaver - SecurityWeek

Apple Patches Flaw That Allows Kernel Security Bypassing

Adobe Releases Security Updates for Multiple Products | CISA

Microsoft: macOS bug lets hackers install malicious kernel drivers

Windows BitLocker bug triggers warnings on devices with TPMs

New UEFI Secure Boot flaw exposes systems to bootkits, patch now

Debian 12.9 “Bookworm” Arrives with 72 Bug Fixes and 38 Security Updates - 9to5Linux

Google OAuth flaw lets attackers gain access to abandoned accounts

CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks

Researchers disclosed details of a now-patched Samsung zero-click flaw

Microsoft 365 apps crash on Windows Server after Office update

Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities - SecurityWeek


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 15 January 2025 – Microsoft, Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall, Zyxel, Google Chrome and Zoom Security Updates - updated

Black Arrow Cyber Advisory 15 January 2025 – Microsoft, Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall and Zyxel Security Updates

Updated

Since writing further updates have been released for another Ivanti vulnerability, this time affecting Endpoint Manager, as well as updates for Google Chrome, to address 132 fixes and 16 unique security issues, and Zoom to address a number of security issues across Windows, Mac and Linux clients.

See more details on each of those in the relevant sections below

Executive Summary

Microsoft’s Patch Tuesday for January 2025 started the year with security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. This Patch Tuesday also included fixes for twelve critical vulnerabilities, including information disclosure, privileges elevation, and remote code execution flaws.

Several other major software and hardware vendors released critical security updates this month to address vulnerabilities that could be exploited by attackers. Adobe issued updates for popular products such as Photoshop, Illustrator for iPad, and Animate, while Cisco addressed issues across multiple tools, including ThousandEyes and Crosswork Network Controller. Ivanti and Fortinet tackled zero-day vulnerabilities actively exploited in attacks, with Ivanti focusing on Connect Secure and Fortinet on its FortiOS and FortiProxy platforms.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall & Zyxel - updated to include Google Chrome and Zoom

Further details of the vulnerabilities in affected Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall and Zyxel products can be found here:

https://helpx.adobe.com/security/security-bulletin.html

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

https://www.ivanti.com/blog/january-security-update

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Upgrade-to-FortiOS-7-0-17-to-resolve-vulnerability/ta-p/370334

https://github.blog/open-source/git/git-security-vulnerabilities-announced-5/

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025

https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html

https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US

#threatadvisory #threatintelligence #cybersecurity

 

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 10 January 2025

Black Arrow Cyber Threat Intelligence Briefing 10 January 2025:

-Phishing Click Rates Triple in 2024

-What Boards Need to Know on Digital and Cyber Security Governance In 2025

-Only 26% of Europe’s Top Companies Earn a High Rating for Cyber Security

-Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape

-Ransomware Shock: $133 Million Paid, 195 Million Records Compromised

-Operational Incident Reporting: UK Financial Regulators Propose New Rules

-Insider Threat: Tackling the Complex Challenges of the Enemy Within

-The Big Question: Are Businesses Now in the Front Line for Cyber Warfare?

-How Cyber Security Jargon Creates Barriers and Wastes Resources

-Scammers Exploit Microsoft 365 to Target PayPal Users

-Five Ways to Make Cyber Security Resilience More Than Just a Buzzword

-Meet the Chinese ‘Typhoon’ Hackers Preparing for War

-The Cyber Security Priorities For 2025: What Leaders Should Focus On

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Exec Summary

Cyber security remains a critical priority for organisations in 2025, with evolving threats demanding stronger leadership, governance, and proactive resilience measures. Phishing click rates surged by 190% in 2024, with cloud applications as primary targets and a shift in attack vectors from email to search engines and malicious ads. Meanwhile, ransomware inflicted $133.5 million in payouts, and insider threats posed complex risks, exacerbated by generative AI-enabled scams. Addressing these challenges requires a combination of advanced defences like zero trust architectures, improved governance frameworks, and clarity in communication to bridge knowledge gaps at the board level.

Governance is under heightened scrutiny as systemic risks grow. Only 26% of Europe’s top companies earned high ratings for cyber security resilience, while regulatory pressures, such as the EU’s DORA, underline the urgency for improved third-party risk management and operational resilience. Boards must prioritise expertise, particularly in AI, as gaps persist despite incremental progress. Leaders should integrate risk management across infrastructures to address geopolitical cyber warfare threats, emphasising supply chain security and AI-driven defences.

To sustain resilience, organisations must embed adaptability, automate responses, and foster cross-departmental collaboration. Strategic investments in skilled talent, incident readiness, and emerging technologies will help to ensure businesses not only survive but thrive amidst escalating cyber threats.


Top Cyber Stories of the Last Week

Phishing Click Rates Triple in 2024

Phishing click rates surged by 190% in 2024, with over eight in 1,000 users clicking phishing links monthly, according to Netskope. Cloud applications were the top targets (27%), primarily aiming to compromise accounts for illicit resale, of which Microsoft was the most targeted brand (42% of clicks), followed by banking (17%) and telco (13%) sectors. A shift was noted in phishing link locations from email-based attacks to search engines using SEO poisoning and malicious ads. Meanwhile, workplace adoption of GenAI apps rose to 94%, with organisations implementing controls such as app blocking (73%) and data loss prevention (45%).

What Boards Need to Know on Digital and Cyber Security Governance In 2025

In 2025, boardroom oversight of digital and cyber security will face increased scrutiny and expectations as systemic risks continue to grow. In 2024, cyber incidents cost UnitedHealth Group $2.5 billion and drove a 40% stock price drop at Crowdstrike, underlining the escalating consequences of poor governance. While 25% of S&P 500 directors now have cyber security expertise, up from 12% in 2020, gaps remain: 79% of boards report limited or no AI experience. Regulatory pressure, such as the European Central Bank (ECB) mandatory cyber expertise for bank boards, and frameworks like NIST CSF 2.0, signal the shift towards systemic reforms in boardroom governance.

Only 26% of Europe’s Top Companies Earn a High Rating for Cyber Security

A report by SecurityScorecard reveals that only 26% of Europe’s top 100 companies earn an A rating for cyber security resilience, with organisations rated A being 13.8 times less likely to experience a breach than those rated F. 98% of European companies faced third-party breaches in the past year, and 18% reported direct breaches, exposing gaps in internal defences. The energy sector lags significantly, with 75% of companies rated C or lower, while Scandinavian firms lead with only 20% scoring below B. As the EU’s DORA deadline looms, prioritising third-party risk management is critical for strengthening operational resilience.

Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape

Organisations must now recognise that breaches are highly prevalent in today’s threat landscape, driven by increasingly sophisticated cyber attacks. Traditional perimeter-based defences, while essential, are no longer sufficient on their own. To mitigate the impact of inevitable breaches, adopting a zero trust approach and embedding microsegmentation can limit attackers’ movement within a network, reducing harm and operational disruption. While implementing such strategies demands cross-departmental collaboration and mindset shifts, gradual adoption can ease operational impacts. By becoming ‘breach ready’, organisations can maintain resilience, protect their reputation, and safeguard business continuity even in the face of persistent threats.

Ransomware Shock: $133 Million Paid, 195 Million Records Compromised

Ransomware continues to pose a significant threat to organisations globally, with a 2024 report revealing over 1,200 confirmed attacks and more than 195 million records compromised. Ransom payments reached $133.5 million, with an average payout of $9.5 million. Key sectors affected include business, healthcare, and government, while education saw a slight decline in incidents. Despite early signs of decreasing activity, ransomware attacks surged towards the end of the year, and experts warn of continued large-scale disruptions and data breaches in 2025. The lack of mandatory reporting in many regions further obscures the true scale of the threat.

Operational Incident Reporting: UK Financial Regulators Propose New Rules

UK financial regulators, including the FCA and PRA, are consulting on new operational incident reporting rules to strengthen operational resilience across the financial sector. The proposals aim to clarify when and how firms must report incidents such as IT outages or cyber attacks, focusing on consumer harm, market integrity, and safety risks. Firms would need to submit initial, intermediate, and final reports for each incident. Additionally, material third-party arrangements would require annual updates. These changes align with international standards like the EU’s DORA, and regulators may pursue enforcement for non-compliance. The consultation closes in March 2025.

Insider Threat: Tackling the Complex Challenges of the Enemy Within

Insider threats represent a growing challenge for organisations, with risks ranging from financial fraud and intellectual property theft to national security breaches. High-profile cases demonstrate how malicious insiders, such as bribed employees or malcontent staff, exploit weak detection systems. Sophisticated hiring scams, including the use of false identities, are increasingly enabled by generative AI. Prevention efforts include robust background checks, network anomaly detection, and sentiment analysis, but these methods are not foolproof. As technology evolves, organisations must balance effective detection with legal and ethical considerations to mitigate these complex and evolving risks.

The Big Question: Are Businesses Now in the Front Line for Cyber Warfare?

Recent reports highlight a growing shift towards cyber warfare, with businesses increasingly on the frontline of nation-state cyber attacks. The evolving threat landscape is driven by geopolitical tensions, with critical infrastructure, supply chains, and even civilian services becoming primary targets. Experts warn of a rise in AI-driven cyber weapons capable of bypassing defences and amplifying the scale of attacks. Organisations face heightened risks as ransomware evolves into a political weapon and the proliferation of IoT devices creates new vulnerabilities. A unified approach to security, integrating risk management across infrastructures, is essential to address the escalating threats in 2025.

How Cyber Security Jargon Creates Barriers and Wastes Resources

The cyber security industry, growing at 20% year-on-year, faces a critical communication challenge. Over-reliance on jargon and acronyms hinders understanding and creates barriers, particularly at the board level. Complex terms often obscure what tools do, limiting funding and leaving organisations vulnerable to cyber attacks. A shift toward clear, actionable language, focusing on securing source code, runtime applications, cloud environments, and supply chains, can break down silos and improve integration into development processes. By fostering clarity and inclusivity, organisations can better align security strategies with business priorities, ensuring both protection and efficiency.

Scammers Exploit Microsoft 365 to Target PayPal Users

Fortinet has identified a phishing attack exploiting PayPal's money request feature, leveraging Microsoft 365's Sender Rewrite Scheme (SRS) to bypass email authentication and deceive recipients. The scam involves legitimate-looking payment requests, making them hard to distinguish from genuine communications. Victims who follow the provided link risk granting scammers access to their PayPal accounts. Fortinet highlights the importance of employee education, robust data loss prevention (DLP) rules, and advanced AI-driven detection tools to identify unusual patterns, such as group messaging anomalies, and mitigate these increasingly sophisticated threats. Organisations must prioritise vigilance and proactive defences to combat such risks.

Five Ways to Make Cyber Security Resilience More Than Just a Buzzword

Organisations must shift from reactive approaches to a sustainable cyber security strategy to build true resilience. This means not just addressing immediate threats but embedding adaptability into core systems, enabling defences to evolve with emerging risks. Key measures include automating responses for agility, implementing zero trust architectures, and continuously improving through learning and self-healing mechanisms. By prioritising proactive preparation and fostering a culture of shared responsibility, businesses can move beyond survival to thrive amidst uncertainty, ensuring their defences are robust, adaptable, and future proof.

Meet the Chinese ‘Typhoon’ Hackers Preparing for War

Chinese state-sponsored hacking groups, labelled collectively as the "Typhoon" family, have emerged as a significant cyber security threat to the West, targeting critical infrastructure sectors like water, energy, and transportation. These groups, including Volt Typhoon, Flax Typhoon, and Salt Typhoon, have engaged in deep infiltration to prepare for potential disruptive cyber attacks. Notable incidents include the dismantling of botnets used to mask malicious activities, with over 100 intrusions identified by early 2025. Recent breaches by Salt Typhoon targeted telecoms, exposing sensitive communications data, including law enforcement surveillance systems, underscoring the escalating strategic risks posed by these operations.

The Cyber Security Priorities For 2025: What Leaders Should Focus On

A recent analysis highlights the evolving cyber security priorities for 2025, emphasising the critical role of leadership in driving resilience. As cyber threats become increasingly sophisticated, AI-driven attacks and supply chain vulnerabilities are top concerns, alongside stricter data privacy regulations. Leaders are encouraged to adopt zero trust principles, invest in skilled talent, and align security strategies with business objectives. Preparing for quantum computing’s impact on encryption is also vital. Practical steps include regular incident response testing, vendor risk assessments, and fostering a security-first culture. Effective leadership can turn robust cyber security into a competitive advantage.

Sources:

https://www.infosecurity-magazine.com/news/phishing-click-rates-triple/

https://www.forbes.com/sites/bobzukis/2025/01/09/what-boards-need-to-know-on-digital-and-cybersecurity-governance-in-2025/

https://www.helpnetsecurity.com/2025/01/06/european-companies-cybersecurity-rating/

https://securityboulevard.com/2025/01/breach-readiness-elevating-your-security-posture-in-a-constantly-evolving-threat-landscape/

https://www.forbes.com/sites/daveywinder/2025/01/09/ransomware-shock-133-million-paid-195-million-records-compromised/

https://www.jdsupra.com/legalnews/operational-incident-reporting-uk-2347989/

https://www.securityweek.com/insider-threat-tackling-the-complex-challenges-of-the-enemy-within/

https://www.emergingrisks.co.uk/the-big-question-are-businesses-now-in-the-front-line-for-cyberwarfare/

https://www.techradar.com/pro/how-cybersecurity-jargon-creates-barriers-and-wastes-resources

https://www.infosecurity-magazine.com/news/scammers-exploit-microsoft365/

https://www.scworld.com/perspective/five-ways-to-make-cybersecurity-resilience-more-than-just-a-buzzword

https://techcrunch.com/2025/01/06/meet-the-chinese-typhoon-hackers-preparing-for-war/

https://www.forbes.com/sites/andrewhayeurope/2025/01/06/the-cybersecurity-priorities-for-2025-what-leaders-should-focus-on/  



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Shock—$133 Million Paid, 195 Million Records Compromised

Ransomware attacks against critical infrastructure exceed 2K in a decade | SC Media

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Important Preventative Strategies For Avoiding And Recovering From Ransomware Threats

Space Bears Ransomware: What You Need To Know | Tripwire

Ransomware attacks on education declined in 2024, report shows | StateScoop

How to Protect Against Ransomware: Everything You Need to Know

Ransomware Victims

New York Hospital Says Ransomware Attack Data Breach Impacts 670,000 - SecurityWeek

Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media

PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak - Infosecurity Magazine

IT Giant Atos Responds to Ransomware Group's Data Theft Claims - SecurityWeek

Hackers release files stolen in cyberattack on Rhode Island benefits system | StateScoop

Dental Practice Pays State in Alleged Data Breach 'Cover Up'

American Addiction Centers Hit with PHI Breach Class Action | Robinson+Cole Data Privacy + Security Insider - JDSupra

Almost 8500 People Affected By Casio Data Leak

Ransomware Targeting Infrastructure Hits Telecom Namibia

Phishing & Email Based Attacks

Phishing Click Rates Triple in 2024 - Infosecurity Magazine

The top target for phishing campaigns - Help Net Security

iPhones more affected than Android smartphones by a certain kind of cyber attack - NotebookCheck.net News

Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps - Security Boulevard

Russian hackers turn trusted online stores into phishing pages | CSO Online

Fortinet warns of sophisticated phishing campaign exploiting Microsoft 365 domains - SiliconANGLE

Scammers Exploit Microsoft 365 to Target PayPal Users - Infosecurity Magazine

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

How to protect yourself from phishing attacks in Chrome and Firefox | ZDNET

Other Social Engineering

Fake Government Officials Use Remote Access Tools for Card Fraud - Infosecurity Magazine

Artificial Intelligence

Report: AI and security governance remain top priorities for 2025 - SD Times

Google Chrome AI extensions deliver info-stealing malware in broad attack | Malwarebytes

Cloud, AI, and cybersecurity converge on fintech landscape | SC Media

A NATO-backed startup says agentic malware could be here as soon as 2027

New AI Challenges Will Test CISOs & Their Teams in 2025

UK Government to Ban Creation of Explicit Deepfakes - Infosecurity Magazine

Deepfake advancements pose growing cyber security risks

How will the evolution of AI change its security? | TechRadar

Trolley Problem, Safety Versus Security of Generative AI - SecurityWeek

Why an “all gas, no brakes” approach for AI use won't work - Help Net Security

Innovation, Automation, And The Cyber Security Challenges Ahead

Malware

Google Chrome AI extensions deliver info-stealing malware in broad attack | Malwarebytes

A NATO-backed startup says agentic malware could be here as soon as 2027

Over 4,000 backdoors hijacked by registering expired domains

New Banshee Malware Targeting MacOS Users Remained Undetected For Months

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps

A Windows filetype update may have complicated cyber threat detection efforts | TechRadar

New Infostealer Campaign Uses Discord Videogame Lure - Infosecurity Magazine

Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024 - SecurityWeek

When Is A RAT, Not A RAT?

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Google warns of legit VPN apps being used to infect devices with malware | TechRadar

Top 5 Malware Threats to Prepare Against in 2025

Fake Government Officials Use Remote Access Tools for Card Fraud - Infosecurity Magazine

Advanced evasion techniques leveraged by novel NonEuclid RAT | SC Media

Bots/Botnets

US Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks - Infosecurity Magazine

New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices - Infosecurity Magazine

Gayfemboy Botnet targets Four-Faith router vulnerability

Mobile

FireScam Malware Campaign Highlights Rising Threat To Mobile Users

iPhones more affected than Android smartphones by a certain kind of cyberattack - NotebookCheck.net News

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

Millions of Vinted, Spotify and Tinder users' data could be compromised in global hack

Porn Ban—New Threat For iPhone, iPad, Android Users

Data Privacy: Your Carrier Knows a Lot About You. Here's How to Take Back Control - CNET

Android patches several vulnerabilities in first security update of 2025 | CyberScoop

This iOS 18 feature shares your photos with Apple for analysis. Should you be worried? | ZDNET

Android Under Attack—Users Warned As FireScam Threat Evades Detection

Apple rolls out mystery update with 'important bug fixes' for iPhones and iPads | ZDNET

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities - SecurityWeek

Denial of Service/DoS/DDoS

Japanese Businesses Hit By a Surge In DDoS Attacks

Internet of Things – IoT

IoT's Regulatory Reckoning Is Overdue

Buying a smart home device? Look for this new cybersecurity seal - here's why | ZDNET

White House launches cybersecurity label program for consumers | CyberScoop

New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices - Infosecurity Magazine

Gayfemboy Botnet targets Four-Faith router vulnerability

How vulnerable Ecovacs robot vacuums are being hacked | Kaspersky official blog

Tesla data helped police in Las Vegas. It highlights privacy concerns | AP News

Data Breaches/Leaks

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

Millions of Vinted, Spotify and Tinder users' data could be compromised in global hack

Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media

PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak - Infosecurity Magazine

The real cost of data breaches for businesses - Help Net Security

CISA says Treasury was the only US agency breached via BeyondTrust - Help Net Security

UN's aviation agency confirms attack on recruitment database • The Register

Largest US addiction treatment provider notifies patients of data breach

How to empower employees to prevent data leaks | Professional Security Magazine

Washington Attorney General Sues T-Mobile Over 2021 Data Breach - SecurityWeek

Dental group lied through teeth about data breach, fined $350,000 | Malwarebytes

UN aviation agency 'actively investigating' cyber criminal’s claimed data breach | The Record from Recorded Future News

Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data

American Addiction Centers Hit with PHI Breach Class Action | Robinson+Cole Data Privacy + Security Insider - JDSupra

Medical billing firm Medusind discloses breach affecting 360,000 people

Excelsior Orthopaedics Data Breach Impacts 357,000 People - SecurityWeek

Mortgage Cos. Fined $20M Over Cybersecurity Breach - Law360

Almost 8500 People Affected By Casio Data Leak

Organised Crime & Criminal Actors

Malicious hackers have their own shadow IT problem | CyberScoop

Web3 Attacks Result in $2.3Bn in Cryptocurrency Losses - Infosecurity Magazine

Torturing hackers in prison: surviving as an act of protest | Cybernews

CISOs’ Top Cyber Security Threats 2025: Scattered Spider, Deepfakes, and More - Security Boulevard

Cyber Criminals Don't Care About National Cyber Policy

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Hacker Sentenced After Stealing Unreleased Coldplay Tracks

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Cryptocurrency wallet drainers stole $494 million in 2024

Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024 - SecurityWeek

Insider Risk and Insider Threats

Insider Threat: Tackling the Complex Challenges of the Enemy Within - SecurityWeek

83% of organizations reported insider attacks in 2024

Internal threats in the cloud | Professional Security Magazine

How to empower employees to prevent data leaks | Professional Security Magazine

How can organizations mitigate the security risks caused by human error?

Supply Chain and Third Parties

Widespread cyberattack targets Google Chrome extensions, compromises 2.6 million devices | TechSpot

Chrome Compromises Highlight Software Supply Challenges

OpenAI Blames Cloud Provider For ChatGPT Outage

Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media

CISA says Treasury was the only US agency breached via BeyondTrust - Help Net Security

Cloud/SaaS

Cloud, AI, and cyber security converge on fintech landscape | SC Media

Internal threats in the cloud | Professional Security Magazine

OpenAI Blames Cloud Provider For ChatGPT Outage

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Fortinet warns of sophisticated phishing campaign exploiting Microsoft 365 domains - SiliconANGLE

Scammers Exploit Microsoft 365 to Target PayPal Users - Infosecurity Magazine

MSSPs Have a Role in Stopping Cloud Attacks Using Stolen Credentials | MSSP Alert

Unconventional Cyber Attacks Aim for PayPal Account Takeover

Hacker Sentenced After Stealing Unreleased Coldplay Tracks

Outages

OpenAI Blames Cloud Provider For ChatGPT Outage

Proton Mail still down as Proton recovers from worldwide outage

CrowdStrike bounces back after triggering largest IT outage in history

Identity and Access Management

Identity Security to Become a Focus in 2025, Experts Say | MSSP Alert

The Benefits of Implementing Least Privilege Access - Security Boulevard

Encryption

Around 3.3M POP3 and IMAP mail servers lack TLS encryption

Millions of email users at risk — passwords could be exposed to hackers, experts warn | Tom's Guide

Making the most of cryptography, now and in the future - Help Net Security

How to password protect a USB stick in less than 5 minutes - Which? News

Encryption backdoor debate 'done and dusted' • The Register

Mixed Messages: The Salt Typhoon Encryption Debacle | Benesch - JDSupra

How to encrypt any email - in Outlook, Gmail, and other popular services | ZDNET

Linux and Open Source

Open source worldwide: Critical maintenance gaps exposed - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

Router reality check: 86% of default passwords have never been changed

MSSPs Have a Role in Stopping Cloud Attacks Using Stolen Credentials | MSSP Alert

Almost half Gen Z and Millennials have had their social media passwords hacked

Critical ‘Rising Risk’ Attack Alert—Change Your Router Password Now

Social Media

Meta ditches fact checking for community notes - just like on X | ZDNET

TikTok Ban Thrusts Apple (AAPL), Google Into US-China Geopolitical Fray - Bloomberg

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

Almost half Gen Z and Millennials have had their social media passwords hacked

New Infostealer Campaign Uses Discord Videogame Lure - Infosecurity Magazine

Mark Zuckerberg Says Meta Fact-Checkers Were the Problem. Fact-Checkers Rule That False. - The New York Times

UK universities join retreat from Elon Musk's X, citing misinformation on platform | Reuters

EU Commission urged to act over Elon Musk’s ‘interference’ in elections | European Union | The Guardian

Meta exempted top advertisers from standard content moderation process

Meta Now Lets Users Say Gay and Trans People Have ‘Mental Illness’ | WIRED

Training, Education and Awareness

How to empower employees to prevent data leaks | Professional Security Magazine

8 Tips for Fortifying Your Cyber Defenses With a Human Firewall

Regulations, Fines and Legislation

New HIPAA Security Rules Pull No Punches

Cyber security law updates in the UK and the EU | Technology Law Dispatch

Operational Incident Reporting: UK Financial Regulators Propose New Rules | A&O Shearman - JDSupra

IoT's Regulatory Reckoning Is Overdue

Proposed Updates to HIPAA Security Rule Would Require Entities to Adopt Enhanced Cybersecurity Measures | Fisher Phillips - JDSupra

White House launches cyber security label program for consumers | CyberScoop

UK Government to Ban Creation of Explicit Deepfakes - Infosecurity Magazine

A Year in Privacy and Security: Privacy Violations, Large-Scale Data Breaches, and Big Fines and Settlements | Robinson+Cole Data Privacy + Security Insider - JDSupra

Cyber criminals Don't Care About National Cyber Policy

Dental group lied through teeth about data breach, fined $350,000 | Malwarebytes

Dental Practice Pays State in Alleged Data Breach 'Cover Up'

Mortgage Cos. Fined $20M Over Cyber Security Breach - Law360

US has ‘a lot of work to do’ on network defences, departing cyber czar says - Defense One

Models, Frameworks and Standards

New HIPAA Security Rules Pull No Punches

Proposed Updates to HIPAA Security Rule Would Require Entities to Adopt Enhanced Cybersecurity Measures | Fisher Phillips - JDSupra

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

The ongoing evolution of the CIS Critical Security Controls - Help Net Security

The NIS2 Directive in Germany: Looking Ahead | Hogan Lovells - JDSupra

Data Protection

Huge Changes Predicted For The Data Privacy Landscape

Careers, Working in Cyber and Information Security

It’s Time Businesses Address The UK’s Cybersecurity Talent Shortage

Helping Veterans Transition to Civilian Life: How Employers Can Tap into the Cybersecurity Talent Pool - ClearanceJobs

Law Enforcement Action and Take Downs

Sharing of Telegram User Data Surged After CEO Arrest

Hacker Sentenced After Stealing Unreleased Coldplay Tracks

Misinformation, Disinformation and Propaganda

Meta ditches fact checking for community notes - just like on X | ZDNET

Mark Zuckerberg Says Meta Fact-Checkers Were the Problem. Fact-Checkers Rule That False. - The New York Times

UK universities join retreat from Elon Musk's X, citing misinformation on platform | Reuters

EU Commission urged to act over Elon Musk’s ‘interference’ in elections | European Union | The Guardian

Meta exempted top advertisers from standard content moderation process

Meta Now Lets Users Say Gay and Trans People Have ‘Mental Illness’ | WIRED


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Historical Warfare’s Parallels with Cyber Warfare - Australian Cyber Security Magazine

Preparing for Cybergeddon - defenceWeb

The Big Question: Are businesses now in the front line for cyberwarfare? - Emerging Risks Media Ltd

Shadows Of Power: Navigating The Complexities Of Global Security – Analysis – Eurasia Review

Nation State Actors

China

Meet the Chinese 'Typhoon' hackers preparing for war | TechCrunch

How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons - WSJ

China cyber threats: What businesses can do to protect themselves | ITPro

Chinese hackers ran amok in US telecom network for 18 months -- got info on over 1 million people: report

China Protests US Sanctions for Its Alleged Role in Hacking, Complains of Foreign Hacker Attacks - SecurityWeek

UK cyber experts on red alert after Salt Typhoon attacks on US telcos | ITPro

China’s escalating cyber attacks highlight Biden, Trump differences - Defense One

Hackers Terrify US Intelligence After Infiltrating Guam - Bloomberg

After China's Salt Typhoon, the reconstruction starts now • The Register

U.S. uncovers hacking campaign targeting Guam's critical infrastructure — suspected Chinese Volt Typhoon hacks could disrupt the defense of Taiwan | Tom's Hardware

FCC chief urges auction to fund 'Rip and Replace' program • The Register

Japanese police claim China ran five-year cyberattack • The Register

Mandiant links Ivanti zero-day exploitation to Chinese hackers | TechTarget

46 Japanese entities hit by cyberattacks since year-end - Japan Today

US-China: A Cyberwar With Internet Agents – OpEd – Eurasia Review

Taiwan claims China-linked ship damaged submarine cable • The Register

Taiwan raises alarm over increasing Chinese cyberattacks | Taiwan News | Jan. 5, 2025 15:31

TikTok Ban Thrusts Apple (AAPL), Google Into US-China Geopolitical Fray - Bloomberg

Mixed Messages: The Salt Typhoon Encryption Debacle | Benesch - JDSupra

China hits Lockheed Martin, Raytheon and Boeing with export ban after US arms sales to Taiwan | The Independent

The US just added Tencent — which backs US startups — to its list of 'Chinese military' companies | TechCrunch

Chinese APT Exploits Versa Networks Zero-Day Flaw | Decipher

Russia

WordPress phishing plugin drives online shopping fraud | SC Media

Russian hackers turn trusted online stores into phishing pages | CSO Online

Banshee: The Stealer That "Stole Code" From MacOS XProtect - Check Point Research

Cyber attacks on Ukraine in 2024: a 70% increase

Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers | The Record from Recorded Future News

'Russia's Google' Yandex ordered to hide maps of oil refineries after Ukrainian attacks

Hackers claim to have breached Russia’s real estate database, Moscow denies

Ukrainian hackers take credit for hacking Russian ISP that wiped out servers and caused internet outages | TechCrunch


Tools and Controls

Rethinking Incident Response: How Organizations Can Avoid Budget Overruns and Delays  - Security Boulevard

Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape  - Security Boulevard

Why Small Business Can't Rely Solely on AI to Combat Threats

Around 3.3M POP3 and IMAP mail servers lack TLS encryption

Confidently Secure: Leveraging PAM for Enhanced Protections - Security Boulevard

How to empower employees to prevent data leaks | Professional Security Magazine

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

90 Percent of Business Leaders Lack Faith in AI-driven Cyber Security Solutions, Arelion Report Reveals

Identity Security to Become a Focus in 2025, Experts Say | MSSP Alert

From Silos to Synergy: Transforming Threat Intelligence Sharing in 2025 - SecurityWeek

Top 6 Ways To Back Your Business Up With Cyber Threat Intelligence

Innovation, Automation, And The Cyber Security Challenges Ahead

The Benefits of Implementing Least Privilege Access - Security Boulevard

Cybersecurity in 2025: Agentic AI to change enterprise security and business operations in year ahead | SC Media

Best of 2024: If You are Reachable, You Are Breachable, and Firewalls & VPNs are the Front Door  - Security Boulevard

Google warns of legit VPN apps being used to infect devices with malware | TechRadar

Why Traditional Fraud Scores Are No Longer Enough for Modern Threats - Security Boulevard

8 Tips for Fortifying Your Cyber Defenses With a Human Firewall

How CISOs can make smarter risk decisions - Help Net Security



Vulnerability Management

Millions of Windows 10 PCs face security disaster as Microsoft ends support

Key Cyber Initiatives from CISA: KEV Catalog, CPGs, and PRNI | CISA

Vulnerabilities

Security pros baited by fake Windows LDAP exploits • The Register

Thousands of Buggy BeyondTrust Systems Remain Exposed

Tenable Disables Nessus Agents Over Faulty Updates - SecurityWeek

Mandiant links Ivanti zero-day exploitation to Chinese hackers | TechTarget

Android patches several vulnerabilities in first security update of 2025 | CyberScoop

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers - Help Net Security

Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities - SecurityWeek

Surprise Google Chrome 131 Update For Windows, Mac, Linux, Android

Hackers are exploiting a new Ivanti VPN security bug to hack into company networks | TechCrunch

Another top WordPress plugin found carrying critical security flaws | TechRadar

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities - SecurityWeek

WordPress Popular Posts Plugin Vulnerability Affects 100k+ Sites

Popular open source vulnerability scanner Nuclei forced to patch worrying security flaw | TechRadar

Dell, HPE, MediaTek Patch Vulnerabilities in Their Products - SecurityWeek

SonicWall urges admins to patch exploitable SSLVPN bug immediately

Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool - SecurityWeek

Apple rolls out mystery update with 'important bug fixes' for iPhones and iPads | ZDNET

UK Internet Domain Registry Nominet Suffers Cyber Attack - ISPreview UK

Gayfemboy Botnet targets Four-Faith router vulnerability

Chinese APT Exploits Versa Networks Zero-Day Flaw | Decipher


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 03 January 2025

Black Arrow Cyber Threat Intelligence Briefing 03 January 2025:

-Corporate Executives are Being Increasingly Targeted by AI Phishing Scams

-Unconventional Russian Attack Could Cause 'Substantial' Casualties, Top NATO Official Warns

-35 Chrome Extensions Began Stealing People's Data After the Developers Got Phished

-China's Cyber Intrusions Took a Sinister Turn in 2024

-Third Party Risk Management is Critical as DORA and New FCA Rules Come into Effect

-Ransomware 2024: A Year of Tricks, Traps, Wins and Losses

-The Modern CISO is a Cornerstone of Organisational Success

-Ransomware Reality Check: Are You Ready to Face Organised Cyber Crime?

-How Cops Taking Down Ransomware Gangs Led to the Meteoric Rise of Another

-Experts Unsure of Risk Appetite as EU Beefs Up Cyber Rules for Critical Infrastructure

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Summary

Cyber security threats in 2024 became more sophisticated, with AI-driven phishing, ransomware, and state-sponsored attacks presenting significant challenges. This week’s threat intelligence review shows that hyper-personalised phishing campaigns now account for 90% of successful cyber attacks, costing organisations an average of $4.9m per breach. Ransomware-as-a-service (RaaS) has lowered barriers for attackers, targeting critical sectors and driving recovery costs to $3m per incident.

Geopolitical tensions have intensified risks, with NATO highlighting hybrid attacks from Russia and China’s state-backed groups targeting critical infrastructure. These incidents underscore the vulnerabilities in sectors like energy and emergency services, necessitating urgent action to enhance resilience.

Supply chain security also remains a concern, with Chrome extension compromises demonstrating the risks of inadequate oversight. New regulations such as the EU’s NIS2 directive and UK Financial Conduct Authority (FCA) rules will push businesses to improve third-party risk management and compliance in 2025.

To combat these threats, organisations must adopt a cyber security strategy that considers zero trust architectures, multi-factor authentication, and robust incident response plans. Effective training and the strategic leadership of Chief Information Security Officers (CISOs) are critical in bridging security and business objectives, ensuring resilience against an evolving cyber threat landscape. 


Top Cyber Stories of the Last Week

Corporate Executives are Being Increasingly Targeted by AI Phishing Scams

Corporate executives are increasingly targeted by sophisticated AI-driven phishing attacks, leveraging vast amounts of data to create hyper-personalised scams. Experts highlight a sharp rise in such attacks, with 90% of successful cyber attacks originating from phishing emails. These scams cost organisations significantly, with the global average cost of a data breach reaching $4.9m in 2024. Reports reveal a 28% increase in phishing attacks in Q2 2024, with some firms receiving up to 36 phishing emails daily. Businesses are urged to adopt multi-layered security measures and employee training to mitigate these escalating threats.

Unconventional Russian Attack Could Cause 'Substantial' Casualties, Top NATO Official Warns

NATO officials warn that hybrid attacks, particularly from Russia, are escalating to levels considered intolerable just five years ago, describing the situation as akin to "boiling the frog." These unconventional threats, including sabotage and cyber attacks, pose a "real prospect" of substantial casualties or significant economic harm. The rise in incidents is linked to Western support for Ukraine and Moscow's perception of NATO as an adversary. In response, NATO is updating its strategy on hybrid warfare, enhancing tracking of incidents and clarifying red lines to deter escalation, addressing ambiguities around thresholds for invoking Article 5.

35 Chrome Extensions Began Stealing People's Data After the Developers Got Phished

Recent reports have highlighted the risks associated with compromised Chrome extensions after a phishing campaign targeted developers. Attackers used fake Google warnings to trick developers into sharing login credentials, allowing them to introduce malicious updates to 35 extensions. These updates harvested data from users. Notably, even two-factor authentication was bypassed during the attacks, exposing vulnerabilities in the security process. Organisations are advised to review their use of Chrome extensions against published threat lists and ensure robust security awareness for staff managing digital assets to mitigate risks of similar incidents.

China's Cyber Intrusions Took a Sinister Turn in 2024

In 2024, Chinese state-backed cyber attacks took a concerning turn, moving from traditional espionage to pre-positioning for potential disruptive operations targeting critical infrastructure. Groups like Volt Typhoon have infiltrated US networks, including emergency services and the electric grid, using stealth techniques to avoid detection. Despite efforts to dismantle botnets, attackers maintain access to compromised systems, leveraging legitimate tools for reconnaissance and persistence. Experts warn that these activities highlight gaps in critical infrastructure security, with many organisations unaware of vulnerabilities. US agencies urge urgent action, including patching systems, upgrading outdated equipment, and adopting multi-factor authentication, to mitigate future threats.

Third Party Risk Management is Critical as DORA and New FCA Rules Come into Effect

New rules coming into effect in 2025 will require IT firms deemed “critical” to the UK financial sector to enhance transparency around cyber attacks and resilience measures. Overseen by the Financial Conduct Authority, the Bank of England and the Prudential Regulation Authority, the measures aim to ensure the sector remains resilient against threats like cyber attacks and natural disasters. While industry experts broadly welcome the focus on third-party risk management, questions remain about supplier classification and data-sharing processes. Firms will also need to conduct resilience testing, potentially collaborating with financial institutions to ensure robust protection of financial market infrastructures.

Ransomware 2024: A Year of Tricks, Traps, Wins and Losses

Ransomware attacks in 2024 reached unprecedented levels, targeting critical sectors like healthcare, public infrastructure, and the cloud. The rise of ransomware-as-a-service (RaaS) enabled less experienced attackers to launch devastating campaigns, while nation-state actors leveraged ransomware for geopolitical gains. High-profile incidents exposed vulnerabilities in healthcare, disrupted infrastructure, and fuelled economic warfare. Recovery costs soared to an average of $3 million per attack, reflecting attackers’ increasing sophistication. Generative AI played a dual role, enhancing both defences and threats. These developments underscore ransomware’s evolution into a strategic and economic weapon, demanding heightened resilience, zero-trust adoption, and global collaboration in 2025 and beyond.

The Modern CISO is a Cornerstone of Organisational Success

The role of the Chief Information Security Officer (CISO), whether internal or outsourced, has evolved from a technical focus to being integral to business strategy, bridging cyber security with operational and strategic objectives. Modern CISOs align security initiatives with business goals, enhance customer trust, and ensure compliance with complex regulatory frameworks. Key responsibilities include embedding security into operations without disrupting productivity, managing risks such as legacy systems and resource constraints, and implementing measures like zero trust architecture. As businesses face emerging threats, the CISO’s strategic leadership is increasingly vital to fostering resilience and securing competitive advantage.

Ransomware Reality Check: Are You Ready to Face Organised Cyber Crime?

Ransomware attacks remain a pressing concern, with professional criminal enterprises leveraging advanced extortion tactics that target data confidentiality rather than just availability. The shift from data encryption to exfiltration has increased ransom demands and heightened reputational risks for organisations. Many companies lack clear ransomware-specific policies, leaving leadership to make critical decisions under pressure during incidents. Preparation is vital; pre-defined payment stances, established incident response retainers, and proactive resilience measures are essential. Ransomware is not just a technical issue but a moral and business challenge, requiring C-suite collaboration to mitigate risks and avoid financing organised crime.

How Cops Taking Down Ransomware Gangs Led to the Meteoric Rise of Another

RansomHub has emerged as a dominant ransomware group in 2024, accounting for approximately 20% of all ransomware and data exfiltration incidents in Q4. The group capitalised on the law enforcement takedowns of their competitors LockBit and ALPHV, recruiting affiliates with a highly lucrative 90-10 revenue split. Their aggressive tactics and rapid rise have attracted significant attention, with over 210 victims targeted within six months, including major organisations across various sectors. While their methods are not unique, their speed and affiliate-centric model position them as a critical threat in early 2025, with law enforcement and security firms closely monitoring their activity.

Experts Unsure of Risk Appetite as EU Beefs Up Cyber Rules for Critical Infrastructure

The EU’s NIS2 directive places a renewed focus on cyber security for critical infrastructure and essential services, including energy, transport, and banking. Executives are directly accountable for compliance, with the directive requiring robust risk management, incident reporting, and scrutiny of suppliers’ security measures. Concerns remain over inconsistent enforcement across member states, which could complicate implementation. Experts predict that NIS2 will set a global benchmark for managing cyber risks, similar to the influence of GDPR on data privacy. Business leaders should prepare for increased scrutiny, especially as the directive's scope may encompass more organisations than initially expected.

Sources:

https://www.techradar.com/pro/security/corporate-executives-are-being-increasingly-targeted-by-ai-phishing-scams

https://news.sky.com/story/unconventional-russian-attack-could-cause-substantial-casualties-top-nato-official-warns-13281003

https://www.xda-developers.com/35-chrome-extensions-stealing-peoples-data/

https://www.theregister.com/2024/12/31/china_cyber_intrusions_2024/

https://www.complianceweek.com/regulatory-policy/tprm-critical-as-dora-new-fca-third-party-engagement-rules-come-into-effect-in-2025/35759.article

https://www.scworld.com/feature/ransomware-2024-a-year-of-tricks-traps-wins-and-losses

https://www.helpnetsecurity.com/2025/01/03/tomorrow-ciso-role-transformation/

https://insight.scmagazineuk.com/ransomware-reality-check-are-you-ready-to-face-organised-cybercrime

https://www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/

https://www.complianceweek.com/regulatory-policy/experts-unsure-of-risk-appetite-as-eu-beefs-up-cyber-rules-for-critical-infrastructure/35760.article  



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Reality Check: Are You Ready To Face Organised Cyber Crime? | SC Media UK

Record-breaking ransoms and breaches: A timeline of ransomware in 2024 | TechCrunch

How LockBit and ALPHV’s takedowns fuelled RansomHub’s rise • The Register

Clop ransomware lists Cleo cyber attack victims | TechRadar

Top 10 Most Active Ransomware Groups of 2024 - Infosecurity Magazine

What 2024’s Worst Cyber Attacks Show About Staying Safe in 2025

Ransomware 2024: A year of tricks, traps, wins and losses | SC Media

Ransomware downtime costs US healthcare organisations $1.9M daily | Healthcare IT News

US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

Ransomware Victims

Clop ransomware lists Cleo cyber attack victims | TechRadar

Hackers Leak Rhode Island Citizens' Data on Dark Web - Infosecurity Magazine

Atos confirms not being compromised by the ransomware group

Thomas Cook Hit by Cyber Attack, IT Systems Impacted

Phishing & Email Based Attacks

Corporate executives are being increasingly targeted by AI phishing scams | TechRadar

Look out for hyper-personalized phishing attacks, powered by AI

New details reveal how hackers hijacked 35 Google Chrome extensions

These 35 Chrome extensions began stealing people's data after the developers got phished

Phishing Attack Allowed Malicious Chrome Extension to be Published | SC Media UK

Google Chrome extensions hack may have started much earlier than expected | TechRadar

Top 12 ways hackers broke into your systems in 2024 | CSO Online

Other Social Engineering

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign - SecurityWeek

OAuth Identity Attack — Are your Extensions Affected? - Security Boulevard

Cyber startup employee hacked to distribute malicious Chrome extension | The Record from Recorded Future News

Cyber security firm's Chrome extension hijacked to steal users' data

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

Artificial Intelligence

Corporate executives are being increasingly targeted by AI phishing scams | TechRadar

Look out for hyper-personalized phishing attacks, powered by AI

AI agents may lead the next wave of cyber attacks - SiliconANGLE

LLMs could soon supercharge supply-chain attacks • The Register

'Bad Likert Judge' Jailbreaks OpenAI Defences

How will rules and regulations affect cyber security and AI in 2025? | SC Media

Deepfakes question our ability to discern reality - Help Net Security

Navigate the 2025 threat landscape with expert insights | TechTarget

2025: The Dawn of AI-Driven Cyber Crime

2FA/MFA

Google Chrome 2FA Bypass Attacks Confirmed—Millions Of Users At Risk

Malware

Experts warn of a surge in activity associated FICORA and Kaiten botnets

D-Link Botnet Attacks Surge in Global Spike - DataBreachToday

Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know | Tom's Guide

Malware botnets exploit outdated D-Link routers in recent attacks

Global Campaign Targets PlugX Malware with Innovative Portal - Infosecurity Magazine

Bots/Botnets

Experts warn of a surge in activity associated FICORA and Kaiten botnets

D-Link Botnet Attacks Surge in Global Spike - DataBreachToday

Malware botnets exploit outdated D-Link routers in recent attacks

Mobile

Wiping your Android phone? Here's the easiest way to erase all personal data | ZDNET

Critical Gmail Warning—Don’t Click Yes To These Google Security Alerts

Here's how to use the feature that protects your iPhone in case of a major cyber attack - PhoneArena

Denial of Service/DoS/DDoS

NTT Docomo hit by DDoS attack | Total Telecom

Internet of Things – IoT

Experts warn of a surge in activity associated FICORA and Kaiten botnets

D-Link Botnet Attacks Surge in Global Spike - DataBreachToday

Data Breaches/Leaks

Every minute, 4,080 records are compromised in data breaches - Help Net Security

Human error to blame in Ascension data breach that impacted 5.6 million patients | TechSpot

Massive VW Data Leak Exposed 800,000 EV Owners’ Movements, From Homes To Private Spaces | Carscoops

How Breach Readiness Will Shape Cyber Defence in 2025 - Security Boulevard

Machine gun, pistol and hundreds of devices lost by Ministry of Defence | UK News | Sky News

Cisco Confirms Authenticity of Data After Second Leak - SecurityWeek

Hackers Leak Rhode Island Citizens' Data on Dark Web - Infosecurity Magazine

ZAGG disclosed a data breach that exposed its customers' credit card data

Rhode Islanders’ Data Was Leaked From a Cyber Attack on State Health Benefits Website - SecurityWeek

Organised Crime & Criminal Actors

Cyber criminals tighten their grip on organisations - Help Net Security

Ransomware Reality Check: Are You Ready To Face Organised Cyber Crime? | SC Media UK

US Arrests Army Soldier Over AT&T, Verizon Hacking - SecurityWeek

2024: A jackpot year for North Korea's cyber criminals - Daily NK English

Insider Risk and Insider Threats

Human error to blame in Ascension data breach that impacted 5.6 million patients | TechSpot

Things not to store on your work laptop

Navigate the 2025 threat landscape with expert insights | TechTarget

US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

Insurance

How to Get the Most Out of Cyber Insurance

Supply Chain and Third Parties

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign - SecurityWeek

OAuth Identity Attack — Are your Extensions Affected? - Security Boulevard

New details reveal how hackers hijacked 35 Google Chrome extensions

Google Chrome extensions hack may have started much earlier than expected | TechRadar

Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know | Tom's Guide

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

China-linked hackers target US Treasury through compromised software provider in cyber attack | Invezz

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

LLMs could soon supercharge supply-chain attacks • The Register

Cloud/SaaS

Managing Cloud Risks Gave Security Teams a Big Headache in 2024

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Azure compromise possible with Apache Airflow vulnerabilities | SC Media

Stay Ahead: Integrating IAM with Your Cloud Strategy - Security Boulevard

Identity and Access Management

Machine identities are the next big target for attackers - Help Net Security

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Encryption

Quantum Computing Advances in 2024 Put Security In Spotlight

Will quantum computing break encryption as we know it?

Over 3 million mail servers without encryption exposed to sniffing attacks

The CISO’s guide to accelerating quantum-safe readiness

Hacker demonstrates the supposedly-patched Windows 11 BitLocker is still vulnerable to hackers — default encryption can be overcome with network access | Tom's Hardware

Passwords, Credential Stuffing & Brute Force Attacks

Passkeys were supposed to be secure and simple; here's how they fail

Regulations, Fines and Legislation

Experts unsure of risk appetite as EU beefs up cyber rules for critical infrastructure | Premium | Compliance Week

City regulators to start oversight of tech firms that provide ‘critical’ services to UK | Financial sector | The Guardian

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

Top 10 Data Protection Fines and Settlements of 2024 - Infosecurity Magazine

How will rules and regulations affect cyber security and AI in 2025? | SC Media

Cyber security laws: Companies grapple with costs, complexity of overlapping cyber security laws - The Economic Times

2025: A Critical Year for Cyber Security Compliance in the EU and UK - Infosecurity Magazine

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

UN cyber crime treaty adopted amid pushback | SC Media

US proposes cyber security rules to limit impact of health data leaks

HIPAA to be updated with cyber security regulations, White House says | The Record from Recorded Future News

Navigating the SEC’s Cyber Security Disclosure Rules: One Year On - Security Boulevard

US prohibits data sales to adversarial nations | SC Media

Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Snoopy Eavesdropping - SecurityWeek

Court strikes down US net neutrality rules - BBC News

Models, Frameworks and Standards

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

City regulators to start oversight of tech firms that provide ‘critical’ services to UK | Financial sector | The Guardian

The 5 most impactful cyber security guidelines (and 3 that fell flat)

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

Data Protection

Top 10 Data Protection Fines and Settlements of 2024 - Infosecurity Magazine

US prohibits data sales to adversarial nations | SC Media

Careers, Working in Cyber and Information Security

The state of cyber security and IT talent shortages - Help Net Security

Law Enforcement Action and Take Downs

Three Russian-German Nationals Charged with Espionage for Russian Secret Service

US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

US prohibits data sales to adversarial nations | SC Media

Nation State Actors

China

China's cyber intrusions turns sinister in 2024 • The Register

What to know about string of US hacks blamed on China - BBC News

Chinese Hackers Reportedly Targeted US Sanctions Office

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

Nato to boost Baltic Sea presence after suspected sabotage of underwater cable | Nato | The Guardian

Finland police seize ship after undersea power cable to Estonia is cut - The Washington Post

Ninth telecoms firm has been hit by a massive Chinese espionage campaign, the White House says - Washington Times

Finland finds drag marks on Baltic seabed after cable damage | Reuters

Palo Alto Firewalls Backdoored by Suspected Chinese Hackers

White House: Salt Typhoon hacks possible because telecoms lacked basic security measures | CyberScoop

US Treasury hacked: Are China and the US stepping up their cyberwar? | Cyber Crime News | Al Jazeera

AT&T and Verizon say networks secure after Salt Typhoon breach

The US plans a full tech embargo on China, Russia, and Iran, and NVIDIA may pay the price - Jason Deegan

China-linked hackers target US Treasury through compromised software provider in cyber attack | Invezz

Lumen reports that it has locked out the Salt Typhoon group from its network

Germany Says Latest Undersea Cable Cut a ‘Wake-up Call' - The Moscow Times

Estonia navy to protect undersea power link after main cable damaged - BBC News

Finland moves tanker suspected of undersea cable damage closer to port | Reuters

Russia

Russia could inflict 'substantial' casualties by unconventional attack against NATO, allied official says

Unconventional Russian attack could cause 'substantial' casualties, top NATO official warns | World News | Sky News

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

Nato to boost Baltic Sea presence after suspected sabotage of underwater cable | Nato | The Guardian

Finland police seize ship after undersea power cable to Estonia is cut - The Washington Post

Finland finds drag marks on Baltic seabed after cable damage | Reuters

Ukraine recovers key notarial registers affected by Russian cyber attack | Ukrainska Pravda

Ukraine Cyber Support Funding Tops €200 million | SC Media UK

US sanctions Russian, Iranian groups for election interference | CyberScoop

Germany Says Latest Undersea Cable Cut a ‘Wake-up Call' - The Moscow Times

Three Russian-German Nationals Charged with Espionage for Russian Secret Service

Luxury Western Goods Line Russian Stores, Three Years Into Sanctions

Pro-Russian hackers target Italian airport websites – DW – 12/28/2024

Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group | Reuters

The US plans a full tech embargo on China, Russia, and Iran, and NVIDIA may pay the price - Jason Deegan

Russian media outlets Telegram channels blocked in European countries

Estonia navy to protect undersea power link after main cable damaged - BBC News

Finland moves tanker suspected of undersea cable damage closer to port | Reuters

Russian smugglers import luxury cars from Europe despite sanctions

Iran

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

US sanctions Russian, Iranian groups for election interference | CyberScoop

The US plans a full tech embargo on China, Russia, and Iran, and NVIDIA may pay the price - Jason Deegan

North Korea

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

2024: A jackpot year for North Korea's cyber criminals - Daily NK English

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 27 December 2024

Black Arrow Cyber Threat Intelligence Briefing 27 December 2024:

-Hackers are Using Russian Domains to Launch Complex Document-Based Phishing Attacks

-How Nation-State Cyber Criminals Are Targeting the Enterprise

-Phishing Report Findings Call for a Fundamental Shift in Organisational Approaches to Defence

-Organisations Need to Get Real About Threat of Cyber Attacks

-Dark Web Cyber Criminals are Buying Up IDs to Bypass KYC Methods

-Cl0p Ransomware Group to Name Over 60 Victims of Cleo Attack

-Service Disruptions Continue to Blindside Businesses

-Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%

-Ransomware Attackers Target Industries with Low Downtime Tolerance

-North Koreans Stole $1.34bn In Crypto This Year

-Beware Of Shadow AI: Shadow IT’s Less Well-Known Brother

-Working with Security Consultants Will Bolster Cyber Resilience as We Enter 2025

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Hackers are Using Russian Domains to Launch Complex Document-Based Phishing Attacks

New research reveals a sharp increase in malicious emails, bypassing secure gateways every 45 seconds. Remote Access Trojans rose by 59%, while open redirects soared by 627%. Phishing attacks are shifting to Microsoft Office documents, surging by nearly 600% in malicious use, and Russian domains, used four to twelve times more, are now being used for data exfiltration. Attackers harness widely used services like TikTok and Google AMP to redirect unsuspecting users to harmful links. This surge in threats highlights the urgent need for stronger cyber security measures to protect organisations’ networks and data.

How Nation-State Cyber Criminals are Targeting the Enterprise

Nation-state threat actors, once focused on critical infrastructure, are now targeting enterprises across industries as geopolitical tensions escalate. In the past year, these advanced groups have increased attacks on organisations handling sensitive data, aiming to exfiltrate intellectual property and disrupt operations. Unlike traditional ransomware gangs, they have significant resources, persistence, and clear missions such as espionage or undermining rivals. This complex threat environment underscores the need for robust cyber security measures, from strengthening incident response planning and network visibility, to fostering partnerships with government and industry peers. Effective defence requires ongoing vigilance and collaboration to safeguard critical assets.

Phishing Report Findings Call for a Fundamental Shift in Organisational Approaches to Defence

SlashNext’s 2024 Phishing Intelligence Report reveals a significant escalation in phishing threats, urging organisations to rethink their defence strategies. Credential phishing attacks surged by 703%, while email-based threats rose by 202%, exposing users to up to 600 mobile threats annually. 80% of embedded malicious links were zero-day threats (for which there was no remedy at the time) and bypassed traditional detection methods. Social engineering attacks increased by 141%, targeting users across platforms like Microsoft Teams and Dropbox. Experts emphasise the need for proactive, adaptive security strategies, advanced identity verification, and machine learning to counter evolving threats and safeguard critical assets in a rapidly expanding threat landscape.

Organisations Need to Get Real About Threat of Cyber Attacks

The UK’s National Cyber Security Centre’s eighth annual review warns that the threat from state-led and criminal cyber attacks is greater than many organisations realise. The impact is already huge, with attacks costing businesses $2 trillion last year. Experts say technology is only part of the solution, calling for stronger human defences, “digital trust” and realistic scenario planning. By running regular incident response exercises and improving user awareness, leaders can better prepare for and respond to breaches, maintaining trust and protecting their operations.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Dark Web Cyber Criminals are Buying Up IDs to Bypass KYC Methods

A new report by iProov reveals a sophisticated dark web operation collecting genuine identity documents and biometric data, often purchased directly from individuals, to bypass Know Your Customer (KYC) processes. The operation spans Latin America and Eastern Europe, posing a significant risk to organisations relying on traditional identity verification systems. iProov warns that these complete identity packages, combining real documents with matching biometrics, are exceptionally challenging to detect. To counteract these threats, firms must adopt a multi-layered, real-time verification approach to confirm both humanity and identity, significantly enhancing defences against advanced impersonation fraud.

Cl0p Ransomware Group to Name Over 60 Victims of Cleo Attack

The Cl0p ransomware group has exploited vulnerabilities in Cleo’s file transfer products, affecting over 60 organisations, with victims being contacted and provided proof of stolen data. Blue Yonder, a supply chain software provider, is the only named victim so far, though more are expected to be publicly identified unless ransoms are paid. The vulnerabilities, exploited since early December, allowed attackers to steal files without authentication, and Cleo’s tools are used by over 4,000 customers. Cl0p’s actions mirror its previous MOVEit campaign, further highlighting the persistent risks of unpatched file transfer systems.

Service Disruptions Continue to Blindside Businesses

PagerDuty's latest report highlights service disruptions as a pressing concern for businesses, with 88% of executives predicting another major incident within a year. The July global IT outage exposed gaps in preparedness, with 83% of executives caught off guard, resulting in lost revenue (37%) and delayed responses (39%). Nearly half of UK, US, and Australian leaders, along with a majority in Japan, cite insufficient real-time data tools as a hindrance. As 86% admit to prioritising efforts to build security rather than being ready to react if the security is breached, the report emphasises the need for proactive planning to mitigate the financial and reputational impacts of future disruptions.

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%

An infostealer is a type of malicious software designed to secretly gather private information, such as passwords, financial details, or other sensitive data, from an infected device. Once it collects this data, it sends it to the attacker, who can then misuse it for financial gain, identity theft, or other illegal activities. Cyber security software provider ESET has found a 369% increase in detections of the Lumma Stealer infostealer, now dominating attacks by targeting 2FA browser extensions, user credentials and cryptocurrency wallets. Organisations should consider the threat of infostealers and other malicious software as part of a cohesive cyber security strategy.

Ransomware Attackers Target Industries with Low Downtime Tolerance

Cyber security provider Dragos found that 23 ransomware groups, including newly emerged or rebranded operators, impacted industrial organisations in Q3 2024. They targeted sectors with low downtime tolerance, such as healthcare and finance, resulting in significant operational halts, financial losses, and data compromises. One major automotive software firm paid a $25m ransom, while an oilfield services provider lost $35m. Attackers have evolved to bypass multi-factor authentication and exploit VPN weaknesses, with living-off-the-land and remote access tools enabling stealthy intrusions. They also increasingly rely on initial access brokers, using advanced malware to persist in virtual environments and critical operations.

North Koreans Stole $1.34bn In Crypto This Year

Hackers linked to North Korea have reportedly stolen $1.34bn in cryptocurrency so far this year, accounting for over half of all such thefts. This surge highlights a reliance on illicit digital funds to finance ballistic missile and nuclear programmes, with the US estimating a third of North Korea’s missile development is funded by hacking. Attacks slowed after a reported strategic partnership with Russia in June which may have reduced North Korea’s dependency on cyber crime, although overall crypto-based hacking has risen. Despite total stolen amounts being lower than in previous years, the number of breaches is at a record 303, indicating an ongoing need for robust cyber security measures.

Beware Of Shadow AI: Shadow IT’s Less Well-Known Brother

Research indicates that 50–75% of employees use non-company AI tools, raising concerns around data leakage, compliance, and vulnerabilities to cyber attack. The number of these applications continues to surge, yet only 15% of organisations have a formal AI policy in place. This lack of oversight can lead to reputational and legal damage. While AI promises innovation and productivity gains, leaders must address Shadow AI by establishing robust governance, enforcing granular controls, and conducting frequent security audits. Boards should ensure their cyber security strategy helps mitigate these risks while unlocking AI’s benefits.

Working with Security Consultants Will Bolster Cyber Resilience as We Enter 2025

With a shortage of talent, new regulations on the horizon, and an evolving threat landscape, cyber resilience is becoming a top priority for organisations. The upcoming UK Cyber Security and Resilience Bill and stringent frameworks for financial institutions highlight the urgent need for robust defences. Despite this focus on cyber security, many organisations face recruitment hurdles due to an undersupplied talent pool. As a result, hiring external cyber security specialists is emerging as a cost-effective solution, giving businesses access to the necessary skills without the lengthy recruitment process. This approach helps close the talent gap while strengthening defences into 2025 and beyond.

Sources:

https://www.techradar.com/pro/Hackers-are-using-Russian-domains-to-launch-complex-document-based-phishing-attacks

https://www.darkreading.com/vulnerabilities-threats/how-nation-state-cybercriminals-target-enterprise

https://informationsecuritybuzz.com/phishing-report-findings-fundamental/

https://www.forbes.com/sites/rogertrapp/2024/12/22/organizations-need-to-get-real-about-threat-of-cyber-attacks/

https://www.techradar.com/pro/security/dark-web-cybercriminals-are-buying-up-id-to-bypass-kyc-methods

https://www.securityweek.com/cl0p-ransomware-group-to-name-over-60-victims-of-cleo-attack/

https://www.helpnetsecurity.com/2024/12/26/service-disruptions-concern/

https://www.infosecurity-magazine.com/news/infostealers-lumma-stealer/

https://www.infosecurity-magazine.com/news/ransomware-industries-downtime/

https://www.silicon.co.uk/security/cyberwar/north-korea-hacking-593725

https://www.securityweek.com/beware-of-shadow-ai-shadow-its-less-well-known-brother/

https://www.scotsman.com/business/working-with-security-consultants-will-bolster-cyber-resilience-as-we-enter-2025-4907662



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Attackers Target Industries with Low Downtime Tolerance - Infosecurity Magazine

Small Business Cyber Security Statistics

Half of UK businesses hit by cyber breaches in 2024 - Digital Journal

Clop ransomware is now extorting 66 Cleo data-theft victims

LockBit Admins Tease a New Ransomware Version - Infosecurity Magazine

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

New Warning As Self-Deleting Cyber Attack Targets Windows, Mac

Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine

Beware Feb. 3, 2025—Diabolic Ransomware Gang Issues New Attack Warning

Interlock ransomware attacks highlight need for greater security standards on critical infrastructure | TechRadar

Suspected LockBit dev faces extradition to the US • The Register

How companies can fight ransomware impersonations - Help Net Security

Nearly four decades on and, like Jesus, ransomware won't die • The Register

6 Crafty Tactics Cyber Criminals Use To Snag Money From Home Users Fast

Facing the Specter of Cyber Threats During the Holidays

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

Ransomware Victims

Clop ransomware is now extorting 66 Cleo data-theft victims

5.6M people exposed in Ascension Health ransomware incident earlier this year | Cybernews

Hackney Council: Cyber Attack Cost 'hundreds of thousands' - BBC News

Krispy Kreme breach, data theft claimed by Play ransomware gang

Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme - SecurityWeek

Phishing & Email Based Attacks

Phishing Report Findings Call For A Fundamental Shift In Organisational Approaches To Defence

This devious two-step phishing campaign uses Microsoft tools to bypass email security | TechRadar

Hackers are using Russian domains to launch complex document-based phishing attacks | TechRadar

Fake DocuSign docs used to secure corporate credentials in mishing campaign | SC Media

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

A new Microsoft 365 phishing service has emerged, so be on your guard | TechRadar

Urgent New Gmail Security Warning For Billions As Attacks Continue

Defence Giant General Dynamics Says Employees Targeted in Phishing Attack - SecurityWeek

Other Social Engineering

You Need to Create a Secret Password With Your Family | WIRED

Lazarus APT targeted employees at an unnamed nuclear-related organisation

North Korean “Laptop Farm” IT Worker Scam Targets Multiple High-Profile Companies | Ankura - JDSupra

Artificial Intelligence

AI-driven scams are about to get a lot more convincing - Help Net Security

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

Beware Of Shadow AI – Shadow IT's Less Well-Known Brother - SecurityWeek

AI impersonators will wreak havoc in 2025. Here’s what to look for | PCWorld

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatG - Infosecurity Magazine

You Need to Create a Secret Password With Your Family | WIRED

Urgent New Gmail Security Warning For Billions As Attacks Continue

Businesses Need New AI Governance in Cyber Security and Privacy

Will AI Drive Efficiency and Budget Growth? Risks, Rewards & Reality - Security Boulevard

Open source machine learning systems are highly vulnerable to security threats | TechRadar

The Intersection of AI and OSINT: Advanced Threats On The Horizon - SecurityWeek

2FA/MFA

Evilginx: Open-source man-in-the-middle attack framework - Help Net Security

Home for the holidays? Share this top cyber security advice with friends and family | TechCrunch

Malware

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400% - Infosecurity Magazine

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

New Warning As Self-Deleting Cyber Attack Targets Windows, Mac

Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

New 'OtterCookie' malware used to backdoor devs in fake job offers

Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

Bots/Botnets

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns - Infosecurity Magazine

BadBox rapidly grows, 190,000 Android devices infected - Security Affairs

New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration | TechRadar

How Not To Become A Botnet Victim: A Practical Guide For Everyone

New botnet exploits vulnerabilities in NVRs, TP-Link routers

How Androxgh0st, the hybrid botnet, rose from Mozi's ashes • The Register

Botnets leverage decade-old D-Link vulnerabilities in new attack campaigns - SiliconANGLE

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Mobile

Apple warns spyware targets via ‘threat notifications,’ offers these next steps - 9to5Mac

CISA: Use Signal or other secure communications app - Help Net Security

Fake DocuSign docs used to secure corporate credentials in mishing campaign | SC Media

ICO Warns of Festive Mobile Phone Privacy Snafu - Infosecurity Magazine

iOS devices more exposed to phishing than Android - Help Net Security

FBI Says Use Secret Word, NSA Says Reboot iPhone—Should You Listen?

Spyware Maker NSO Group Found Liable In US Court | Silicon UK

Denial of Service/DoS/DDoS

DNSSEC Denial-of-Service Attacks Show Technology's Fragility

Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine

DDoS Attacks Surge as Africa Expands Its Digital Footprint

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately

7 Ways to Stop VoIP DDoS Attacks from Crashing Your Phones

Internet of Things – IoT

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns - Infosecurity Magazine

BadBox rapidly grows, 190,000 Android devices infected - Security Affairs

New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration | TechRadar

New botnet exploits vulnerabilities in NVRs, TP-Link routers

How Androxgh0st, the hyrbird botnet, rose from Mozi's ashes • The Register

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

6 Easy Ways To Make Your Smart Home More Secure

Data Breaches/Leaks

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400% - Infosecurity Magazine

Small Business Cyber Security Statistics

Half of UK businesses hit by cyber breaches in 2024 - Digital Journal

Clop ransomware threatens 66 Cleo attack victims with data leak

These were the badly handled data breaches of 2024 | TechCrunch

5.6M people exposed in Ascension Health ransomware incident earlier this year | Cybernews

Ascension: Health data of 5.6 million stolen in ransomware attack

FTC orders Marriott and Starwood to implement strict data security

Peugeot Data Breach: Hackers Threaten to Release Stolen Client Information

Nearly half a million people had data stolen after cyber attack on American Addiction Centers | The Record from Recorded Future News

What Should You Do When You Receive a Data Breach Notice? - CNET

Organised Crime & Criminal Actors

Major Biometric Data Farming Operation Uncovered - Infosecurity Magazine

New Study Reveals Widening Gap Between Cyber Attack Causes and Public Perception

Message service predominantly used by Pixel users intercepted by authorities - PhoneArena

Suspected LockBit dev faces extradition to the US • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

792 Syndicate Suspects Arrested in Massive Crypto and Romance Scam: The Rise of Cyber Crime as a Corporate Enterprise - IT Security Guru

North Korea hackers behind 60% of all crypto stolen in 2024

North Koreans Stole $1.34bn In Crypto This Year | Silicon UK Tech

NFT scammers charged for stealing $22 million through "rug pulls" - Help Net Security

US and Japan Blame North Korea for $308m Crypto Heist - Infosecurity Magazine

Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine

South Korea sanctions 15 North Koreans for crypto heists and cyber theft

Crypto scam suspect arrested in bed as cyber crime cops raid home - Manchester Evening News

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

Insurance

Cyber Risks and Insurance 2025 Forecast | Wiley Rein LLP - JDSupra

Cloud/SaaS

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

A new Microsoft 365 phishing service has emerged, so be on your guard | TechRadar

Amazon Security Warning As 3 High-Rated Vulnerabilities Hit Cloud

Why Cloud Identity Attacks Outpace On-Premises Risks

Outages

Service disruptions continue to blindside businesses - Help Net Security

Identity and Access Management

Non-Human Identities Gain Momentum, Requires Both Management, Security

Why Cloud Identity Attacks Outpace On-Premises Risks

Encryption

Why cryptography is important and how it’s continually evolving - Security Boulevard

Linux and Open Source

What open source means for cyber security - Help Net Security

Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine

Strengthening open source: A roadmap to enhanced cyber security - Nextgov/FCW

The Linux log files you should know and how to use them | ZDNET

Open source machine learning systems are highly vulnerable to security threats | TechRadar

Passwords, Credential Stuffing & Brute Force Attacks

Home for the holidays? Share this top cyber security advice with friends and family | TechCrunch

Social Media

Drug Dealers Have Moved on to Social Media | WIRED

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

Regulations, Fines and Legislation

Meet the In-Laws: the UK’s Digital Legislative Agenda for 2025 | Ropes & Gray LLP - JDSupra

EU DORA: Are you in scope, and if so, how can you prepare? | King & Spalding - JDSupra

The Cyber Resilience Act: A Field Guide for CTOs and CISOs | HackerNoon

A Hit-and-Miss First Year for SEC’s Cyber Incident Reporting Rules | MSSP Alert

Trump 2.0 Portends Big Shift in Cyber Security Policies

Guardians Of Peace: The EU’s Role In Global Security – OpEd – Eurasia Review

Europe's move toward cyber security sovereignty [Q&A]

INTERPOL welcomes adoption of UN convention against cyber crime

FTC orders Marriott and Starwood to implement strict data security

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT - Infosecurity Magazine

Cyber experts applaud White House cyber security plan

FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defence bill | The Record from Recorded Future News

Models, Frameworks and Standards

EU DORA: Are you in scope, and if so, how can you prepare? | King & Spalding - JDSupra

The Cyber Resilience Act: A Field Guide for CTOs and CISOs | HackerNoon

Data Protection

5 Questions to Ask to Ensure Data Resiliency

Law Enforcement Action and Take Downs

792 Syndicate Suspects Arrested in Massive Crypto and Romance Scam: The Rise of Cyber Crime as a Corporate Enterprise - IT Security Guru

BadBox rapidly grows, 190,000 Android devices infected - Security Affairs

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

NFT scammers charged for stealing $22 million through "rug pulls" - Help Net Security

LockBit Taunts New Version as Original Developer Charged | SC Media UK

Interpol Identifies Over 140 Human Traffickers in New Initiative - Infosecurity Magazine

Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine

Massive live sports piracy ring with 812 million yearly visits taken offline

Message service predominantly used by Pixel users intercepted by authorities - PhoneArena

Crypto scam suspect arrested in bed as cyber crime cops raid home - Manchester Evening News

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The 2024 cyberwar playbook: Tricks used by nation-state actors | CSO Online

Middle East Cyberwar Rages On, With No End in Sight

Nation State Actors

How Nation-State Cyber Criminals Are Targeting the Enterprise

China

CISA: Use Signal or other secure communications app - Help Net Security

Underwater footage raises suspicions of undersea cable sabotage as European authorities board Chinese ship for investigation | Tom's Hardware

DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7

Hundreds of organisations were notified of potential Salt Typhoon compromise - Nextgov/FCW

Major cyber security attack from China exposes systematic flaws - TheStreet

Feds lay blame while Chinese telecom attack continues | CyberScoop

FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defence bill | The Record from Recorded Future News

Russia

Russia fires its biggest cyber weapon against Ukraine | CSO Online

Ukraine blames Russia for mega cyber attack on ‘critically important’ infrastructure – POLITICO

Hackers are using Russian domains to launch complex document-based phishing attacks | TechRadar

Underwater footage raises suspicions of undersea cable sabotage as European authorities board Chinese ship for investigation | Tom's Hardware

Russians deleted one of Ukraine's most restricted registers in recent cyber attack, Ukrainian official says | Ukrainska Pravda

International Cyber Defence Coalition Reports Significant Progress in Protecting Ukrainian Digital Infrastructure | HaystackID - JDSupra

DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7

Russian cyber attack: Breach occurred at 'top-level account,' MP says

Iran

DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7

OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organisations

Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

North Korea

North Korea hackers behind 60% of all crypto stolen in 2024

North Koreans Stole $1.34bn In Crypto This Year | Silicon UK Tech

US and Japan Blame North Korea for $308m Crypto Heist - Infosecurity Magazine

Lazarus APT targeted employees at an unnamed nuclear-related organisation

North Korean “Laptop Farm” IT Worker Scam Targets Multiple High-Profile Companies | Ankura - JDSupra

New 'OtterCookie' malware used to backdoor devs in fake job offers

South Korea sanctions 15 North Koreans for crypto heists and cyber theft

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Middle East Cyberwar Rages On, With No End in Sight

Europe is the top target for hacktivists, Orange Cyberdefence report reveals  | Total Telecom

Apple warns spyware targets via ‘threat notifications,’ offers these next steps - 9to5Mac

Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users - The Verge

'Expulsion to Spain': Israeli Hackers Flock to Barcelona in Big Spyware Shift - National Security & Cyber - Haaretz.com





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 20 December 2024

Black Arrow Cyber Threat Intelligence Briefing 20 December 2024:

-Mobile Spear Phishing Targets Executive Teams

-From Digital Risk to Physical Threat: Why Cyber Security Must Evolve for Executives

-Why HNWIs are Seeking Personal Cyber Security Consultants

-Ransomware in 2024: New Players, Bigger Payouts, and Smarter Tactics

-Credential Phishing Attacks Up Over 700 Percent

-All Major European Financial Firms Suffer Supplier Breaches

-Phishers Cast Wide Net with Spoofed Google Calendar Invites

-Security Leaders Say Machine Identities Are Next Big Target for Cyber Attack

-Ransomware Defences are Weakened by Backup Technology

-Cyber Security is Never Out-of-Office: Protecting Your Business Anytime, Anywhere

-Ransomware, Deepfakes, and Scams: The Digital Landscape in 2024

-UK Companies Face Increasing Cyber Security Risks Across a Range of Threats

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Mobile Spear Phishing Targets Executive Teams

Over the past few months, sophisticated spear phishing campaigns have intensified, targeting corporate executives via mobile devices and trusted business platforms. These attacks leverage advanced redirection techniques, PDF-based phishing links and compromised domains to bypass traditional defences. Mobile devices represent a distinct and often unsecured attack surface, enabling threat actors to harvest high-value corporate credentials with alarming efficiency. To protect against these evolving threats, organisations require education and awareness as well as advanced, on-device detection and prevention measures. Recent research has shown that zero-day protection and adaptive, mobile-specific security solutions are now critical to safeguarding sensitive enterprise data.

From Digital Risk to Physical Threat: Why Cyber Security Must Evolve for Executives

Protecting executives goes beyond digital measures, as these leaders’ personal safety and actions directly affect company valuation, investor confidence, and regulatory scrutiny. The US Securities and Exchange Commission (SEC)’s emphasis on governance and risk transparency underscores the importance of securing executives against both cyber and physical threats. Proactive approaches - blending digital and physical security, continuous monitoring of key terms, and behavioural science insights - are vital. By identifying threats early, understanding their social context, and ensuring senior leaders appreciate these vulnerabilities, organisations can strengthen resilience, reassure stakeholders, and meet regulatory expectations in evolving threat landscape.

Why HNWIs are Seeking Personal Cyber Security Consultants

High net worth individuals (HNWIs) are facing increasingly complex and evolving cyber threats, from phishing and ransomware to social engineering. Their wealth, influence and public profile make them prime targets, exposing them to severe financial, reputational and personal risks. HNWIs need to ensure they have conducted tailored risk assessments, and ensure appropriate security controls, constant monitoring, and privacy management for individuals and families. With global cyber crime costs projected to reach $10.5 trillion annually by 2025, these actions help safeguard digital assets, protect reputations, and ensure peace of mind in an ever more volatile online environment.

Ransomware in 2024: New Players, Bigger Payouts, and Smarter Tactics

Ransomware remains the leading global cyber security threat in 2024, with new groups rising after criminal takedowns. Demands soared, including a record-breaking $75 million ransom. Attacks span multiple sectors, with the construction industry hit hardest, and often occur overnight or at weekends. Over three-quarters paid ransoms, with average demands exceeding $1.5 million, and recovery costs surpassing $2.7 million. Smaller enterprises are especially vulnerable.

Credential Phishing Attacks Up Over 700 Percent

Phishing remains a top concern for organisations worldwide, with a new report showing credential-based attacks increasing by 703% in late 2024. Overall email threats rose by 202%, exposing employees to up to six threats per week and as many as 600 mobile threats annually. 80% of malicious links were previously unknown, underscoring limitations in static defences. Social engineering-based attacks surged by 141%, forcing leaders to reconsider their approach. Experts anticipate continued escalation in 2025, stressing the need for comprehensive and proactive security strategies backed by real-time detection and adaptable mitigation measures to outpace increasingly agile attackers.

All Major European Financial Firms Suffer Supplier Breaches

New research found that all major European financial firms experienced supplier-related breaches last year. Only a quarter achieved top-tier cyber security resilience ratings, while nearly all suffered from third- and fourth-party breaches. Around a fifth also endured a direct breach. Some 33% of financial services companies received a lower rating, with pending EU regulations like DORA adding urgency. Scandinavian firms outperformed peers, whereas French organisations reported the highest rate of supply chain breaches. Improving domain name system (DNS) configurations, endpoint security and patching cycles were recommended to strengthen defences.

Phishers Cast Wide Net with Spoofed Google Calendar Invites

A recent phishing campaign has spoofed Google Calendar invites, reaching about 300 organisations with more than 4,000 malicious emails over four weeks. Fraudsters trick users into clicking bogus links that eventually lead to fake sites designed to steal personal and financial details. Such attacks are lucrative: last year, victims in one country lost nearly $19 million to phishing scams. Security experts advise verifying links before clicking, and using two-factor authentication. As criminals easily adapt their methods, staying vigilant and questioning unusual requests remain vital for safeguarding against these persistent social engineering threats.

Security Leaders Say Machine Identities Are Next Big Target for Cyber Attack

New research shows many organisations faced cloud related security incidents last year, causing delays for over half, service outages for almost half, and data breaches for nearly a third. Security leaders warn that machine identities, especially access tokens and service accounts, are the next major target. They also predict more sophisticated supply chain attacks involving AI. Conflicts persist between security and development teams, and complexity grows as machine identities proliferate. Experts say securing these identities, along with automated protection and comprehensive controls, is now essential to safeguard cloud environments and ensure stable, secure business operations.

Ransomware Defences are Weakened by Backup Technology

Recent research by Object First shows ransomware attacks increasingly target backup data and exploit vulnerabilities. Research participants said their outdated systems (34%), limited encryption (31%) and failed backups (28%) weaken defences. Immutable storage is seen as vital, with 93% agreeing it is essential and 97% planning to invest. Zero Trust principles are widely supported, but managing these technologies poses challenges. Nearly 41% lack the necessary skills and 69% cannot afford extra expertise. The findings underscore the urgency for resilient, ransomware-proof backup systems and highlight the need for robust cyber security measures to mitigate these evolving threats.

Cyber Security is Never Out-of-Office: Protecting Your Business Anytime, Anywhere

With many staff away during the festive season, cyber criminals see an ideal opportunity to strike. Ransomware attacks surge by around 30% on public holidays and weekends, with 89% of security professionals worried about off-hours threats. As payment rates have fallen from around 80% to 36% over five years, attackers now exploit vulnerable times such as night shifts to make their attacks more effective. Organisations must ensure year-round vigilance, including strong authentication, continuous patching, and clear incident response plans. Proper training, supply chain security, data encryption and processes to verify money transfers are essential. In short, robust cyber security plans cannot afford an “out of office.”

Ransomware, Deepfakes, and Scams: The Digital Landscape in 2024

ESET’s 2024 threat report highlights a surge in investment and crypto scams, often using deepfakes and celebrity images to enhance credibility. New ransomware operators have emerged to fill the void left by ransomware gangs such as Lockbit, with RansomHub alone claiming nearly 500 victims, including major companies. Infostealer activity has shifted as infostealers RedLine and Meta were taken down, boosting their competitor Lumma’s popularity by 368%. Malware trends are mixed, with the detection of Agent Tesla malware down by 26% but Formbook malware showing a dramatic spike of up to 7,000 daily detections. Despite some law enforcement successes, the cyber security landscape remains unpredictable and continuously evolving.

UK Companies Face Increasing Cyber Security Risks Across a Range of Threats

New findings from Horizon3.ai’s "Cyber Security Report UK 2024/2025" show a growing risk environment across various industries, with nearly half of UK organisations (48%) citing stolen user credentials as a top cyber security threat. Insufficiently secured or unknown data stores were noted by 42%, and almost a third (29%) flagged attacks exploiting known but unpatched software vulnerabilities. In the survey of 150 executives and IT professionals, 69% reported at least one cyber attack in the past two years, yet 66% lack adequate defences. Experts advise continuous penetration testing and more proactive, attacker-focused security measures to strengthen resilience, given the escalation in attack complexity and severity.

Sources:

https://securityboulevard.com/2024/12/mobile-spear-phishing-targets-executive-teams/

https://www.scworld.com/perspective/from-digital-risk-to-physical-threat-why-cybersecurity-must-evolve-for-executives

https://securityboulevard.com/2024/12/why-hnwis-are-seeking-personal-cybersecurity-consultants/

https://www.helpnetsecurity.com/2024/12/19/ransomware-surveys-2024/

https://betanews.com/2024/12/18/credential-phishing-attacks-up-over-700-percent/

https://www.infosecurity-magazine.com/news/all-europes-top-financial-firms/

https://www.theregister.com/2024/12/18/google_calendar_spoofed_in_phishing_campaign/

https://www.businesswire.com/news/home/20241216555147/en/Security-Leaders-Say-Machine-Identities-%E2%80%93-Such-as-Access-Tokens-and-Service-Accounts-%E2%80%93-Are-Next-Big-Target-for-Cyberattack

https://www.techradar.com/pro/Ransomware-defenses-are-being-weakened-by-outdated-backup-technology-limited-backup-data-encryption-and-failed-data-backups

https://www.welivesecurity.com/en/business-security/cybersecurity-never-out-of-office-protecting-business-anytime-anywhere/

https://www.techradar.com/pro/security/ransomware-deepfakes-and-scams-the-digital-landscape-in-2024

https://pressat.co.uk/releases/uk-companies-face-increasing-cyber-security-risks-across-a-range-of-threats-new-report-reveals-eb07fa15c46681cbda6c239a57c3f447/


Governance, Risk and Compliance

Why HNWIs are Seeking Personal Cyber Security Consultants - Security Boulevard

UK Companies Face Increasing Cyber Security Risks Across a Range of Threats, New Report Reveals | Pressat

From digital risk to physical threat: Why cyber security must evolve for executives | SC Media

Innovation, insight and influence: the CISO playbook for 2025 and beyond | Computer Weekly

77% of IT leaders cite cyber security as top challenge in global survey

ISC2 Survey Reveals Critical Gaps in Cyber Security Leadership Skills - Infosecurity Magazine

How to turn around a toxic cyber security culture | CSO Online

The evolution of incident response: building a successful strategy | TechRadar

The Importance of Empowering CFOs Against Cyber Threats

How the cyber security landscape affects the financial sector

Threat of personal liability has CISOs sweating | ITPro

70% of cyber security leaders influenced by personal liability concerns | Security Magazine

CISO accountability: Navigating a landscape of responsibility - Help Net Security

How weaponized AI drives CISO burnout – and what to do about it | SC Media

CISO Challenges for 2025: Overcoming Cyber Security Complexities - Security Boulevard

MSSP Market Update: Fortune 500 Firms Fail at Cyber Security | MSSP Alert

2025 is set to bring changes in technology adoption and the evolving attack surface

Cyber security In 2025 – A New Era Of Complexity

To Defeat Cyber Criminals, Understand How They Think

The evolution of incident response: building a successful strategy | TechRadar

Making smart cyber security spending decisions in 2025


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware threat shows no sign of slowing down | Microscope

Ransomware defences are being weakened by outdated backup technology, limited backup data encryption, and failed data backups | TechRadar

Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop

The year in ransomware: Security lessons to help you stay one step ahead - Security Boulevard

Ransomware in 2024: New players, bigger payouts, and smarter tactics - Help Net Security

‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful… | Intel 471

Cyber security is never out-of-office: Protecting your business anytime, anywhere

46% of financial institutions had a data breach in the past 24 months - Help Net Security

Akira and RansomHub Surge as Ransomware Claims Reach All-Time High - Infosecurity Magazine

Clop ransomware claims responsibility for Cleo data theft attacks

Ransomware, deepfakes, and scams: the digital landscape in 2024 | TechRadar

RansomHub emerges as dominant ransomware group as 2024 ends | SC Media

LockBit ransomware gang teases February 2025 return | Computer Weekly

How Cyber Attacks Hold Patient Care Hostage | MedPage Today

Ransomware Gang Says Deloitte Sucks at Their Job - Going Concern

How Do We Build Ransomware Resilience Beyond Just Backups?

Romanian Netwalker ransomware affiliate sentenced to 20 years in prison

How to mitigate wiper malware | TechTarget

Ransomware Victims

46% of financial institutions had a data breach in the past 24 months - Help Net Security

Clop ransomware claims responsibility for Cleo data theft attacks

How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch

The Bookseller - News - Waterstones hit by Blue Yonder ransomware gang attack

Ransomware Gang Says Deloitte Sucks at Their Job - Going Concern

Rhode Island confirms data breach after Brain Cipher ransomware attack

Major Auto Parts Firm LKQ Hit by Cyber Attack - SecurityWeek

Phishing & Email Based Attacks

How Companies Lose Millions Of Dollars To Phishing

Cofense report warns of credential-harvesting attacks that spoof Proofpoint, Mimecast and Virtru - SiliconANGLE

Credential phishing attacks up over 700 percent

Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets

Phishing Attacks Double in 2024 - Infosecurity Magazine

Credential phishing attacks rose by 703% in H2 of 2024 | Security Magazine

Mobile Spear Phishing Targets Executive Teams - Security Boulevard

MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security

Organisations Warned of Rise in Okta Support Phishing Attacks - SecurityWeek

Google Calendar invites spoofed in phishing campaign • The Register

Crooks use Docusign lures to attempt Azure account takeovers • The Register

Credential phishing attacks surge, report reveals | SC Media

Executives targeted in mobile spearphishing attacks | Security Magazine

YouTube Channels Targeted With Windows Malware Phishing Attacks

Inside the latest phishing campaigns: dissecting CarPhish, EDG, Tpass, and Mamba2FA kits - VMRay

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

HubSpot phishing targets 20,000 Microsoft Azure accounts

European firms subjected to HubSpot-exploiting phishing | SC Media

New fake Ledger data breach emails try to steal crypto wallets

New Gmail Security Warning For 2.5 Billion—Second Attack Wave Incoming

Other Social Engineering

FTC warns of online task job scams hooking victims like gambling

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Cyber Criminals Exploit Google Calendar to Spread Malicious Links - Infosecurity Magazine

Microsoft Teams Vishing Spreads DarkGate RAT

Mobile Spear Phishing Targets Executive Teams - Security Boulevard

MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System

‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful… | Intel 471

Cyber security is never out-of-office: Protecting your business anytime, anywhere

Interpol: Stop calling it 'pig butchering' • The Register

Now Scammers Are Abusing Legitimate Services to Show You Fake CAPTCHAs

Watch Out for These Holiday Cyber Attacks

Artificial Intelligence

The threat of AI-driven cyber warfare is real and it can disrupt the world

Ransomware, deepfakes, and scams: the digital landscape in 2024 | TechRadar

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Bosses struggle to police workers’ use of AI

How weaponized AI drives CISO burnout – and what to do about it | SC Media

With 'TPUXtract,' Attackers Can Steal Orgs' AI Models

Identity fraud attacks using AI are fooling biometric security systems | TechRadar

Cyberint's 2024 Report Highlights Surge in Credential Theft and Rise of AI-Powered Phishing - IT Security Guru

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2024 Cyber Review: Trump Re-Election Eclipses AI and Ransomware Stories

AI is becoming the weapon of choice for cyber criminals - Help Net Security

Cyber leaders are bullish on generative AI despite risks: report | CIO Dive

The Year of Global AI and Cyber Security Regulations: 7 GRC Predictions for 2025 - Security Boulevard

Malvertisers Fool Google With AI-Generated Decoys

Malware

How infostealers are used in targeted cyber attacks

Microsoft Teams Vishing Spreads DarkGate RAT

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System

Winnti hackers target other threat actors with new Glutton PHP backdoor

PHP backdoor looks to be work of Chinese-linked APT group | CyberScoop

Google, Amnesty International uncover new surveillance malware | SC Media

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Malvertising on steroids serves Lumma infostealer - Help Net Security

That cheap webcam? HiatusRAT may be targeting it, FBI warns | CSO Online

Raccoon Stealer malware operator gets 5 years in prison after guilty plea

YouTube Creators Targeted in Major Phishing Campaign - Infosecurity Magazine

How to mitigate wiper malware | TechTarget

Evasive Node.js loader masquerading as game hack - Help Net Security

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems - SecurityWeek

A new antivirus model to fight against evasive malware - Diari digital de la URV

Critical flaw in WordPress plugin exploited to install malicious software | SC Media

Bitter APT Targets Turkish Defence Sector with WmRAT and MiyaRAT Malware

Thai Police Systems Under Fire From 'Yokai' Backdoor

Lazarus targets nuclear-related organisation with new malware | Securelist

Malicious Microsoft VSCode extensions target devs, crypto community

Bots/Botnets

Mirai botnet targets SSR devices, Juniper Networks warns

Juniper Warns of Mirai Botnet Targeting Session Smart Routers - SecurityWeek

Mobile

Mobile Spear Phishing Targets Executive Teams - Security Boulevard

Addressing BYOD Vulnerabilities in the Workplace - Security Boulevard

This Nasty Android Malware Is Picking Up Pace and Targeting Certain Devices

Executives targeted in mobile spearphishing attacks | Security Magazine

BadBox malware botnet infects 192,000 Android devices despite disruption

Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch

Authorities abroad use phone-cracking tools to install spyware, report says - The Washington Post

New Android NoviSpy spyware linked to Qualcomm zero-day bugs

Why you should not give your phone charger to others? Hackers can steal data. Tips to stay safe - The Economic Times

Hackers are using the Amazon Appstore to spread malware — delete this malicious app now | Tom's Guide

Internet of Things – IoT

Chinese wi-fi tech used in British homes investigated over hacking fears

Concerns over consumer surveillance in some smart devices | News UK Video News | Sky News

Multiple flaws in Volkswagen Group's infotainment unit allow for vehicle compromise

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs

That cheap webcam? HiatusRAT may be targeting it, FBI warns | CSO Online

Zero Day Initiative — Detailing the Attack Surfaces of the Tesla Wall Connector EV Charger

Mirai botnet targets SSR devices, Juniper Networks warns

Juniper Warns of Mirai Botnet Targeting Session Smart Routers - SecurityWeek

FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems - SecurityWeek

Germany blocks BadBox malware loaded on 30,000 Android devices

Data Breaches/Leaks

46% of financial institutions had a data breach in the past 24 months - Help Net Security

Huge cyber crime attack sees 390,000 WordPress websites hit, details stolen | TechRadar

Hacker Leaks Cisco Data - SecurityWeek

Cyber Security Incident at Deloitte May Be Responsible for RIBridges Data Breach | Console and Associates, P.C. - JDSupra

Consumers wrongly attribute all data breaches to cyber criminals - Help Net Security

Millions stolen from LastPass users in massive attack — what you need to know | Tom's Guide

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

LastPass threat actor steals $5.4M from victims just a week before Xmas

Deloitte handling 'major' cyber attack on Rhode Island system • The Register

Nearly 400,000 WordPress credentials stolen | Security Magazine

LastPass breach comes back to haunt users as hackers steal $12 million in two days – DataBreaches.Net

LastPass Hackers Allegedly Stole $5 Million This Week—Report

How common are consumer data breaches? | Chain Store Age

Texas Tech University System data breach impacts 1.4 million patients

Meta Fined $264M for Security Breach in Facebook's 'View As' Feature - CNET

Rhode Island Residents’ Data Breached in Large Cyber Attack; Data May Be Leaked Soon – DataBreaches.Net

International Development Firm Chemonics Sued Over Breach (1)

900,000 People Impacted by ConnectOnCall Data Breach - SecurityWeek

Regional Care Data Breach Impacts 225,000 People - SecurityWeek

Organised Crime & Criminal Actors

Consumers wrongly attribute all data breaches to cyber criminals - Help Net Security

UK’s internet watchdog unveils online criminal crackdown

Ofcom Issues Guidance for Tech Firms to Tackle Online Harms - Infosecurity Magazine

Major cyber crime crackdowns signal a shift in global cyber security strategies - Policing Insight

Texan man gets 30 years in prison for running CSAM exchange • The Register

Bobbies on the beat won't stop the cyber crime wave | The Spectator

Why Are Crypto Scammers (And Not Hackers) Looking For You? | HackerNoon

Hacker sentenced to 69 months for stealing payment card info | SC Media

Cryptocurrency hackers stole $2.2 billion from platforms in 2024 - Help Net Security

Raccoon Stealer malware operator gets 5 years in prison after guilty plea

Cyber Criminals and the SEC: What Companies Need to Know

Trump to Wage War on Cyber Criminals, Says Advisor

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

LastPass threat actor steals $5.4M from victims just a week before Xmas

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

LastPass breach comes back to haunt users as hackers steal $12 million in two days – DataBreaches.Net

Why Are Crypto Scammers (And Not Hackers) Looking For You? | HackerNoon

Cryptocurrency hackers stole $2.2 billion from platforms in 2024 - Help Net Security

North Korean Hackers Stole $1.3 Billion in Crypto in 2024

New fake Ledger data breach emails try to steal crypto wallets

Crypto Hacks in 2024: Centralized Exchanges Are Now the Top Targets for Cyber Criminals

Interpol: Stop calling it 'pig butchering' • The Register

Crypto holder loses assets priced at $2.5 million

Malicious Microsoft VSCode extensions target devs, crypto community

Insider Risk and Insider Threats

Kroll Settles With Ex-Employees Over Cyber Security Trade Secrets

GCHQ worker accused of taking top secret data home - BBC News

Protecting IP in a Cyber-Threatened World: Insights from Zifino and Foley & Lardner | Foley & Lardner LLP - JDSupra

Insurance

Lloyd's of London Launches New Cyber Insurance Consortium

What will happen in the cyber insurance space during 2025? | Insurance Business America

Supply Chain and Third Parties

Supply Chain Risk Mitigation Must Be a Priority in 2025

Cyber Security Incident at Deloitte May Be Responsible for RIBridges Data Breach | Console and Associates, P.C. - JDSupra

Deloitte handling 'major' cyber attack on Rhode Island system • The Register

Harnessing Threat Intel and Automation to Counter Supply Chain Risks | MSSP Alert

Property deals hit by IT security failure at search service

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

Cloud/SaaS

Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop

Crooks use Docusign lures to attempt Azure account takeovers • The Register

SaaS: The Next Big Attack Vector | Grip Security - Security Boulevard

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Crooks use Docusign lures to attempt Azure account takeovers • The Register

CISA issues new directive to bolster cloud security – and Microsoft was singled out | ITPro

Ransomware attacks exploit Cleo bug as Cl0p claims it • The Register

US Government Issues Cloud Security Requirements for Federal Agencies - Infosecurity Magazine

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

HubSpot phishing targets 20,000 Microsoft Azure accounts

European firms subjected to HubSpot-exploiting phishing | SC Media

Microsoft 365 users hit by random product deactivation errors

Identity and Access Management

Why Role-Based Access Control is Critical to Your Security Stack | MSSP Alert

Proactive Approaches to Identity and Access Management - Security Boulevard

Security Leaders Say Machine Identities – Such as Access Tokens and Service Accounts – Are Next Big Target for Cyber Attack | Business Wire

Machine identity attacks will be top of mind for security leaders in 2025 | ITPro

Encryption

The Simple Math Behind Public Key Cryptography | WIRED

Why 2025 Will Be Pivotal in Our Defence Against Quantum Threat

Passwords, Credential Stuffing & Brute Force Attacks

"Password Era is Ending " Microsoft to Delete 1 Billion Password to Replace "Passkey"

Millions stolen from LastPass users in massive attack — what you need to know | Tom's Guide

Credential phishing attacks rose by 703% in H2 of 2024 | Security Magazine

LastPass threat actor steals $5.4M from victims just a week before Xmas

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

LastPass 2022 hack fallout continues with millions of dollars more reportedly stolen | TechRadar

Nearly 400,000 WordPress credentials stolen | Security Magazine

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

What is a Compromised Credentials Attack?  - Security Boulevard

MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security

Cyberint's 2024 Report Highlights Surge in Credential Theft and Rise of AI-Powered Phishing - IT Security Guru

Social Media

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Study reveals vulnerability of metaverse platforms to cyber attacks

YouTube Creators Targeted in Major Phishing Campaign - Infosecurity Magazine

European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine

Meta fined for 2018 breach that exposed 30M accounts • The Register

Malvertising

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Fake Captcha Campaign Highlights Risks of Malvertising Networks - Infosecurity Magazine

Malvertising on steroids serves Lumma infostealer - Help Net Security

Malvertisers Fool Google With AI-Generated Decoys

Regulations, Fines and Legislation

UK’s internet watchdog unveils online criminal crackdown

Ofcom Issues Guidance for Tech Firms to Tackle Online Harms - Infosecurity Magazine

Why We Should Insist on Future-Proofing Cyber Security Regulatory Frameworks - Security Boulevard

Why the UK's "outdated" cyber security legislation needs an urgent refresh | ITPro

Hundreds of websites to shut down under UK's 'chilling' internet laws

The Top Cyber Security Agency in the US Is Bracing for Donald Trump | WIRED

EU Sanctions Russian Cyber Actors for “Destabilizing Actions” - Infosecurity Magazine

With DORA approaching, financial institutions must strengthen their cyber resilience - Help Net Security

Understanding NIS2: Essential and Important Entities - Security Boulevard

Study finds ‘significant uptick’ in cyber security disclosures to SEC | CyberScoop

The Year of Global AI and Cyber Security Regulations: 7 GRC Predictions for 2025 - Security Boulevard

Meta Fined $264M for Security Breach in Facebook's 'View As' Feature - CNET

Meta fined for 2018 breach that exposed 30M accounts • The Register

Trump Looks to Go 'On the Offense' Against Cyber Attackers

Models, Frameworks and Standards

How the cyber security landscape affects the financial sector

An easy to follow NIST Compliance Checklist - Security Boulevard

With DORA approaching, financial institutions must strengthen their cyber resilience - Help Net Security

Understanding NIS2: Essential and Important Entities - Security Boulevard

Using CIS Benchmarks to Assess Your System Security Posture | MSSP Alert

NIS2 Penetration Testing and Compliance - Security Boulevard

Backup and Recovery

Ransomware defences are being weakened by outdated backup technology, limited backup data encryption, and failed data backups | TechRadar

Careers, Working in Cyber and Information Security

Closing the SMB cyber security skills gap: Key steps | SC Media

Leadership in Cyber Security: A Guide to Your First Role

The key to growing a cyber security career are soft skills - Security Boulevard

Law Enforcement Action and Take Downs

Major cyber crime crackdowns signal a shift in global cyber security strategies - Policing Insight

Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop

Texan man gets 30 years in prison for running CSAM exchange • The Register

Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence  - SecurityWeek

Hacker sentenced to 69 months for stealing payment card info | SC Media

Raccoon Stealer malware operator gets 5 years in prison after guilty plea

Dodgy Firestick crackdown: full list of UK areas targeted by police

Germany blocks BadBox malware loaded on 30,000 Android devices

Romanian Netwalker ransomware affiliate sentenced to 20 years in prison

Misinformation, Disinformation and Propaganda

Romania’s election was target of cyber attacks and misinformation, parliament finds

European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Chinese wi-fi tech used in British homes investigated over hacking fears

Feds Investigate, Mull Ban on Chinese-Made Routers | Newsmax.com

TP-Link routers could be banned in the US over national security concerns | TechSpot

European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine

PHP backdoor looks to be work of Chinese-linked APT group | CyberScoop

Trump security advisor urges offensive cyber attacks on China • The Register

Russia

Russia Recruits Ukrainian Children for Sabotage and Reconnaissance - Infosecurity Magazine

Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets

EU Sanctions Russian Cyber Actors for “Destabilizing Actions” - Infosecurity Magazine

Romania’s election was target of cyber attacks and misinformation, parliament finds

Russian hackers use RDP proxies to steal data in MiTM attacks

APT29 group used red team tools in rogue RDP attacks

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

Ukraine's Defence Minister agrees with US to deepen cooperation in cyber security | Ukrainska Pravda

Largest cyber attack on Ukraine's state registers: Ministry of Justice systems shut down | Ukrainska Pravda

Russian FSB relies on Ukrainian minors for criminal activities disguised as "quest games"

Recorded Future CEO applauds "undesirable" designation by Russia

US Organisations Still Using Kaspersky Products Despite Ban - Infosecurity Magazine

Russia spent €69mn on propaganda and interference in Bulgaria and Romania, Bulgarian cyber security group reveals

Iran

Iran crew used 'cyberweapon' against US critical infra • The Register

North Korea

North Korean Hackers Stole $1.3 Billion in Crypto in 2024

Lazarus targets nuclear-related organisation with new malware | Securelist

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

Bitter APT Targets Turkish Defence Sector with WmRAT and MiyaRAT Malware

Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch

Authorities abroad use phone-cracking tools to install spyware, report says - The Washington Post

New Android NoviSpy spyware linked to Qualcomm zero-day bugs


Tools and Controls

Ransomware defences are being weakened by outdated backup technology, limited backup data encryption, and failed data backups | TechRadar

From digital risk to physical threat: Why cyber security must evolve for executives | SC Media

Why Role-Based Access Control is Critical to Your Security Stack | MSSP Alert

Addressing BYOD Vulnerabilities in the Workplace - Security Boulevard

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System

Hackers Scanning RDP Services Especially Port 1098 For Exploitation

To Defeat Cyber Criminals, Understand How They Think

Are threat feeds masking your biggest security blind spot? - Help Net Security

The evolution of incident response: building a successful strategy | TechRadar

New APIs Discovered by Attackers in Just 29 Seconds - Infosecurity Magazine

Harnessing Threat Intel and Automation to Counter Supply Chain Risks | MSSP Alert

Penetration testing – a critical component of financial cyber security in 2025

Machine identity attacks will be top of mind for security leaders in 2025 | ITPro

The pros and cons of biometric authentication | TechTarget

Wallarm Releases API Honeypot Report Highlighting API Attack Trends

Might need a mass password reset one day? Read this first.

The evolution of incident response: building a successful strategy | TechRadar

Making smart cyber security spending decisions in 2025

Why You Must Replace Your Legacy SIEM and Migrate to Modern SIEM Analytics? - IT Security Guru

Russian hackers use RDP proxies to steal data in MiTM attacks

APT29 group used red team tools in rogue RDP attacks

What will happen in the cyber insurance space during 2025? | Insurance Business America

Is Your Cloud Infrastructure Truly Protected? - Security Boulevard

The Feds Have Some Advice for 'Highly Targeted' Individuals: Don't Use a VPN

Gaining Confidence Through Effective Secrets Vaulting - Security Boulevard

NCSC Mail Check Changes & Their Impact on UK Public Sector Email Security - Security Boulevard



Other News

Hackers Scanning RDP Services Especially Port 1098 For Exploitation

Travel Cyber Security Threats and How to Stay Protected - Security Boulevard

Schools Need Improved Cyber Education (Urgently) - IT Security Guru

Study reveals vulnerability of metaverse platforms to cyber attacks

WiFi hacking for the everyday spy | Cybernews

Leadership skills for managing cyber security during digital transformation - Help Net Security

UK businesses risk disruption as PSTN switch-off approaches | Computer Weekly

MSSP Market Update: Fortune 500 Firms Fail at Cyber Security | MSSP Alert

2025 is set to bring changes in technology adoption and the evolving attack surface

Cyber Security In 2025 – A New Era Of Complexity

The Feds Have Some Advice for 'Highly Targeted' Individuals: Don't Use a VPN

Resolve to Be Resilient: Top Cyber Priorities for State and Local Government

Cyber Security Threats to Our Most Basic Needs

Cyber Security in the legal sector: awareness & proactive strategies - Legal News

Global cyber security impact on food and drink firms

Inform: The cyber complexities facing local government | UKAuthority

Santa-hacking - how to carry out a cyber attack on Father Christmas - Prolific North

Watch Out for These Holiday Cyber Attacks

How to tell if a USB cable is hiding malicious hacker hardware | PCWorld

Inform: The cyber complexities facing local government | UKAuthority

The Education Industry: Why Its Data Must Be Protected

How fan engagement impacts cyber security in sports - Verdict

Why cyber security is critical to energy modernization - Help Net Security


Vulnerability Management

Are threat feeds masking your biggest security blind spot? - Help Net Security

Drowning in Visibility? Why Cyber Security Needs to Shift from Visibility to Actionable Insight - Security Boulevard

No, Microsoft has not 'reversed course' on Windows 11 hardware requirements | ZDNET

Vulnerabilities

2024 Sees Sharp Increase in Microsoft Tool Exploits - Infosecurity Magazine

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog  - SecurityWeek

Citrix shares mitigations for ongoing Netscaler password spray attacks

Cleo MFT Zero-Day Exploits Are About Escalate

Over 25,000 SonicWall VPN Firewalls exposed to critical flaws

Windows kernel bug now exploited in attacks to gain SYSTEM privileges

Clop ransomware group claims responsibility for exploiting Cleo file transfer vulnerabilities

Over 300 orgs compromised through several DrayTek exploits | SC Media

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Chrome 131 Update Patches High-Severity Memory Safety Bugs - SecurityWeek

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Hackers are abusing Microsoft tools more than ever before | TechRadar

BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe - SecurityWeek

Microsoft confirms critical Windows Defender vulnerability. What you need to do right now. | Mashable

New Apache Tomcat Vulnerabilities Let Attackers Execute Remote Code

Undocumented DrayTek Vulnerabilities Exploited to Hack Hundreds of Orgs - SecurityWeek

Critical flaw in WordPress plugin exploited to install malicious software | SC Media

Researchers claim an AMD security flaw could let hackers access encrypted data | ITPro


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 13 December 2024

Black Arrow Cyber Threat Intelligence Briefing 13 December 2024:

-Cyber Security Risks Rise During Mergers & Acquisitions

-Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry

-AI & Cyber Security to Shape the Tech Landscape in 2025

-Phishing: The Silent Precursor to Data Breaches

-Business Cyber Understanding Gap Creates New Vulnerabilities

-Cyber Defence vs Cyber Resilience: Why It's Time to Prioritise Recovery

-UK SMEs Are Concerned About Preparedness for Cyber Attacks as Fraud Rises

-Cyber Risk to Intensify in 2025 as Attackers Switch Tactics

-Companies Pull Company and Board Leadership Bios from Their Websites After Insurance Executive’s Killing

-Boardroom Risks Revealed in Latest Beazley Report

-Employee Visits to Adult or Gambling Sites Doubles Risk of Infection by Malware

-North Korea's Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week 

Cyber Security Risks Rise During Mergers & Acquisitions

ReliaQuest’s analysis reveals heightened cyber security risks during mergers and acquisitions, with half of incidents stemming from threat actors exploiting potential security gaps, and the remainder from non-malicious employee issues. The manufacturing, finance and retail sectors were the hardest hit. One private equity CISO observed a 400% surge in phishing attempts post-M&A announcements. Key risks include phishing attacks, data leaks, and vulnerabilities due to legacy systems. ReliaQuest recommends proactive strategies like pre-due-diligence assessments, training, network segmentation, and unified logging to mitigate these risks and ensure smoother integration during M&As.

Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry

Ransomware attacks surged by 70% in 2023, hitting 4,611 reported incidents according to industry research, with one gang alone extorting an estimated $42 million. Around 80% of victims are small and medium-size organisations. Many rely on cyber security insurance with limits around £1 million, yet the median ransom soared to $6.5 million this year. This gap between insurance coverage and actual costs has driven some companies into administration. Experts warn that, although attackers often use unsophisticated techniques, they remain ruthless. Robust monitoring software, password protection and comprehensive incident response plans can provide critical defences against this escalating threat.

AI & Cyber Security to Shape the Tech Landscape in 2025

The tech landscape of 2025 will be defined by the growth of specialised AI solutions and evolving cyber security measures, according to sector leaders from Nutanix, Rubrik, Snowflake, Obsidian Security, ManageEngine, and Infoblox. Cloud-based AI agents will automate threat detection, but also heighten risks of data leaks and identity-based attacks. Industry-specific models will transform finance, healthcare, manufacturing, and hospitality, offering faster, more precise services. Organisations must enhance data access controls, involve all staff in cyber security, and align IT and business goals. Government regulations and platform-based strategies will play a critical role in supporting innovation and safeguarding operations.

Phishing: The Silent Precursor to Data Breaches

Phishing remains a silent precursor to destructive data breaches, accounting for 31% of cyber security incidents - outdone only by weak or compromised credentials and pretexting. By exploiting human psychology, phishing bypasses technological safeguards, enabling the theft of sensitive data and triggering large-scale cyber attacks. One major infrastructure breach was initiated through a phishing-driven compromise, underscoring the threat’s far-reaching impact. Organisations can reduce phishing risks by prioritising employee training, filtering malicious emails, and implementing multi-factor authentication. This multi-layered approach, combined with a strong incident response plan, is essential to help safeguard systems and protect sensitive information in the modern cyber threat landscape.

Business Cyber Understanding Gap Creates New Vulnerabilities

Cyber security insurance provider Resilience has found that many UK mid-to-large businesses lack a clear grasp of cyber security as a financial risk, despite 74% having experienced cyber crime. The survey of IT and financial leaders highlighted a worrying gap between media focus on data breaches (cited by 72% as their main worry) and the larger financial impact of ransomware (responsible for more than 80% of losses). Limited use of quantitative risk registries (54%) further hampers businesses’ ability to mitigate cyber threats.

Cyber Defence vs Cyber Resilience: Why It's Time to Prioritise Recovery

AI-driven cyber attacks are prevalent, with intruders able to remain undetected for months and most ransomware campaigns targeting backup repositories. This demands a shift from solely cyber defence to holistic cyber resilience. A strategy includes a robust backup approach, active monitoring, and an isolated recovery environment to ensure data remains clean and recoverable. Equally important is cross-functional collaboration between IT and security teams to flag and respond to breaches quickly. By prioritising recovery and resilience, organisations can maintain business operations, minimise downtime, and stay ahead of evolving cyber threats in today’s borderless IT landscape.

UK SMEs Are Concerned About Preparedness for Cyber Attacks as Fraud Rises

Online payment provider Mollie has reported that five and a half million UK SMEs lost an average of £10,800 to fraud this year, leaving nine in 10 C-Suite executives concerned about their survival. Fraud types included phishing (58%), refund scams (42%), account takeovers (30%) and carding attacks (23%). Firms spent around 15 days annually handling these threats, diverting critical resources from core operations. This underscores a growing need for effective cyber security measures that combat rising threats without stifling business growth. Mollie’s research highlights the importance of equipping smaller enterprises with balanced solutions to safeguard revenue and productivity, protecting them from ever-evolving forms of cyber attack.

Cyber Risk to Intensify in 2025 as Attackers Switch Tactics - Moody’s

According to Moody’s 2025 cyber security outlook, the threat environment is evolving as attackers target bigger businesses and harness AI for more potent attacks. Ransomware soared by 70% from 2022 to 2023, with ransom payments hitting a record $1.1 billion. Meanwhile, the share of victims paying ransoms is falling, driving cyber criminals to focus on larger organisations. Supply chain incidents are growing in parallel with the proliferation of AI-enabled scams and greater reliance on external providers. Moody’s recommends warns that robust risk assessments and improved cyber security measures, including passkeys, can help address these mounting challenges.

Companies Pull Leadership Bios from Their Websites After Insurance Executive’s Killing

Following the tragic shooting of a leading insurance executive in New York City, major health insurers have swiftly removed leadership bios from their websites. Archived versions of UnitedHealthcare, Anthem Blue Cross Blue Shield, and Elevance Health pages show these details were public until shortly after the incident. Faced with heightened security concerns, organisations are reinforcing protective measures, while private security firms report a surge in new business. This underscores an evolving risk landscape for senior leaders, prompting companies to carefully manage executive information online and reassess personal safety protocols.

Boardroom Risks Revealed in Latest Beazley Report

Beazley’s latest report highlights cyber security as the top boardroom concern, cited by 45% of executives. Regulatory compliance (41%) and ESG (35%) follow closely, yet 60% of respondents feel only moderately or poorly prepared for cyber attacks. ESG influences are expected to surge, with 68% foreseeing major board impact, but just 39% feel ready. The report urges proactive risk management, encouraging boards to strengthen internal expertise, invest in technology, and align governance strategies with shifting priorities.

Employee Visits to Adult or Gambling Sites Doubles Risk of Infection by Malware

According to new research, employees visiting gambling or adult sites can double the risk of malware infections, including coinminers, trojans, and hacking tools. Browsing illegal sites may increase malware threats by up to five times, while frequent visits to unknown websites also raise infection odds. By identifying how specific user behaviours relate to distinct malware types, organisations can tailor their cyber security defences accordingly. Governments might prioritise hacktools, whereas healthcare could focus on ransomware. Overall, the study suggests that targeted, behaviour-based cyber security measures can help organisations reduce risks cost-effectively for their unique threat profiles.

North Korea's Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years

North Korea’s covert IT workforce has reportedly generated $88 million over six years by posing as remote tech professionals, according to the US Department of Justice. Hiding their true identities and locations, these “IT warriors” channel their earnings into Pyongyang’s coffers, while some leverage access privileges to steal proprietary data and extort employers. Even cyber security businesses have been duped. Authorities have uncovered over 130 participants, linked to firms in China and Russia. Officials warn the threat persists, with continued guidance on detecting the scam and a multimillion-dollar reward in place to disrupt North Korea’s illicit revenue streams.

Sources:

https://securitybrief.co.nz/story/cybersecurity-risks-rise-during-mergers-acquisitions

https://www.claimsjournal.com/news/national/2024/12/06/327772.htm

https://securitybrief.co.nz/story/ai-cybersecurity-to-shape-the-tech-landscape-in-2025

https://www.securityweek.com/phishing-the-silent-precursor-to-data-breaches/

https://www.emergingrisks.co.uk/business-cyber-understanding-gap-creates-new-vulnerabilities/

https://betanews.com/2024/12/06/cyber-defense-vs-cyber-resilience-why-its-time-to-prioritize-recovery/

https://thefintechtimes.com/uk-smes-are-concerned-about-preparedness-for-cyberattacks-as-fraud-rises-finds-mollie/

https://www.reinsurancene.ws/cyber-risk-to-intensify-in-2025-as-attackers-switch-tactics-moodys/

https://fortune.com/2024/12/06/unitedhealthcare-major-insurance-companies-pull-company-board-leadership-bios-elevance-anthem-blue-shield-cross/

https://www.insurancebusinessmag.com/us/news/breaking-news/boardroom-risks-revealed-in-latest-beazley-report-516949.aspx

https://www.newswise.com/articles/employee-visits-to-adult-or-gambling-sites-doubles-risk-of-infection-by-malware

https://www.theregister.com/2024/12/13/doj_dpkr_fake_tech_worker_indictment/


Governance, Risk and Compliance

UK SMEs Are Concerned About Preparedness For Cyber Attacks as Fraud Rises Finds Mollie | The Fintech Times

Cyber security risks rise during mergers & acquisitions

Boardroom risks revealed in latest Beazley report | Insurance Business America

UnitedHealthcare and other major insurance companies pull company and board leadership bios from their websites after executive’s killing | Fortune

Dear CEO: It’s time to rethink security leadership and empower your CISO | CSO Online

Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks

We must adjust expectations for the CISO role - Help Net Security

Cyber defence vs cyber resilience: why it's time to prioritize recovery

Business cyber understanding gap creates new vulnerabilities

Cyber risk to intensify in 2025 as attackers switch tactics: Moody's - Reinsurance News

Cyber Security In The Digital Frontier: Reimagining Organisational Resilience

Charges Against CISOs Create Worries, Hope in Security Industry: Survey - Security Boulevard

The skills that cyber security leaders need

70 percent of cyber security leaders worry about personal liability

Report: 84% of Fortune 500 companies scored a D or worse for their cyber security efforts | Cybernews

CISOs need to consider the personal risks associated with their role - Help Net Security

Cyber security has become a strategic differentiator for organisations, says Ismail Al Naqi at GN forum | Technology – Gulf News

Cultivating a Hacker Mindset in Cyber Security Defence

Blackbaud Appoints Bradley Pyburn, Former Chief of Staff of US Cyber Command, to Board of Directors

Heed the warnings on cyber security threats - James McGachie

How to Improve Your Cyber Security On a Lower Budget | Mimecast


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry

You’ve been hit with ransomware. Think twice before you pay. | Constangy, Brooks, Smith & Prophete, LLP - JDSupra

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Cleo Vulnerability Exploitation Linked to Termite Ransomware Group - SecurityWeek

New Windows Drive-By Security Attack—What You Need To Know

What Do We Know About the New Ransomware Gang Termite?

Ransomware Victims

Blue Yonder SaaS giant breached by Termite ransomware gang

8Base hacked port operating company Luka Rijeka - Help Net Security

Separate ransomware attacks hit Japanese firms’ US subsidiaries | SC Media

Deloitte Responds After Ransomware Group Claims Data Theft - SecurityWeek

Anna Jaques Hospital ransomware breach exposed data of 300K patients

National Museum of the Royal Navy hit by cyber attack - Museums Association

Ransomware Disrupts Operations At Leading Heart Surgery Device Maker

Krispy Kreme admits there's a hole in its security • The Register

Phishing & Email Based Attacks

Businesses plagued by constant stream of malicious emails - Help Net Security

Phishing: The Silent Precursor to Data Breaches - SecurityWeek

A new report shows QR code phishing is on the rise | Security Magazine

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Cyber criminals are using virtual hard drives to drop RATs in phishing attacks | TechRadar

European Police Disrupt Phone Phishing Gang with Arrests - Infosecurity Magazine

Eight Suspected Phishers Arrested in Belgium, Netherlands - SecurityWeek

Millionaire Airbnb Phishing Ring Busted Up by Police

Brand Impersonations Surge 2000% During Black Friday

Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down - Security Boulevard

New Advanced Email Attack Warning Issued—5 Things To Know

Email security: Why traditional defences fall short in today's threat landscape

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Businesses received over 20 billion spam emails this year | TechRadar

Phishing Scam Targets Ukrainian Defence Companies - Infosecurity Magazine

5 Email Attacks You Need to Know for 2025 | Abnormal

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Understanding the Shifting Anatomy of BEC Attacks

Notorious Nigerian cyber criminal tied to BEC scams extradited to US | CyberScoop

Other Social Engineering

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

KnowBe4 Report Finds 44% of HR Professionals Have Encountered Fraudulent or Scam Job Applications - IT Security Guru

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)

Cyber criminals Impersonate Dubai Police to Defraud Consumers in the UAE - Smishing Triad in Action

Hackers are posing as job recruiters to spread a dangerous banking trojan and steal your money — don’t fall for this | Tom's Guide

Spain busts voice phishing ring for defrauding 10,000 bank customers

Fake IT Workers Funnelled Millions to North Korea, DOJ Says - SecurityWeek

Artificial Intelligence

Generative AI's cyber security potential is clear, but so far it's given hackers the upper hand | ITPro

AI & cyber security to shape the tech landscape in 2025

Microsoft Recall caught capturing credit card and Social Security numbers despite reassurances it won't | Tom's Guide

AI is a gamble we cannot afford without cyber security

Compromised AI Library Delivers Cryptocurrency Miner via PyPI - Infosecurity Magazine

AI fakes, cyber attacks threaten German election – DW – 12/06/2024

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

A Very Merry NISTmas: 2024 Updates to the Cyber Security and AI Framework | Ropes & Gray LLP - JDSupra

2FA/MFA

Microsoft Azure MFA Flaw Allowed Easy Access Bypass - Infosecurity Magazine

Microsoft MFA Bypassed via AuthQuake Attack  - SecurityWeek

No User Interaction, No Alerts: Azure MFA Cracked In An Hour

Researchers Crack Microsoft Azure MFA in an Hour

Snowflake Rolls Out Mandatory MFA Plan

Malware

Employee Visits to Adult or Gambling Sites Doubles | Newswise

Windows, macOS users targeted with crypto-and-info-stealing malware - Help Net Security

Cyber criminals are using virtual hard drives to drop RATs in phishing attacks | TechRadar

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)

Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek

Open source malware surged by 156% in 2024 | ITPro

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Remcos RAT Malware Evolves with New Techniques - Infosecurity Magazine

More advanced Zloader malware variant emerges | SC Media

Hackers are posing as job recruiters to spread a dangerous banking trojan and steal your money — don’t fall for this | Tom's Guide

This devious new malware technique looks to hijack Windows itself to avoid detection | TechRadar

New stealthy Pumakit Linux rootkit malware spotted in the wild

RedLine info-stealer campaign targets Russian businesses

North Korean hackers target South Korea with Internet Explorer vulnerabilities to deploy RokRAT malware | TechRadar

Ongoing Phishing and Malware Campaigns in December 2024

Bots/Botnets

It’s Beginning To Look A Lot Like Grinch Bots

Mobile

Lookout Discovers New Spyware Deployed by Russia and China - Infosecurity Magazine

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

'EagleMsgSpy' Android Spyware Linked to Chinese Police

New Smartphone Warning—Forget What You’ve Been Told About Security

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Experts discovered the first mobile malware families linked to Russia's Gamaredon

Telegram founder Pavel Durov questioned in Paris court for first time: Report

Apple’s iPhone Hit By FBI Warning And Lawsuit Before iOS 18.2 Release

Denial of Service/DoS/DDoS

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

Internet of Things – IoT

EU cyber security rules for smart devices enter into force | TechCrunch

DoD Digital Forensics: Unlocking Evidence In Cars, Wearables, And IoT

The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era

Vulnerabilities in Skoda & Volkswagen Cars Let Hackers Remotely Track Users

Data Breaches/Leaks

Phishing: The Silent Precursor to Data Breaches - SecurityWeek

Deloitte Denies Breach, Claims Cyber-Attack Targeted Single Client - Infosecurity Magazine

Deloitte sues 3 partners who 'leaked secrets' to rival firm

Public Reprimands, an Effective Deterrent Against Data Breaches - Infosecurity Magazine

Salt Typhoon recorded 'very senior' US officials' calls • The Register

446,000 Impacted by Center for Vein Restoration Data Breach - SecurityWeek

Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users

Cyber security expert Abi Waddell hacked huntsmen to leak their names and addresses

Attackers can abuse the Windows UI Automation framework to steal data from apps | CSO Online

Cyber security Lessons From 3 Public Breaches

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

New Atrium Health data breach impacts 585,000 individuals

Thousands of children exposed in major data breach — including names, addresses and social security numbers | Tom's Guide

US Bitcoin ATM operator Byte Federal suffered a data breach

Organised Crime & Criminal Actors

Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks

Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks - SecurityWeek

Cyber crime gang arrested after turning Airbnbs into fraud centres

Russian government spies targeted Ukraine using tools developed by cyber criminals | TechCrunch

Emulating the Financially Motivated Criminal Adversary FIN7 – Part 1 - Security Boulevard

Alleged Scattered Spider hacker arrested, indicted | SC Media

Cyber security expert Abi Waddell hacked huntsmen to leak their names and addresses

Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down - Security Boulevard

Cyber criminal marketplace Rydox seized in international law enforcement operation | CyberScoop

FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

He Investigates the Internet’s Most Vicious Hackers—From a Secret Location - WSJ

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Windows, macOS users targeted with crypto-and-info-stealing malware - Help Net Security

Radiant links $50 million crypto heist to North Korean hackers

"CP3O" pleads guilty to multi-million dollar cryptomining scheme

North Korean Group UNC4736 Blamed for Radiant Capital Breach

Compromised AI Library Delivers Cryptocurrency Miner via PyPI - Infosecurity Magazine

US Bitcoin ATM operator Byte Federal suffered a data breach

Insider Risk and Insider Threats

Employee Visits to Adult or Gambling Sites Doubles | Newswise

Deloitte sues 3 partners who 'leaked secrets' to rival firm

How To Flip the Script on the Latest Insider Threat Trends

KnowBe4 Report Finds 44% of HR Professionals Have Encountered Fraudulent or Scam Job Applications - IT Security Guru

Insurance Worker Sentenced After Illegally Accessing Claimants’ Data - Infosecurity Magazine

7 types of insider threats | University of Strathclyde

Insurance

Lloyd's of London Launches First-of-its-kind Consortium Built on HITRUST Certification to Shape the Future of Cyber Insurance

How to make your clients less attractive to cyber criminals | Insurance Business America

Supply Chain and Third Parties

Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks

Blue Yonder SaaS giant breached by Termite ransomware gang

Containers are a weak link in supply chain security

Lessons From the Largest Software Supply Chain Incidents

Cloud/SaaS

Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again | TechCrunch

Blue Yonder SaaS giant breached by Termite ransomware gang

Who handles what? Common misconceptions about SaaS security responsibilities - Help Net Security

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)

Thousands of AWS credentials stolen from misconfigured sites • The Register

Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek

Microsoft MFA Bypassed via AuthQuake Attack  - SecurityWeek

No User Interaction, No Alerts: Azure MFA Cracked In An Hour

Outages

Microsoft 365 outage takes down Office web apps, admin center

Facebook, Instagram, WhatsApp hit by massive worldwide outage

ChatGPT and Sora experienced a major outage | TechCrunch

Russian users report Gazprombank outages amid alleged Ukrainian cyber  attack | The Record from Recorded Future News

Encryption

Telegram founder Pavel Durov questioned in Paris court for first time: Report

Google says its breakthrough Willow quantum chip can’t break modern cryptography - The Verge

Apple’s iPhone Hit By FBI Warning And Lawsuit Before iOS 18.2 Release

Linux and Open Source

Open source malware surged by 156% in 2024 | ITPro

New stealthy Pumakit Linux rootkit malware spotted in the wild

Passwords, Credential Stuffing & Brute Force Attacks

Thousands of AWS credentials stolen from misconfigured sites • The Register

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Hackers Target Global Sporting Events With Fake Domains To Steal Logins

Social Media

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users

Training, Education and Awareness

Opinion: Why cyber security awareness is everyone's responsibility  | Calgary Herald

Regulations, Fines and Legislation

EU cyber security rules for smart devices enter into force | TechCrunch

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine

Why Americans must be prepared for cyber security’s worst | CyberScoop

The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era

US Telco Security Efforts Ramp Up After Salt Typhoon

Experts Call for Overhaul of National Cyber Director Role

Cyprus financial sector gears up for stricter cyber security | Cyprus Mail

Models, Frameworks and Standards

The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era

A Very Merry NISTmas: 2024 Updates to the Cyber Security and AI Framework | Ropes & Gray LLP - JDSupra

Understanding ISO 27001: The Backbone of Information Security Management: By Kajal Kashyap

Careers, Working in Cyber and Information Security

HR Magazine - Lock it in: How to close the cyber security training gap

What makes for a fulfilled cyber security career - Help Net Security

Law Enforcement Action and Take Downs

Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks - SecurityWeek

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

European Police Disrupt Phone Phishing Gang with Arrests - Infosecurity Magazine

Eight Suspected Phishers Arrested in Belgium, Netherlands - SecurityWeek

Spain busts voice phishing ring for defrauding 10,000 bank customers

Notorious Nigerian cyber criminal tied to BEC scams extradited to US | CyberScoop

Cyber criminal marketplace Rydox seized in international law enforcement operation | CyberScoop

Millionaire Airbnb Phishing Ring Busted Up by Police

"CP3O" pleads guilty to multi-million dollar cryptomining scheme

Telegram founder Pavel Durov questioned in Paris court for first time: Report

Horizon Post Office scandal: Police investigating dozens for perjury and perverting the course of justice | The Independent

Jersey police help disrupt multi-billion money laundering networks | Bailiwick Express

Misinformation, Disinformation and Propaganda

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

AI fakes, cyber attacks threaten German election – DW – 12/06/2024


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Keep cash at home due to cyber attack risks, Dutch Central Bank warns – The Irish Times

NATO Offensive cyber operations exercise Crossed Swords gets underway in Tallinn

Nation State Actors

China

Salt Typhoon recorded 'very senior' US officials' calls • The Register

Counterintelligence director reveals extent of damage from China telecom hacks - Washington Times

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine

How Chinese insiders exploit its surveillance state • The Register

Compromised Software Code Poses New Systemic Risk to US Critical Infrastructure

Chinese hackers use Visual Studio Code tunnels for remote access

US Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

US Telco Security Efforts Ramp Up After Salt Typhoon

Why did China hack the world’s phone networks?

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

US govt says Cisco gear often targeted in China's Salt Typhoon attacks on 8 telecommunications providers — issues Cisco-specific advice to patch networks to fend off attacks | Tom's Hardware

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

As US finally details Chinese Salt Typhoon attack, FCC Chair proposes new rules for telcos

'EagleMsgSpy' Android Spyware Linked to Chinese Police

Russia

Lookout Discovers New Spyware Deployed by Russia and China - Infosecurity Magazine

Keep cash at home due to cyber attack risks, Dutch Central Bank warns – The Irish Times

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Russian hacktivists target oil, gas and water sectors worldwide | SC Media

Suspected Russian hackers target Ukrainian defence enterprises in new espionage campaign | The Record from Recorded Future News

Russian government spies targeted Ukraine using tools developed by cyber criminals | TechCrunch

EU envoys to discuss first sanctions targeting Russian hybrid threats

Exploring Cyber-Darkness: How Moscow Undermines the West via the Dark Web | Geopolitical Monitor

NATO Offensive cyber operations exercise Crossed Swords gets underway in Tallinn

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

Ukraine Weighs Telegram Security Risks Amid War With Russia - The New York Times

Romania Exposes Propaganda Campaign Supporting Pro-Russian Candidate - Infosecurity Magazine

AI fakes, cyber attacks threaten German election – DW – 12/06/2024

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

Experts discovered the first mobile malware families linked to Russia's Gamaredon

Threat hunting case study: Cozy Bear | Intel 471

Phishing Scam Targets Ukrainian Defence Companies - Infosecurity Magazine

Russia disconnects several regions from the global internet to test its sovereign net | TechRadar

Russia takes unusual route to hack Starlink-connected devices in Ukraine - Ars Technica

Russian users report Gazprombank outages amid alleged Ukrainian cyber attack | The Record from Recorded Future News

RedLine info-stealer campaign targets Russian businesses

North Korea

North Korea's fake IT worker scam hauled in $88 million • The Register

Radiant links $50 million crypto heist to North Korean hackers

North Korean Group UNC4736 Blamed for Radiant Capital Breach

North Korean hackers target South Korea with Internet Explorer vulnerabilities to deploy RokRAT malware | TechRadar


Tools and Controls

Who handles what? Common misconceptions about SaaS security responsibilities - Help Net Security

Security researchers set up an API honeypot to dupe hackers – and the results were startling | ITPro

Neglect of endpoints presents a major security gap for enterprises

Conquering the Complexities of Modern BCDR

Safe Handling of Data: Why Secrets Sprawl is a Risk - Security Boulevard

Why don’t security leaders get the funds they need to succeed? | SC Media

What is Cyber Threat Detection and Response? | UpGuard

US Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

Bug bounty programs: Why companies need them now more than ever | CSO Online

Cyber Security Products or Platforms - Which is More Effective? - Security Boulevard

AI is a gamble we cannot afford without cyber security

Exposed APIs and issues in the world's largest organisations - Help Net Security

WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies

Microsoft enforces defences preventing NTLM relay attacks - Help Net Security

Businesses struggle with IT security, Kaspersky reports

Unlocking the Value of DSPM: What You Need to Know - IT Security Guru

7 Must-Know IAM Standards in 2025

Mastering PAM to Guard Against Insider Threats - Security Boulevard

The Future of Network Security: Automated Internal and External Pentesting

How to Make the Case for Network Security Audits - Security Boulevard

Strengthening security posture with comprehensive cyber security assessments - Help Net Security

Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge - Infosecurity Magazine

Generative AI's cyber security potential is clear, but so far it's given hackers the upper hand | ITPro

TPM 2.0: The new standard for secure firmware - Help Net Security

How to Improve Your Cyber Security On a Lower Budget | Mimecast




Vulnerability Management

What Is an Application Vulnerability? 8 Common Types - Security Boulevard

Containers have 600+ vulnerabilities on average - Help Net Security

Vulnerabilities

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

SonicWall Patches 6 Vulnerabilities in Secure Access Gateway - SecurityWeek

Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek

SAP Patches Critical Vulnerability in NetWeaver - SecurityWeek

Adobe Patches Over 160 Vulnerabilities Across 16 Products - SecurityWeek

Micropatching service releases fix for a zero-day vulnerability affecting three Windows generations | TechSpot

Apple Pushes Major iOS, macOS Security Updates - SecurityWeek

Apache issues patches for critical Struts 2 RCE bug • The Register

Security Flaws in WordPress Woffice Theme Prompts Urgent Update - Infosecurity Magazine

New Windows zero-day exposes NTLM credentials, gets unofficial patch

Unauthorized file access possible with chained Mitel MiCollab flaws | SC Media

New Windows Warning As Zero-Day With No Official Fix Confirmed For All Users

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Microsoft Azure MFA Flaw Allowed Easy Access Bypass - Infosecurity Magazine

Multiple Ivanti CSA Vulnerabilities Let Attackers Bypass Admin Web Console Remotely

WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies

QNAP Patches Vulnerabilities Exploited at Pwn2Own - SecurityWeek

OpenWrt supply chain attack scare prompts urgent upgrades • The Register

Atlassian, Splunk Patch High-Severity Vulnerabilities - SecurityWeek

AMD VM security tools can be bypassed, letting hackers infilitrate your devices, experts warn | TechRadar

Hunk Companion WordPress plugin exploited to install vulnerable plugins


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 11 December 2024 – Microsoft, Ivanti, Adobe, and Chrome Security Updates

Black Arrow Cyber Advisory 11 December 2024 – Microsoft, Ivanti, Adobe, and Chrome Security Updates

Executive summary

In line with Microsoft’s November Patch Tuesday, several vendors, including Ivanti, Adobe, and Google, have released security updates to fix vulnerabilities in their products. Microsoft has addressed 72 security issues, including a critical Windows Common Log File System (CLFS) vulnerability that is being actively exploited. Ivanti’s updates cover its Cloud Services Application (CSA), Connect Secure, Policy Secure, and Sentry products, fixing multiple critical vulnerabilities, one of which has the highest severity rating of 10, allowing unauthorised remote attackers to gain administrative access. Adobe has released patches for 168 security issues across various products, including Experience Manager, Connect, Animate, and InDesign. Google has updated Chrome to fix three high-severity vulnerabilities in the browser.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec

Ivanti

Further details on specific updates across affected Ivanti products can be found here:

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US

https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?language=en_US

https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?language=en_US

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540?language=en_US

Adobe

Further details of the vulnerabilities in affected Adobe products can be found here under ‘Recent bulletins and advisories’:

https://helpx.adobe.com/security/security-bulletin.html

Chrome

Further details of the vulnerabilities in the Chrome Browser products can be found here:

https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html

#threatadvisory #threatintelligence #cybersecurity


Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 06 December 2024

Black Arrow Cyber Threat Intelligence Briefing 06 December 2024:

-Generative AI Makes Phishing Attacks More Believable and Cost-Effective

-Nearly Half a Billion Emails to Businesses Contain Malicious Content

-65% of Office Workers Bypass Cyber Security to Boost Productivity

-Cyber Warfare Rising Across EU in Bid to 'Destabilise' Member States

-INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million

-Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences

-Russian Money Laundering Networks Uncovered Linking Narco Traffickers, Ransomware Gangs and Kremlin Spies

-UK Underestimates Threat of Cyber Attacks from Hostile States and Gangs

-Why You Must Beware of Dangerous New Scam-Yourself Cyber Attacks

-Security Must Be Used as a Springboard, Not Just a Shield

-Why Your Cyber Insurance May Not Cover Everything: Finding and Fixing Blind Spots

-Cyber Criminals Already Using AI for Most Types of Scams, FBI Warns

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Generative AI Makes Phishing Attacks More Believable and Cost-Effective

In a survey of 14,500 executives, IT and security professionals, and office workers, Avanti found that phishing is the top threat that is increasing due to generative AI. Training is a vital element of security, and although 57% of organisations say they use anti-phishing training to protect themselves from sophisticated social engineering attacks, only 32% believe that such training is “very effective”. Lack of skills is a major challenge for one in three security professionals. Real-time, accessible data is essential, yet 72% of IT and security data remain siloed.

Nearly Half a Billion Emails to Businesses Contain Malicious Content

A report by Hornetsecurity shows that over a third of all business emails in 2024 were unwanted, with 2.3% (around 427.8 million) containing malicious content. Phishing drove a third of all cyber attacks, while malicious URLs accounted for nearly a quarter. Reverse-proxy credential theft rose, using links instead of file attachments. Shipping brands like DHL and FedEx were the most impersonated. The data underscores the need for a zero-trust mindset and improved user awareness to strengthen defences against increasingly sophisticated threats.

65% of Office Workers Bypass Cyber Security to Boost Productivity

CyberArk found that 65% of office staff circumvent policies to improve their productivity, with half frequently reusing passwords and nearly a third sharing credentials. Over a third ignore important updates, and many use AI tools, often feeding sensitive data without adhering to guidelines. Senior executives are twice as likely to fall victim to phishing. The findings highlight the urgent need for identity-focused security strategies that enable efficient work while reducing risk.

Cyber Warfare Rising Across EU in Bid to 'Destabilise' Member States

EU cyber body ENISA reports a surge in hostile cyber activity across Europe, warning that escalating espionage, sabotage, violence, and disinformation threaten essential services and strategic interests. A successful attack on Europe’s key supply chains could have catastrophic cascading effects. Germany has formed a new task force to counter these threats before the federal election, while the UK’s national cyber agency confirms increased and more sophisticated hostile activity. Russia and China remain prominent cyber espionage threats. ENISA rates the threat to EU entities as “substantial”, as malicious cyber activity is deployed to manipulate events, destabilise societies, and undermine EU democracy and values.

INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million

INTERPOL’s latest global cyber crime crackdown led to over 5,500 arrests and seized more than $400 million in assets. Involving 40 countries, it dismantled a voice phishing operation that stole $1.1 billion from over 1,900 victims. Criminals impersonated law enforcement, exploiting digital currencies and undermining trust in financial systems. INTERPOL also warned of new scams using stablecoins and romance-themed lures to drain victims’ wallets. These results highlight the urgent need for international collaboration to counter large-scale cyber crime and protect individuals, businesses, and the integrity of digital economies.

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences

A new phishing campaign is using corrupted ZIP archives and Office documents to bypass email security measures. Since August 2024, attackers have exploited the built-in recovery features of popular software to open seemingly broken files. Users are tricked by false promises like employee benefits, and once opened, these documents contain QR codes redirecting victims to malicious websites. The files evade most security filters while appearing to function normally. This highlights how attackers continually search for new techniques to slip past cyber security tools and compromise organisations’ systems and data.

Russian Money Laundering Networks Uncovered Linking Narco Traffickers, Ransomware Gangs and Kremlin Spies

British authorities uncovered a vast Russian-linked money laundering system connecting drug traffickers, cyber criminals and sanctioned elites, resulting in over 80 arrests worldwide. This billion-dollar operation relied on two Moscow-based firms to shift value across 30 countries using cryptocurrency, property and other assets. More than £20 million in cash and cryptocurrency has already been seized. New sanctions target senior figures behind the networks, aiming to disrupt their access to global financial systems. The investigation revealed that narcotics gangs, Russian state-linked espionage activities and cyber criminals all benefited, posing a significant threat to global security and financial stability.

UK Underestimates Threat of Cyber Attacks from Hostile States and Gangs

The UK’s National Cyber Security Centre (NCSC) warns organisations are underestimating state and criminal cyber threats. Hostile activities have increased, with severe incidents trebling to 12 last year. Ransomware attacks remain a major concern, targeting sectors from academia to healthcare. The centre responded to 430 serious incidents, up from 371 previously. Russia’s “aggression and recklessness” and China’s “sophisticated” attacks highlight how critical national infrastructure and key services remain vulnerable. The call is clear: organisations must strengthen defences to address these evolving threats, which pose a growing risk to both economic stability and public services.

Why You Must Beware of Dangerous New Scam-Yourself Cyber Attacks

The latest report from cyber security provider Gen shows a 614% quarterly rise in ‘scam-yourself’ cyber attacks, where victims unwittingly paste malicious code themselves. Tactics include fake tutorials, deceptive tech support, false CAPTCHA prompts and bogus updates. This spike coincides with a 39% surge in data-stealing malware and a 1154% increase in a popular information stealer. Such threats are reshaping the landscape, catching millions off-guard and driving urgent attention to robust cyber security solutions. Business leaders must foster greater awareness and invest in proactive, multilayered cyber security strategies to protect their organisations.

Security Must Be Used as a Springboard, Not Just a Shield

Many organisations still view cyber security as a necessary expense rather than a growth catalyst. Research suggests that embracing it as a strategic enabler can boost productivity, build customer trust, and strengthen competitiveness. It found that nearly half of surveyed organisations suffered more than 12 hours of downtime after a cyber attack, with a third experiencing a full day’s disruption. As more connected environments emerge, security leaders must highlight metrics like uptime and customer satisfaction to board members. By doing so, cyber security becomes a driver of operational resilience and long-term success, not just a shield against threats.

Why Your Cyber Insurance May Not Cover Everything: Finding and Fixing Blind Spots

Only 1% of organisations recently surveyed received full reimbursement from their cyber insurance, and the average payout covered just 63% of incurred costs. Nearly half lacked clarity about what their policies covered. Common shortfalls arose when remediation expenses exceeded coverage limits or were not pre-approved, and when required security measures were not fully implemented. Strengthening cyber security practices increased the likelihood of better coverage, with more than three-quarters seeing improved terms after boosting cyber defences. Involving IT and security teams in insurance decisions and improving internal protections can help deliver more comprehensive and cost-effective cyber insurance in the future.

Cyber Criminals Already Using AI for Most Types of Scams, FBI Warns

The FBI warns that cyber criminals increasingly use generative AI to create believable text, images, audio, and video. This allows them to scale their cyber crime operations and trick victims by avoiding usual warning signs. Criminals impersonate trusted individuals, forge identification, and run convincing investment or donation scams. The FBI suggests using a secret word with loved ones, being cautious with personal details, and watching for subtle inconsistencies. Confirm unsolicited calls or messages by independently contacting banks or authorities, and limit sharing personal images or voice recordings online as a precaution.

Sources:

https://www.helpnetsecurity.com/2024/12/06/genai-phishing-attacks-concerns/

https://www.prnewswire.com/news-releases/nearly-half-a-billion-emails-to-businesses-contain-malicious-content-hornetsecurity-report-finds-302321390.html

https://www.helpnetsecurity.com/2024/12/04/employees-privileged-access-security-risk/

https://www.irishexaminer.com/news/arid-41529398.html

https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html

https://thehackernews.com/2024/12/hackers-use-corrupted-zips-and-office.html

https://therecord.media/russian-money-laundering-networks-trafficking-cybercrime-kremlin

https://www.theguardian.com/technology/2024/dec/03/uk-underestimates-threat-of-cyber-attacks-from-hostile-states-and-gangs-says-security-chief

https://www.forbes.com/sites/daveywinder/2024/12/02/why-you-must-beware-of-dangerous-new-scam-yourself-cyber-attacks/

https://betanews.com/2024/11/29/security-must-be-used-as-a-springboard-not-just-a-shield/

https://www.scworld.com/resource/why-your-cyber-insurance-may-not-cover-everything-finding-and-fixing-blind-spots

https://cybernews.com/security/cybercriminals-using-ai-for-most-types-of-scams-fbi/  



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Strikes when Organisations Unknowingly Open the Door | Security Info Watch

Does Cyber Insurance Drive Up Ransom Demands?

Why Are Hospital Ransomware Attacks Becoming More Frequent Globally? The UN Met to Discuss | HackerNoon

Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek

No company too small for Phobos ransomware gang, indictment reveals | Malwarebytes

Storm-1811 exploits RMM tools to drop Black Basta ransomware

Ransomware attacks on critical sectors ramped up in November | TechTarget

Hackers are pivoting from data breaches to business shutdowns

Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested

Ransomware's Grip on Healthcare

Ransomware Costs Manufacturing Sector $17bn in Downtime - Infosecurity Magazine

Ransomware Victims

UK hospital resorts to paper and postpones procedures after cyber attack

Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway service | ITPro

Arrowe Park: 'Longer A&E wait times' continue after cyber attack - BBC News

Cyber attack hits three NHS Liverpool hospitals | UKAuthority

British telecoms giant BT confirms attempted cyber attack after ransomware gang claims hack | The Record from Recorded Future News

Blue Yonder Confirms Reports of Recent Ransomware Attack | Console and Associates, P.C. - JDSupra

Ransomware Attack Disrupts Operations at US Contractor ENGlobal - Infosecurity Magazine

Bologna FC Hit By 200GB Data Theft and Ransom Demand - Infosecurity Magazine

Stoli Vodka and Kentucky Owl File for Bankruptcy Following Cyber Attack, Russian Seizures | NTD

Vodka maker Stoli files for bankruptcy in US after ransomware attack

Italian football club Bologna FC says company data stolen during ransomware attack | The Record from Recorded Future News

Phishing & Email Based Attacks

Novel phising campaign uses corrupted Word documents to evade security

Corrupted Word Files Fuel Sophisticated Phishing Campaign - Infosecurity Magazine

This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar

This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences

Nearly half a billion emails to businesses contain malicious content, Hornet Security report finds

KnowBe4 Releases the Latest Phishing Trends Report

GenAI makes phishing attacks more believable and cost-effective - Help Net Security

New Rockstar 2FA phishing service targets Microsoft 365 accounts

North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks

HR and IT are among top-clicked phishing subjects

Top Five Industries Aggressively Targeted By Phishing Attacks

Don't Fall For This "Sad Announcement" Phishing Scam

Defending Against Email Attachment Scams - Security Boulevard

Widespread RAT compromise via bogus emails, JavaScript payloads detailed | SC Media

50 Servers Linked to Cyber Crime Marketplace and Phishing Sites Seized by Law Enforcement - SecurityWeek

This sneaky phishing attack is a new take on a dirty old trick | PCWorld

Phishing attacks rose by more than 600% in the buildup to Black Friday | Security Magazine

Other Social Engineering

Why You Must Beware Of Dangerous New Scam-Yourself Cyber Attacks

North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC

Spotting the Charlatans: Red Flags for Enterprise Security Teams - SecurityWeek

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

Artificial Intelligence

GenAI makes phishing attacks more believable and cost-effective - Help Net Security

Cyber criminals already using AI for most types of scams, FBI warns | Cybernews

How laws strain to keep pace with AI advances and data theft | ZDNET

FBI Warns GenAI is Boosting Financial Fraud - Infosecurity Magazine

Teenagers leading new wave of cyber crime - Help Net Security

Cyber security professionals call for AI regulations

Cyber security in 2025: AI threats & zero trust focus

Do Macs get viruses? The answer is yes – and AI-powered malware is a growing threat, new report claims | TechRadar

Microsoft's Vasu Jakkal on how gen AI is redefining cyber security | VentureBeat

Treat AI like a human: Redefining cyber security - Help Net Security

AI chatbot startup WotNot leaks 346,000 files, including passports and medical records

25% of enterprises using AI will deploy AI agents by 2025 | ZDNET

The role of artificial intelligence in fostering multifaceted cooperation among BRICS nations - Africa Policy Research Institute (APRI)

2FA/MFA

This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar

This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How

Malware

North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor - Ars Technica

Venom Spider Spins Web of MaaS Malware

Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

New Windows Backdoor Security Warning For Bing, Dropbox, Google Users

Do Macs get viruses? The answer is yes – and AI-powered malware is a growing threat, new report claims | TechRadar

More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

Widespread RAT compromise via bogus emails, JavaScript payloads detailed | SC Media

SmokeLoader Malware Campaign Targets Companies in Taiwan - Infosecurity Magazine

ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

Security Bite: Threat actors are widely using AI to build Mac malware - 9to5Mac

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks | Trend Micro (US)

'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims

Mobile

8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play

SMEs put at risk by poor mobile security practices

New DroidBot Android malware targets 77 banking, crypto apps

Android's December 2024 Security Update Patches 14 Vulnerabilities - SecurityWeek

FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews

The FBI now says encryption is good for you – Computerworld

NSO Group's Pegasus Spyware Detected in New Mobile Devices

Business leaders among Pegasus spyware victims, says security firm | TechCrunch

Smartphone Security Warning—Make Changes Now Or Become A Victim

Many small businesses are falling well short when it comes to cyber security plans | TechRadar

Top 5 Mobile Security Risks for Enterprises - Zimperium

Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges

This is why the FBI is warning iOS users not to text Android users and vice versa - PhoneArena

Banking apps can now require recent Android security updates

Denial of Service/DoS/DDoS

Misconfigured WAFs Heighten DoS, Breach Risks

How DDoS attacks are shaping esports security and risk management | Insurance Business America

Internet of Things – IoT

From Patchwork to Framework: Towards a Global IoT Security Paradigm - Infosecurity Magazine

Chinese LIDAR Dominance a Cyber Security Threat, Warns Think Tank - Infosecurity Magazine

Data Breaches/Leaks

Russian hacking software used to steal hundreds of MoD log-ins  

760,000 Employee Records From Several Major Firms Leaked Online - SecurityWeek

Over 600,000 people hit in massive data breach — background checks, vehicle and property records | Tom's Guide

Sadiq Khan admits some commuters may never be refunded after TfL cyber attack

Hundreds of UK Ministry of Defence passwords found circulating on the dark web | CSO Online

White FAANG Data Export Attack: A Gold Mine for PII Threats

63% of companies plan to pass data breach costs to customers | CSO Online

Deloitte Hacked - Brain Cipher Group Allegedly Stolen 1 TB of Data

Process over top-down enforcement: prevent data leaks

Lessons in cyber security from the Internet Archive Breaches | TechRadar

Cyber attack on debt acquisition firm Cabot involved theft of 394,000 data files, court hears – DataBreaches.Net

AI chatbot startup WotNot leaks 346,000 files, including passports and medical records

Major USAID contractor Chemonics says 263,000 affected by 2023 data breach | The Record from Recorded Future News

Israeli tech firm Silicom denies Iranian claims of Mossad and Unit 8200 links after c | Ctech

Controversial Andrew Tate ‘War Room’ Videos Leaked By Hackers

Organised Crime & Criminal Actors

INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million

How laws strain to keep pace with AI advances and data theft | ZDNET

Cyber crime | At least 20% cyber crimes involve dark web usage by attackers: Report - Telegraph India

UK Justice System Failing Cyber Crime Victims, Cyber Helpline Finds - Infosecurity Magazine

Alleged Snowflake Hacker ‘Danger’ to the Public

Russia gives life sentence to Hydra dark web kingpin • The Register

Venom Spider Spins Web of MaaS Malware

Teenagers leading new wave of cyber crime - Help Net Security

Cyber criminals already using AI for most types of scams, FBI warns | Cybernews

German Police Shutter Country’s Largest Dark Web Market - Infosecurity Magazine

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Eurocops red pill the Matrix 'secure' criminal chat systems • The Register

Police seizes largest German online crime marketplace, arrests admin

50 Servers Linked to Cyber Crime Marketplace and Phishing Sites Seized by Law Enforcement - SecurityWeek

Record-Breaking $2 Million Bounty Offered To Crypto.com Hackers

Scattered Spider Hacking Gang Arrests Mount with California Teen

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024 - SecurityWeek

How North Korean hackers stole billions in crypto while posing as VCs, IT workers – Firstpost

North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC

New DroidBot Android malware targets 77 banking, crypto apps

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

Record-Breaking $2 Million Bounty Offered To Crypto.com Hackers

Insider Risk and Insider Threats

65% of employees bypass cyber security policies, driven by hybrid work and flexible access

Inside threats: How can companies improve their cyber hygiene?

Insider Threats vs. Privacy: A Dilemma for IT Professionals

Process over top-down enforcement: prevent data leaks

Macy’s found a single employee hid up to $154 million worth of expenses | CNN Business

Insurance

Does Cyber Insurance Drive Up Ransom Demands?

Re/insurance market must prepare for Single Point of Failure tech outage events: CyberCube - Reinsurance News

Cyber insurance checklist: 12 must-have security features | SC Media

Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media

Supply Chain and Third Parties

Re/insurance market must prepare for Single Point of Failure tech outage events: CyberCube - Reinsurance News

Report shows the threat of supply chain vulnerabilities from third-party products | TechRadar

Blue Yonder Confirms Reports of Recent Ransomware Attack | Console and Associates, P.C. - JDSupra

Hardening Links in Supply Chain Security | SC Media UK

Fear of cyber attack outweighs investment in security along the supply chain - The Loadstar

Cloud/SaaS

This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar

This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How

CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media

New Rockstar 2FA phishing service targets Microsoft 365 accounts

5 things you should never back up to the cloud

New Windows Backdoor Security Warning For Bing, Dropbox, Google Users

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Outages

Re/insurance market must prepare for Single Point of Failure tech outage events: CyberCube - Reinsurance News

Identity and Access Management

The New Cyber Frontier: Managing Risks in Distributed Teams - Infosecurity Magazine

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Encryption

The Growing Quantum Threat to Enterprise Data: What Next?

FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews

The FBI now says encryption is good for you – Computerworld

This is why the FBI is warning iOS users not to text Android users and vice versa - PhoneArena

Linux and Open Source

70% of open-source components are poorly or no longer maintained - Help Net Security

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor - Ars Technica

New Report Highlights Open Source Trends And Security Challenges

Passwords, Credential Stuffing & Brute Force Attacks

Hundreds of UK Ministry of Defence passwords found circulating on the dark web | CSO Online

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

Six password takeaways from the updated NIST cybersecurity framework

Microsoft's Vasu Jakkal on how gen AI is redefining cyber security | VentureBeat

Social Media

Tech Support Scams Exploit Google Ads to Target Users | Tripwire

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

Romania to recount votes as TikTok slammed for election role | Stars and Stripes

Meta says it has taken down about 20 covert influence operations in 2024 | Meta | The Guardian

Malvertising

Tech Support Scams Exploit Google Ads to Target Users | Tripwire

Regulations, Fines and Legislation

How laws strain to keep pace with AI advances and data theft | ZDNET

EC takes action as member states miss NIS2 directive deadline

NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News

6 Considerations to Determine if a Cyber Incident Is Material | Troutman Pepper - JDSupra

DORA Demystified: Dispelling 5 Myths for ICT Service Providers | Morrison & Foerster LLP - JDSupra

An Overview of the NIS2 Directive and Its Implementation in France and Luxembourg | Goodwin - JDSupra

New EU Regulation Establishes European 'Cyber Security Shield' - SecurityWeek

Cyber Security: Council of EU formally adopts Cybersecurity and Cyber Solidarity Act | Practical Law

Cyber security professionals call for AI regulations

Navigating the Changing Cyber Security Regulations Landscape

Employees suffering compliance and security fatigue | theHRD

Models, Frameworks and Standards

EC takes action as member states miss NIS2 directive deadline

NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News

New NIST Guidance Offers Update on Gauging Cyber Performance

DORA Demystified: Dispelling 5 Myths for ICT Service Providers | Morrison & Foerster LLP - JDSupra

An Overview of the NIS2 Directive and Its Implementation in France and Luxembourg | Goodwin - JDSupra

Six password takeaways from the updated NIST cybersecurity framework

Careers, Working in Cyber and Information Security

Human Intelligence is the Key to Combating the UK’s Cyber Skills Crisis | SC Media UK

Optimism About Cyber Workforce Advancements | AFCEA International

World Wide Work: Landing a Cyber Security Career Overseas

Law Enforcement Action and Take Downs

INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million

Alleged Snowflake Hacker ‘Danger’ to the Public

Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek

German Police Shutter Country’s Largest Dark Web Market - Infosecurity Magazine

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

50 Servers Linked to Cyber Crime Marketplace and Phishing Sites Seized by Law Enforcement - SecurityWeek

US arrests Scattered Spider suspect linked to telecom hacks

UK Justice System Failing Cyber Crime Victims, Cyber Helpline Finds - Infosecurity Magazine

Misinformation, Disinformation and Propaganda

German intelligence launches task force to combat foreign election interference | The Record from Recorded Future News

Cyber Attacks Could Impact Romanian Presidential Race, Officials Claim - Infosecurity Magazine

German intelligence agency warns of 'foreign interference' in upcoming elections

Meta says it has taken down about 20 covert influence operations in 2024 | Meta | The Guardian

Romania to recount votes as TikTok slammed for election role | Stars and Stripes


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Cyberwarfare 2025: The rise of AI weapons, zero-days, and state-sponsored chaos

Cyber warfare rising across EU in bid to 'destablise' member states

NATO promises better strategy against cyber attacks and undersea cables – Euractiv

NCSC head warns of fundamental ‘contest for cyber space’ as annual report shows 44% hike in most serious incidents – PublicTechnology

UK Underestimates Threat Of Cyber-Attacks, NCSC | Silicon UK

German intelligence launches task force to combat foreign election interference | The Record from Recorded Future News

Nation State Actors

China

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

US government says Salt Typhoon is still in telecom networks | CyberScoop

FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign - SecurityWeek

Microsoft spots another China spy crew stealing US data • The Register

US org suffered four month intrusion by Chinese hackers

What is Salt Typhoon? Everything you need to know about 'the worst telecom hack in [US] history' | Mashable

FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews

Australia, Canada, New Zealand, and the US warn of PRC-linked cyber espionage targeting telecom networks

Government Guidance on Chinese Telco Hacking Highlights Threat to Cisco Devices - SecurityWeek

The FBI now says encryption is good for you – Computerworld

US shares tips to block hackers behind recent telecom breaches

White House says at least 8 US telecom firms, dozens of nations impacted by China hacking campaign - ABC News

T-Mobile CSO: Cyber spies' initial access method 'is novel' • The Register

US critical infrastructure, military at risk of Chinese LiDAR tech compromise | SC Media

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks | Trend Micro (US)

Finland: Outage reported after fiber optic cable damaged – DW – 12/03/2024

Romania to recount votes as TikTok slammed for election role | Stars and Stripes

SmokeLoader Malware Campaign Targets Companies in Taiwan - Infosecurity Magazine

Russia

The UK is 'widely' underestimating online threats from hostile states and criminals, cyber security chief warns | UK News | Sky News

Russia is exploiting UK’s dependence on technology to cause ‘maximum destruction’, warns GCHQ | The Independent

NATO promises better strategy against cyber attacks and undersea cables – Euractiv

NCSC head warns of fundamental ‘contest for cyber space’ as annual report shows 44% hike in most serious incidents – PublicTechnology

‘Russia can turn the lights off’: how the UK is preparing for cyberwar | Cyberwar | The Guardian

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

Germany’s cyber security and infrastructure under attack by Russia, chancellor says – POLITICO

Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe - Infosecurity Magazine

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

NCA Disrupts Multi-Billion Dollar Russian Money Laundering Network

Russian money laundering networks uncovered linking narco traffickers, ransomware gangs and Kremlin spies | The Record from Recorded Future News

She Was a Russian Socialite and Influencer. Cops Say She’s a Crypto Laundering Kingpin | WIRED

Finland: Outage reported after fiber optic cable damaged – DW – 12/03/2024

Russian programmer says FSB agents planted spyware on his Android phone | TechCrunch

Spy v Spy: Russian APT Turla Caught Stealing From Pakistani APT - SecurityWeek

Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek

Ransomware suspect Wazawaka reportedly arrested by Russia | The Record from Recorded Future News

Russia gives life sentence to Hydra dark web kingpin • The Register

Putin and ransomware blamed for Stoli US bankruptcy filing • The Register

'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims

Romania's election systems targeted in over 85,000 cyber attacks

Agent for Russia and UK-based Bulgarian planned ‘honeytrap’ for journalist, court hears | UK news | The Guardian

Russian hacking software used to steal hundreds of MoD log-ins  

Iran

Kash Patel, Trump's pick to lead FBI, hit with Iranian cyber attack, sources say - ABC News

North Korea

North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks

How North Korean hackers stole billions in crypto while posing as VCs, IT workers – Firstpost

North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

Kimsuky Group Adopts New Phishing Tactics to Target Victims - Infosecurity Magazine

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe - Infosecurity Magazine

Polish Central Banker Testifies in Pegasus Spyware Case – BNN Bloomberg

How widespread is mercenary spyware? More than you think - Help Net Security

Study shows potentially higher prevalence of spyware infections than previously thought | CyberScoop

NSO Group's Pegasus Spyware Detected in New Mobile Devices

Business leaders among Pegasus spyware victims, says security firm | TechCrunch

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections | WIRED

How a Russian man’s harrowing tale shows the physical dangers of spyware | CyberScoop





Vulnerability Management

Microsoft Warns 400 Million PC Owners—This Ends Your Windows Updates

70% of open-source components are poorly or no longer maintained - Help Net Security

Report shows the threat of supply chain vulnerabilities from third-party products | TechRadar

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Vulnerabilities

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) - Help Net Security

Cisco ASA flaw CVE-2014-2120 is being exploited in the wild

Android's December 2024 Security Update Patches 14 Vulnerabilities - SecurityWeek

Bootloader Vulnerability Impacts Over 100 Cisco Switches - SecurityWeek

Critical Vulnerability Found in Zabbix Network Monitoring Tool - SecurityWeek

CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

TP-Link Archer Zero-Day Vulnerability Let Attackers Inject Malicious Commands

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) - Help Net Security

CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks - SecurityWeek

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

Japan warns of IO-Data zero-day router flaws exploited in attacks

Rather than fixing its old routers, D-Link is telling customers to upgrade


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 29 November 2024

Black Arrow Cyber Threat Intelligence Briefing 29 November 2024:

-Phishing Attacks Dominate Threat Landscape in Q3 2024

-Rising Cyber Threat Driven by Single Point of Failure Risk

-Cloned Customer Voice Beats Bank Security Checks

-Avoiding Cyber Complacency as a Small Business

-Your IT Infrastructure May Be More Outdated Than You Think

-Cyber Attacks Cost UK Businesses £44 Billion During Past 5 Years, Howden Survey

-83% of Organisations Reported Insider Attacks in 2024

-Blue Yonder Ransomware Attack Disrupts Supply Chains Across UK and US

-North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

-UK Scam Losses Surge 50% Annually to £11.4bn

-In a Growing Threat Landscape, Companies Must do Three Things to Get Serious About Cyber Security

-Russian Threat Actors Poised to Cripple Power Grid, UK Warns

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Phishing Attacks Dominate Threat Landscape in Q3 2024

ReliaQuest's recent report reveals that spear phishing attacks accounted for 46% of security incidents in Q3 2024, becoming the most prevalent threat. High employee turnover and accessible phishing kits contribute to this trend, with untrained new hires increasing vulnerability. The report also highlights a 20% surge in cloud-based security threats and a 7% rise in insider threat activity, with cyber criminals offering up to $10,000 weekly for insider assistance. Despite awareness of these risks, organisations continue to face significant challenges in mitigating them.

Rising Cyber Threat Driven by Single Point of Failure Risk

CyberCube reports that escalating cloud service provider outages and single point of failure events are significantly increasing the risk of unplanned technology outages for organisations. These disruptions are accelerating, impacting critical services across sectors. The report highlights that the Energy & Utilities industry is highly exposed with varying security levels, while the Transportation & Logistics sector is exposed but more secure. Many US public sector entities are under-secured despite high exposure to cyber threats. It emphasises that insurers must adapt by refining policy language, enhancing threat intelligence, and collaborating with governments to mitigate these evolving risks.

Cloned Customer Voice Beats Bank Security Checks

Recent investigations have revealed that AI-cloned voices can bypass voice recognition security in banking systems. A BBC test showed that cloned voices successfully overcame voice ID checks at major banks, including Santander and Halifax. Despite assurances from banks about the security of voice ID, the ease with which these systems were breached, even using basic equipment, highlights significant vulnerabilities. Cyber security experts warn that the rapid advancement of generative AI presents new risks to biometric authentication methods. This raises concerns about the effectiveness of current security measures and underscores the need for enhanced protections against sophisticated AI-enabled fraud.

Avoiding Cyber Complacency as a Small Business

A recent survey revealed that half of all UK businesses, including many small and medium-sized enterprises, experienced a cyber attack in the past year. Despite this high incidence, only 22% have a formal incident response plan, indicating widespread cyber complacency. With the average cost to remedy an attack estimated at £21,000, small businesses are at significant financial risk. Many maintain outdated security measures and prioritise other concerns due to limited resources. To mitigate these risks, organisations are advised to stay vigilant, educate employees on threats like phishing, implement robust backup solutions, and develop clear disaster recovery plans.

Your IT Infrastructure May Be More Outdated Than You Think

Kyndryl's recent survey reveals a significant disconnect between CEOs and IT leaders regarding IT infrastructure readiness. While about two-thirds of CEOs are concerned their IT systems are outdated or nearing end-of-life, 90% of IT leaders believe their infrastructure is best in class. Contradictorily, only 39% of IT leaders feel prepared to manage future risks and disruptions, and 44% of executives admit their IT systems have aged past expected lifespans. The report underscores the need for continual reassessment of IT tools to balance operational needs with innovation, as outdated systems can quickly hinder an organisation's competitiveness.

Cyber Attacks Cost UK Businesses £44 Billion During Past 5 Years, Howden Survey

Howden's research has revealed that cyber attacks have cost UK businesses £44 billion in lost revenue over the past five years. Over half of these businesses, particularly those with revenues over £100 million, have suffered at least one cyber attack, with compromised emails and data theft being the most common causes. Despite this significant impact, the uptake of basic cyber security measures remains low, with only 61% using antivirus software and 55% employing network firewalls. The report suggests that implementing fundamental cyber security practices could reduce cyber attack costs by up to 75%, saving approximately £30 billion over five years.

83% of Organisations Reported Insider Attacks in 2024

A publication by news site Cybersecurity Insiders reports that 83% of organisations experienced at least one insider attack in the past year. The incidence of insider threats has escalated, with the percentage of organisations facing between 11 to 20 attacks increasing from 4% to 21% in the last 12 months. Despite 93% recognising the importance of strict visibility and control, only 36% have effective solutions in place. Recovery costs are significant, with 32% of organisations spending between $100,000 and $499,000, and 21% facing costs between $1 million and $2 million. Lack of employee awareness is a major factor, with 32% citing it as a contributor to attacks.

Blue Yonder Ransomware Attack Disrupts Supply Chains Across UK and US

Blue Yonder, a supply chain software company, has experienced a ransomware attack that disrupted services for major clients. The incident impacted key customers, including Starbucks and leading UK supermarkets like Morrisons and Sainsbury's, causing operational disruptions and forcing activation of contingency plans. Despite working with external cyber security experts, Blue Yonder has yet to provide a timeline for restoration. This event underscores the increasing vulnerability of supply chains to cyber attacks. A recent survey found that 62% of organisations faced ransomware attacks from software supply chain partners in the past year, highlighting the widespread nature of these threats.

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Microsoft has reported that North Korean hackers have stolen over $10 million in cryptocurrency through sophisticated social engineering campaigns on LinkedIn. These cyber security threats are escalating, with attackers posing as recruiters or venture capitalists to trick targets into downloading malware. Despite increased awareness, organisations remain vulnerable as hackers use artificial intelligence tools to create convincing fake profiles and documents. North Korean IT workers abroad have also generated at least $370,000 through legitimate work, but pose additional risks by abusing access to steal intellectual property and demand ransoms.

UK Scam Losses Surge 50% Annually to £11.4bn

Cifas reports that UK online fraud losses have surged to over £11bn in the past year, a £4bn increase from the previous year. 15% of the 2000 survey participants lost money to scammers in 2024, up from 10% in 2023, with average losses of £1400 per victim. Less than a fifth recovered their money, and only 28% reported the incidents to the police. Email was the most common fraud channel, cited by nearly 70% of respondents. With scams expected to intensify during the holiday season, there is a pressing need for improved security measures and cross-sector collaboration.

In a Growing Threat Landscape, Companies Must do Three Things to Get Serious About Cyber Security

Enterprises are facing a more sophisticated threat landscape due to digital transformation, hybrid work, and AI adoption, making it imperative to prioritise cyber security. Leadership at the C-suite and board level must drive this change by investing appropriately, as underfunded security can lead to lost revenue and legal issues. A strong, empowered CISO is crucial for identifying vulnerabilities and guiding necessary actions. Adopting frameworks like NIST Cybersecurity Framework 2.0 helps organisations manage risks effectively, promoting prevention and response strategies that can also reduce liability in the event of a breach.

Russian Threat Actors Poised to Cripple Power Grid, UK Warns

The UK government warns that Russian cyber threat actors are poised to conduct cyber attacks that could disrupt critical national infrastructure, potentially "turning off the lights for millions". These threats have already targeted UK media, telecoms, and political institutions. However, experts caution that such rhetoric may overstate Russia's actual capabilities and risk causing unnecessary panic. In response, the government is investing £8.22 million in a new AI cyber lab to bolster national security and an additional £1 million to enhance incident response among allies.

Sources:

https://informationsecuritybuzz.com/phishing-attacks-dominate-threat-lands/

https://www.emergingrisks.co.uk/rising-cyber-threat-driven-by-single-point-of-failure-risk/

https://www.bbc.co.uk/news/articles/c1lg3ded6j9o

https://betanews.com/2024/11/28/avoiding-cyber-complacency-as-a-small-business/

https://www.cio.com/article/3610867/your-it-infrastructure-may-be-more-outdated-than-you-think.html

https://www.insurancejournal.com/news/international/2024/11/27/802913.htm

https://securityintelligence.com/articles/83-percent-organizations-reported-insider-threats-2024/

https://www.techmonitor.ai/technology/cybersecurity/blue-yonder-ransomware-attack-disrupts-supply-chains-across-uk-and-us

https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html

https://www.infosecurity-magazine.com/news/uk-scam-losses-surge-50-annually/

https://securityboulevard.com/2024/11/in-a-growing-threat-landscape-companies-must-do-three-things-to-get-serious-about-cybersecurity/

https://www.computerweekly.com/news/366616324/Russian-threat-actors-poised-to-cripple-power-grid-UK-warns



Threats

Ransomware, Extortion and Destructive Attacks

Five Ransomware Groups Responsible for 40% of Cyber-Attacks in 2024 - Infosecurity Magazine

One of the nastiest ransomware groups around may have a whole new way of doing things | TechRadar

VPN Vulnerabilities Drive Nearly 30% Of Q3 Ransomware Attacks

CISA says BianLian ransomware now focuses only on data theft

The case for a ransomware payment ban - Tech Monitor

Growth in phishing, changes in ransomware crews mark threat landscape | SC Media

Fresh warning issued over encryption-less ransomware as notorious threat group shifts tactics | ITPro

Pro-Russian Hacktivists Launch Branded Ransomware Operations - Infosecurity Magazine

Ransomware payments are now a critical business decision - Help Net Security

Ransomware Groups Targeting VPNs for Initial Access: Report | MSSP Alert

BlackBasta Ransomware Brand Picks Up Where Conti Left Off

CyberVolk analysis explores ransomware, hacktivism interconnections | SC Media

Mimic Ransomware: What You Need To Know | Tripwire

Zyxel firewalls targeted in recent ransomware attacks

Victims Must Disclose Ransom Payments Under Australian Law

Ransomware Victims

Microlise Confirms Data Breach as Ransomware Group Steps Forward - SecurityWeek

Blue Yonder ransomware attack disrupts supply chains across UK and US

Wake Up And Smell The Ransomware—Starbucks Impacted By Cyber Attack

Supply chain vendor Blue Yonder succumbs to ransomware • The Register

'Real threat' still posed by hackers says council subject to devastating cyber attack four years ago - Teesside Live

NHS declares major cyber incident for third time this year • The Register

Further disruption expected after latest NHS cyber attack | Computer Weekly

Phishing & Email Based Attacks

Business Email Compromise Scams: What They Are, and How to Avoid Them | Ogletree, Deakins, Nash, Smoak & Stewart, P.C. - JDSupra

Phishing Attacks Dominate Threat Landscape In Q3 2024

Email Phishing and DMARC Statistics - Security Boulevard

Growth in phishing, changes in ransomware crews mark threat landscape | SC Media

Hackers Update Tactics to Bypass Multifactor Authentication - Petri IT Knowledgebase

Rise in phishing attacks observed from August to October 2024

Flying Under the Radar - Security Evasion Techniques

Phishing attacks via ‘URL rewriting’ to evade detection escalate | SC Media

Scammers use you're fired lures in phishing campaign • The Register

“Sad announcement” email implies your friend has died | Malwarebytes

OpenSea NFT Phishers Aim to Drain Crypto Wallets

Email Is Insecure: 4 Reasons I Avoid It Like the Plague

Three-Quarters of Black Friday Spam Emails Identified as Scams - Infosecurity Magazine

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Business Email Compromise Scams: What They Are, and How to Avoid Them | Ogletree, Deakins, Nash, Smoak & Stewart, P.C. - JDSupra

Other Social Engineering

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

How to recognize employment fraud before it becomes a security issue - Help Net Security

Meta Finally Breaks Its Silence on Pig Butchering | WIRED

Bangkok busts SMS Blaster sending 1 million scam texts from a van

North Korea Deploying Fake IT Workers in China, Russia, Other Countries - SecurityWeek

Artificial Intelligence

Cloned customer voice beats bank security checks - BBC News

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Over a Third of Firms Struggling With Shadow AI - Infosecurity Magazine

AI in cyber security: Not yet autonomous, but the time to prepare is now

British spies to ramp up fight against Russian cyber threats with launch of cutting-edge... - LBC

Russia plotting to use AI to enhance cyber-attacks against UK, minister will warn | Russia | The Guardian

Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

AI is the latest tool in the cyber security cat-and-mouse game - Fast Company

AI Used for Good and Bad — Like Making Trickier Malware, Says Report

Teaching AI to Hack: Researchers Demonstrate ChatGPT's to Ethically Hack Linux & Windows

Deepfakes of Elon Musk are contributing to billions of dollars in fraud losses in the U.S. - CBS News

Organisations unprepared for the AI onslaught must do these 4 things | ZDNET

'Tis the season for website cloning tools, RCEs and AI phishing lures | SC Media

2FA/MFA

‘Adversary in the middle attacks’ are becoming hackers’ go-to method to bypass MFA | ITPro

Hackers Update Tactics to Bypass Multifactor Authentication - Petri IT Knowledgebase

Malware

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

2024 saw a surge in malicious free VPN apps | TechRadar

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems | SC Media

Salt Typhoon hackers backdoor telcos with new GhostSpider malware

What cyber attacks are bots commonly associated with?

Aggressive Chinese APT Group Targets Governments with New Backdoors - Infosecurity Magazine

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

Skimmer Malware Targets Magento Sites Ahead of Black Friday

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

Hackers abuse Avast anti-rootkit driver to disable defences

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

IoT Device Traffic Up 18% as Malware Attacks Surge 400% - Infosecurity Magazine

The source code of Banshee Stealer leaked online

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

How Facebook and Instagram Malware Works (and How to Spot It Before You Click)

Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels

AI Used for Good and Bad — Like Making Trickier Malware, Says Report

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

Gaming Engines: An Undetected Playground for Malware Loaders - Check Point Research

Bots/Botnets

What cyber attacks are bots commonly associated with?

Growing Matrix Botnet Poses Escalating Global Threat

Mobile

Why you should power off your phone once a week - according to the NSA | ZDNET

One Down, Many to Go with Pre-Installed Malware on Android | Electronic Frontier Foundation

Denial of Service/DoS/DDoS

Here’s how simple it is for script kiddies to stand up DDoS services | CyberScoop

Is Your Router In The Matrix—35 Million Devices Under Blue Pill Attack

Internet of Things – IoT

My Car Knows My Secrets, and I'm (Mostly) OK With That

Growing Matrix Botnet Poses Escalating Global Threat

IoT Device Traffic Up 18% as Malware Attacks Surge 400% - Infosecurity Magazine

Data Breaches/Leaks

Prison layouts reportedly leaked on dark web in data breach - BBC News

Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records

New York Fines Geico and Travelers $11 Million Over Data Breaches - SecurityWeek

A US soldier is suspected of being behind the massive Snowflake data leak | CSO Online

Data broker leaves 600K+ sensitive files exposed online • The Register

TfL cyber attack: Independent review will examine huge hack and response | The Standard

Military dating site leaves database with 1M records exposed | Biometric Update

HIA: Survivors awarded £30,000 after data breach - BBC News

Zello asks users to reset passwords after security incident

Hack Against Andrew Tate Continues With Leak Of Staff Chats

Hackers Breach Andrew Tate's Online 'University,' Exposing 800,000 Users

Organised Crime & Criminal Actors

The rise and fall of the 'Scattered Spider' hackers | TechCrunch

Major cyber crime crackdowns signal shift in global cyber security strategies

Interpol: Major cyber crime operation nets 1,006 suspects – DataBreaches.Net

Authorities disrupt major cyber crime operation, 1000+ suspects arrested - Help Net Security

US alleges man is cyber crook with distaste for opsec • The Register

DoJ seized credit card marketplace PopeyeTools

DOJ: Man hacked networks to pitch cyber security services

'Hacker' breaks into gym to get hired, gets arrested instead | PCWorld

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers | TechCrunch

Crypto Hacks Drop 15% Year-to-Date, over $70 Million Lost in November

Deepfakes of Elon Musk are contributing to billions of dollars in fraud losses in the U.S. - CBS News

OpenSea NFT Phishers Aim to Drain Crypto Wallets

Insider Risk and Insider Threats

83% of organisations reported insider attacks in 2024

Human Factors in Cyber Security in 2024 | UpGuard

Insurance

Cyber attacks cost British businesses $55 billion in past five years, broker says | Reuters

Howden urges insurers to tackle cyber cover penetration gap as 52% report attack in last five years | Insurance Times

Supply Chain and Third Parties

Rising cyber threat driven by Single Point of Failure risk

Blue Yonder ransomware attack disrupts supply chains across UK and US

Wake Up And Smell The Ransomware—Starbucks Impacted By Cyber Attack

Supply chain vendor Blue Yonder succumbs to ransomware • The Register

Outages

Microsoft CEO Nadella Calls for 'Culture Change' After Security Lapses - Business Insider

Rising cyber threat driven by Single Point of Failure risk

Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint

Microsoft aims for better Windows security • The Register

CrowdStrike still doesn’t know cost of Falcon flame-out • The Register

Encryption

Albanian Drug Smugglers Busted After Cops Decrypt Comms - Infosecurity Magazine

Linux and Open Source

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems | SC Media

Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels

Passwords, Credential Stuffing & Brute Force Attacks

Passwords are giving way to better security methods – until those are hacked too, that is | US small business | The Guardian

I Ran a Password Audit and Was Suprised How Many Outdated Passwords I Have

Zello asks users to reset passwords after security incident

Stop Using Your Passwords—1Password And Google Warn

Social Media

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Meta Finally Breaks Its Silence on Pig Butchering | WIRED

Meta Shutters Two Million Scam Accounts in Pig Butchering Crackdown - Infosecurity Magazine

How Facebook and Instagram Malware Works (and How to Spot It Before You Click)

Regulations, Fines and Legislation

The EU Cyber Resilience Act: Implications for Companies | Hogan Lovells - JDSupra

New York Fines Geico and Travelers $11 Million Over Data Breaches - SecurityWeek

EC opens new infringement procedures against Bulgaria and 22 other EU countries over cyber security rules - Българска национална телевизия

EU: Cyber Resilience Act published in EU Official Journal | DLA Piper - JDSupra

HIA: Survivors awarded £30,000 after data breach - BBC News

US senators propose mandated MFA, encryption in healthcare • The Register

Opportunities for Regulatory Harmonization Under Trump's Deregulation Agenda

Telecoms Security Act Compliance... - Analysis - Mobile News

Cyber security bill passes parliament - Security - iTnews

Victims Must Disclose Ransom Payments Under Australian Law

Models, Frameworks and Standards

The EU Cyber Resilience Act: Implications for Companies | Hogan Lovells - JDSupra

EC opens new infringement procedures against Bulgaria and 22 other EU countries over cyber security rules - Българска национална телевизия

EU: Cyber Resilience Act published in EU Official Journal | DLA Piper - JDSupra

Why Cyber Security Leaders Trust the MITRE ATT&CK Evaluations

Careers, Working in Cyber and Information Security

Practical strategies to build an inclusive culture in cyber security - Help Net Security

8 Tips for Hiring Neurodivergent Talent

Why IT Leaders Should Hire Veterans for Cyber Security Roles

How cyber security certification can drive business growth - Digital Journal

The Next Hot Cyber Security Skill for Your Resume? Empathy

Law Enforcement Action and Take Downs

The rise and fall of the 'Scattered Spider' hackers | TechCrunch

Major cyber crime crackdowns signal shift in global cyber security strategies

Interpol: Major cyber crime operation nets 1,006 suspects – DataBreaches.Net

Authorities disrupt major cyber crime operation, 1000+ suspects arrested - Help Net Security

Bangkok busts SMS Blaster sending 1 million scam texts from a van

US alleges man is cyber crook with distaste for opsec • The Register

DoJ seized credit card marketplace PopeyeTools

Telco engineer spying on employer for Beijing gets 4 years • The Register

US Citizen Sentenced for Spying on Behalf of China's Intelligence Agency

Calls for a ‘more offensive’ police approach to cyber attacks and a stronger national tech strategy - Policing Insight

Albanian Drug Smugglers Busted After Cops Decrypt Comms - Infosecurity Magazine

DOJ: Man hacked networks to pitch cyber security services

'Hacker' breaks into gym to get hired, gets arrested instead | PCWorld

Police bust pirate streaming service making €250 million per month

Telco engineer spying on employer for Beijing gets 4 years • The Register

Misinformation, Disinformation and Propaganda

Google Deindexes Chinese Propaganda Network - Infosecurity Magazine

Google blocked 1000 pro China websites from services • The Register

'Operation Undercut' Adds to Russia Influence Campaigns


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters

“Cyber war is now a daily reality”, UK government minister says

UK calls for stronger NATO cyber defences

Wire cutters: how the world’s vital undersea data cables are being targeted | Telecoms | The Guardian

5th Generation War: A War Without Borders and its Impact on Global Security - Modern Diplomacy

Nation State Actors

China

The Cyberthreats from China are Ongoing: U.S. Officials - Security Boulevard

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

Chinese vessel 'sabotaged' Baltic deep sea cables and may have been under orders from Russia

Satellite Image Shows Chinese Ship Suspected of Sabotage in 'NATO Lake' - Newsweek

Salt Typhoon’s cyber storm reaches beyond US telcos • The Register

Chinese hackers preparing for conflict, says US cyber official | The Straits Times

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems | SC Media

China's Cyber Offensives Helped by Private Firms, Academia

Accident or sabotage? American and European officials disagree as key undersea cables are cut | CNN

Google Deindexes Chinese Propaganda Network - Infosecurity Magazine

China's telco attacks mean 'thousands' of boxes compromised • The Register

Top senator calls Salt Typhoon “worst telecom hack in our nation’s history” - The Washington Post

CrowdStrike identifies new China hackers breaching telecom networks

NSA Director Wants Industry to Disclose Details of Telecom Hacks - Bloomberg

T-Mobile Engineers Spotted Hackers Running Commands on Routers - Bloomberg

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions | Trend Micro (US)

US must counter new Chinese cyber attacks. Remember how it lost nuclear monopoly?

China Conceling State, Corporate & Academic Assets For Offensive Attacks

China’s Surveillance State Is Selling Citizen Data as a Side Hustle | WIRED

Aggressive Chinese APT Group Targets Governments with New Backdoors - Infosecurity Magazine

Google blocked 1000 pro China websites from services • The Register

Telco engineer spying on employer for Beijing gets 4 years • The Register

US Citizen Sentenced for Spying on Behalf of China's Intelligence Agency

Telco engineer spying on employer for Beijing gets 4 years • The Register

Imagine a land where algorithms don't ruin the Internet • The Register

Russia

Russia ‘aggressive’ and ‘reckless’ in cyber realm and threat to Nato, UK minister to warn | UK news | The Guardian

Britain should prepare for 'aggressive and reckless' Russian cyber attacks, minister warns

UK warns of imminent Russian cyber attacks targeting NATO amid Ukraine war | World News - Hindustan Times

Chinese vessel 'sabotaged' Baltic deep sea cables and may have been under orders from Russia

Russian Cyberespionage Group Hit 60 Victims in Asia, Europe - SecurityWeek

Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED

Nato countries are in a ‘hidden cyber war’ with Russia, says Liz Kendall | The Standard

Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters

Nato countries in 'hidden cyber war' with Russia, minister warns | ITV News

Russian hybrid attacks may lead to NATO invoking Article 5, says German intel chief | Reuters

UK closely monitoring Russian spy ship as it passes near British Isles — 'undersea cables are a shared concern' says Ministry of Defence | Tom's Hardware

Accident or sabotage? American and European officials disagree as key undersea cables are cut | CNN

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyber Attacks

Firefox and Windows zero-days exploited by Russian RomCom hackers

Is Your Router In The Matrix—35 Million Devices Under Blue Pill Attack

Russia-linked APT TAG-110 uses targets Europe and Asia - Security Affairs

'Operation Undercut' Adds to Russia Influence Campaigns

CyberVolk analysis explores ransomware, hacktivism interconnections | SC Media

CISA says BianLian ransomware now focuses only on data theft

Here’s how simple it is for script kiddies to stand up DDoS services | CyberScoop

Pro-Russian Hacktivists Launch Branded Ransomware Operations - Infosecurity Magazine

North Korea

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

North Korea Deploying Fake IT Workers in China, Russia, Other Countries - SecurityWeek

North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers | TechCrunch

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

Man warns 'this is just the beginning' after cyber attack on Merseyside Police - Liverpool Echo


Tools and Controls

VPN Vulnerabilities Drive Nearly 30% Of Q3 Ransomware Attacks

2024 saw a surge in malicious free VPN apps | TechRadar

How to recognize employment fraud before it becomes a security issue - Help Net Security

AI in cyber security: Not yet autonomous, but the time to prepare is now

Incident response diplomacy: UK to launch new capability to help attacked allies | The Record from Recorded Future News

Email Phishing and DMARC Statistics - Security Boulevard

Ransomware Groups Targeting VPNs for Initial Access: Report | MSSP Alert

Microsoft Teams monitoring tips for admins | TechTarget

Cyber security’s oversimplification problem: Seeing AI as a replacement for human agency | CSO Online

What is compliance risk? | Definition from TechTarget

Is Cyber Threat Intelligence Worthless? - Security Boulevard

Machine Learning in Cyber Security: Harnessing the Power of Five AI Tribes - Security Boulevard

CIOs warned of AI over-reliance in cyber security defence

AI Used for Good and Bad — Like Making Trickier Malware, Says Report

Modern workplaces increasingly resemble surveillance zones • The Register

The role of data recovery in cyber resilience

AI is the latest tool in the cyber security cat-and-mouse game - Fast Company

Businesses prioritize cyber security in digital transformation: GSMAi

Data Security Best Practices: 7 Tips to Crush Bad Actors | MSSP Alert

Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours

DOJ: Man hacked networks to pitch cyber security services

'Hacker' breaks into gym to get hired, gets arrested instead | PCWorld

The ‘Great IT Rebrand’: Restructuring IT for business success | CIO




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More