Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023

The UK Government’s Joint Committee on the National Security Strategy (JCNSS) has published its response to a ransomware enquiry with stark conclusions, stating that there is a lot to be done to truly tackle the threat posed by ransomware. The chair of the JCNSS said that the UK is and will remain exposed and unprepared if it continues to take a “head in the sand” attitude to ransomware. The minister for artificial intelligence (AI) called upon organisations to “step up their cyber security plans to guard against threats, protect their customers and workforce, and our wider economy.” This comes as the Government’s Cyber Security Longitudinal Survey (CSLS) found that three-quarters of UK businesses and 79% of UK charities experienced a cyber security incident in the last 12 months.

Despite progress, there's a pressing need for organisations to shift from viewing cyber security as solely an IT concern to recognising its integral role across all business functions, particularly in the face of escalating cyber threats. With only half of UK board members having had security training, only a quarter of businesses assessing suppliers for possible security risks, and a fifth of UK boards failing to discuss cyber security even once, the time to improve UK businesses is now.

Sources: [Emerging Risks Media Ltd] [CITY A.M.] [Verdict] [Computer Weekly]

1% of Users are Responsible for 88% of Data Loss Events

New research has shown that that 85% of organisations experienced a data loss in the past year, with 9 out of 10 of those facing a negative outcome such as business disruption, revenue loss and reputational damage. The research found that 1% of users were responsible for 88% of events. It is important to understand this is not always intentionally malicious; it can be accidental or negligent. The research found for example, that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventative strategies such as implementing a security review process for this user category.

With as little as 1% of users causing most alerts, organisations need to monitor their most sensitive data and who can access it. This should also include data loss prevention features, to further reduce the risk.

Source: [Help Net Security]

Microsoft Report Says 87% of UK Organisations are Vulnerable to Cyber Attacks in the Age of AI

New research conducted by Microsoft has found that 87% of UK Businesses are unprepared for the age of AI due to their vulnerability to cyber attacks, leaving a mere 13% considered resilient. Further, Microsoft stated that 39% of organisations were at high risk. For organisations, AI can be a tough obstacle to overcome in their journey to cyber resiliency, and it’s important to seek guidance if the available skills are not in-house.

Sources: [Microsoft] [TechRadar ] [The Times] [Infosecurity Magazine]

Cyber Naivety Leaves 4 out of 5 Businesses Wide Open, Only 1 in 5 Has a Plan

Research conducted by Cowbell Insurance has found that the UK is exhibiting a rather cavalier approach to security with 77% of UK SMEs not having any in-house security, 32% of CEOs being confident a cyber attack would not impact their ability to do business and 87% not considering reputational damage as a significant risk. This contrasts with the UK Government’s latest cyber security breaches survey, which found 59% of medium businesses experienced breaches or attacks in the last 12 months. Cowbell have stated that that UK SMEs are leaving themselves wide open to the threats and only 1 in 5 organisations had a dedicated plan to deal with a cyber attack.

A cyber security incident response plan (IRP) allows an organisation to have a documented and formalised process for dealing with a cyber incident. The IRP should be exercised annually, and cover roles and responsibilities, communications and escalations to detect, analyse, contain, eradicate and recover from an incident.

Sources: [Business Mondays] [Insurance Times] [Reinsurance News] [Gloucestershire Live]

Risk and Regulation: Preparing for the Era of Cyber Security Compliance

The next twelve months will see new regulations in many countries, and that means more things to comply with. The EU has two new regulations relating to cyber security: the NIS2 directive and the Digital Operational Resilience Act (DORA). However, despite their EU origin, the inclusion of supply chain companies within the regulations means their impact and reach will extend outside of the European Union itself. Both regulations are risk-management based in their approach.

In order to prepare, decision makers need to first understand what they are complying with and in some cases, this may require sourcing external help to fully ensure the organisation is compliant. Once this is understood, they can start implementing their compliance strategy. Research has shown that some 43% of enterprises surveyed had failed a compliance audit, making them ten times more likely to suffer a data breach.

Sources: [Security Week] [Verdict]

Ransomware Attacks Jump 73% Within a Year

A recent report has shown that ransomware surged by 46% in February 2024, compared to January of the same year and 73% higher than February of the previous year. The LockBit ransomware group claimed responsibility for 110 attacks in February alone. The results show that ransomware is not only still an issue, but one that is consistently rising and if your organisation isn’t already implementing procedures to their risk, it is imperative to start now. Lockbit was taken down in a coordinated law enforcement operation earlier this year; only time will tell how effective that operation was or whether, as with the Hydra from Greek mythology, cutting off one head just causes more to grow in its place.

Source: [TechTarget]

The New CISO - Rethinking the Role

The role of Chief Information Security Officers (CISOs) faces a pivotal transformation. Traditionally tasked with safeguarding company assets against cyber threats, CISOs now find themselves straddling the realms of security and business operations. This shift reflects a growing expectation for CISOs to align security measures with broader business objectives while navigating an increasingly complex risk landscape. With the average cost of a data breach soaring, reaching $4.45 million in 2023 according to IBM, the stakes are higher than ever. As businesses grapple with the integration of cyber security into operational strategies, CISOs are compelled to cultivate new skills, communicate effectively with boards, embrace risk-based approaches, fortify technical fundamentals, leverage automation, and meticulously document incident response plans. The evolving threat landscape demands a new breed of CISO, one who is adept at balancing resilience with operational imperatives, collaborating closely with leadership, and steering organisations through turbulent cyber waters.

Source: [Dark Reading]

90% of Attacks Involve Data or Credential Theft, SMBs Primary Target

The 2024 Sophos Threat Report sheds light on the changing tactics of ransomware operators, particularly in their targeting of small and medium-sized businesses (SMBs). Notably, the report reveals a significant surge in ransomware attacks employing remote encryption, rising by 62% between 2022 and 2023. Sophos' Managed Detection and Response (MDR) team encountered multiple cyber attacks leveraging exploits in remote monitoring and management (RMM) software, a vital component used by many MSPs and external IT providers, and thus affecting many businesses. With almost half of malware detections for SMBs attributed to data-stealing malware, the report underscores the growing value of stolen data as currency in cyber criminal circles, with initial access brokers (IABs) facilitating network breaches. Data protection emerges as a critical challenge, with over 90% of attacks involving credential theft, and business email compromise (BEC) attacks becoming increasingly sophisticated. While ransomware remains a persistent threat, the report also highlights the proliferation of malware-as-a-service (MaaS) activities, emphasising the importance for SMBs to bolster their cyber security defences against these evolving threats.

Source: [MSSP Alert]

Chief Risk Officers Say Cyber Security is Most Pressing Risk

In an inaugural global insurance risk management survey conducted by EY/Institute of International Finance (IIF), cyber security was ranked as the highest immediate concern for chief risk officers. It placed above insurance, business model change and credit risk. When it came to emerging risks over the next three years, it remained at the top spot, followed by geopolitical risk, environmental risk and machine learning and artificial intelligence.

Source: [Insurance Journal]

Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats

The latest findings from Mimecast's annual report emphasise that human error continues to be the leading cause of cyber breaches, responsible for 74% of incidents. As emerging threats like AI and deepfake technology pose increasingly sophisticated challenges, it's crucial for businesses to prioritise employee training and bolster their defence strategies.

Providing cyber security training is essential to creating a security conscious culture that educates on risk and in turn increases a company’s cyber culture. Committing to cyber security training needs to be beyond ticking a checkbox, as it allows the workforce the ability to understand, scrutinise and know how to report threats in the corporate environment. Training allows workers to be able to understand the types of threats they may face, along with red flags to look out for. Knowing how the employee should report a threat can determine whether your organisation can deal with a ransomware attack. While generic or off the shelf computer based training can be seen as an easy fix, training needs to be tailored to the organisation, its operating environment and the organisation’s culture and ways of doing business.

To mitigate this risk, organisations should consider implementing tailored cyber security education, tabletop exercises, phishing simulations, and one-on-one consulting for board members. As the responsibility of board members for cyber security strategy increases, it’s crucial to ensure their own security against evolving threats.

Sources: [Emerging Risks] [The HR Director] [WSJ] [The HR Director]

Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them

A recent report from Thales reveals a stark reality, with 93% of IT and security professionals noting a worsening trend in cyber attacks. Ransomware incidents have surged by over a quarter year-on-year, yet less than half of companies have adequate plans to address such threats, leading to 8% resorting to paying attackers' demands. Compliance failures are also on the rise, with 43% of enterprises falling short in audits, correlating with a higher incidence of cyber attacks among non-compliant organisations.

A separate report shows that despite record spending on cyber security, reaching $188 billion globally in 2023, reported data breaches in the US surged to an all-time high of 3,205, up 78% from the previous year. This paradox underscores the evolving tactics of cyber criminals. Ransomware attacks have transitioned from merely locking data to stealing and threatening to disclose it, termed Ransomware 2.0. Cloud misconfigurations, involving 82% of breaches, and exploitation of vendor systems further exacerbate the issue. Heightened awareness and improved practices are imperative to counteract the escalating threat landscape.

Source: [TechRadar] [WSJ]

Supply Chain Cyber Attacks Create Weak Spots: You Need to Prepare

A recent poll by Deloitte found that nearly half of senior executives anticipate a rise in supply chain attacks in the coming year, with 33% already experiencing at least one supply-chain cyber incident within the past year. This especially rings true for healthcare, with the sector accounting for 33% of third-party data breaches in 2023. Many organisations are unsure where to even begin.

Organisations need to manage their third party risks through risk assessments, to understand the third parties that they currently or plan to use, and the data that the third party would hold or access. This enables the third parties to be prioritised with clear communications to notify the organisation in the event of a data breach.

Sources: [Security Brief ] [Beta News]

Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History

In a landmark incident, the American Hospital Association has dubbed the recent ransomware attack on Change Healthcare, a division of UnitedHealth Group’s Optum, as the most significant cyber threat ever faced by the US healthcare system. The attack, which occurred on February 21st, has severely impacted operations, affecting various healthcare entities reliant on Change Healthcare's services. UnitedHealth Group, in response, has been working to restore critical systems, aiming to reinstate electronic payment and medical claims services later this month. However, challenges persist, with cyber security experts warning that recovery efforts could extend for at least 30 days. The attack's aftermath sheds light on the healthcare sector's susceptibility to cyber threats and underscores the need for robust security measures and swift governmental responses. Reports reveal that the ransomware group responsible has received a substantial payout, raising concerns about the broader implications for healthcare providers. Cyber insurance policies are expected to help mitigate financial losses, especially for smaller entities facing cash flow disruptions.

Source: [Reinsurance News]

Governance, Risk and Compliance

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• Nine in ten companies at risk of cyber attacks as hackers use AI (thetimes.co.uk)

• Microsoft: 87% of UK Organisations Vulnerable to Costly Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: The UK is woefully unprepared for future AI cyber threats | ITPro

• New research calls for ‘less fear and more action’ from SMEs, as cyber naivety leaves 4 out of 5 businesses wide open to threats - Business Mondays

• Minister: Cyber brings 'risks we can't ignore' with UK firms still vulnerable (cityam.com)

• UK’s cyber resilience stagnates as more fall victim to attacks | Computer Weekly

• Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week

• UK government's "scarcely believable" cyber security survey makes grim reading for all sizes of business | TechFinitive

• 75% of UK Businesses Experienced a Cyber Incident in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• New research shows UK SMEs are leaving themselves open to cyber threats: Cowbell - Reinsurance News

• Only 1 in 5 SMEs have a plan in case of cyber attack - Gloucestershire Live

• The New CISO: Rethinking the Role (darkreading.com)

• Most IT pros think cyber attacks are getting worse - and many firms don't know how to deal with them | TechRadar

• Chief Risk Officers Say Cyber Security Most Pressing Risk: Survey (insurancejournal.com)

• Using A Security Assessment As A Measuring Stick (forbes.com)

• From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)

• Secrets sprawl: Protecting your critical secrets - Help Net Security

• Cyber Security: Why it’s becoming harder to stay safe online (holyrood.com)

• Cyber security must be a priority if the UK is serious about digitising the economy (uktech.news)

• Navigating the Evolving Cyber Threat Landscape: Insights from the Cyber Stability Conference → UNIDIR

• Organisations under pressure to modernize their IT infrastructures - Help Net Security

• Adapting Military Solutions to the Corporate Battlefield - Infosecurity Magazine (infosecurity-magazine.com)

• Board-level buy-in: preparing cyber defences the right way | Computer Weekly

• Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware surges as compliance falters - Thales Group - Verdict

• Whistleblowing And Cyber Swatting: Cyber Extortion Reaches A New Low (forbes.com)

• Study Uncovers 27% Spike in Ransomware; 8% Yield to Demands - Infosecurity Magazine (infosecurity-magazine.com)

• NCC Group: Ransomware attacks jump 73% in February | TechTarget

• Ransomware attack on Change Healthcare pegged as "most significant" in sector history - Reinsurance News

• The Big Question: Is the UK ready to meet the threat of ransomware to British business? - Emerging Risks Media Ltd

• From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally | Business Wire

• RaaS groups increasing efforts to recruit affiliates - Help Net Security

• If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ

• After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)

• Lockbit Strikes Back After FBI Takedown With New Ransomware Attack Details (pcmag.com)

• Government not facing up to CNI cyber risks, committee warns | Computer Weekly

• 6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard

• STOP ransomware, more common than LockBit, gains stealthier variant | SC Media (scmagazine.com)

• Crypto scams more costly to US than ransomware, Feds say • The Register

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• What the Latest Ransomware Attacks Teach About Defending Networks (bleepingcomputer.com)

• Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)

Ransomware Victims

• Ransomware attack on Change Healthcare pegged as "most significant" in sector history - Reinsurance News

• The British Library looks to the future as it reveals the incalculable damage of its ransomware attack (diginomica.com)

• VIEW: On the lessons learned from the British Library cyber incident - CIR Magazine

• UnitedHealth cyber attack "one of the most stressful things we've gone through," doctor says - CBS News

• UnitedHealth advances $2 billion to providers post-cyber attack By Investing.com

• Scottish health board hit by huge cyber attack with ‘significant quantity’ of data at risk (scotsman.com)

• Why UnitedHealth, Change Healthcare were targets of ransomware hackers

• Criminal investigation into Leicester City Council cyber attack - BBC News

• Yacht dealer to the celebs attack claimed by Rhysida gang • The Register

• UK council eerily cagey about 'cyber incident' details • The Register

• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

Phishing & Email Based Attacks

• Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar

• Five key takeaways from 2024 State of the Phish: Europe and Middle East | ITPro

• Tax Hackers Blitz Small Business With Phishing Emails (darkreading.com)

• Hackers Posing as Law Firms Phish Global Orgs (darkreading.com)

• IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Email threat landscape | Professional Security

• Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (thehackernews.com)

• A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

• Spa Grand Prix email account hacked to phish banking info from fans (bleepingcomputer.com)

• How to defend against phishing as a service and phishing kits | TechTarget

Other Social Engineering

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Don't Answer the Phone: Inside a Real-Life Vishing Attack (darkreading.com)

Artificial Intelligence

• Microsoft report says UK is not prepared for the age of AI — barely any businesses are ‘resilient’ to cyber crime | TechRadar

• 87% of UK organisations are vulnerable to cyber attacks in the age of AI (microsoft.com)

• UK’s AI ambitions pointless while cyber security is still neglected | Computer Weekly

• In the rush to build AI apps, don't leave security behind • The Register

• AI adoption by hackers pushed financial scams in 2023 | CSO Online

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week

• From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)

• Shadow AI is the latest cyber security threat you need to prepare for - Help Net Security

• Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network

Malware

• The most prevalent malware behaviours and techniques - Help Net Security

• Malware stands out as the fastest-growing threat of 2024 - Help Net Security

• Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)

• New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (thehackernews.com)

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

• From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)

• A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• More sophisticated BunnyLoader malware variant emerges | SC Media (scmagazine.com)

• Evasive Sign1 malware campaign infects 39,000 WordPress sites (bleepingcomputer.com)

Mobile

• Kaspersky Identifies Three New Android Malware Threats (darkreading.com)

Denial of Service/DoS/DDOS

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Why DDoS Threat Actors Are Shifting Their Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• 300,000 Systems Vulnerable to New Loop DoS Attack - Security Week

• Telecoms is evolving – and unfortunately, so are DDoS attacks | TechRadar

Internet of Things – IoT

• Unsaflok flaw can let hackers unlock millions of hotel doors (bleepingcomputer.com)

• Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)

Data Breaches/Leaks

• 1% of users are responsible for 88% of data loss events - Help Net Security

• If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ

• Secrets sprawl: Protecting your critical secrets - Help Net Security

• Hackers steal personal data of 43 million French job seekers | ITPro

• International Monetary Fund email accounts hacked in cyber attack (bleepingcomputer.com)

• IMF Investigating Cyber Security Incident Detected on Feb. 16 (bloomberglaw.com)

• NHS Dumfries and Galloway Warns of “Significant” Data Theft - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leaked 70M+ records allegedly stolen from AT&T (securityaffairs.com)

• AT&T says leaked data of 70 million people is not from its systems (bleepingcomputer.com)

• Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)

• Top 5 Data Breaches That Cost Millions - Security Boulevard

• Misconfigured Firebase Instances Expose 125 Million User Records - Security Week

• Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert

• Serial data thief pleads guilty to cyber crime charges • The Register

• Changing cause of data breaches | Professional Security

• Fake data breaches: Countering the damage - Help Net Security

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

• How to verify a data breach | TechCrunch

• Nations Direct Mortgage Data Breach Impacts 83,000 Individuals - Security Week

Organised Crime & Criminal Actors

• RaaS groups increasing efforts to recruit affiliates - Help Net Security

• IT helpdeskers increasingly targeted by cyber criminals • The Register

• Serial data thief pleads guilty to cyber crime charges • The Register

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Crypto scams more costly to US than ransomware, Feds say • The Register

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

Insider Risk and Insider Threats

• 1% of users are responsible for 88% of data loss events - Help Net Security

• Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• Why Employees Are Your Best Defence Against Cyber Attacks: 6 Tips for Fostering a People-Focused Security Posture (newsweek.com)

• Why human risk management is key to data protection (betanews.com)

• As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ

• FE News | How to Protect Your Data With Cyber Security Training

• China-based Canadian accused of stealing Tesla trade secret • The Register

Insurance

• UK cyber insurance findings | Professional Security

• New Regulations Make D&O Insurance a Must for CISOs (darkreading.com)

• Insurers told cyber cover remains attractive but beware of accumulation risk (emergingrisks.co.uk)

Supply Chain and Third Parties

• Third-party breaches create network weak spots (betanews.com)

• How to Prepare for a Surge in Supply-Chain Cyber Attacks (securitybrief.co.nz)

• How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl (thehackernews.com)

Cloud/SaaS

• Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week

• The Definitive Guide to SaaS Security - Security Boulevard

Identity and Access Management

• Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)

Encryption

• Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)

• Future inevitability of quantum computers is a security problem today - Breaking Defence

Linux and Open Source

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• New acoustic attack determines keystrokes from typing patterns (bleepingcomputer.com)

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials (thehackernews.com)

• WordPress Brute-Force Attacks: Sites Used As Staging Ground - Security Boulevard

• What is Credential Harvesting? Examples & Prevention Methods - Security Boulevard

• Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)

• Misconfigured Firebase instances leaked 19 million plaintext passwords (bleepingcomputer.com)

• Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert

• Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)

Social Media

• 'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)

Training, Education and Awareness

• How does cyber security training equip your workforce to spot threats? (thehrdirector.com)

• Why Employees Are Your Best Defence Against Cyber Attacks: 6 Tips for Fostering a People-Focused Security Posture (newsweek.com)

• As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ

• FE News | How to Protect Your Data With Cyber Security Training

• The Weakest Link: Securing The Human Element From Cyber Attack  - Security Boulevard

Regulations, Fines and Legislation

• Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week

• ICO publishes new fining guidance | ICO

• SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)

• Why do 60% of SEC Cyber Security Filings Omit CSO, CISO Info? | MSSP Alert

Models, Frameworks and Standards

• Chinese media exposes criminal smartphone farms • The Register

Data Protection

• Why human risk management is key to data protection (betanews.com)

Careers, Working in Cyber and Information Security

• How to Battle Burnout While Protecting Your Most Valuable Asset — Your People - Benzinga

• 3 Ways Businesses Can Overcome the Cyber Security Skills Shortage (darkreading.com)

• Why cyber recruitment needs a rapid overhaul | TechRadar

• AI Won't Solve Cyber Security's Retention Problem (darkreading.com)

Law Enforcement Action and Take Downs

• Filipino police break up forced labour cyber operation • The Register

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials (thehackernews.com)

• Court jails first person convicted of cyberflashing in England | Crime | The Guardian

• Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)

• After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)

• Serial data thief pleads guilty to cyber crime charges • The Register

• Ukrainian Police Arrest Suspected Brute Force Account Hijackers - Infosecurity Magazine (infosecurity-magazine.com)

• Money laundering network boss hit with multi-million pound confiscation order - National Crime Agency

• Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)

Misinformation, Disinformation and Propaganda

• Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Warfare: Understanding New Frontiers in Global Conflicts (darkreading.com)

• Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)

Nation State Actors

China

• Chinese Earth Krahang hackers breach 70 orgs in 23 countries (bleepingcomputer.com)

• 'We know they're on the network,' CISA official says of nation-state actors infiltrating US critical infrastructure | StateScoop

• Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon - Security Week

• Confronted with Chinese hacking threat, industrial cyber security pros ask: What else is new?  | CyberScoop

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• “Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica

• Chinese media exposes criminal smartphone farms • The Register

• Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)

• A look inside the Chinese cyber threat at the biggest ports in US

• CISA shares critical infrastructure defence tips against Chinese hackers (bleepingcomputer.com)

Russia

• Microsoft Under Attack by Russian Cyber Attackers - Security Boulevard

• UK Defence Secretary jet hit by electronic warfare attack in Poland (securityaffairs.com)

• Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar

• 'We know they're on the network,' CISA official says of nation-state actors infiltrating US critical infrastructure | StateScoop

• Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyber Attacks (darkreading.com)

• The cyberwar in Ukraine is as crucial as the battle in the trenches (economist.com)

• Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)

• Russia’s Hybrid Warfare with the United States | Geopolitical Monitor

• HUR and cyber activists hacked at least seven Russian companies between March 11 and 18 / The New Voice of Ukraine (nv.ua)

• Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• “Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica

• The West Should Help Expand Ukraine’s Cyber Offensive against Russia | Geopolitical Monitor

• Russia-linked hackers use Smokeloader malware to steal funds from Ukrainian enterprises (therecord.media)

• Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (thehackernews.com)

• Over 800 Russian cyber attacks on Ukraine's state institutions and services since February 2022 – Prosecutor General | Ukrainska Pravda

• I’m a disaster expert - this is what will happen after a Russian cyber attack (inews.co.uk)

• Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

• Top 5 Russian-Speaking Dark Web Forums - SOCRadar® Cyber Intelligence Inc.

• Putin Sees Disastrous Start to Presidential Election (newsweek.com)

• Russia targets hundreds of Americans with new sanctions, including cyber journalists (therecord.media)

• Putin’s party hit by cyber attack as armed Russian troops oversee voters in occupied Ukraine | The Independent

• Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News

Iran

• Hackers claim to have breached Israeli nuclear facility’s computer network (therecord.media)

North Korea

• North Korea gets 50% of foreign earnings due to weak security measures in crypto industry, UN says

• North Korea's Kimsuky gang now exploiting Windows Help files • The Register

• Hacks Account for Half of N. Korea Foreign-Currency Income: UN (bloomberglaw.com)

• Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News

Vulnerability Management

• NIST NVD Disruption Sees CVE Enrichment on Hold - Infosecurity Magazine (infosecurity-magazine.com)

• No Easy Fix For Untangling Web of Critical Dependencies | Decipher (duo.com)

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

• NIST's Vuln Database Downshifts, Prompting Questions About Its Future (darkreading.com)

• 50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty - Infosecurity Magazine (infosecurity-magazine.com)

• Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network

Vulnerabilities

• Exploitation activity increasing on Fortinet vulnerability | TechTarget

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week

• Ivanti Keeps Security Teams Scrambling With 2 More Vulns (darkreading.com)

• Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (thehackernews.com)

• Critical Fortinet's FortiClient EMS flaw actively exploited in the wild (securityaffairs.com)

• Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (thehackernews.com)

• Remove WordPress miniOrange plugins, a critical flaw can allow site takeover (securityaffairs.com)

• Another Microsoft vulnerability is being used to spread malware | TechRadar

• Misconfigured Firebase Instances Expose 125 Million User Records - Security Week

• Google Chrome 123 launches with security fixes and Google Update changes on Windows - gHacks Tech News

• The Windows 11 KB5035853 update is causing BSOD errors for some users. | Windows Central

• The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine

• Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug (thehackernews.com)

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)

• iOS 17.4.1 release includes bug fixes and security updates | Macworld

• Discontinued Security Plugins Expose Many WordPress Sites to Takeover - Security Week

Tools and Controls

• Using A Security Assessment As A Measuring Stick (forbes.com)

• Mastering Physical Security In Information Security (informationsecuritybuzz.com)

• Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)

• How to choose the best cyber security vendor for your business | ITPro

• Threat Actors are Exercising New Attack Techniques to Bypass Machine Learning Security Controls - Security Boulevard

• Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard

• Unlocking Security Architecture In Information Security (informationsecuritybuzz.com)

• How To Not Fly Blind With API Security (forbes.com)

• 6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard

• From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)

• Tracking Everything on the Dark Web Is Mission Critical (darkreading.com)

• Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)

• EDR vs. antivirus: What's the difference? | TechTarget

• SIEM vs XDR: Capabilities and Key Differences | MSSP Alert

• Using East–West Network Visibility to Detect Threats in Later Stages of MITRE ATT&CK (darkreading.com)

• 95% of companies face API security problems - Help Net Security

• Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK

Reports Published in the Last Week

• From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally | Business Wire

• The 2024 Sophos Threat Report: Cyber Crime on Main Street – Sophos News

• 2024 Thales Data Threat Report Reveals Rise in Ransomware Attacks, as Compliance Failings Leave Businesses Vulnerable to Breaches | Thales Group

• Equifax Releases 2023 Security Annual Report (prnewswire.com)

Other News

• At 35, the web is broken, but its inventor hasn't given up hope of fixing it yet | ZDNET

• The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)

• Government not facing up to CNI cyber risks, committee warns | Computer Weekly

• UK in ‘better position’ against cyber attacks, but most businesses not resilient | Evening Standard

• Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)

• The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (securityaffairs.com)

• Aviation sector, e-commerce platforms face separate cyber threats | SC Media (scmagazine.com)

• Public anxiety mounts over critical infrastructure resilience to cyber attacks - Help Net Security

• Change Healthcare hack highlights lack of medical industry’s cyber security - The Washington Post

• Cyber Security for Trustees: How to Reduce Risk and Respond to an Incident | Woodruff Sawyer - JDSupra

• How Can We Reduce Threats From the IABs Market? (darkreading.com)

• UK renewables firms facing up to 1,000 cyber attacks a day (energyvoice.com)

• Cyber Attacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine

• Cyber security is an urgent priority for the museums sector - Museums Association

• Meet America’s Most Cyber Secure Banks 2024 (forbes.com)

• Ethiopian Bank's Technical Glitch Lets Customers Withdraw Millions (ndtv.com)

• Making Sense of Operational Technology Attacks: The Past, Present, and Future (thehackernews.com)

• The Consequences for Schools and Students After a Cyber Attack - Security Boulevard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.