Black Arrow Cyber Threat Intelligence Briefing for 13 January 2025
Black Arrow Cyber Consulting Limited
InfoSec Consultancy with experts from British Intelligence, Law Enforcement, Global Financial Services, Big-4 & The GFSC
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Cyber security remains a critical priority for organisations in 2025, with evolving threats demanding stronger leadership, governance, and proactive resilience measures. Phishing click rates surged by 190% in 2024, with cloud applications as primary targets and a shift in attack vectors from email to search engines and malicious ads. Meanwhile, ransomware inflicted $133.5 million in payouts, and insider threats posed complex risks, exacerbated by generative AI-enabled scams. Addressing these challenges requires a combination of advanced defences like zero trust architectures, improved governance frameworks, and clarity in communication to bridge knowledge gaps at the board level.
Governance is under heightened scrutiny as systemic risks grow. Only 26% of Europe’s top companies earned high ratings for cyber security resilience, while regulatory pressures, such as the EU’s DORA, underline the urgency for improved third-party risk management and operational resilience. Boards must prioritise expertise, particularly in AI, as gaps persist despite incremental progress. Leaders should integrate risk management across infrastructures to address geopolitical cyber warfare threats, emphasising supply chain security and AI-driven defences.
To sustain resilience, organisations must embed adaptability, automate responses, and foster cross-departmental collaboration. Strategic investments in skilled talent, incident readiness, and emerging technologies will help to ensure businesses not only survive but thrive amidst escalating cyber threats.
Phishing Click Rates Triple in 2024
Phishing click rates surged by 190% in 2024, with over eight in 1,000 users clicking phishing links monthly, according to Netskope. Cloud applications were the top targets (27%), primarily aiming to compromise accounts for illicit resale, of which Microsoft was the most targeted brand (42% of clicks), followed by banking (17%) and telco (13%) sectors. A shift was noted in phishing link locations from email-based attacks to search engines using SEO poisoning and malicious ads. Meanwhile, workplace adoption of GenAI apps rose to 94%, with organisations implementing controls such as app blocking (73%) and data loss prevention (45%).
What Boards Need to Know on Digital and Cyber Security Governance In 2025
In 2025, boardroom oversight of digital and cyber security will face increased scrutiny and expectations as systemic risks continue to grow. In 2024, cyber incidents cost UnitedHealth Group $2.5 billion and drove a 40% stock price drop at Crowdstrike, underlining the escalating consequences of poor governance. While 25% of S&P 500 directors now have cyber security expertise, up from 12% in 2020, gaps remain: 79% of boards report limited or no AI experience. Regulatory pressure, such as the European Central Bank (ECB) mandatory cyber expertise for bank boards, and frameworks like NIST CSF 2.0, signal the shift towards systemic reforms in boardroom governance.
Only 26% of Europe’s Top Companies Earn a High Rating for Cyber Security
A report by SecurityScorecard reveals that only 26% of Europe’s top 100 companies earn an A rating for cyber security resilience, with organisations rated A being 13.8 times less likely to experience a breach than those rated F. 98% of European companies faced third-party breaches in the past year, and 18% reported direct breaches, exposing gaps in internal defences. The energy sector lags significantly, with 75% of companies rated C or lower, while Scandinavian firms lead with only 20% scoring below B. As the EU’s DORA deadline looms, prioritising third-party risk management is critical for strengthening operational resilience.
Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape
Organisations must now recognise that breaches are highly prevalent in today’s threat landscape, driven by increasingly sophisticated cyber attacks. Traditional perimeter-based defences, while essential, are no longer sufficient on their own. To mitigate the impact of inevitable breaches, adopting a zero trust approach and embedding microsegmentation can limit attackers’ movement within a network, reducing harm and operational disruption. While implementing such strategies demands cross-departmental collaboration and mindset shifts, gradual adoption can ease operational impacts. By becoming ‘breach ready’, organisations can maintain resilience, protect their reputation, and safeguard business continuity even in the face of persistent threats.
Ransomware Shock: $133 Million Paid, 195 Million Records Compromised
Ransomware continues to pose a significant threat to organisations globally, with a 2024 report revealing over 1,200 confirmed attacks and more than 195 million records compromised. Ransom payments reached $133.5 million, with an average payout of $9.5 million. Key sectors affected include business, healthcare, and government, while education saw a slight decline in incidents. Despite early signs of decreasing activity, ransomware attacks surged towards the end of the year, and experts warn of continued large-scale disruptions and data breaches in 2025. The lack of mandatory reporting in many regions further obscures the true scale of the threat.
Operational Incident Reporting: UK Financial Regulators Propose New Rules
UK financial regulators, including the FCA and PRA, are consulting on new operational incident reporting rules to strengthen operational resilience across the financial sector. The proposals aim to clarify when and how firms must report incidents such as IT outages or cyber attacks, focusing on consumer harm, market integrity, and safety risks. Firms would need to submit initial, intermediate, and final reports for each incident. Additionally, material third-party arrangements would require annual updates. These changes align with international standards like the EU’s DORA, and regulators may pursue enforcement for non-compliance. The consultation closes in March 2025.
Insider Threat: Tackling the Complex Challenges of the Enemy Within
Insider threats represent a growing challenge for organisations, with risks ranging from financial fraud and intellectual property theft to national security breaches. High-profile cases demonstrate how malicious insiders, such as bribed employees or malcontent staff, exploit weak detection systems. Sophisticated hiring scams, including the use of false identities, are increasingly enabled by generative AI. Prevention efforts include robust background checks, network anomaly detection, and sentiment analysis, but these methods are not foolproof. As technology evolves, organisations must balance effective detection with legal and ethical considerations to mitigate these complex and evolving risks.
The Big Question: Are Businesses Now in the Front Line for Cyber Warfare?
Recent reports highlight a growing shift towards cyber warfare, with businesses increasingly on the frontline of nation-state cyber attacks. The evolving threat landscape is driven by geopolitical tensions, with critical infrastructure, supply chains, and even civilian services becoming primary targets. Experts warn of a rise in AI-driven cyber weapons capable of bypassing defences and amplifying the scale of attacks. Organisations face heightened risks as ransomware evolves into a political weapon and the proliferation of IoT devices creates new vulnerabilities. A unified approach to security, integrating risk management across infrastructures, is essential to address the escalating threats in 2025.
How Cyber Security Jargon Creates Barriers and Wastes Resources
The cyber security industry, growing at 20% year-on-year, faces a critical communication challenge. Over-reliance on jargon and acronyms hinders understanding and creates barriers, particularly at the board level. Complex terms often obscure what tools do, limiting funding and leaving organisations vulnerable to cyber attacks. A shift toward clear, actionable language, focusing on securing source code, runtime applications, cloud environments, and supply chains, can break down silos and improve integration into development processes. By fostering clarity and inclusivity, organisations can better align security strategies with business priorities, ensuring both protection and efficiency.
领英推荐
Scammers Exploit Microsoft 365 to Target PayPal Users
Fortinet has identified a phishing attack exploiting PayPal's money request feature, leveraging Microsoft 365's Sender Rewrite Scheme (SRS) to bypass email authentication and deceive recipients. The scam involves legitimate-looking payment requests, making them hard to distinguish from genuine communications. Victims who follow the provided link risk granting scammers access to their PayPal accounts. Fortinet highlights the importance of employee education, robust data loss prevention (DLP) rules, and advanced AI-driven detection tools to identify unusual patterns, such as group messaging anomalies, and mitigate these increasingly sophisticated threats. Organisations must prioritise vigilance and proactive defences to combat such risks.
Five Ways to Make Cyber Security Resilience More Than Just a Buzzword
Organisations must shift from reactive approaches to a sustainable cyber security strategy to build true resilience. This means not just addressing immediate threats but embedding adaptability into core systems, enabling defences to evolve with emerging risks. Key measures include automating responses for agility, implementing zero trust architectures, and continuously improving through learning and self-healing mechanisms. By prioritising proactive preparation and fostering a culture of shared responsibility, businesses can move beyond survival to thrive amidst uncertainty, ensuring their defences are robust, adaptable, and future proof.
Meet the Chinese ‘Typhoon’ Hackers Preparing for War
Chinese state-sponsored hacking groups, labelled collectively as the "Typhoon" family, have emerged as a significant cyber security threat to the West, targeting critical infrastructure sectors like water, energy, and transportation. These groups, including Volt Typhoon, Flax Typhoon, and Salt Typhoon, have engaged in deep infiltration to prepare for potential disruptive cyber attacks. Notable incidents include the dismantling of botnets used to mask malicious activities, with over 100 intrusions identified by early 2025. Recent breaches by Salt Typhoon targeted telecoms, exposing sensitive communications data, including law enforcement surveillance systems, underscoring the escalating strategic risks posed by these operations.
The Cyber Security Priorities For 2025: What Leaders Should Focus On
A recent analysis highlights the evolving cyber security priorities for 2025, emphasising the critical role of leadership in driving resilience. As cyber threats become increasingly sophisticated, AI-driven attacks and supply chain vulnerabilities are top concerns, alongside stricter data privacy regulations. Leaders are encouraged to adopt zero trust principles, invest in skilled talent, and align security strategies with business objectives. Preparing for quantum computing’s impact on encryption is also vital. Practical steps include regular incident response testing, vendor risk assessments, and fostering a security-first culture. Effective leadership can turn robust cyber security into a competitive advantage.
Sources:
?
?
Great briefing! Phishing, ransomware, and insider threats are on the rise. Staying proactive with zero trust and AI defenses is key. Awesome insights!