Executive summary

Microsoft’s May Patch Tuesday provides updates to address 61 security issues across its product range. Notably, the update tackles two actively exploited zero-day vulnerabilities. The zero-days include a security feature bypass and an elevation of privilege vulnerability. Among the updates provided by Microsoft were 1 critical vulnerability, allowing an attacker remote code execution.

In addition to the Microsoft updates this week also saw Adobe, Apple, Firefox, Google Chrome, SAP and VMware all provide updates for vulnerabilities in a variety of their products, including multiple zero-days and critical vulnerabilities.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an unauthenticated attacker to gain code execution as well as elevating to system privileges, the highest available. Both of which compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have an available patch should be updated as soon as possible.

Technical Summary

Microsoft

CVE-2024-30040 – A security feature bypass, in which an unauthenticated attacker can gain code execution through convincing a user to open a malicious document. It is now known how this flaw was abused in attacks.

CVE-2024-30051- A flaw in Windows DWM Core Library which upon exploitation, allows an attacker to elevate to system privileges, the highest available.

Apple

Apple have addressed multiple vulnerabilities in its products, including 16 vulnerabilities on iPhone and iPads. This includes include one vulnerability which the company say “may have been exploited”.

Adobe

Adobe have addressed 37 vulnerabilities in its products, including 9 critical vulnerabilities in Adobe Acrobat and Reader, ,  2 critical vulnerabilities in Adobe Commerce, Adobe InDesign, Adobe Experience manager, 1 critical vulnerability in Adobe Media Encoder and Adobe Bridge, 3 critical vulnerabilities in Adobe Illustrator and 2 critical vulnerabilities in Adobe Animate. The company said it was not aware of any exploits in the wild for any of the documented issues.

Firefox

Firefox has upgraded to version 126. The new version addresses 16 unique security issues. None of the vulnerabilities are currently under active exploitation. The release also comes with some quality-of-life changes such as search telemetry changes and copy link without site tracking.

Google Chrome

Google Chrome released an emergency update to fix their 6th zero-day exploited this year, just one week after a previous one. Google are aware that an exploit for the vulnerability exists in the wild. Users are recommended to update as soon as possible.

SAP

This month, SAP has released 17 patches, which include 14 new fixes and 3 updates from previous releases. Two patches and one update have been given the “hot news” priority in SAP, the highest severity. The vulnerabilities encompass a range of issues, including CSS Injection, Remote Code Execution, File Upload flaws, and Cross-Site Scripting (XSS).

VMWare

Multiple security flaws, including one critical vulnerability, have been addressed by VMware after their exploitation was demonstrated at a security event. Some of the vulnerabilities do not have a fix yet and as such, users are advised to disable Bluetooth support and 3D acceleration as temporary workarounds until patches are applied.

More info:

Microsoft

Further details on other specific updates within Microsoft’s May patch Tuesday can be found here:

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/

https://www.ghacks.net/2024/05/14/microsoft-releases-the-may-2024-security-updates-for-windows/

Apple

Further details of the vulnerabilities in Apple can be found here:

https://support.apple.com/en-gb/HT201222

Adobe

Further details of the vulnerabilities in Adobe Acrobat and Reader can be found here:

https://helpx.adobe.com/security/products/acrobat/apsb24-29.html

Further details of the vulnerabilities in Adobe Photoshop can be found here:

https://helpx.adobe.com/security/products/photoshop/apsb24-16.html

Further details of the vulnerabilities in Adobe Commerce can be found here:

https://helpx.adobe.com/uk/security/products/magento/apsb24-18.html

Further details of the vulnerabilities in Adobe InDesign can be found here:

https://helpx.adobe.com/uk/security/products/indesign/apsb24-20.html

Further details of the vulnerabilities in Adobe Experience Manager can be found here:

https://helpx.adobe.com/uk/security/products/experience-manager/apsb24-21.html

Further details of the vulnerabilities in Adobe Media Encoder can be found here:

https://helpx.adobe.com/uk/security/products/media-encoder/apsb24-23.html

Further details of the vulnerabilities in Adobe Bridge can be found here:

https://helpx.adobe.com/uk/security/products/bridge/apsb24-24.html

Further details of the vulnerabilities in Adobe Illustrator can be found here:

https://helpx.adobe.com/uk/security/products/illustrator/apsb24-25.html

Further details of the vulnerabilities in Adobe Animate can be found here:

https://helpx.adobe.com/uk/security/products/animate/apsb24-26.html

Firefox

Further details on the vulnerabilities addressed in the Firefox release can be found here:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/

Google Chrome

Further details on the vulnerabilities addressed in the Google Chrome update can be found here:

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html

SAP

Further details on the vulnerabilities addressed in SAP can be found here:

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2024.html

VMware

Further details on the vulnerabilities addressed by VMware can be found here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

China Suspected of Hacking UK Ministry of Defence, Through Its Payroll Provider

UK Defence Secretary Grant Shapps has confirmed that over 270,000 personal details have been leaked after the MoD was hacked through its third-party payroll provider, SSCL. The affected systems have been pulled offline since the attack. SSCL’s website describes that it manages HR for the armed forces, the Metropolitan Police and other areas of British government. The commercial supply chain, and in particular HR and payroll providers, is increasing being used as the soft underbelly to attack larger and better protected organisations.

Sources: [LBC] [The Register] [Sky News]

Security Tools Fail to Translate Risks for Executives

Organisations are struggling with internal communication barriers, hindering their ability to address and mitigate cyber security threats, according to a report which found that seven out of 10 C-suite executives said their security teams talk in technical terms without providing business context. However, in contrast, 75% of CISO’s highlight the issue is rooted in security tools that cannot generate the insights C-level executives and boards can use to understand business implications. The role of a good CISO should be to take the output of these tools and turn that data into metrics the Boards can understand.

The issues highlight the necessity for organisations to have someone in their organisation, whether an employee or a third-party, who is able to ingest technical results and translate them into a style that the C-suite can understand for business risk management.

Source: [Help Net Security]

Gang Accused of MGM Hack Shifts Attacks to Finance Sector

The hacking group responsible for the infamous hack on MGM and Caesar’s Palace resorts is engaged in a new campaign targeting the financial sector. The group known as Scattered Spider has targeted 29 companies since 20 April this year, compromising at least 2 insurance companies so far. The research has stated that the attackers are purchasing lookalike domains that match the name of target companies, hosting fake log-in pages. Links to these are sent to employees, in an attempt to direct them there. The most recent attack took place just days ago, with more expected.

Sources: [Bloomberg Law] [Claims Journal]

Are SMEs Paving the Way for Cyber Attacks on Larger Companies?

A recent study highlights the escalating cyber threats facing businesses, particularly SMEs and supply chains. The study found that 32% of UK businesses, including 69% of large and 59% of mid-sized organisations, suffered a cyber attack last year. The situation is worse for SMEs, with weaker security systems and 77% lacking in-house cyber security. SMEs can become entry points for hackers targeting larger partners through interconnected supply chains. Meanwhile, Verizon’s latest data breaches report revealed a 68% increase in supply chain breaches, accounting for 15% of all breaches in 2023, up from 9% in 2022. These breaches are primarily driven by third-party software vulnerabilities exploited in ransomware and extortion attacks. Experts emphasise proactive cyber policies, vulnerability scans, and employee education for SMEs to bolster defences. They also urge organisations to consider third-party bugs as both vulnerability and vendor management problems, make better vendor choices, and use external signals like SEC disclosures in the United States to guide decisions. These measures can help prevent SMEs from becoming gateways for larger attacks and manage the rising threat of supply chain breaches.

Sources: [Insurance Times] [Dark Reading]

Misconfigurations Drive 80% of Security Exposure, Report Finds

A recent report has found that 80% of security exposures are caused by identity and credential misconfigurations, with a third of these putting critical assets at risk of a breach. According to the report, the majority of this is within an organisation’s network user management (Active Directory) and 56% of breaches that impact critical assets are within cloud platforms. There is often the misconception that cloud-based environments are secure by default, but misconfigurations can undo any security benefits and still leave you exposed. Just because someone else built and maintains your house, it is still your responsibility to lock the doors and windows.

Sources: [Security Magazine]

Only 45% of Organisations Employ MFA Protections

A recent report of IT decision-makers has found that 97% are facing challenges with identity verification and 52% are very concerned about credential compromise, followed by account takeover (50%). When it comes to reinforcing identity verification, only 45% used multi-factor authentication (MFA). By using MFA, organisations are forcing two identification verifications: simply knowing a username and password is not enough, especially given the speeds with which attackers can crack passwords, with average 8 character passwords able to be cracked in less than a minute. Whilst no control is 100% impenetrable, enabling MFA will aid in increasing your organisation's cyber resilience.

Source: [Help Net Security]

You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever

For many organisations, visibility of their information assets can be incredibly hard to obtain and maintain, with different tools, under-reporting and shadow IT contributing to the problem. Unfortunately, cyber criminals are getting faster at exploiting vulnerabilities, and if you do not know you have the vulnerability in your estate then you cannot patch against it. In their recent report, Fortinet found that attacks started on average 4.76 days after new exploits were publicly disclosed.

Interestingly though, while zero-day threats garner much attention (these are ‘new’ vulnerabilities that are being exploited by attackers but for which there are no security patches yet available), one third of all exploits are for older vulnerabilities. This highlights the need for a comprehensive and robust approach to network security and vulnerability management, beyond simply patching what Microsoft puts out once a month. To have effective patch management, organisations must know what they need to patch and therefore must have visibility of the corporate environment. A good starting block is the creation of a robust information asset register.

Sources: [Security Brief] [Help Net Security] [IT Security Guru]

The Rise and Stealth of The Socially Engineered Insider

Social engineering has become increasingly prevalent as the preferred tactic for foreign adversaries. Insiders are prime targets due to their privileged access to sensitive data. This is particularly affecting the technology, pharma, and critical infrastructure sectors. Advances in AI and social platforms have made it easier to exploit these vulnerabilities. These advances allow threat actors to tailor attacks with unprecedented speed and realism. Using methods like coercion or deception, these actors exploit employees to gain high-value data that can be weaponised. As a result, the threat landscape has become more complex, blurring the lines between internal and external risks. To bolster their defences, organisations are now investing in insider risk management and AI. They are also emphasising employee education and cross-sector collaboration.

Source: [Forbes]

Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training

An ISACA study and the AI Security & Governance Report reveal a complex landscape of AI adoption and security. 73% of European organisations and 54% of global organisations use AI, with 79% increasing their AI budgets, however training and policy development lag behind. Only 30% offer limited training, 40% provide none, and a mere 17% have a comprehensive AI policy. Despite AI’s potential, 80% of data experts find it complicates security, with concerns high around generative AI exploitation (61% of respondents) and AI-powered attacks (over 50% of business leaders). Data poisoning and privacy issues persist, yet 85% of leaders express confidence in their data security strategies, with 83% revising privacy and governance guidelines. With 86% recognising a need for AI training within two years, the call for dynamic governance strategies and formal education is clear to manage evolving threats.

Sources: [Help Net Security] [IT Security Guru]

Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security

Cyber security success depends on more than just technology. Bad actors are always looking for the easiest entry point, meaning that employees’ everyday actions are crucial, when even one careless click or a weak password can be an open door for hackers. However, empowered with the right knowledge and tools, staff can become a robust defence. Nearly 80% of organisations have reported an increase in phishing attacks, but training programs like role-playing exercises and phishing simulations significantly reduce these risks. Effective cyber security also hinges on C-suite leaders promoting a security-first culture, ensuring all employees understand the risks and follow strict protocols like MFA and strong password policies. Consistent training and open communication are vital in fostering a resilient, security-aware workforce.

Source: [JDSupra]

Ransomware Activity Thrives, Despite Law enforcement Efforts

Despite the recent law enforcement takedowns on ransomware groups, ransomware remains rife. Whilst the takedown of a group can come as an initial relief in that the group has gone, it simply forces ransomware affiliates to diversify. This is reflected in ransomware continuing its growth in the first quarter of 2024, with 18 new leak sites, the largest number in a single quarter, emerging over this period. When comes to those at risk, both financial services and healthcare remain a prominent target.

Sources: [Help Net Security ] [Infosecurity Magazine] [Help Net Security]

NATO Warns of Russian Hybrid Warfare

NATO has issued a statement in which it describes it is “deeply concerned about Russia's hybrid actions and the threat that they constitute to NATO security”.  The actions are described to include sabotage, acts of violence, cyber and electronic interference, and disinformation campaigns. This comes as many countries including the UK and US are due to have elections this year.

Sources: [EU Reporter] [Financial Times]

Governance, Risk and Compliance

• You cannot protect what you do not understand (securitybrief.co.nz)

• Why 2024 will be the year of the CISO | CSO Online

• Security tools fail to translate risks for executives - Help Net Security

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs (thehackernews.com)

• Now More Than Ever, it's Crucial for Companies to Get Cyber Security Right (newsweek.com)

• Why SMBs are facing significant security, business risks - Help Net Security

• Are SMEs paving the way for cyber attacks on larger companies? | Insurance Times

• Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra

• The Art Of Cyber Security Governance: Safeguarding Beyond Code (forbes.com)

• CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes (darkreading.com)

• 92% of CISOs Question the Future of Their Role Amidst Growing AI Pressures | Business Wire

• What's the Future Path for CISOs? (darkreading.com)

• RSAC: How CISOs Should Protect Themselves Against Indictments - Infosecurity Magazine (infosecurity-magazine.com)

• Three strategies for winning the cyber security arms race | Fintech Nexus

• Why Cyber Security Is More Important Than Ever | Inc.com

• Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)

• CIOs and CFOs, two parts of the same whole - IT Security Guru

Threats

Ransomware, Extortion and Destructive Attacks

• Gang Accused of MGM Hack Turns Its Sights on Finance Sector (bloomberglaw.com)

• The State of Ransomware 2024 - InfoRiskToday

• Cybercrime Unicorns: What Everyone Needs to Know About Ransomware Gangs (pcmag.com)

• Why Paying Should Be A Last Resort In Ransomware Attacks (forbes.com)

• Ransomware activity is back on track despite law enforcement efforts - Help Net Security

• Ransomware evolves from extortion to 'psychological attacks' • The Register

• Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (thehackernews.com)

• Ransomware attacks impact 20% of sensitive data in healthcare orgs - Help Net Security

• An overwhelming majority of organisations paid ransomware last year - eCampus News

• Global ransomware crisis worsens - Help Net Security

• The Growing Threat of Advanced Ransomware Attacks (inforisktoday.com)

• Law enforcement seized Lockbit group's website again (securityaffairs.com)

• Consultant charged with $1.5M extortion of IT giant • The Register

• IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar

• Alleged Russian hacker unmasked as Bermuda joins sanctions effort - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

• Ransomware crooks SIM swap kids to pressure parents • The Register

• Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)

• 97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)

• Tips for Protecting Active Directory From Ransomware Attacks | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• CISA boss: Secure software needed to stop ransomware • The Register

• Shields Up: How to Minimize Ransomware Exposure - Security Week

• How financial services organisations can protect valuable data in the age of ransomware (finextra.com)

• Defenders assemble: Time to get in the game – Sophos News

Ransomware Victims

• UnitedHealth’s 'egregious negligence' led to that ransomware • The Register

• Ascension healthcare takes systems offline after cyber attack (bleepingcomputer.com)

• London Drugs president tight-lipped over recent cyber attack | CBC News

• Boeing confirms attempted $200 million ransomware extortion attempt | CyberScoop

• Cyber attack disrupts operations at major US health care network | CNN Business

• City of Wichita Shuts Down Network Following Ransomware Attack - Security Week

• Patient appointments imperilled by cyber attack on French radiologist (therecord.media)

• Ransomware attack hits Brandywine Realty Trust | SC Media (scmagazine.com)

Phishing & Email Based Attacks

• NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Social Engineering

• The Rise And Stealth Of The Socially Engineered Insider (forbes.com)

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

• What is social engineering penetration testing? | Definition from TechTarget

Artificial Intelligence

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

• Organisations go ahead with AI despite security risks - Help Net Security

• Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)

• Strategies for preventing AI misuse in cyber security - Help Net Security

• AI is changing the game when it comes to cyber security | ITPro

• Why the Cyber Security Industry Is Obsessed With AI Right Now - CNET

• LLMs & Malicious Code Injections: 'We Have to Assume It's Coming' (darkreading.com)

• Cyber Security, Deepfakes and the Human Risk of AI Fraud (govtech.com)

• How to detect deepfakes manually and using AI | TechTarget

• Report Shows AI Fraud, Deepfakes Are Top Challenges For Banks - Infosecurity Magazine (infosecurity-magazine.com)

• Criminal Use of AI Growing, But Lags Behind Defenders - Security Week

2FA/MFA

• Only 45% of organisations use MFA to protect against fraud - Help Net Security

• UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert

Malware

• Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (thehackernews.com)

• ZLoader Malware adds Zeus's anti-analysis feature (securityaffairs.com)

• Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)

• Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)

• New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)

• Hackers are using fake apps to distribute this dangerous Mac malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (thehackernews.com)

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)

Mobile

• Mobile Banking Malware Surges 32% - Infosecurity Magazine (infosecurity-magazine.com)

• Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)

• European Threat To End-To-End Encryption Would Invade Phones (forbes.com)

• Ransomware crooks SIM swap kids to pressure parents • The Register

Denial of Service/DoS/DDOS

• 87% of DDoS Attacks Targeted Windows OS Devices in 2023 (darkreading.com)

Data Breaches/Leaks

• How does a data breach affect you and why should you care? | TechRadar

• Defence secretary Grant Shapps confirms name of contractor running MoD system hacked by China | Politics News | Sky News

• Dell customer order database stolen, for sale on dark web • The Register

• IT Consulting Firm Blames MSP for Data Breach | MSSP Alert

• 10,000 Customers’ Data Exposed in UK Government Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED

• Cyber attack: Large volume of data stolen in attack on Scottish health board (scotsman.com)

• Security breach affects 6,000 German military VC meetings (avinteractive.com)

• Security company exposes 1.2M guard and suspect records • The Register

• Children's mental health records published after cyber attack - BBC News

• Georgia education agency's MOVEit data theft impacted 800K • The Register

• Data Brokers: What They Are and How to Safeguard Your Privacy - IT Security Guru

• Zscaler Investigates Hacking Claims After Data Offered for Sale - Security Week

• UK government departments reveal rise in data breaches & lost devices (datacentrenews.uk)

• 'Sophisticated' cyber attacks involving British Colombia government networks found | CBC News

• Cancer patients' sensitive information accessed by "unidentified parties" after being left exposed by screening lab for years (bitdefender.com)

• Over 380K more NYC students had info leaked, bringing total to over 1M (nypost.com)

• Dating apps kiss'n'tell all sorts of sensitive user info • The Register

Organised Crime & Criminal Actors

• Hackers of all kinds are attacking routers across the world | TechRadar

• Cyber crime stats you can't ignore - Help Net Security

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

• Threat Actors Weaponize Hacktivism for Financial Gain - Infosecurity Magazine (infosecurity-magazine.com)

• Massive webshop fraud ring steals credit cards from 850,000 people (bleepingcomputer.com)

• Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Insider Risk and Insider Threats

• The Rise And Stealth Of The Socially Engineered Insider (forbes.com)

• Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra

Supply Chain and Third Parties

• UK Military Data Breach a Reminder of Third-Party Risk (darkreading.com)

• Details of UK military personnel exposed in huge payroll data breach | AP News

• Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)

• DBIR: Supply Chain Breaches Up 68% Year Over Year (darkreading.com)

• IT Consulting Firm Blames MSP for Data Breach | MSSP Alert

• The complexities of third-party risk management - Help Net Security

Cloud/SaaS

• What is Cloud Security in Banking? | HackerNoon

• Does cloud security have a bad reputation? | InfoWorld

Encryption

• Cop complaints won't stop E2EE, says encryption advocate • The Register

• European Threat To End-To-End Encryption Would Invade Phones (forbes.com)

Linux and Open Source

• Open-Source Cyber Security Is a Ticking Time Bomb (gizmodo.com)

• Spies Among Us: Insider Threats in Open Source Environments (darkreading.com)

• A Guide to Open Source Software Security - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

• Microsoft introduces Passkeys support for consumer accounts - gHacks Tech News

• Google Announces Passkeys Adopted by Over 400 Million Accounts (thehackernews.com)

• UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert

• Hackers can crack average 8-character passwords in under a minute (newsbytesapp.com)

• What is credential stuffing? | Kaspersky official blog

• How secure is the “Password Protection” on your files and drives? - Help Net Security

Social Media

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

Training, Education and Awareness

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

Regulations, Fines and Legislation

• The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard

• EU plan to force messaging apps to scan for CSAM risks millions of false positives, experts warn | TechCrunch

• The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

• Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)

Models, Frameworks and Standards

• The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

Data Protection

• Privacy requests increased 246% in two years - Help Net Security

Careers, Working in Cyber and Information Security

• How workforce reductions affect cyber security postures - Help Net Security

• One in Four Tech CISOs Unhappy with Compensation - Security Boulevard

Law Enforcement Action and Take Downs

• Ransomware activity is back on track despite law enforcement efforts - Help Net Security

• Law Enforcement Takedowns Force Ransomware Affiliates to Diversify - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit's seized darknet site resurrected by police, teasing new revelations (therecord.media)

• LockBit leader unmasked and sanctioned - National Crime Agency

• Israeli private investigator wanted for hacking in US is arrested in London | The Independent

• German police bust Europe's 'largest' scam call centre – DW – 05/02/2024

• Consultant charged with $1.5M extortion of IT giant • The Register

• 97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Israeli private investigator wanted for hacking in US is arrested in London | The Independent

• Cyber Attacks on US Utilities: New Trends in Cyber Warfare - ClearanceJobs

• 'The Mask' Espionage Group Resurfaces After 10-Year Hiatus (darkreading.com)

Nation State Actors

China

• Defence secretary Grant Shapps confirms name of contractor running MoD system hacked by China | Politics News | Sky News

• Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)

• Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)

• Geopolitical tensions rise with China. (thecyberwire.com)

• China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (thehackernews.com)

Russia

• Malice from Moscow: NATO warns of Russian hybrid warfare - EU Reporter

• Russia plotting sabotage across Europe, intelligence agencies warn (ft.com)

• How Nato could respond after wave of Russian spy arrests across Europe (inews.co.uk)

• EU, NATO denounce Russia's cyber attacks on Germany, Czechia (kyivindependent.com)

• Russia Cyber Attack Germany's Ruling Party, Defence | Silicon UK

• Foreign Ministry:  Czech institutions targeted by GRU cyber attacks | Radio Prague International

• Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (thehackernews.com)

• Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)

• Russia slammed for cyber attacks (emergingrisks.co.uk)

• Ukraine records increase in financially motivated attacks by Russian hackers (therecord.media)

• UK joins partners in condemnation of malicious cyber activity by Russian Intelligence Services: UK government statement - GOV.UK (www.gov.uk)

• Russian cyber attacks on Germany spur intensified cyber recruitment and training   - Freelance Informer

• Cyber War? EU rages over alleged Russian cyber attack on German’s ruling SPD (brusselssignal.eu)

• Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)

• A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED

• Russia says Germany using baseless 'hacker myths' to destroy ties | Reuters

• Highlights of international and Ukrainian cyber security news in April 2024 - National Security and Defence Council of Ukraine (rnbo.gov.ua)

• Poland says it too was targeted by Russian hackers – POLITICO

• Kaspersky denies claims it helped Russia with drones • The Register

Iran

• Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

North Korea

• NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Far-right websites hacked and defaced  | CyberScoop

• Threat Actors Weaponise Hacktivism for Financial Gain - Infosecurity Magazine (infosecurity-magazine.com)

• Amnesty International Cites Indonesia as a Spyware Hub (darkreading.com)

• New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)

• Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know | WIRED

Vulnerability Management

• Cyber criminals are getting faster at exploiting vulnerabilities - Help Net Security

• Misconfigurations drive 80% of security exposures | Security Magazine

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises - IT Security Guru

• Patch management vs. vulnerability management: Key differences | TechTarget

• How remote work is changing patch management | TechTarget

• What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)

• CISA’s KEV list improving private and public-sector patching • The Register

• CISA Announces CVE Enrichment Project 'Vulnrichment' - Security Week

Vulnerabilities

• Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (thehackernews.com)

• Citrix Addresses High-Severity NetScaler Servers Flaw (darkreading.com)

• Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (bleepingcomputer.com)

• Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) - Help Net Security

• LiteSpeed Cache WordPress plugin actively exploited in the wild (securityaffairs.com)

• New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (thehackernews.com)

• New BIG-IP Next Central Manager bugs allow device takeover (bleepingcomputer.com)

• Microsoft: April Windows Server updates also cause crashes, reboots (bleepingcomputer.com)

• Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)

• Apple just fixed an iTunes security flaw for Windows users, but they probably have bigger issues to worry about anyway | iMore

• Citrix warns customers to update PuTTY version installed on their XenCenter system manually (securityaffairs.com)

Tools and Controls

• Behind Closed Doors: The Rise of Hidden Malicious Remote Access (cybereason.com)

• Security tools fail to translate risks for executives - Help Net Security

• Misconfigurations drive 80% of security exposures | Security Magazine

• A Guide to Cyber Threat Intelligence (greydynamics.com)

• NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

• Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica

• Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises - IT Security Guru

• Strategies for preventing AI misuse in cyber security - Help Net Security

• Shadow APIs: An Overlooked Cyber Risk for Orgs (darkreading.com)

• How to detect deepfakes manually and using AI | TechTarget

• What is social engineering penetration testing? | Definition from TechTarget

• How workforce reductions affect cyber security postures - Help Net Security

• What is biometrics? 10 physical and behavioural identifiers that can be used for authentication | CSO Online

• What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)

• Top 10 physical security considerations for CISOs | CSO Online

• Three Battle-Tested Tips for Surviving a Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar

• A SaaS Security Challenge: Getting Permissions All in One Place  (thehackernews.com)

• Tips for Protecting Active Directory From Ransomware Attacks | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Tips for Controlling the Costs of Security Tools - The New Stack

• Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)

• Microsoft confirms Windows 11 24H2 turns on Device Encryption by default (windowslatest.com)

Reports Published in the Last Week

• The State of Ransomware 2024 - Sophos

Other News

• Microsoft overhaul treats security as ‘top priority’ after a series of failures - The Verge

• Microsoft will base part of senior exec comp on security, add deputy CISOs to product groups – GeekWire

• The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard

• Complexity leads to trade-off between risk and innovation (betanews.com)

• When has the UK faced cyber attacks in the past? | The Independent

• Man-in-the-middle attack: The new cyber security threat | YourStory

• Paris 2024 gearing up to face unprecedented cyber security threat | Reuters

• From Warnings to Action: Preparing America’s Infrastructure for Imminent Cyber Threats - Security Week

• 38% of riskiest cyber physical systems neglected, warns Claroty report (securitybrief.co.nz)

• Why undersea cables need high-priority protection • The Register

• GAO: NASA Faces 'Inconsistent' Cyber Security Across Spacecraft (darkreading.com)

• Cyber security regulations: Are non-compliant cars more vulnerable? | Autocar

• Fujitsu sets aside £200m as calls mount for Post Office scandal payout

• eGates across UK airports go down (thelondoneconomic.com)

• FE News | Why the education sector needs to do the homework on cyber security as attacks soar

• Caught with our pants down - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities

Attackers continue to aggressively target small and mid-size businesses using specific high-profile vulnerabilities dating back a decade or more, network telemetry shows. Findings have shown that this is due to these vulnerabilities featuring in a wide range of products. Due to their prevalence, they can often become missed by organisations conducting patch management and therefore leave the organisation open.

For this reason it is critical that all organisations, including smaller organisations, have internal as well as external vulnerability scanning. You might believe your systems are patched up to date but there is no way to confirm without scanning , or to know which patches might have been missed.

Sources: [Infosecurity Magazine]

91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit

Ransomware attacks saw a significant surge in 2023, following a dip in 2022. The number of victims increased by 66% from 2022 to 2023, with 91% of those affected paying at least one ransom. 58% of organisations have been targeted six times or more.

The Sophos State of Ransomware 2023 report highlighted ransom payments rose by 500%; nearly two-thirds exceeded $1m or more, with an average payment of $2m. Furthermore, 30% of the demands were for over $5m.

In the US, 18% of incidents led to litigation, with 123 lawsuits filed in 2023 and 355 over five years. Data breaches, affecting 283.3 million records, primarily triggered these lawsuits, especially in healthcare and finance sectors. The resolution rate is 59%, with the highest settlement at $8.7m. Regulatory fines added nearly $10m to the financial impact. These figures underscore the significant financial implications of ransomware attacks and the urgent need for robust cyber security measures.

Sources: [ZD Net] [Infosecurity Magazine] [Security Magazine] [PrNewsWire] [Infosecurity Magazine]

BEC and Fund Transfer Fraud Top Insurance Claims

Cyber Insurer Coalition's 2024 Cyber Claims Report highlights a significant trend in cyber security threats, identifying email-based fraud as the predominant cause of insurance claims in 2023, accounting for 53% of all claims. Business email compromise (BEC) and funds transfer fraud (FTF) topped the list, contributing to 28% of claims and increasing claim amounts by 24% to an average loss exceeding $278,000. In contrast, ransomware, while less frequent at 19% of claims, also saw a rise in both frequency and severity, with average losses climbing to over $263,000. The report also notes a 13% year-on-year surge in overall claims, with substantial losses tied to compromised network security devices and a notable vulnerability in organisations using exposed remote desktop protocols.

Source: [Infosecurity Magazine]

Correlating Cyber Investments with Business Outcomes

The US Securities and Exchange Commission (SEC) has implemented stringent new rules compelling organisations to report significant cyber incidents within four days and to annually disclose details concerning their cyber security risk management, strategy, and governance. These mandates are seen as giving “more teeth to the idea that cyber security is a business problem” and “bringing an element of cyber security to the boardroom” according to cyber security solutions provider SecurityGate. Highlighted in the "Cybersecurity Insights" podcast, experts argue for simplifying cyber security strategies, advocating sustained resource allocation over reactive measures, and emphasising the importance of training over expensive solutions. These steps are deemed crucial for enhancing organisational resilience and security in a landscape where cyber threats are increasingly sophisticated and pervasive.

Source: [InfoRisk Today] 

Verizon: Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link

Verizon has released the findings of its 17th Annual Data Breach Investigations Report, which showed security incidents doubled year over year in 2023 to a record high 30,458 security events and 10,626 confirmed breaches. Some of the key takeaways from the 100-page report include zero-day attacks on unpatched systems and devices rising 180% in 2023, most breaches (68%) involving a non-malicious human element and the median time for users to fall for phishing emails falling just south of 60 seconds. In its first inclusion as a separate metric, supply chain attacks were found to contribute to 15% of all attacks.

Sources: [MSSP Alert] [Verizon]

MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer

Verisk’s Property Claim Services (PCS) has recently identified the MOVEit and Change Healthcare cyber attacks as significant Cyber Catastrophe Loss Events. These designations are part of PCS’s Global Cyber solution, which tracks cyber incidents and their potential impact on the insurance market. The designation indicates that each attack is anticipated to result in insurance industry losses exceeding USD 250 million.

The MOVEit attack, linked to the Russian-affiliated group Cl0p, compromised over 2,700 organisations globally, affecting up to 90 million individuals. The Change Healthcare attack, attributed to the ALPHV/Blackcat gang, notably disrupted UnitedHealth Group’s operations, with projected costs and lost revenue totalling up to USD 1.6 billion. These designations highlight the escalating scale and financial impact of cyber incidents on global markets.

Source: [Reinsurance News]

Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties

Nearly every organisation is part of a supply chain, where a significant amount of data is transferred. When data leaves your infrastructure, its security depends on the third party. The risks of a cyber incident increases as the supply chain increases.

Organisations need to mitigate the risks that their third party brings. This requires an understanding of the supply chain actors, and performing cyber security assessments of the most critical ones. The objective is to ensure that your organisation is satisfied with the third party’s security controls, or to work together to remediate any gaps.

Source: [Help Net Security]

Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats

In the era of hybrid work, remote desktop tools have become crucial yet vulnerable points within corporate networks, attracting significant cyber criminal attention. A study by Barracuda Networks underscores the challenges of securing these tools. Virtual Network Computing (VNC) is particularly susceptible; it is targeted in 98% of these types of attacks due to its use of multiple, sometimes unsecured ports. VNC attacks predominantly exploit weak password practices, notably through brute force methods. Conversely, Remote Desktop Protocol (RDP) accounts for about 1.6% of these attacks but is favoured for more extensive network breaches, often involving ransomware or crypto mining. The study highlights a pressing need for robust endpoint management and heightened security measures to mitigate these threats.

Source: [ITPro]

95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right

A recent report found that 95% of companies have altered their cyber security strategies in the last twelve months. This was driven by keeping pace with the shifting regulatory landscape (98%), the need to meet customer expectations for data protection and privacy (89%), and the rise of AI-driven threats and solutions (65%). Almost half (44%) of non-security executives do not understand the regulatory requirements their organisation must adhere to.

When it came to reporting, the study found that security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact. It is evident that there is a disconnect between security and non-security professionals when it comes to the business strategy.

Sources: [Business Wire] [Security Magazine]

Human Factor a Significant Risk for Small and Medium-Sized Businesses.

A survey of business and IT security in small and medium-sized businesses (SMBs) conducted by LastPass found that roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. The survey found that password management is critically important to cyber security, with nearly half (47%) reporting recent breaches due to compromised passwords.

Sources: [Beta News] [Business Wire]

Microsoft CEO Says it is Putting Security Above All Else in Major Refocus

Following a series of high-profile attacks in recent months and a report by the US Cyber Safety Review Board (CSRB), Microsoft’s CEO has revealed it will now focus its efforts on an increase in the commitment to security. Investigating a summer 2023 attack, Microsoft was deemed to have made a series of “avoidable errors”, including the failure to detect several compromises, the CSRB said.

Sources: [TechRadar]

Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams

A recent discussion on workplace errors highlights the significant repercussions of cyber breaches compared to typical office mistakes. In the UK, nearly a third of businesses face cyber attacks weekly, with each breach costing approximately £4,000. However, a concerning trend is that 41% of these breaches are not reported to internal leadership, often due to fears among staff about the consequences of admitting faults. A three-pronged approach has been suggested to foster a blame-free culture: providing tailored and evolving cyber training, establishing safe zones for admitting mistakes, and implementing robust recovery plans. This approach not only prepares employees to handle potential breaches more effectively but also encourages them to report incidents promptly, reducing the overall impact and aiding quicker recovery. Such strategies are essential for maintaining resilience against increasingly sophisticated cyber threats.

Source: [Minute Hack]

Governance, Risk and Compliance

• Verizon 2024 Data Breach Investigations Report: 5 Takeaways | MSSP Alert

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Verizon DBIR: Vulnerability exploitation in breaches up 180% | TechTarget

• Verizon DBIR: Basic Security Gaffes Cause Breach Surge (darkreading.com)

• 95% of Organisations Revamped Their Cyber Security Strategies in the Last Year | Business Wire

• 95% of organisations adjusted cyber security strategies this past year | Security Magazine

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerability Exploits Triple as Initial Access Point for Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Are Enterprises Overconfident About Cyber Security Readiness? (govinfosecurity.com)

• How CISOs Can Contend with Increasing Scrutiny from Regulators (informationweek.com)

• Correlating Cyber Investments with Business Outcomes (inforisktoday.com)

• Ending The Culture of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Should Cyber Security Leadership Finally be Professionalized? - SecurityWeek

• What needs to change to overcome nonchalant security approaches | TechRadar

• Agile by Design: Cyber Security at the Heart of Transformation (noeticcyber.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Ransomware Rising Despite Takedowns, Says Corvus Report - Infosecurity Magazine (infosecurity-magazine.com)

• Impact of organisational structure on ransomware outcomes: Where does your org fit in? | SC Media (scmagazine.com)

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• 91% of ransomware victims paid at least one ransom in the past year, survey finds | ZDNET

• Ransom Payments Surge by 500% to an Average of $2m - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• There was an 81% year-over-year increase in ransomware attacks | Security Magazine

• Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings 2024 Global Threat Intelligence Report (prnewswire.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• LockBit, Black Basta, Play Dominate Ransomware in Q1 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Ransom recovery costs reach $2.73 million - Help Net Security

• Cactus Ransomware Group Targets Qlik Sense Servers | Decipher (duo.com)

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• How Businesses Should Grapple With Ransomware Threats (eetimes.eu)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

Ransomware Victims

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Almost all US hospitals took financial hit from Change hack, AHA says | Reuters

• Another major pharmacy chain shuts following possible cyber attack | TechRadar

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Cyber attack to cost Western Isles Council half a million pounds (holyrood.com)

• LockBit publishes confidential data stolen from Cannes hospital in France (therecord.media)

• French hospital CHC-SV refuses to pay LockBit extortion demand (bleepingcomputer.com)

• 'Cybersecurity incident' closes London Drugs' pharmacies • The Register

Phishing & Email Based Attacks

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• US Post Office phishing sites get as much traffic as the real one (bleepingcomputer.com)

• If you receive a Shein mystery box, do not open it | TechRadar

• Why the automotive sector is a target for email-based cyber attacks - Help Net Security

BEC

• BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• FBI warns of fake verification schemes targeting dating app users (bleepingcomputer.com)

• A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts | PCMag

Artificial Intelligence

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• State of Security 2024 Report Reveals Growing Impact of Generative AI on Cyber Security Landscape | Business Wire

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Understanding emerging AI and data privacy regulations - Help Net Security

• To understand the risks posed by AI, follow the money – O’Reilly (oreilly.com)

• From Risk to Resilience: Managing Data Security in AI-Driven Enterprises | Inc.com

• Security in the AI Sector: Understanding Infostealer Exposures and Corporate Risks - Security Boulevard

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• US Government Releases New AI Security Guidelines for Critical Infrastructure (thehackernews.com)

• Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues - SecurityWeek

• Why the Military Can’t Trust AI | Foreign Affairs

2FA/MFA

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

Malware

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

• Bogus npm Packages Used to Trick Software Developers into Installing Malware (thehackernews.com)

• Stealthy malware: The threats hiding in plain sight | ITPro

• Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (thehackernews.com)

• ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (thehackernews.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

Mobile

• Powerful 'Brokewell' Android Trojan Allows Attackers to Takeover Devices - SecurityWeek

• Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (thehackernews.com)

• New Wpeeper Android malware hides behind hacked WordPress sites (bleepingcomputer.com)

• NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Android Flaw Affected Apps With 4 Billion Installs - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft warns of "Dirty Stream" attack impacting Android apps (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Target New NATO Member Sweden with Surge of DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• A glaring Android TV security flaw might put your Gmail at risk | Android Central

Data Breaches/Leaks

• PSNI data breach: Almost 5,000 officers and staff in legal action - BBC News

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Kaiser Permanente data breach may have impacted 13.4 million patients (securityaffairs.com)

• Social exclusion charity Extern “urgently reviewing” impact of data breach following ransomware attack – The Irish News

• FBCS data breach impacted 2M individuals (securityaffairs.com)

• States shares health debt data of 5,000 in an email | Guernsey Press

• Qantas app exposed sensitive traveller details to random users (bleepingcomputer.com)

• DropBox says hackers stole customer data, auth secrets from eSignature service (bleepingcomputer.com)

• Mitre Shares Lessons Learned from Breach | MSSP Alert

• Hull City Council pays £30K in data breach claims and suffers nine cyber attacks in three years - Hull Live (hulldailymail.co.uk)

• Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach (bleepingcomputer.com)

• Australian pubgoers' personal info posted to leak site • The Register

• Monash Health data breach exposes sexual assault and family violence claims (smh.com.au)

• Panda Restaurant Group disclosed a data breach (securityaffairs.com)

Organised Crime & Criminal Actors

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

Insider Risk and Insider Threats

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element - Help Net Security

• Survey: Human Factors Create Significant Cyber Security Risks for Small and Medium-Sized Businesses, Despite Increased Technology Investment | Business Wire

• How insider threats can cause serious security breaches - Help Net Security

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

Insurance

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Cyber facility in capacity raise as risk severity grows (emergingrisks.co.uk)

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Alarming Insurance Gaps and Soaring Breach Rates Call for a United Front in Cyber Security | HaystackID - JDSupra

Supply Chain and Third Parties

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• Securing your organisation's supply chain: Reducing the risks of third parties - Help Net Security

Cloud/SaaS

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• 97% of security leaders have increased SaaS security budgets - Help Net Security

Encryption

• UK's Investigatory Powers Bill approved to become law • The Register

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• White Swan, Black Swan and QuantumBleed (forbes.com)

Linux and Open Source

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

Passwords, Credential Stuffing & Brute Force Attacks

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• Nvidia's flagship gaming GPU can crack complex passwords in under an hour | Tom's Hardware (tomshardware.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

• Five Ways to Dramatically Reduce the Risk of Password Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Google Online Security Blog: Your Google Account allows you to create passkeys on your phone, computer and security keys (googleblog.com)

• How to use a YubiKey to log into Windows and macOS (xda-developers.com)

Social Media

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook at 20: Contemplating the Cost of Privacy (darkreading.com)

Training, Education and Awareness

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Everyone's an Expert: How to Empower Your Employees for Cyber Security Success (thehackernews.com)

Regulations, Fines and Legislation

• UK's Investigatory Powers Bill approved to become law • The Register

• UK rolls out new consumer safeguards for smart devices (betanews.com)

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• FCC fines major wireless carriers over illegal location data sharing - Help Net Security

• Understanding emerging AI and data privacy regulations - Help Net Security

• CISA's incident reporting requirements go too far, trade groups and lawmakers say | CyberScoop

Data Protection

• How AI and data protection intersect in today's threat era - SiliconANGLE

Careers, Working in Cyber and Information Security

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says | CyberScoop

• Cyber Security Degrees, Are They Really Worth It? | HackerNoon

• Beyond the Buzz: Rethinking Alcohol as a Cyber Security Bonding Ritual - SecurityWeek

Law Enforcement Action and Take Downs

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• Police shuts down 12 fraud call centres, arrests 21 suspects (bleepingcomputer.com)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

• CEO who sold fake Cisco devices to US military gets 6 years in prison (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Think tank: Tech companies spread China's propaganda • The Register

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

• Why China Is So Bad at Disinformation | WIRED

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 'DuneQuixote' Shows Stealth Cyber Attack Methods Are Evolving (darkreading.com)

Nation State Actors

China

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Philippines Pummelled by Cyber Attacks & Misinformation Tied to China (darkreading.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Think tank: Tech companies spread China's propaganda • The Register

• China's attacks on critical infrastructure ‘tip of the iceberg' | SC Media (scmagazine.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why China Is So Bad at Disinformation | WIRED

• Chinese government website security has big problems • The Register

• Espionage breaches account for 25% in APAC, report reveals (securitybrief.co.nz)

Russia

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

• Russian Hackers Target Industrial Systems in North America, Europe - SecurityWeek

• Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say | CyberScoop

• Critical infrastructure operators urged to harden systems against pro-Russia hackers (therecord.media)

• Ukraine's military intelligence launches cyber attack against United Russia party (kyivindependent.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• The Dangerous Rise of GPS Attacks | WIRED

• Russia’s Pawprints on Aircraft Jamming Outbreak - CEPA

• Germany Warns Of Consequences For Alleged Russian Cyber Attack (rferl.org)

• Hackers Claim to Have Infiltrated Belarus’ Main Security Service - SecurityWeek

• Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyber Attack (darkreading.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

• Two British men charged with helping Russian intelligence - BBC News

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

Iran

• Israel winning cyber war against Iran, says former officer of elite IDF intelligence unit | All Israel News

North Korea

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

Vulnerability Management

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Vulnerability exploitation nearly tripled in 2023 (telecoms.com)

Vulnerabilities

• Cisco devices again targeted by state-linked threat campaign - TechCentral.ie

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• 1,200+ Vulnerabilities Detected In Microsoft Products In 2023 (gbhackers.com)

• Most attacks affecting SMBs target five older vulnerabilities | CSO Online

• Severe Flaws Disclosed in Brocade SANnav SAN Management Software (thehackernews.com)

• UnitedHealth hackers took advantage of Citrix vulnerability to break in, CEO says (yahoo.com)

• Palo Alto Updates Remediation for Max-Critical Firewall Bug (darkreading.com)

• Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades - Help Net Security

• WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (thehackernews.com)

• Grafana Tool Vulnerability Let Attackers Inject SQL Queries (gbhackers.com)

• Microsoft says April Windows updates break VPN connections (bleepingcomputer.com)

• NTLM auth traffic spikes after Windows Server patch • The Register

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (thehackernews.com)

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• 1,400 GitLab Servers Impacted by Exploited Vulnerability - SecurityWeek

Tools and Controls

• Why remote desktop tools are facing an onslaught of cyber threats | ITPro

• Correlating Cyber Investments With Business Outcomes (inforisktoday.com)

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• Can automating security relieve CISO pressure? (techinformed.com)

• 10 Critical Endpoint Security Tips You Should Know (thehackernews.com)

• 7 antivirus myths that are dead wrong | PCWorld

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• EDR vs. EPP: What's the difference? | TechTarget

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Organisations Struggle with Zero Trust: Gartner | MSSP Alert

• Tech Tip: Why Haven't You Set Up DMARC Yet? (darkreading.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• Communication gaps between IT departments and senior corporate leadership worsening application security risks - Tech Monitor

• Continuous threat exposure management (CTEM): What it is and how to achieve it | SC Media (scmagazine.com)

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

• Fortifying Cyber Defence With the Power of Linux Intrusion Detection and Prevention Systems | Linux Journal

• How to Red Team GenAI: Challenges, Best Practices, and Learnings (darkreading.com)

• What is API Security? - Security Boulevard

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why LLMs are predicting the future of compliance and risk management | VentureBeat

• Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM (thehackernews.com)

Reports Published in the Last Week

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Global Threat Intelligence Report 2024 by NTT Security Holdings

• 2024 Data Breach Investigations Report | Verizon

• The State of Security 2024 | Splunk

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

Other News

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• 3 Key Business Areas Cyber Security Falls Short | Inc.com

• 7 antivirus myths that are dead wrong | PCWorld

• A Season Of Health Breaches, A Season Of Changes (forbes.com)

• Bank of England tells payment firms to step up disruption mitigation plans (yahoo.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• NCSC updates warning over hacktivist threat to CNI | Computer Weekly

• Cyber Space: EU and partners discuss ways to strengthen cooperation in promoting international security and stability | EEAS (europa.eu)

• The EU's Strategy for a Cyber Secure Digital Single Market | UpGuard

• Cyber attack at Irish telecoms firm? – The Irish Times

• To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware (darkreading.com)

• During National Small Business Week, Take Steps to Secure Your Business | CISA

• At Microsoft, years of security debt come crashing down | Cybersecurity Dive

• National Small Business Week: IRS warns entrepreneurs to take precautions on data security; protect their businesses, employees, customers | Internal Revenue Service

• Zelenskyy fires security service chief accused of "weaponized draft" against journalist - Euromaidan Press

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• The ultimate cyber spring-cleaning checklist (avast.com)

• European New Space Companies Prepare to Counter Growing Security Threat - Via Satellite (satellitetoday.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Passwords are one of the basic ways that we confirm our identity when we access systems on our company network, or our own person email account for example. Although many organisations have a policy that requires users to create passwords of a certain length and complexity, the challenge is that the user can fulfil those criteria even if they create a weak password that can be easily guessed or cracked by an attacker. This is yet another intersection of technology and human behaviours that can make or break cyber security.

Did you know that attackers exchange lists of passwords from previous attacks, which they use at high speed in combination with a user’s email address for example, to try to break into a system?

If you are told that you need to create a password that uses upper and lower case letters, with numbers and special characters, the chances are you will use a word that starts with a capital letter, then add a number and use an exclamation point or similar at the end. The attackers know this, and they have millions of examples of them in their password listing. Equally, passwords like querty12345 are, sadly, still frequently used.

The trick is for us all to avoid using ‘weak’ passwords that are likely to feature on the password listing, which means we need to avoid falling into predictable human behaviour patterns. Equally, users need to avoid obvious passwords, like the name of their town or their pet dog, which can be guessed or cracked by a dedicated attacker.

As a solution consider using a passphrase such as “BananaHippoCyclist” and if you want it even more complex, trying adding a few numbers and special characters. And make sure every access you have uses a different password. We all live in the real world, and it can be hard to manage multiple passwords, so you could consider a password manager application to store your passwords, providing you use a very strong master password to access it.

Even strong passwords need extra security, which is why they should be used in conjunction with other multi-factor authentication methods such as facial recognition or biometrics (something you are) or verification codes received on your mobile phone (something you have). Utilising multiple methods of authentication makes it significantly harder for attackers to compromise your accounts.

If you are wondering how to implement this in your organisation, then reach out to us for a free 30-minute consultation to discuss your specific needs and proportionate options. We love discussing this and other aspects of cyber security, so contact us through our website page www.blackarrowcyber.com/contact, and we will get back to you shortly.

In the meantime, Happy World Password Day!

Executive summary

The UK Government has released new legislation to protect consumers from cyber criminals. 

The regime comprises of two pieces of legislation: 

• Part 1 of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022; and 

• The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.

Now that this new legislation is in force, the UK’s consumer connectable product security regime will be enforced, aiming to protect consumers against hacking and cyber attacks. This regulation sets out the minimum-security standards that all IoT (Internet of Things) devices are now legally obliged to meet.

What are the security requirements?

The regulations set out specific requirements that the relevant people, manufacturer, importer and distributor of the products have to follow:

1.      Passwords must be unique per the product. This includes banning common and easily guessable passwords for example admin or 12345 to prevent vulnerabilities and hacking.

2.      The manufacturer must provide clear and transparent information on how to report security issues about their product.  Manufacturers are also obligated to provide information on timescales of acknowledging, reporting and updating the status of security issues to the consumer until they have been resolved.

3.      The manufacturers and retailers must publish to consumers in a clear and accessible way, the minimum time they can expect to receive important security updates. This information should be available without prior request in English and free of charge.

While these security requirements demonstrate the seriousness in which the Government regards cyber security, they should not be relied upon alone and organisations ensure they are employing their own controls such as changing default passwords, performing vulnerability scanning and conducting timely patch management. Effective cyber security requires multiple layers of defence

The official UK Government legislation can be found below:

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Executive summary

A new strain of Android mobile malware dubbed “Brokewell” is being used to spread fake browser updates to steal user data. The malware has the ability to overlay banking application screens, capturing credentials without the users knowledge, as well as allowing remote access by an attacker. The malware has also been recorded as using popular ‘buy now, pay later’ service “Klarna” in addition to the fake Google Chrome update. Research indicates that the malware is in active development.

What’s the risk?

Due to the sensitive nature of the information sought by the malware, there is a genuine risk to the confidentiality and integrity of data. Features of the malware include the ability to overlay applications to steal user credentials and allow an attacker remote access, including the commands which record audio, take screenshots, access locations, and send communications from the victim phone.

The list of potential targets is extensive, especially so with many employees using personal devices for corporate purposes, including the storage of corporate credentials. A recent report from Google owned Mandiant found that 10% of intrusions began with evidence of stolen credentials.

What can I do?

It is recommended to employ a multi-layer defence to mitigate the risk of such malware succeeding. This should include only downloading updates from the official application in the Google Play store and enabling Google Play Protect will help to prevent malware. To further bolster defence, it is recommended that anti-virus applications are run in parallel.

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Further information can be found below:

https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox

The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.

Sources: [IT Security Guru] [Emerging Risks]

Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery

The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.

According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.

Sources: [The Hacker News] [Huntress] [SC Media]

Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy

Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.

Source: [Forbes]

Ransomware Double-Dip: Re-Victimisation in Cyber Extortion

A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.

Sources: [Security Magazine] [The Hacker News] [SC Media]

AI is a Major Threat and Many Financial Organisations Are Not Doing Enough

Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.

Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.

Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]

[Biometric Update]

6 out of 10 Businesses Struggle to Manage Cyber Risk

A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.

Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.

Sources: [PR Newswire] [Beta News]

'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs

Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.

Source: [Security Brief] [Tripwire]

Penetration Testing Infrequency Leaves Security Gaps

Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.

The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.

Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.

Source: [MSSP Alert]

Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance

A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.

Source: [The Register]

The Psychological Impact of Phishing Attacks on Your Employees

Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.

Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.

Source: [Beta News]

Where Hackers Find Your Weak Spots

A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.

Source: [Dark Reading]

The Role of Threat Intelligence in Financial Data Protection

The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.

Source: [Security Boulevard]

Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say

According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.

Source: [TechRadar] [Security Magazine]

Governance, Risk and Compliance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• Six out of 10 businesses struggle to manage cyber risk (betanews.com)

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress

• Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)

• Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar

• Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur

• Bank banned from opening new accounts over IT risks • The Register

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com

• 73% of SME security pros missed or ignored critical alerts - Help Net Security

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• 4 steps CISOs can take to raise trust in their business | TechTarget

• NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)

• Uncertainty is the most common driver of noncompliance - Help Net Security

• More and more businesses now have CISOs - but they're increasingly taking the blame for attacks | TechRadar

• Cyber metrics journey | Professional Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine

• Risks to ransomware attack payment | Professional Security

• Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)

• 'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)

• Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget

• Behavioural patterns of ransomware groups are changing - Help Net Security

• Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)

• Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)

• Hackers use developing countries as testing ground for new ransomware attacks (ft.com)

• Ransomware Still On Rise Despite Better Defences, Firm Says - Law360

• Hackers are using developing countries for ransomware practice | Ars Technica

• Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! - Help Net Security

• CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra

• Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)

• Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

• DragonForce Ransomware Group Uses LockBit’s Leaked Builder - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities  | CISA

• Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)

• Preventing Ransomware Attacks at Scale (hbr.org)

Ransomware Victims

• Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)

• UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert

• UnitedHealth admits breach could affect large chunk of US • The Register

• Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)

• UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert

• Will the Change Healthcare case finally make providers do a business impact analysis? | SC Media (scmagazine.com)

• UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)

• Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week

• Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)

• Authentication failure blamed for Change Healthcare ransomware attack | CSO Online

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Carpetright unable to trade after cyber attack - Retail Gazette

• Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)

Phishing & Email Based Attacks

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• The psychological impact of phishing attacks on your employees (betanews.com)

• Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike (thehackernews.com)

• LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)

BEC

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

Other Social Engineering

• LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Artificial Intelligence

• AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra

• AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)

• Security Leaders Braced for Daily AI-Driven Attacks by Year-End - Infosecurity Magazine (infosecurity-magazine.com)

• CSOs say AI is 'biggest cyber threat' to organisations | TechRadar

• Man arrested for 'framing colleague' with AI-generated voice • The Register

• Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)

• People doubt their own ability to spot AI-generated deepfakes - Help Net Security

• A National Security Insider Does the Math on the Dangers of AI | WIRED

• 40% of organisations have AI policies for critical infrastructure | Security Magazine

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• 25 cyber security AI stats you should know - Help Net Security

• Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard

• The Dark Side of Deepfakes: How Malicious Actors Use Synthetic Media to Manipulate and Deceive | Metaverse Post (mpost.io)

• 6 security items that should be in every AI acceptable use policy | CSO Online

• 'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence

• The use of AI in war games could change military strategy (theconversation.com)

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

Malware

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)

• Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Antivirus updates hijacked to drop dangerous malware | TechRadar

• Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica

• Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)

• Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Mobile

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• iPhone password reset attacks are real – how to protect yourself | Mashable

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)

• Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users (thehackernews.com)

• Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET

• A Briefing on SIM Hijacking | Intel471

Data Breaches/Leaks

• 5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)

• Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News

• AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)

• AT&T faces class action lawsuit over massive data breach exposing 70 million customers’ personal information (click2houston.com)

• App bug exposes 1M neighbourhood watchers to data harvesters • The Register

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)

Insider Risk and Insider Threats

• Most people still rely on memory or pen and paper for password management - Help Net Security

• The rise of the outsmarted insider (betanews.com)

• CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch

Insurance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget

• Munich Re on the impact of cyber rate changes | Insurance Business America (insurancebusinessmag.com)

Supply Chain and Third Parties

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

Cloud/SaaS

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

Identity and Access Management

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• Identity-based security threats are growing rapidly: report | CSO Online

Encryption

• Europol asks tech firms, governments to get rid of E2EE • The Register

• How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)

• Australian authorities call for Big Tech help with decryption • The Register

Linux and Open Source

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Passwords, Credential Stuffing & Brute Force Attacks

• Most people still rely on memory or pen and paper for password management - Help Net Security

• Apple @ Work: Over 52% of workers try to memorize and reuse the same password across multiple apps at work - 9to5Mac

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)

Social Media

• Dutch govt body: Don't use Facebook if unsure about privacy • The Register

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Malvertising

• Windows 11 now comes with its own adware (engadget.com)

Training, Education and Awareness

• 10 colleges and universities shaping the future of cyber security education - Help Net Security

Regulations, Fines and Legislation

• What is the EU Cyber Solidarity Act? | UpGuard

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra

• Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)

• Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)

• A view from Brussels: To be sovereign, or not to be (iapp.org)

• Cyber Security | UK Regulatory Outlook April 2024 - Lexology

• Net neutrality has been restored in the US - Help Net Security

Models, Frameworks and Standards

• Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard

Data Protection

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• A view from Brussels: To be sovereign, or not to be (iapp.org)

Careers, Working in Cyber and Information Security

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• Pluralsight Study Finds the Biggest Technical Skills Gaps are in Cyber Security, Cloud, and Software Development (prnewswire.com)

• Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard

• Addressing the cyber skills shortage: 5 key steps to take | CSO Online

• Five Essential Steps To Land Your First Cyber Security Job (forbes.com)

• Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru

Law Enforcement Action and Take Downs

• Exploring Law Enforcement Hacking as a Tool Against Transnational Cyber Crime - Carnegie Endowment for International Peace

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan | Trend Micro (US)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

• Man arrested for 'framing colleague' with AI-generated voice • The Register

Misinformation, Disinformation and Propaganda

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)

China

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)

• FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)

• Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters

• New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ads on .gov.uk websites raise eyebrows over privacy • The Register

• China's Vision for Global Security: Implications for Southeast Asia | United States Institute of Peace (usip.org)

Russia

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• Who Are APT29? - Security Boulevard

• Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)

• Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)

• Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)

• Rare Computer Virus Detected in Ukrainian Network, Confidential Document Potentially Compromised (kyivpost.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)

• Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)

Iran

• $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defence Contractors - Security Week

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop

• The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)

North Korea

• Over 10 Defence Industry Firms Targeted in Concentrated Cyber Attacks by N. Korean Hackers l KBS WORLD

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)

• North Korean Hackers Target Dozens of Defence Companies - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

Vulnerability Management

• Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert

• Automated patch management: 9 best practices for success | TechTarget

• Vulnerability Exploitation on the Rise as Attacker Ditch Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Vulnerabilities

• 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)

• Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)

• Nation-state actors exploited two zero-days in Cisco ASA and FTD firewalls to breach government networks - Security Affairs

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• 'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Google Patches Critical Chrome Vulnerability - Security Week

• Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)

• PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)

• Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)

• Dependency Confusion Vulnerability Found in Apache Project - Infosecurity Magazine (infosecurity-magazine.com)

• Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)

• Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)

• GitHub vulnerability leaks sensitive security reports | TechTarget

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)

Tools and Controls

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert

• The Role of Threat Intelligence in Financial Data Protection - Security Boulevard

• Automated patch management: 9 best practices for success | TechTarget

• Rethinking How You Work with Detection and Response Metrics (darkreading.com)

• Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard

• Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

• Explore CASB use cases before you decide to buy | TechTarget

• SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek

• Identity-based security threats are growing rapidly: report | CSO Online

• Microsoft criticized for charging for security add-ons • The Register

• 5 insights from new Microsoft CNAPP guide | Microsoft Security Blog

• The Peril of Badly Secured Network Edge Devices (inforisktoday.com)

• VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)

• The first steps of establishing your cloud security strategy - Help Net Security

• 40% of organizations have AI policies for critical infrastructure | Security Magazine

• Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Reports Published in the Last Week

• M-Trends 2024 | Google Cloud

• Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)

• Coalition's 2024 Cyber Claims Report (coalitioninc.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• 2024 Cisco Cyber Security Readiness Index

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Cyber Security in the UK - House of Commons Library (parliament.uk)

Other News

• These sectors are top targets for cyber crime, and other cyber security news to know this month | World Economic Forum (weforum.org)

• Online Banking Security Still Not Up to Par, Says Which? - Infosecurity Magazine (infosecurity-magazine.com)

• Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)

• Where Hackers Find Your Weak Spots (darkreading.com)

• Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)

• Microsoft is reportedly making security improvements its current top priority at the company - Neowin

• UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)

• Internet cable at Cali airport cut in apparent sabotage • The Register

• DOD establishes Office of the Assistant Secretary of Defence for Cyber Policy (securityintelligence.com)

• EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)

• US: The European Union and the United States hold the 9th Cyber Dialogue in Brussels | EEAS (europa.eu)

• Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)

• Microsoft needs to win back trust - The Verge

• AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga

• Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Why Cyber Security Is Key To Solving Global Crises (forbes.com)

• Cyber Security is Relentless! | Gray Reed - JDSupra

• Colleges spending more than ever on cyber security efforts (insidehighered.com)

• Foreign states targeting UK universities, MI5 warns - BBC News

• Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)

• Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

A recent report conducted by Kaspersky found that nearly 10 million devices fell victim to data-stealing malware, also known as  “InfoStealers” in 2023. Put simply, an InfoStealer is malware that is built to collect and transmit sensitive information to unauthorised parties. Once stolen and transmitted, this information can be used or sold. Unlike ransomware, which often announces its presence with dramatic demands, infostealers operate in the shadows, harvesting your information.

What’s the risk?

Due to the sensitive nature of the information sought by InfoStealers, there is a genuine risk to the confidentiality of data. The data sought by an InfoStealer can include credentials, financial information, cookies, MFA tokens, text files, and machine information. The list of potential targets is extensive, especially so with many employees storing their credentials on personal devices. In a recent report, Mandiant, which is owned by Google, found that 10% of intrusions began with evidence of stolen credentials.

Infostealers can be delivered in a variety of ways, including through malicious attachments, unofficial software downloads and compromised websites. InfoStealers often try to disguise themselves as legitimate, in some cases tricking a victim in to running them and keeping them on their device. Anti-virus is not enough to stop them.

What can I do?

Mitigating the threat of InfoStealers requires practicing robust cyber hygiene. Organisations should adhere to leading practices, including downloading software exclusively from official sources, exercising caution with email links and attachments and maintaining visibility of the software ecosystem within their corporate environment.

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Executive summary

Cisco has published a security advisory warning regarding an active attack campaign labelled as “ArcaneDoor”. The campaign involves threat actors exploiting vulnerabilities in Cisco Adaptive Security Appliance (ASA) or Cisco Firepower Threat Defense (FTD) to implant previously unknown malware, execute commands and exfiltrate data. Activity is thought to have begun in early January 2024.

What’s the risk to me or my business?

There is a risk that organisations running vulnerable software versions of Cisco ASA or FTD are leaving themselves at risk of allowing an attacker to implant malware, execute commands and exfiltrate data, impacting the confidentiality, integrity and availability of data. There is no current workaround, and Cisco advises to upgrade to a fixed software release immediately.

What can I do?

Black Arrow recommends following Cisco’s advice, and applying patches immediately. Additionally, organisations can also open a case with Cisco Technical Assistance Center, referencing the keyword “ArcaneDoor” to verify the integrity of their Cisco ASA or FTD devices. Further information on this can be found in the advisory provided by Cisco.

Technical Summary

CVE-2024-20353-  a denial of service vulnerability impacting Cisco ASA and FTD software.

CVE-2024-20359- A privilege escalation vulnerability, which could allow an authenticated local attacker to execute code with the highest level of privilege. Administrator level privileges are required to exploit this vulnerability.

Further information can be found below.

The advisories provided by Cisco can be found here:

https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response

https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

94% of Ransomware Victims Have Their Backups Targeted by Attackers

Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.

Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.

Source: [Tech Republic]

Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability

The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.

The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.

The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.

Sources: [The Banker] [IMF]

Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist

A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.

Source: [TechCrunch]

Your Annual Cyber Security Is Not Working, But There is a Solution

Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.

To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.

Source: [TechRadar]

73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert

A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.

Source: [Business Wire]

Russia and Ukraine Top Inaugural World Cyber Crime Index

The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.

Top ten Countries in full:

1.       Russia

2.       Ukraine

3.       China

4.       United States

5.       Nigeria

6.       Romania

7.       North Korea

8.       United Kingdom

9.       Brazil

10.   India

Source: [Infosecurity Magazine]

Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?

The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.

Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.

Sources: [ITPro] [The Guardian]

Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat

Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.

The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.

Sources: [Claims Journal] [Inc.com]

The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).

Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.

Source: [Infosecurity Magazine] [TechRadar]

Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts

Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.

Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.

Sources: [Ars Technica] [Data Breach Today]

Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss

93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.

Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.

Sources: [Infosecurity Magazine] [Help Net Security]

Charities Doing Worse than Private Sector in Staving off Cyber Attacks

Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.

Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.

Source: [TFN]

Governance, Risk and Compliance

• Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Security breaches are causing more damage than ever before | TechRadar

• 73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert | Business Wire

• Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)

• Where Are You on the Cyber Security Readiness Index? Cisco Thinks You’re Probably Overconfident | Network Computing

• Experts say shocking level of cyber security breaches revealed in new government report “are avoidable” | LawNews.co.uk

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• 51% of enterprises experienced a breach despite large security stacks - Help Net Security

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)

• Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• New LockBit Variant Exploits Self-Spreading Features - Infosecurity Magazine (infosecurity-magazine.com)

• Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate - Help Net Security

• FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)

• Infiltrating ransomware gangs on the dark web - CBS News

• What if we made ransomware payments illegal? | SC Media (scmagazine.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

• Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyber Attacks - IT Security Guru

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• A whole new generation of ransomware makers are attempting to shake up the market | TechRadar

• Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly

• Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)

Ransomware Victims

• Change Healthcare’s ransomware attack costs reach nearly $1B • The Register

• Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia  (securityaffairs.com)

• Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)

• Ransomware attack compromises UN agency data | SC Media (scmagazine.com)

• 840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)

• US think tank Heritage Foundation hit by cyber attack | TechCrunch

• Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Cyber Attack Takes Frontier Communications Offline (darkreading.com)

Phishing & Email Based Attacks

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Microsoft Most Impersonated Brand in Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)

Other Social Engineering

• Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs

• FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)

Artificial Intelligence

• CISOs not changing priorities in response to AI threats (betanews.com)

• 92% of enterprises unprepared for AI security challenges - Help Net Security

• AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)

• Enterprise Endpoints Aren't Ready for AI (darkreading.com)

• Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)

• Countering Voice Fraud in the Age of AI (darkreading.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

2FA/MFA

• Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

Malware

• LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)

• TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)

• A sneaky new steganography malware is exploiting Microsoft Word — hundreds of firms around the world hit by attack | TechRadar

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

• New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)

Mobile

• Government spyware is another reason to use an ad blocker | TechCrunch

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Enterprises face significant losses from mobile fraud - Help Net Security

• SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS attacks saw a huge surge in the first part of 2024, with one particular country badly hit | TechRadar

• 68% of Companies are More Vulnerable to DDoS Than They Think - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks are still growing and there are new threats on the horizon | ITPro

Internet of Things – IoT

• How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security

• CISA warns of critical vulnerability in Chirp smart locks • The Register

• New rules for security of connected products in the UK and EU - Lexology

Data Breaches/Leaks

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

• Panama Papers: Money laundering trial of 27 defendants begins

• Over half a million Roku subscribers are the victims of the latest cyber security attack - PhoneArena

• Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)

• Wells Fargo Says It Has Suffered Data Breach, Blames Employee for Exposing Personal Information on Pair of Customers - The Daily Hodl

• 5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)

• Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)

Organised Crime & Criminal Actors

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Students turning to cyberfraud as huge phishing site infiltrated, police reveal | Cybercrime | The Guardian

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

• Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)

• Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch

• Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)

Insider Risk and Insider Threats

• Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites - Infosecurity Magazine (infosecurity-magazine.com)

• Underestimating the dangers within: mitigating the insider cyber threat | TechRadar

Insurance

• Cyber threats increase as insurance costs fall - report (emergingrisks.co.uk)

Cloud/SaaS

• Exposing the top cloud security threats - Help Net Security

• What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• The cloud is benefiting IT, but not business | InfoWorld

Identity and Access Management

• Identity in the Shadows: Shedding Light on Cyber Security's Unseen Threats (thehackernews.com)

Linux and Open Source

• Open source groups say more software projects may have been targeted for sabotage (yahoo.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Attackers are pummelling networks around the world with millions of login attempts | Ars Technica

• Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)

• Threat actors look to stolen credentials | Computer Weekly

• Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)

• Bad Bots Drive 10% Annual Surge in Account Takeover Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• For Service Accounts, Accountability Is Key to Security (darkreading.com)

• Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)

Social Media

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• EU tells Meta it can't paywall privacy • The Register

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Malvertising

• Government spyware is another reason to use an ad blocker | TechCrunch

• New Cyber Threat MadMxShell Exploits Typosquatting and Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)

Training, Education and Awareness

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• Cyber security training: How to make it more motivating (hrexecutive.com)

Regulations, Fines and Legislation

• US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online

• New rules for security of connected products in the UK and EU - Lexology

• Congress votes to kick Uncle Sam’s data broker habit • The Register

• Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica

Models, Frameworks and Standards

• Rebalancing NIST: Why 'Recovery' Can't Stand Alone (darkreading.com)

Backup and Recovery

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

Data Protection

• 5 Common Data Protection Challenges That Businesses Face (techtarget.com)

Careers, Working in Cyber and Information Security

• IT and security professionals demand more workplace flexibility - Help Net Security

• National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)

• Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)

Law Enforcement Action and Take Downs

• UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost - Infosecurity Magazine (infosecurity-magazine.com)

• After a string of high profile cyber gang takedowns, is the cyber crime industry about to get a lot more fragmented? | ITPro

• Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)

• Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Preparing for Cyber Warfare: 6 Key Lessons From Ukraine (darkreading.com)

• State-sponsored cyber attacks: The new frontier | ITPro

China

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Risks are higher than ever for US- China cyber war | Responsible Statecraft

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• Singapore infosec boss: splinternet hinders interoperability • The Register

• FBI says Chinese hackers preparing to attack US infrastructure | Reuters

• Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)

Russia

• Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)

• CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)

• Microsoft's 'cascade of security failures' allowed hackers to access US government employee emails | Windows Central

• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - Security Week

• Microsoft breach allowed Russia to steal Feds' emails • The Register

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch

• Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes

• Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget

• Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register

• Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)

• Russia and Ukraine Top Inaugural World Cyber Crime Index - Infosecurity Magazine (infosecurity-magazine.com)

• Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)

• Pro-Russian Campaign Exploits Meta’s Failure to Moderate Political Ads - Infosecurity Magazine (infosecurity-magazine.com)

• Singapore infosec boss: splinternet hinders interoperability • The Register

• US Election Officials Told to Prepare for Nation-State Influence Campa - Infosecurity Magazine (infosecurity-magazine.com)

• Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)

• Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week

Iran

• Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)

• Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)

• Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)

• Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)

North Korea

• DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse (darkreading.com)

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• “There are no borders in cyber space. We have to fight global terrorism together.” | Ctech (calcalistech.com)

• Furry Hackers Target Far-Right Outlet 'Real America's Voice' (dailydot.com)

• Government spyware is another reason to use an ad blocker | TechCrunch

Vulnerability Management

• Cyber Security Pros Urge US Congress to Help NIST Restore NVD Operation - Infosecurity Magazine (infosecurity-magazine.com)

• How to conduct security patch validation and verification | TechTarget

• Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack

• The importance of the Vulnerability Operations Centre for cyber security | TechRadar

Vulnerabilities

• State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week

• “Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica

• Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)

• PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)

• Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA

• Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)

• Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)

• Juniper Networks Publishes Dozens of New Security Advisories - Security Week

• Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)

• Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week

• iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena

• Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)

• Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)

• Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)

• Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard

Tools and Controls

• Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)

• Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)

• CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)

• Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine

• Annual cyber security training isn’t working, so what’s the alternative? | TechRadar

• 6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud

• North Korean Group Kimsuky Exploits DMARC and Web Beacons - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Web Monitoring: What's the Value? (bleepingcomputer.com)

• 5 Steps Toward Military-Grade API Security - The New Stack

• Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)

• Cyber security training: How to make it more motivating (hrexecutive.com)

• The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)

• AI set to enhance cyber security roles, not replace them - Help Net Security

• Why You Still Shouldn't Trust Zero Trust (forbes.com)

• Stateful vs. stateless firewalls: Understanding the differences | TechTarget

Reports Published in the Last Week

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

Other News

• Why home cyber security is important (xda-developers.com)

• Microsoft remains in the US government's good graces despite its high susceptibility to attacks | Windows Central

• Charities doing worse than private sector in staving off cyber attacks - TFN

• Private companies operating critical infrastructure are not taking cyber security threats seriously enough. | USAPP (lse.ac.uk)

• The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)

• Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)

• Geopolitical tensions escalate OT cyber attacks - Help Net Security

• Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg

• The invisible seafaring industry that keeps the internet afloat (theverge.com)

• Do we have a plan on how to deal with subsea cables sabotage? | Euronews

• Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week

• Trust in Cyber Takes a Knock as CNI Budgets Flatline - Infosecurity Magazine (infosecurity-magazine.com)

• University chiefs to get security service Cobra briefing on hostile states | The Argus

• SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week

• Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

PuTTY, popular with IT administrators as an open-source terminal emulator that supports SSH, telnet and other network file transfer protocols, is currently being exploited due to a weakness in how it generates cryptographic private keys. The exploitation of the flaw allows an attacker to gain access to the user’s private keys and achieve unauthorised access to SSH servers, with the potential for supply chain attacks if exploited. Cryptographic private keys are typically used and verified by a public key on a server, to ensure the users identity and communicate securely.

What’s the risk to me or my business?

Organisations using a vulnerable version of PuTTY or other software that utilises a vulnerable version are at risk of compromise and unauthorised access to their SSH servers, impacting the confidentiality, integrity and availability of the organisation.

It has been reported that to perform the exploit successfully and calculate a user’s private key, an attacker will need 58 signatures, which could be gained from different sources including signed Git commits or an attacker-owned SSH server which the victim logs in to.

The vulnerability impacts versions 068 to 0.80 of PuTTY, with a fix available in version 0.81.

In addition, the following third-party software has been confirmed as vulnerable, however more are likely to be identified as the full extent of the vulnerability becomes apparent:

FileZilla 3.24.1 – 3.66.5 (fixed in 3.67.0)

WinSCP 5.9.5 – 6.3.2 (fixed in 6.3.3)

TortoiseGit 2.4.0.2 – 2.15.0 (fixed in 2.15.0.1)

TortoiseSVN 1.10.0 – 1.14.6  (users are advised to configure TortoiseSVN to use Plink from the latest PuTTY 0.81 release until a patch becomes available)

What can I do?

Black Arrow recommends upgrading to PuTTY version 0.81, or later, immediately, where available. Organisations should also check if they are using any tools which implement a vulnerable version of PuTTY, this could be achieved with a network vulnerability scan across affected information assets. In addition to the above, organisations should assess if they have any signed Git commits, as these may be used by attackers to gain the signatures required to exploit the vulnerability.

If your organisation has identified the use of any NIST p521 keys generated by a vulnerable version of the tool, they should be replaced by new secure keys immediately, and again following identification and applying updates to affected vulnerable versions.

Technical Summary

CVE-2024-31497- A vulnerability in PuTTY that can allow attackers to recover private keys. The impacted key type is is 521-bit ECDSA, also known as NIST p521.

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Further information can be found here:

https://www.openwall.com/lists/oss-security/2024/04/15/6

Executive summary

Palo Alto have issued a critical alert for an actively exploited attack in the GlobalProtect feature of PAN-OS software use in its firewall products. Successful exploitation allows an attacker to execute code with root privileges, the highest available.  Third parties have since disclosed a proof of concept for the exploit.

What’s the risk to me or my business?

The exploit applies only to applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal. Organisations falling under this umbrella are leaving themselves at risk of allowing an attacker to perform code with root privileges, impacting the confidentiality, integrity and availability of data. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Whether you have a GlobalProtect gateway or GlobalProtect portal configured can be verified by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).

Palo Alto has listed the following versions as vulnerable:

PAN-OS 10.2: < 11.1.0-h3, < 11.1.1-h1, < 11.1.2-h3

 PAN-OS 11.0: < 11.0.2-h4, < 11.0.3-h10, < 11.0.4-h1

PAN-OS 11.1: < 10.2.5-h6, < 10.2.6-h3, < 10.2.7-h8, < 10.2.8-h3, < 10.2.9-h1

The issue is fixed in hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. A full list of ETA’s of hotfixes are available in the advisory by Palo Alto.

What can I do?

Black Arrow recommends following Palo Alto’s advice and applying the available fixes immediately even if workarounds and mitigations have been applied as previous mitigations are no longer effective. If an update is not available, it is recommended that the advisory is checked to see when an one will be made available. The latest expected update is currently planned for 19 April 2024.

Technical Summary

CVE-2024-3400 -  A command Injection Vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software which can allow an unauthenticated attacker to execute code with root privileges.

Further information can be found here:

https://security.paloaltonetworks.com/CVE-2024-3400

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Cyber Breaches Survey Finds Business Falling Short on Cyber, as Half Suffer Breach and Many Fail to Report

Half of UK businesses experienced a cyber breach last year, according to a survey by the UK Government. The figure could be much higher however, as the survey found only 34% report breaches externally.

It is said that a cyber incident is a matter of when, not if. Nonetheless, 78% of organisations lack a dedicated response plan outlining actions to be taken in the event of a cyber incident and only 11% review their immediate suppliers for risks. To improve cyber resilience, there needs to be a paradigm shift.

Sources: [Computer Weekly] [Computing] [Infosecurity Magazine] [Info Risk Today]

Cyber Attacks Cost Financial Firms $12bn Says IMF

A recent International Monetary Fund (IMF) report has highlighted significant financial losses in the financial services sector, totalling $12 billion over the last two decades due to cyber attacks, with losses accelerating post-pandemic. The number of incidents and the scale of extreme losses have sharply increased, prompting the IMF to urge enhanced cross-border cooperation to uphold the stability of the global financial system.

The report underscores the critical threat that cyber attacks pose to financial stability, particularly for banks in advanced economies which are more exposed to such risks. With major institutions like JP Morgan facing up to 45 billion cyber threats daily, the IMF emphasises the need for international collaboration to effectively manage and mitigate these risks.

Source: [Finextra]

The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realise

A critical security breach was narrowly avoided when a Microsoft developer detected suspicious activity in XZ Utils, an open-source library crucial to internet infrastructure. This discovery revealed that a new developer had implanted a sophisticated backdoor in the software, potentially giving unauthorised access to millions of servers worldwide. This incident has intensified scrutiny on the vulnerabilities of open-source software, which is largely maintained by unpaid or underfunded volunteers and serves as a backbone for the internet economy. The situation has prompted discussions among government officials and cyber security experts about enhancing the protection of open-source environments. This close call, described by some as a moment of "unreasonable luck," underscores the pressing need for sustainable support and rigorous security measures in the open-source community.

Source: [Inc.com]

UK Government Urged to Get on ‘Front Foot’ with Ransomware Instead of ‘Absorbing the Punches’

Amidst a rising tide of ransomware attacks affecting wide range of UK services, officials in Westminster are being pressured to enhance funding for operations aimed at disrupting ransomware gangs. The current strategy focuses on bolstering organisational cyber security and recovery preparedness, a stance under the second pillar of the UK's National Cyber Strategy known as resilience. However, this approach has not curbed the frequency of incidents, which have steadily increased over the past five years, impacting sectors including the NHS and local governments. In contrast to the proactive disruption efforts seen in the US, the UK has yet to allocate new funds for such measures, despite successful disruptions like the recent takedown of the LockBit gang by the US National Crime Agency, which underscored the potential benefits of increased resources for cyber crime disruption.

Source: [The Record Media]

74% of Employees Falling Victim to Phishing Attacks Hit with Disciplinary Actions

The Egress 'Email Threat Landscape 2024' report reveals a surge in phishing attacks, with 94% of companies falling victim to this type of crime in this past year alone, leading to increasingly complex cyber security challenges. According to the report, 96% of these companies suffered significant repercussions, including operational disruption and data breaches, with common attack vectors being malicious URLs, and malware or ransomware attachments.

The human cost is also notable, with 74 per cent of employees involved in attacks having faced disciplinary actions, dismissals, or voluntary departures, underscoring the severity of the issue and the heightened vigilance among companies in addressing the phishing threat. Financial losses primarily stem from customer churn, which accounts for nearly half of the total impact. Amidst rising attacks through compromised third-party accounts, Egress advocates for stronger monitoring and defence strategies to protect critical data and reduce organisational and individual hardships.

Source: [The Fintech Times]

Why Are Many Businesses Turning to Third-Party Security Partners?

In 2023, 71% of organisations reported being impacted by a cyber security skills shortage, leading many to scale back their cyber security initiatives amid escalating threats. To bridge the gap, businesses are increasingly turning to third-party security partnerships, reflecting a shift towards outsourcing crucial cyber security operations to handle complex challenges more efficiently. This approach is driven by the need to fill technical and resource gaps in the face of a severe workforce shortfall, with an estimated 600,000 unfilled security positions in the US alone. Moreover, these strategic partnerships allow organisations to leverage external expertise for scalable and effective security solutions, alleviating the burden of staying updated with the rapidly evolving threat landscape.

Source: [Help Net Security]

74% of Businesses with up to 500 Employees are Concerned About Cyber Security as Attacks Rise

According to a recent poll by the US Chamber of Commerce, 60% of small businesses expressed concerns about threats, with 58% concerned about a supply chain breakdown. The highest concern came from businesses with 20-500 employees (74%). Despite such concern, only 49% had trained staff on cyber security. When it came to the impact of a cyber event, 27% of respondents say they are one disaster or threat away from shutting down their business.

Sources: [Malwcv arebytes][Marketplace] [US Chamber]

LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call

LastPass recently reported a thwarted voice phishing attack targeting one of its employees using deepfake audio technology to impersonate CEO Karim Toubba. The attack, conducted via WhatsApp, was identified by the employee as suspicious due to the unusual communication channel and clear signs of social engineering, such as forced urgency. Despite the failure of this particular attempt, LastPass has shared the incident publicly to highlight the growing use of AI-generated deepfakes in executive impersonation schemes. This incident underscores a broader trend, as indicated by alerts from both the US Department of Health and Human Services and the FBI, pointing to an increase in sophisticated cyber attacks employing deepfake technology for fraud, social engineering, and potential influence operations.

Source: [Bleepingcomputer]

Most Cyber Criminal Threats are Concentrated in Just a Few Countries

Oxford researchers have developed the world's first cyber crime index to identify global hotspots of cyber criminal activity, ranking countries based on the prevalence and sophistication of cyber threats. The index reveals that a significant portion of cyber threats is concentrated in a few countries, with Russia and Ukraine positioned at the top, with the USA and the UK also ranking prominently. The results indicate that countries like China, Russia, Ukraine, the US, Romania, and Nigeria are among the top hubs for activities ranging from technical services to money laundering. This tool aims to refine the focus for cyber crime research and prevention efforts, although the study acknowledges the need for a broader and more representative sample of expert opinions to enhance the accuracy and applicability of the findings. The index underscores that while cyber crime may appear globally fluid, it has pronounced local concentrations.

Sources: [ThisisOxfordshire] [Phys Org]

Why Incident Response is the Best Cyber Security ROI

The Microsoft Incident Response Reference Guide predicts that most organisations will encounter one or more major security incidents where attackers gain administrative control over crucial IT systems and data. While complete prevention of cyber attacks may not be feasible, prompt and effective incident response is essential to mitigate damage and protect reputations. However, many organisations may not be adequately budgeting for incident response, and the recent UK Government report found that 78% of organisations do not have formalised incident response plans, risking prolonged recovery and increased costs. Cyber crime damages hit $23b in 2023, but the true costs of incidents includes non-financial damage such as reputational harm. If a cyber incident is a matter of when, not if, then a prepared incident response plan is the best cyber security ROI.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [CSO Online]

Ransomware Attacks are the Canaries in the Cyber Coal Mine

A recent report has found that ransomware attacks were up 110% compared to the prior month, stating that unreported attacks were up to 6 times higher. The report found that tactics are increasingly using data extortion, with 92% of attacks utilising this method.

Sources: [Silicon Republic] [The Hill]

Cyber Security is Crucial, but What is Risk and How do You Assess it?

Cyber security is an increasingly sophisticated game of cat and mouse, where the landscape is constantly shifting. Your cyber risk is the probability of negative impacts stemming from a cyber incident, but how do you assess risk?

One thing to understand is that there are a multitude of risks: risks from phishing, risks from insiders, risks from network attacks, risks of supply chain compromise, and of course, nation states. To understand risk, an organisation must first identify the information that it needs to protect, to avoid only learning of the information asset’s existence from a successful attacker. Once all assets are identified, then organisations should conduct risk assessments to identify threats and an evaluation the potential damage that can be done.

Sources: [Security Boulevard] [International Banker]

Governance, Risk and Compliance

• Cyber attacks cost financial firms $12bn says IMF (finextra.com)

• UK business falling short on cybersecurity warns government report (computing.co.uk)

• Half of UK Businesses Hit by Cyber Incident in Past Year - Infosecurity Magazine (infosecurity-magazine.com)

• 60% of small businesses are concerned about cyber security threats | Malwarebytes

• Cyber attacks on small businesses are on the rise - Marketplace

• What is cyber security risk & how to assess - Security Boulevard

• Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)

• Why Cyber Security Is More Crucial Today Than Ever Before (internationalbanker.com)

• Large cyber attack could cause 'cyber run' or market sell-offs, warns IMF - FStech Financial Sector Technology

• Why are many businesses turning to third-party security partners? - Help Net Security

• CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)

• Why incident response is the best cyber security ROI | CSO Online

• Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defence Program -  Security Week

• Privacy Versus Cyber – What is the Bigger Risk? | Jackson Lewis P.C. - JDSupra

• Large businesses struggle to tackle cyber threats (betanews.com)

• Resilience And Antifragility Are The Best Strategies For 2024 (forbes.com)

• The state of secrets security: 7 action items for better managing risk - Security Boulevard

• Board Oversight and Cyber Breach Response: What Involvement Strikes the Right Balance? | Alston & Bird - JDSupra

• Compliance & Cyber Security – Working and Worrying Together About the Intersection of People and Technology | NAVEX - JDSupra

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• Why cyberpsychology is such an important part of effective cyber security | CSO Online

• Cyber Security in the Evolving Threat Landscape (securityaffairs.com)

• How CISOs can make themselves ready to serve on the board | CSO Online

• CISOs Need A Data-Driven Approach To Offensive Security (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware surged 110pc last month, report claims (siliconrepublic.com)

• UK government urged to get on ‘forward foot’ with ransomware instead of ‘absorbing the punches’ (therecord.media)

• Ransomware attacks are the canaries in the cyber coal mine | The Hill

• Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch

• Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware (darkreading.com)

• Ransomware group maturity should influence ransom payment decision - Help Net Security

• Proactive and Reactive Ransomware Protection Strategies - Security Boulevard

• How can the energy sector bolster its resilience to ransomware attacks? - Help Net Security

• CL0P's Ransomware Rampage - Security Measures for 2024 (thehackernews.com)

• Should You Pay a Ransomware Attacker? - Security Boulevard

• LockBit struggles to maintain relevance amid rise of impersonators and new ransomware groups - SiliconANGLE

• DragonForce Ransomware - What You Need To Know | Tripwire

• LockBit copycat DarkVault spurs rebranding rumour | SC Media (scmagazine.com)

• Ransomware payouts hit all-time high, but that’s not the whole story (securityintelligence.com)

Ransomware Victims

• Vet chain CVS hit by cyber attack | Evening Standard

• Second ransomware gang says it’s extorting Change Healthcare • The Register

• Targus says it is facing major cyber attack, global operations hit | TechRadar

• Optics giant Hoya hit with $10 million ransomware demand (bleepingcomputer.com)

• Panera Bread week-long IT outage caused by ransomware attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing (thehackernews.com)

• 74% of Employees Falling Victim to Phishing Attacks Hit With Disciplinary Actions; Egress Reveals | The Fintech Times

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• How malicious email campaigns continue to slip through the cracks - Help Net Security

• TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)

• Cyber Criminals Invade Inboxes: What Small Businesses Can Do (pymnts.com)

• Phishing Detection and Response: What You Need to Know - Security Boulevard

Other Social Engineering

• Cyber Criminals Target Victims Using Social Engineering Techniques (ic3.gov)

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)

Artificial Intelligence

• UK Warned Of AI Misinformation Targeting 2024 Polls, Nation-State Hackers Raise Stakes - Microsoft (NASDAQ:MSFT) - Benzinga

• China is using generative AI to carry out influence operations (securityaffairs.com)

• What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru

• AI risks under the auditor's lens more than ever - Help Net Security

• Speed of AI development is outpacing risk assessment | Ars Technica

• AI and GDPR: How is AI being regulated? | TechTarget

• Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)

• LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)

• AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)

• How Artificial Intelligence Is Fuelling Incel Communities (yahoo.com)

2FA/MFA

• How Hackers Can Hijack 2FA Calls with Sneaky Call Forwarding (404media.co)

Malware

• Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing (thehackernews.com)

• From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware (thehackernews.com)

• Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)

• 1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Sophisticated Latrodectus Malware Linked to 2017 Strain (inforisktoday.com)

• Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)

• Famous YouTube Channels Hacked to Distribute Infostealers - Infosecurity Magazine (infosecurity-magazine.com)

• Bing ad posing as NordVPN aims to spread SecTopRAT malware | SC Media (scmagazine.com)

• ScrubCrypt used to drop VenomRAT along with many malicious plugins (securityaffairs.com)

• Hackers Use Malware to Hunt Software Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Unit 42: Malware-initiated scanning attacks on the rise | TechTarget

• RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)

• Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files (thehackernews.com)

• Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)

• TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)

Mobile

• Our phones are under threat more than ever — but many of us still don't have mobile security protection | TechRadar

• Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)

• The next wave of mobile threats - Help Net Security

Denial of Service/DoS/DDOS

• How Nation-State DDoS Attacks Impact Us All (darkreading.com)

• DDoS Protection Needs Detective and Preventive Controls (darkreading.com)

• French cities knocked offline by 'large-scale cyber attack' • The Register

Internet of Things – IoT

• Amazon Removes a Feature From Fire TVs Over Security Concerns | Cord Cutters News

• Over 90,000 LG Smart TVs may be exposed to remote attacks (bleepingcomputer.com)

• EV Charging Stations Still Riddled With Cyber Security Vulnerabilities (darkreading.com)

• UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO

• Hotel check-in terminal leaks rafts of guests' room codes • The Register

Data Breaches/Leaks

• Many of the world's biggest companies reported data breaches last year | TechRadar

• US Data Breach Reports Surge 90% Annually in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• 37% of publicly shared files expose personal information - Help Net Security

• Acuity confirms hackers stole non-sensitive govt data from GitHub repos (bleepingcomputer.com)

• Home Depot confirms third-party data breach exposed employee info (bleepingcomputer.com)

• AT&T now says data breach impacted 51 million customers (bleepingcomputer.com)

• DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)

• Taxi software vendor exposes personal details of nearly 300K • The Register

• Employee credentials leaked in Microsoft security lapse (techmonitor.ai)

Organised Crime & Criminal Actors

• Russia ranked biggest cyber crime threat to rest of the world | Tech News | Metro News

• Oxford research uncovers world cyber crime hotspots | thisisoxfordshire

• Cyber crooks poison GitHub search to fool developers | Computer Weekly

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Google sues crypto investment app makers over alleged massive "pig butchering" scam (bitdefender.com)

• Fugitive CEO at the center of 2022 crypto crash found liable for fraud | Cryptocurrencies | The Guardian

• Hackers deploy crypto drainers on thousands of WordPress sites (bleepingcomputer.com)

• RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)

Insider Risk and Insider Threats

• 74% of Employees Falling Victim to Phishing Attacks Hit With Disciplinary Actions; Egress Reveals | The Fintech Times

• Microsoft employees exposed internal passwords in security lapse | TechCrunch

• Insider Threats Surge Amid Growing Foreign Interference - Security Boulevard

Insurance

• US insurers using drones to deny home insurance policies • The Register

• Cyber Insurance: Sexy? No. Important? Critically yes. - Security Boulevard

Supply Chain and Third Parties

• Why a near-miss cyber attack put US officials and the tech industry on edge - The Japan Times

• DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)

• Combatting Supply Chain Cyber Threats: Safeguarding Data and Protecting Digital Supply Chains | Foley & Lardner LLP - JDSupra

Encryption

• How cryptographers finally cracked one of the Zodiac Killer’s hardest codes | Popular Science (popsci.com)

Linux and Open Source

• The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realize | Inc.com

• Supply chain attack sends shockwaves through open-source community | CyberScoop

• German state ditches Microsoft for Linux and LibreOffice | ZDNET

• Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch

• Who’s the bigger cyber security risk – Microsoft or open source? (reason.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Reusing passwords: The hidden cost of convenience (bleepingcomputer.com)

• Microsoft employees exposed internal passwords in security lapse | TechCrunch

• CISA says Sisense hack impacts critical infrastructure orgs (bleepingcomputer.com)

Social Media

• A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED

• 1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Famous YouTube Channels Hacked to Distribute Infostealers - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)

• Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch

• Understanding CISA’s New Draft Rules for Cyber Attack Reporting | Morgan Lewis - Tech & Sourcing - JDSupra

• Spy Law Needs Fixing Now to Stop Overreach—Not a Backdoor Boost (bloomberglaw.com)

• AI and GDPR: How is AI being regulated? | TechTarget

• CISA: 300,000+ Small Entities Covered By Proposed Cyber Reporting Regs | MSSP Alert

• CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)

Models, Frameworks and Standards

• HIPAA Fundamentals for Providers | Tucker Arensberg, P.C. - JDSupra

• Process and Control Today | NIS2 – cyber security directive from the EU. Get ready! (pandct.com)

• DORA Compliance Checklist | UpGuard

Backup and Recovery

• Seven ways to be sure you can restore from backup | Computer Weekly

Data Protection

• 37% of publicly shared files expose personal information - Help Net Security

Careers, Working in Cyber and Information Security

• Want to make cyber security much stronger? Become a mentor | CSO Online

Law Enforcement Action and Take Downs

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

Misinformation, Disinformation and Propaganda

• UK Warned Of AI Misinformation Targeting 2024 Polls, Nation-State Hackers Raise Stakes - Microsoft (NASDAQ:MSFT) - Benzinga

• State-backed cyber attacks, AI deepfakes: Top UK election cyber risks (cnbc.com)

• China is using generative AI to carry out influence operations (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

• How Nation-State DDoS Attacks Impact Us All (darkreading.com)

• Foreign Interference Drives Record Surge in IP Theft - Infosecurity Magazine (infosecurity-magazine.com)

China

• A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED

• Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• China is using generative AI to carry out influence operations (securityaffairs.com)

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• How China is Hacking America (newsweek.com)

• UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO

• China flooding Britain with fake stamps in act of 'economic warfare' (telegraph.co.uk)

Russia

• Germany to launch cyber military branch to combat Russian threats (therecord.media)

• US says Russian hackers stole federal government emails during Microsoft cyber attack | TechCrunch

• Macron: Russia will target Paris Olympics (insidethegames.biz)

• Cyber attack on TV channel BabyTV: Toddlers suddenly exposed to Russian propaganda | NL Times

• Czechia explains how Russia is trying to arrange sabotage on European railways | European Pravda (eurointegration.com.ua)

• Cyber security in 2023: Estonia's year of advanced threats (e-estonia.com)

• Oxford research uncovers world cyber crime hotspots | thisisoxfordshire

• Most cyber criminal threats are concentrated in just a few countries, new index shows (phys.org)

• Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Top Israeli spy chief exposes his true identity in online security lapse | Israel | The Guardian

• Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)

• Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (thehackernews.com)

• Apple mercenary spyware attack: Exclusive: Apple warns users of "mercenary spyware" attack; India, 91 other countries impacted - The Economic Times (indiatimes.com)

• Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)

Vulnerability Management

• Zero-Day Attacks on the Rise: Google Reports 50% Increase in 2023 - Security Boulevard

• How exposure management elevates cyber resilience - Help Net Security

• Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits -  Security Week

• Hackers Use Malware to Hunt Software Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Unit 42: Malware-initiated scanning attacks on the rise | TechTarget

Vulnerabilities

• Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (thehackernews.com)

• Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products -  Security Week

• Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• SAP's April 2024 Updates Patch High-Severity Vulnerabilities -  Security Week

• Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers -  Security Week

• Two new bugs can bypass detection and steal SharePoint data | SC Media (scmagazine.com)

• New SharePoint flaws help hackers evade detection when stealing files (bleepingcomputer.com)

• Hackers Claiming of Working Windows 0-Day LPE Exploit (cybersecuritynews.com)

• Microsoft fixes five security vulnerabilities in Edge 123 - Neowin

• Cisco Warns of Vulnerability in Discontinued Small Business Routers -  Security Week

• Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)

• +16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 (securityaffairs.com)

• Over 92,000 exposed D-Link NAS devices have a backdoor account (bleepingcomputer.com)

• Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits -  Security Week

• Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (thehackernews.com)

• Intel and Lenovo servers impacted by 6-year-old BMC flaw (bleepingcomputer.com)

• Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)

• Fortinet Patches Critical RCE Vulnerability in FortiClientLinux -  Security Week

• Researchers Resurrect Spectre v2 Attack Against Intel CPUs -  Security Week

• AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)

• Severe Vulnerabilities Discovered in Software to Protect Internet Routing (prleap.com)

Tools and Controls

• Seven ways to be sure you can restore from backup | Computer Weekly

• Why incident response is the best cyber security ROI | CSO Online

• Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defence Program -  Security Week

• Improving Dark Web Investigations with Threat Intelligence | Recorded Future

• What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru

• What is cyber security risk & how to assess - Security Boulevard

• Your Guide to Threat Detection and Response - Security Boulevard

• Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)

• How exposure management elevates cyber resilience - Help Net Security

• Phishing Detection and Response: What You Need to Know - Security Boulevard

• The state of secrets security: 7 action items for better managing risk - Security Boulevard

• How Red Team Exercises Increases Your Cyber Health | Trend Micro (US)

• How Google’s 90-day TLS certificate validity proposal will affect enterprises - Help Net Security

Reports Published in the Last Week

• Cyber security breaches survey 2024 - GOV.UK (www.gov.uk)

Other News

• Third of charities experienced a cyber breach last year, government reports (civilsociety.co.uk)

• Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (thehackernews.com)

• OODA Loop - The Water Sector Is Being Threatened.  That Should Worry Everyone

• Anticipated Cyber Threats During the 2024 Olympics & How to Proactively Secure Your Business - Security Boulevard

• France Bracing for Cyber Attacks During Summer Olympics - The New York Times (nytimes.com)

• Risk & Repeat: Cyber Safety Review Board takes Microsoft to task | TechTarget

• The Baltimore Bridge Collapse Is a Warning | Proceedings - April 2024 Vol. 150/4/1,454 (usni.org)

• Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)

• Scandal and cyber security in Westminster | Crooked Media

• Financial sector cyber security at the helm of investor protection | Mint (livemint.com)

• US Health Dept warns hospitals of hackers targeting IT help desks (bleepingcomputer.com)

• Only 1% Singapore companies are “mature” in cyber threat readiness but 99% plan to increase their cyber security budget in the next 12 months - Singapore News (theindependent.sg)

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• Software-Defined Vehicle Fleets Face a Twisty Road on Cyber Security (darkreading.com)

• Independent Pharmacies Must Prioritize Cyber Security (drugtopics.com)

• Devious 'man in the middle' hacks on the rise: How to stay safe | PCWorld

• Top 10 Attacker Techniques: What do They Mean for MSSPs? | MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

We receive consistently positive feedback on our cyber security senior leadership risk and governance workshops. Our events are designed for business leaders with no knowledge of cyber risk management: we demystify and explain the key concepts, with an open conversation for you to ask any questions of our cyber security experts. We share insights from our cyber security threat intelligence research, and we go under the skin of recent incidents across the world to help you understand how to avoid being a victim. This is our flagship senior executive education, turning a challenging topic into an enjoyable learning experience.

Until the end of April 2024, we are offering a 15% discount on our workshops for new customers. Events must be delivered by end July 2024; contact us for details on training@blackarrowcyber.com

Executive Summary

The latest UK Government cyber security breaches survey has found that over half of businesses (50%) and a third of charities (32%) have suffered a cyber breach within the last 12 months. This rises to 70% for medium businesses and 66% for charities with over £500,000 in annual income. Phishing held the crown for the most predominant, impacting a significant 84% of businesses, followed by impersonation of organisations in emails or online (35% of businesses and 37% of charities). Despite the likelihood of an attack occurring, 78% of organisations remained without a formal incident response plan.

What’s the risk?

The largest impacts from being breached included: added staff time, staff prevented from carrying out daily work, repair or recovery costs, complaints from customers and loss of revenue or share value. When it came to reporting such breaches, a concerningly low 5% of businesses had informed clients and customers. Organisations must consider this, as this could mean that their supply chain has been breached without them even knowing.

The survey found that of those who had been impacted by a breach, 59% of businesses and 70% of charities reported taking action to prevent further breaches. The most common action taken to prevent further breaches for both was additional staff training. The findings highlight the importance and crucial role of staff in your organisation’s cyber security efforts.

Worryingly, despite finding that overall findings showing 80% of business run training consistently, 52% of medium businesses and only 18% of charities overall had run training sessions in the last 12 months. This figure rose to 74% for large businesses. Clearly, with the two highest causes of breaches targeting the human factor, effective and regular training to keep up to date with emerging tactics must be a top concern for organisations.

What can I do?

It is one thing to regularly run training, but it is another to make sure that training is engaging and beneficial for staff, including those at a senior level. Our training sessions are run by our cyber experts, who work with firms day in and day out to help businesses protect themselves against the latest threats. We demystify cyber security and help your employees and your leadership team to understand the risks they face in their working lives and how to protect your company.

Cyber is a matter of when, not if, and you need to have a plan. No-one wants to be improvising their security response in the event of a real cyber incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

The UK Government Cyber Breaches Survey 2024 can be found below:

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Although the new EU Digital Operational Resilience Act (DORA) applies to regulated financial services organisations in the EU from January, the effects will be felt in the Channel Islands.

For example, if you are a fund or asset manager for a regulated EU financial services client, then you will feature on your client’s new DORA risk register that must address the risk exposure to and from other financial entities.

We expect your client will contact you to evaluate your cyber security controls. The outcome may determine whether your EU client can continue a business relationship depending on the quality of your cyber risk management, the EU client’s own risk appetite, and their interpretation of their local regulatory compliance.

Remember you will be dealing with an EU client that has been deep-diving into DORA for some time, so their knowledge and experience on this may be greater than yours at present and their questions may be challenging. Remember too that DORA includes managing the risks of third-party IT providers, so your risk analysis and management must be independent of your IT provider.

We know how long the journey can be for some organisations to implement proportionate cyber risk controls across people, operations, and technology. Your approach to managing cyber security risks is now a key competitive advantage, when your client compares your approach to that of your competitors locally and in other locations. 

We recommend starting now, to avoid being on the back foot when contacted by your EU clients. The UK Government has expressed its intention to implement similar legislation in the UK.

Contact us now to discuss our refined cyber risk analysis and leadership training designed for Channel Islands customers.

Executive Summary

In Microsoft’s April Patch Tuesday, updates were released to rectify 149 security issues across its product range. Notably, the update tackles two actively exploited zero-day vulnerabilities which are being exploited in to deploy malware. The exploited zero-day vulnerabilities allow for the bypassing of security feature prompts on SmartScreen and malicious drivers to deploy backdoors. Among these, 67 specifically addressed Remote Code Execution vulnerabilities. Among the updates provided by Microsoft were 3 critical vulnerabilities.

In addition to the Microsoft updates this week also saw Adobe and SAP provide updates for vulnerabilities in a variety of their products, with multiple rated as critical.

What’s the risk to me or my business?

Successful exploitation of these vulnerabilities allow for an attacker to distribute malware to a vulnerable system, gain remote code execution, cause a denial of service and impact the confidentiality, integrity and availability of information.

What can I do?

All vulnerabilities with an available patch should be updated as soon as possible.

Technical Summary

Microsoft

CVE-2024-26234: This vulnerability is caused by a malicious driver that has been signed with a valid Microsoft Hardware Publisher Certificate. The driver is used to deploy a backdoor.

CVE-2024-29988: This vulnerability, if actively exploited, allows a malicious attachment to bypass Microsoft Defenders SmartScreen prompts when a file is opened. This has been recorded as exploited by financially motivated Water Hydra hacking group.

Adobe

This month, Adobe released fixes for 24 vulnerabilities, of which 5 were rated critical, across Adobe After Effects, 2 critical vulnerabilities impacting Adobe Photoshop, Adobe Commerce and Adobe InDesign, a critical vulnerability impacting Adobe Experience Manager, Adobe Media Encoder, Adobe Bridge and Adobe Illustrator and 2 critical vulnerabilities impacting Adobe Animate. At current, Adobe is not aware of any of these vulnerabilities being actively exploited. The vulnerabilities include Out of Bounds Read, Improper Input Validation, Cross-site Scripting (Stored XSS), Information Exposure and Arbitrary code execution.

SAP

This month, SAP has released 12 patches, which include 10 new releases and 2 updates from previous releases. The vulnerabilities encompass a range of issues, including Security misconfiguration, Information disclosure, Directory traversal, Denial of Service and Missing authorisation checks.

further details on other specific updates within this patch Tuesday can be found here:

https://www.ghacks.net/2024/04/09/microsoft-releases-the-april-2024-security-updates-for-windows/

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/

Further details of the vulnerabilities addressed in Adobe After Effects can be found here: https://helpx.adobe.com/security/products/after_effects/apsb24-09.html

Further details of the vulnerabilities addressed in Adobe Photoshop can be found here:

https://helpx.adobe.com/security/products/photoshop/apsb24-16.html

Further details of the vulnerabilities addressed in Adobe Commerce can be found here: https://helpx.adobe.com/security/products/magento/apsb24-18.html

Further details of the vulnerabilities addressed in Adobe InDesign can be found here:

https://helpx.adobe.com/security/products/indesign/apsb24-20.html

Further details of the vulnerabilities addressed in Adobe Experience Manager can be found here:

https://helpx.adobe.com/security/products/experience-manager/apsb24-21.html

Further details of the vulnerabilities addressed in Adobe Media Encoder can be found here:

https://helpx.adobe.com/security/products/media-encoder/apsb24-23.html

Further details of the vulnerabilities addressed in Adobe Bridge can be found here:

https://helpx.adobe.com/security/products/bridge/apsb24-24.html

Further details of the vulnerabilities addressed in Adobe Illustrator can be found here:

https://helpx.adobe.com/security/products/illustrator/apsb24-25.html

Further details of the vulnerabilities addressed by SAP can be found here:

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2024.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Although the new EU Digital Operational Resilience Act (DORA) applies to regulated financial services organisations in the EU from January, the effects will be felt in the London fund and asset management sector.

If you have regulated EU financial services clients for example in Ireland or Luxembourg, then you will feature on their new DORA risk register that must address the risk exposure to and from other financial entities.

We expect your client will contact you to evaluate your cyber security controls. The outcome may determine whether your EU client can continue a business relationship depending on the quality of your cyber risk management, the EU client’s own risk appetite, and their interpretation of their local regulatory compliance.

Remember you will be dealing with an EU client that has been deep-diving into DORA for some time, so their knowledge and experience on this may be greater than yours at present and their questions may be challenging. Remember too that DORA includes managing the risks of third-party IT providers, so your risk analysis and management must be independent of your IT provider.

We know how long the journey can be for some organisations to implement proportionate cyber risk controls across people, operations, and technology. Your approach to managing cyber security risks is now a key competitive advantage, when your client compares your approach to that of your competitors locally and in other locations. 

We recommend starting now, to avoid being on the back foot when contacted by your EU clients. The UK Government has expressed its intention to implement similar legislation in the UK.

Join our free webinar at 12:00 noon on Tuesday 21 May 2024, to learn more including how to conduct a proportionate cyber risk analysis and prepare for conversations with your clients. Places are limited. Contact us for details on training@blackarrowcyber.com.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns

According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.

Sources: [Help Net Security ] [Dark Reading]

Ransomware Incidents Reported to UK Financial Regulator Doubled

The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.

Sources: [Digital Journal] [Digital Journal]

Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023

According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.

A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.

To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.

Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]

Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023

According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.

The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.

Sources: [Infosecurity Magazine] [Infosecurity Magazine]

AI Abuse and Misinformation Campaigns Threaten Financial Institutions

According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.

Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”

Source: [Help Net Security]

Security Teams are ‘Overconfident’ About Handling Next-Gen Threats

In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.

Source: [CSO Online]

AI Makes Phishing Attacks Accessible to Basic Users

One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.

Source: [The Economic Times]

Cyber Attacks Wreaking Physical Disruption on the Rise

According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.

Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.

Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.

Source: [Dark Reading]

73% Brace for Cyber Security Impact on Business in Next Two Years

A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.

Source: [Help Net Security]

To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset

2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.

Source: [IBTimes]

Cyber Security Imperative for Protecting Executives

The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.

Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.

Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.

Source: [Forbes]

The Increasing Role of Cyber Security Experts in Complex Legal Disputes

Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.

Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.

Source: [JDSupra]

Governance, Risk and Compliance

• Ransomware incidents reported to UK financial regulator have doubled - Digital Journal

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• Half of British SMEs Have Lost Data in Past Five Years - Infosecurity Magazine (infosecurity-magazine.com)

• The Big Question: Are SMEs now at the forefront of cyber risks? - Emerging Risks Media Ltd

• Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week

• Is the Human Factor Overlooked in Cyber Security? - Infosecurity Magazine (infosecurity-magazine.com)

• Security teams are ‘overconfident’ about handling next-gen threats | CSO Online

• Banks told to expand risk management to cover AI (finextra.com)

• Corporations With Cyber Governance Create 4X More Value (darkreading.com)

• Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ

• 73% brace for cyber security impact on business in the next year or two - Help Net Security

• Businesses overestimating their skills amid cyber security crisis, survey reveals (holyrood.com)

• Why your data isn’t as safe as you think and what it could cost you - IT Security Guru

• Unspoken Battle: Cyber Security Imperative For Protecting Executives (forbes.com)

• The Increasing Role Of Cyber Security Experts In Complex Legal Disputes | IMS Legal Strategies - JDSupra

• Businesses must prioritise prevention to lock out online threats (yahoo.com)

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• As Cyber Regulators Rush Toward New Rules, Shifting Foundations May Complicate Compliance | Wiley Rein LLP - JDSupra

• Lessons from the World's Costliest Corporate Cyber Attacks - Management Today

• Three trends set to drive cyber attacks in 2024 (networkingplus.co.uk)

• Why Cyber Security Is a Whole-of-Society Issue (darkreading.com)

• Instilling the Hacker Mindset Organisationwide (darkreading.com)

• How CISOs Can Make Cyber Security a Long-Term Priority for Boards (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Cyber security incidences surge in the UK financial services sector - Digital Journal

• Ransomware attacks rise by 46% in February 2024, finds NCC Group (securitybrief.co.nz)

• To Stay Ahead Of Ransomware Attacks, Businesses Need To Adopt An Offensive Security Mindset | IBTimes

• RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

• Lessons From the LockBit Takedown (darkreading.com)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption | Trend Micro (US)

• Trend Micro: LockBit ransomware gang's comeback is failing | TechTarget

• Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)

• Collaboration Needed to Fight Ransomware (darkreading.com)

Ransomware Victims

• Ransomware attacks ravaged municipal governments in March | TechTarget

• NHS Scotland confirms ransomware attackers leaked patients' data - Help Net Security

• Yacht retailer MarineMax discloses data breach after cyber attack (bleepingcomputer.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

• Ransomware gang leaks UK city council’s confidential files • The Register

• Omni Hotels confirms cyber attack behind ongoing IT outage (bleepingcomputer.com)

• World’s second-largest lens-maker blinded by cyber incident • The Register

Phishing & Email Based Attacks

• This new phishing attack targets iPhone and Android alike via RCS | TechRadar

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

• $1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)

• Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff – POLITICO

• Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)

• Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (thehackernews.com)

• Phishing Attacks Targeting Political Parties, Germany Warns (govinfosecurity.com)

• A phish by any other name should still not be clicked – Computerworld

• Google now blocks spoofed emails for better phishing protection (bleepingcomputer.com)

• New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (thehackernews.com)

• Microsoft Teams phishing attacks and how to prevent them | TechTarget

Artificial Intelligence

• Banks told to expand risk management to cover AI (finextra.com)

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• 22% of employees admit to breaching company rules with GenAI - Help Net Security

• The Danger Of Unmanaged AI In The Enterprise (forbes.com)

• 6 Prompts You Don't Want Employees Putting in Microsoft Copilot (bleepingcomputer.com)

• Microsoft Copilot Blocked on US Congress Devices Over Security Concerns | Cryptopolitan

• Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)

• Microsoft Announces New Safety System to Filter Malicious AI Output | Extremetech

• Microsoft GM on AI and elections: 'There will be fakes' • The Register

• Why AI forensics matters now - Help Net Security

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• More Than Half of Organisations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud (darkreading.com)

• The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)

• ‘Many-shot jailbreak’: lab reveals how AI safety features can be easily bypassed | Artificial intelligence (AI) | The Guardian

• Chinese hackers turn to AI to meddle in elections | CyberScoop

• Security and AI occupy SME thoughts | Microscope (computerweekly.com)

Malware

• Escalating malware tactics drive global cyber crime epidemic - Help Net Security

• Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)

• TheMoon Malware Rises Again with Malicious Botnet for Hire (darkreading.com)

• Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (thehackernews.com)

• Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (thehackernews.com)

• Botnets: The uninvited guests that just won’t leave | CSO Online

• Detecting Windows-based Malware Through Better Visibility (thehackernews.com)

• Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar

• Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (thehackernews.com)

• Europe subjected to Mispadu trojan attacks | SC Media (scmagazine.com)

• YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)

• The Biggest Takeaways from Recent Malware Attacks (bleepingcomputer.com)

• Thousands of Australian Businesses Targeted With RAT (darkreading.com)

• Cyber criminals are spreading malware through Facebook pages impersonating AI brands (therecord.media)

Mobile

• This new phishing attack targets iPhone and Android alike via RCS | TechRadar

• 2 wireless protocols expose mobile users to spying — the FCC wants to fix that - Nextgov/FCW

• This notorious Android banking trojan now lets hackers remotely control your phone — how to stay safe | Tom's Guide (tomsguide.com)

• Location tracking and the battle for digital privacy - Help Net Security

• How and why to enable Stolen Device Protection on your iPhone (idownloadblog.com)

• Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)

Denial of Service/DoS/DDOS

• New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (thehackernews.com)

Internet of Things – IoT

• Porsche Kills Two More Models Due to Cyber Security Regulations - autoevolution

• UK Encouraged to Prioritise Cyber Security with Electric Vehicle Charging Points - Electrical Times

Data Breaches/Leaks

• Researchers Report Sevenfold Increase in Data Theft Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Highly sensitive files mysteriously disappeared from EUROPOL headquarters (securityaffairs.com)

• Threat Actor Claims Classified Five Eyes Data Theft - Infosecurity Magazine (infosecurity-magazine.com)

• 17 Billion Personal Records Exposed in Data Breaches in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Almost 2.9M impacted by Harvard Pilgrim Health Care breach | SC Media (scmagazine.com)

• Hot Topic confirms multiple new cyber attacks — customer details and payment info exposed online | TechRadar

• Ivanti-linked breach of CISA potentially affected more than 100,000 individuals | CyberScoop

• Prudential Insurance says data of 36,000 exposed during February cyber attack (therecord.media)

• OWASP discloses a data breach (securityaffairs.com)

• Hotel Self Check-In Kiosks Exposed Room Access Codes - Security Week

• Nearly 1M medical records feared stolen from City of Hope • The Register

• SurveyLama data breach exposes info of 4.4 million users (bleepingcomputer.com)

• Cyber criminals steal data of around 700,000 Apotheka pharmacy customers | News | ERR

• PandaBuy data breach allegedly impacted +1.3M customers (securityaffairs.com)

• OWASP discloses breach due to a Wiki web server misconfig • The Register

• US cancer center data breach exposes info of 827,000 patients (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Escalating malware tactics drive global cyber crime epidemic - Help Net Security

• Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week

• Calls to Incident Response Helpline Double in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Rise of non-tech hackers: new era of cyber threats - VnExpress International

• India rescuing citizens forced into cyber fraud schemes in Cambodia | Reuters

• Cyber criminal adoption of browser fingerprinting - Help Net Security

• With just $700 and a Raspberry Pi — you too can become a cyber criminal | TechRadar

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX founder Sam Bankman-Fried sentenced to 25 years for crypto fraud (cnbc.com)

• $1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)

Insider Risk and Insider Threats

• Is the Human Factor Overlooked in Cyber Security? - Infosecurity Magazine (infosecurity-magazine.com)

• Human risk is the top cyber threat for IT teams - Help Net Security

• Instilling the Hacker Mindset Organisation wide (darkreading.com)

Insurance

• Can cyber insurance help secure business? | Mint (livemint.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

Supply Chain and Third Parties

• Thwarted supply-chain hack sets off alarm bells across DC - POLITICO

Cloud/SaaS

• How much does cloud-based identity expand your attack surface? - Help Net Security

• Who owns your data? SaaS contract security, privacy red flags | CSO Online

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

Identity and Access Management

• How much does cloud-based identity expand your attack surface? - Help Net Security

Linux and Open Source

• "We got lucky": What the XZ Utils backdoor says about the strength and insecurities of open source | ITPro

• New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking (thehackernews.com)

• Red Hat warns of backdoor in XZ tools used by most Linux distros (bleepingcomputer.com)

• A new XZ backdoor scanner will be able to safeguard any Linux binary from threats (msn.com)

• What we know about the xz Utils backdoor that almost infected the world | Ars Technica

• Malicious xz backdoor reveals fragility of open source • The Register

• Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)

• German state switches to LibreOffice, promises Windows move • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)

• American fast-fashion firm Hot Topic hit by credential stuffing attacks (securityaffairs.com)

Social Media

• Cyber criminals are spreading malware through Facebook pages impersonating AI brands (therecord.media)

• WhatsApp was down in Meta’s second big outage this year | TechCrunch

• YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar

• New Chrome feature aims to stop hackers from using stolen cookies (bleepingcomputer.com)

Training, Education and Awareness

• Human risk is the top cyber threat for IT teams - Help Net Security

• Instilling the Hacker Mindset Organisation wide (darkreading.com)

Regulations, Fines and Legislation

• Ransomware incidents reported to UK financial regulator have doubled - Digital Journal

• Financial cyber defence: gearing up for DORA (finextra.com)

• EU's reimagined NIS 2 cyber security vision to go live (electronicspecifier.com)

• Navigating Cyber Security and Data Privacy Regulations in the Insurance Industry | McGuireWoods LLP - JDSupra

• 6 business benefits of data protection and GDPR compliance | TechTarget

• Treasury accuses banks of 'insufficient data sharing' on fraud | American Banker

• A CISO's Guide to Materiality and Risk Determination (darkreading.com)

• NIS2 Requires Major Changes in EU SaaS Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

Models, Frameworks and Standards

• Using the NIST CSF for Strong Cyber Security Compliance | NAVEX - JDSupra

• NIST And CISA: 13 Must-Review Resources For SMBs (forbes.com)

• Are businesses prepared for the CSF 2.0 challenge? - Digital Journal

Backup and Recovery

• World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Data protection vs. data backup: How are they different? | TechTarget

Data Protection

• 3 Strategies to Future-Proof Data Privacy (darkreading.com)

• Navigating Cyber Security and Data Privacy Regulations in the Insurance Industry | McGuireWoods LLP - JDSupra

• 6 business benefits of data protection and GDPR compliance | TechTarget

• How to conduct a data privacy audit, step by step | TechTarget

• Data protection vs. data backup: How are they different? | TechTarget

Careers, Working in Cyber and Information Security

• The Complexity and Need to Manage Mental Well-Being in the Security Team - Security Week

• Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ

• Hardest Cyber Security Jobs to Fill in 2024 Techopedia

• Unlocking Cyber Security Success: The Importance of Certifications - ClearanceJobs

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• Are you okay? Understanding the world of a CISO | CSO Online

Misinformation, Disinformation and Propaganda

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• Microsoft GM on AI and elections: 'There will be fakes' • The Register

• How to Counter Disinformation Campaigns in Global Elections (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Wars prompt questions for facial recognition providers, and obscure the answers | Biometric Update

• UN Peace Operations Under Fire from State-Sponsored Hackers (darkreading.com)

Nation State Actors

China

• Chinese Spy Ops Attack 7 MSPs, Feds Allege | MSSP Alert

• UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal – POLITICO

• Pulling the Curtain Back on China’s Cyberespionage (informationweek.com)

• MPs challenge government claims China cyber attack was unsuccessful (ft.com)

• Chinese hackers turn to AI to meddle in elections | CyberScoop

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• OODA Loop - Government Agencies are in the Fight Against Chinese Human Targeting and Cyber Espionage. Will it be Enough?

• UK, Czech ministers among China’s hacking targets – POLITICO

• Security fears over supercomputer deal with Chinese firm Lenovo (thetimes.co.uk)

• Ministry of State Security releases bilingual report, urging Western forces to stop slandering and attacking China - China Military

Russia

• Ukraine gives award to foreign vigilantes for hacks on Russia - BBC News

• STA: Russian hackers take responsibility for cyber attack on Slovenia

• Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny | CNN Politics

• Russian network that 'paid European politicians' busted, authorities claim - BBC News

• Russia charges suspects behind theft of 160,000 credit cards (bleepingcomputer.com)

Iran

• Iran's Evolving Cyber Enabled Influence Operations to Support Hamas (darkreading.com)

• Satellite Cyber Security, Iran, and the Israel-Hamas War | Geopolitical Monitor

North Korea

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask | WIRED

Vulnerability Management

• Vulnerability database backlog due to increased volume, changes in 'support,' NIST says (therecord.media)

• CVE and NVD - A Weak and Fractured Source of Vulnerability Truth - Security Week

• Attack Surface Management vs. Vulnerability Management (thehackernews.com)

Vulnerabilities

• Are You Affected by the Backdoor in XZ Utils? (darkreading.com)

• Red Hat issues urgent alert for Fedora Linux users due to malicious code (betanews.com)

• Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)

• Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)

• Cisco addressed high-severity flaws in IOS and IOS XE software (securityaffairs.com)

• Ivanti commits to secure-by-design overhaul • The Register

• Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure (thehackernews.com)

• Apple GoFetch was caused by an obsession with speed • The Register

• Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! - Security Week

• Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (thehackernews.com)

• WiFi WPS vulnerability: disable it, or else | Cybernews

• Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems - Security Week

• Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)

• Splunk Patches Vulnerabilities in Enterprise Product - Security Week

• JetBrains fixes 26 'security problems,' offering no details • The Register

Tools and Controls

• RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• New XZ backdoor scanner detects implant in any Linux binary (bleepingcomputer.com)

• The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)

• How much does cloud-based identity expand your attack surface? - Help Net Security

• How Pentesting-as-a-Service can Reduce Overall Security Costs (bleepingcomputer.com)

• Building a cyber security risk assessment template - Security Boulevard

• Microsoft unveils safety and security tools for generative AI | InfoWorld

• The Biggest Mistake Security Teams Make When Buying Tools (darkreading.com)

• World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

• Can cyber insurance help secure business? | Mint (livemint.com)

• 71% Website Vulnerable: API Security Becomes Prime Target for Hackers - Security Boulevard

• Old Technology, New Tricks: Why DNS Is Still A Major Security Target (forbes.com)

• Cyber Risk Management: A Beginner's Guide - Security Boulevard

• Microsoft Entra Recommendations adds several more for better user security - Neowin

• A CISO's Guide to Materiality and Risk Determination (darkreading.com)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Attack Surface Management vs. Vulnerability Management (thehackernews.com)

• Why a Cloud Security Platform Approach is Critical | Trend Micro (US)

• The Importance Of Physical Cyber Security Testing (forbes.com)

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• Human risk is the top cyber threat for IT teams - Help Net Security

• Data protection vs. data backup: How are they different? | TechTarget

• What is Threat Management? - Security Boulevard

• SIEM Implementation: Strategies and Best Practices | MSSP Alert

• Is Windows Defender All the Antivirus Protection You Need? (makeuseof.com)

Other News

• Cyber Attacks Wreaking Physical Disruption on the Rise (darkreading.com)

• Cyber attacks on critical infrastructure show advanced tactics and new capabilities - Help Net Security

• Is your pension protected from cyber attacks? - CityAM

• Cyber Safety Review Board: Microsoft security culture 'inadequate' (geekwire.com)

• Microsoft slammed for lax infosec that led to Exchange crack • The Register

• Infosec professionals praise CSRB report on Microsoft breach | TechTarget

• 76% of consumers don't see themselves as cyber crime targets - Help Net Security

• Shielding the lifelines: Protecting energy and infrastructure from cyber threats (betanews.com)

• Cyber Security Statistics In 2024: Is Your Law Firm Protected? - Above the Law

• Sellafield nuclear waste dump faces prosecution over cyber security failures (bitdefender.com)

• Australia Doubles Down On Cyber Security After Attacks (darkreading.com)

• Furry Hackers Use Church's Money To Buy Inflatable Sea Lions (dailydot.com)

• Windows 10 Support Deadline: Your Guide to Extended Security Updates (ESU) (mspoweruser.com)

• Healthcare's cyber resilience under siege as attacks multiply - Help Net Security

• Rise of non-tech hackers: new era of cyber threats - VnExpress International

• Why Cultural Institutions Are Rich Targets for Cyber Attackers  (informationweek.com)

• 5 top OT threats and security challenges | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

Over the last few days, a supply chain compromise impacting a wide variety of Linux distributions was identified. Malicious code in the form of a backdoor in XZ Utils was identified by Andres Freud, an employee at Microsoft. XZ Utils is data compression software which is present in a significant number of Linux distributions. The malicious code may allow unauthorised access to affected systems. Research has indicated that the backdoor was inserted two years ago and its potential impact has been compared to that of the SolarWinds backdoor in 2020. Of particular note, the vulnerability was identified through the curiosity of a Microsoft engineer, once again highlighting that attacks are a matter of when, not if.

What’s the risk to me or my business?

There is a significant risk that a large number of Linux distributions, and some Mac users are impacted by the vulnerability, which can allow an attacker to perform remote arbitrary code execution and with the exploit now going public, there is a chance that threat actors may try exploit this before it is patched. The Linux operating system is often present across corporate networks and can also be found on devices such as routers, switches, printers and others.

What can I do?

According to The US Cyber and Infrastructure Security Agency (CISA) and IBM-owned Red Hat, the impacted versions are the two most recent versions, 5.6.0 and 5.6.1 of the XZ Utils libraries. CISA has recommended that until a fix is produced, users downgrade XZ Utils to an uncompromised version, such as 5.4.6. As such, organisations are recommended to check if they are running vulnerable versions and apple mitigations with immediate effect. A list of the vulnerable distributions and versions availably from Microsoft, linked a the bottom of this alert; however, it should be highlighted that this situation is still ongoing and there may be more may be identified.

Technical Summary

CVE-2024-3094– Malicious code identified in XZ Utils, starting with versions 5.6.0. the code allows any software linked to a modified Liblzma library, a crucial dependency for OpenSSH, to intercept and modify data interaction with the library. The CVSS score is 10.

Further information can be found below.

https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/microsoft-faq-and-guidance-for-xz-utils-backdoor/ba-p/4101961

https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

https://www.zscaler.com/blogs/security-research/cve-advisory-cve-2024-3094-security-compromise-xz-utils

Further information

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity