Black Arrow Cyber Threat Intelligence Briefing 27 January 2025
Black Arrow Cyber Consulting Limited
InfoSec Consultancy with experts from British Intelligence, Law Enforcement, Global Financial Services, Big-4 & The GFSC
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, our cyber threat intelligence reports on new and evolving tactics of attackers and the devastating impact of attacks, as well as how organisations should act to improve their security including rehearsing how they will react when they experience an incident.
Recent reports highlight a surge in attacks whereby the attacker overwhelms their victim with emails and then contacts them on Teams posing as IT support to gain access to the victim’s systems. These attacks underscore the need for organisations to restrict external communications, limit remote access, and enhance employee awareness to prevent breaches. Furthermore, the growing use of artificial intelligence (AI) by cyber criminals has necessitated a focus on specialised expertise, with companies investing in both internal training and external cyber security support to counter AI-driven threats.
Behind the stories of attacks and data breaches, there are the real lives of individuals and organisations who suffer the heart-breaking catastrophic impact, including organisations that have closed or filled for insolvency. Studies indicate that the average cost of a breach is now nearly $5 million, while paying ransom demands often fails to recover data, leading to further losses. The increasing sophistication of phishing campaigns and deepfake technology is further complicating fraud detection and identity verification processes. To mitigate these risks, firms must adopt a proactive approach that includes robust incident response plans, enhanced employee training, and the adoption of zero-trust security frameworks.
Organisations must move beyond 'security theatre' by focusing on practical, risk-based strategies that address core vulnerabilities rather than relying on superficial measures. The rise in nation-state cyber espionage, misinformation, and AI-enabled threats highlights the importance of collaboration between public and private sectors to enhance resilience. As cyber security gains greater prominence at the boardroom level, business leaders must ensure they are equipped with the necessary knowledge and strategic vision to navigate this rapidly changing threat landscape effectively.
Top Cyber Stories of the Last Week
Russian Ransomware Groups Deploy Email Bombing and Teams Vishing
Security experts have identified two ransomware groups using email bombing and Teams-based social engineering to gain remote access to corporate systems. Victims receive thousands of spam emails followed by a fraudulent Teams call from someone posing as IT support. The attackers then attempt to install remote access tools to steal data and extort organisations. At least 15 attacks have been observed in the past three months, with a significant increase recently. Businesses are advised to restrict external Teams calls, limit remote access tools, and enhance employee awareness to mitigate these evolving threats.
Cyber Security Breaches Are Increasing Business Insolvency Risks
Cyber attacks are increasingly pushing businesses into financial distress, with data breaches and ransomware incidents significantly raising operational costs and even leading to bankruptcy. A 2024 IBM study found that data breaches cost companies an average of $4.9 million globally, nearly doubling in the US. High-profile cases, such as Stoli Group and National Public Data, highlight the devastating impact, with disrupted operations and mounting legal expenses. Despite the rising risks, 75% of small US businesses remain underinsured for cyber events, underscoring the growing need for robust cyber insurance and proactive security measures to ensure business resilience.
Companies Seek Specialised Expertise to Combat Artificial Intelligence (AI) Cyber Threats
Kaspersky's latest study highlights growing concerns over AI-driven cyber attacks, with 92% of IT and security professionals expecting an escalation in such threats within the next two years. In response, organisations are prioritising cyber security expertise, with 94% focusing on internal training and 93% seeking external support from cyber security vendors. The report reveals that 61% of companies already utilise external expertise, while 62% have internal training programs in place, reflecting a dual approach to strengthening cyber defences across various sectors.
When Risk Becomes Habit: Employee Behaviour and Organisational Security
A recent report highlights that a small number of employees account for a disproportionate share of cyber security risks within organisations. Just 5% of users are responsible for 75% of detected security incidents, with 1% clicking on nearly half of phishing emails. While most employees engage in only one type of risky behaviour, a small group repeatedly commit multiple infractions. The study suggests that shielding high-risk roles, such as managers and executives, from frequent phishing attempts may be more effective than additional training, helping organisations better mitigate human-related cyber threats.
New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing
Researchers have identified a new malicious AI chatbot, GhostGPT, which is being sold on Telegram to assist cyber criminals with activities such as malware creation and phishing. Unlike earlier tools, GhostGPT offers easy access without the need to jailbreak existing AI models. Thousands of views on online forums highlight growing interest in such tools, which enable low-skilled attackers to launch sophisticated campaigns with ease. The chatbot is marketed for a range of criminal activities, including exploit development and business email compromise, with claims of anonymity and fast response times to aid efficiency.
Global Cyber Attacks Jumped 44% Last Year
Check Point Software’s latest report reveals a 44% rise in cyber attacks globally last year, driven by evolving nation-state tactics and the growing use of generative AI. Threat actors are shifting from short-term attacks to sustained campaigns aimed at undermining trust and stability. AI-driven disinformation targeted a third of global elections, while ransomware groups increasingly focus on data extortion over encryption. Healthcare saw a 47% surge in ransomware attacks, and compromised edge devices became key entry points. The report stresses the need for resilience, urging firms to enhance bring-your-own-device (BYOD) security, threat intelligence, and patch management.
Phishing Campaigns Became a Lot More Sinister in 2024
Phishing attacks surged by 202% in the second half of 2024, with some individuals receiving at least one sophisticated phishing attempt each week capable of bypassing security controls. The rise in advanced tactics, such as leveraging legitimate services to mask malicious intent, has made detection increasingly challenging. To counter these threats, organisations must focus on employee awareness, regular software updates, and adopting a zero-trust security approach to mitigate risks effectively.
CISOs Dramatically Increase Boardroom Influence but Many Still Lack Soft Skills
Splunk's latest research reveals that Chief Information Security Officers (CISOs) are gaining greater influence in the boardroom, with 82% now reporting directly to the CEO, up from 47% in 2023. However, board members highlight a need for improved business acumen, communication, and emotional intelligence among CISOs. Budget concerns persist, with only 29% of CISOs feeling adequately funded, while 64% reported that financial constraints led to a cyber attack. The report underscores the need for better alignment between CISOs and boards to position cyber security as a business enabler and drive digital resilience.
Bad News - Businesses Who Pay Ransomware Attackers Aren’t Very Likely to Get Their Data Back
A recent Hiscox study has revealed that paying ransomware demands rarely leads to full data recovery, with only 7% of businesses successfully retrieving all their data. 1 in 10 firms that paid still experienced data leaks. Beyond financial losses, ransomware attacks have a significant impact on reputation, with 47% of affected firms facing challenges in attracting new customers and 43% reporting customer losses. Additionally, 21% lost business partners due to reputational damage. With ransomware attacks becoming more frequent, a company’s response strategy is critical to minimising long-term harm and ensuring operational resilience.
领英推荐
Deepfakes Force a New Era in Fraud Detection, Identity Verification
Deepfake technology is posing a significant challenge for businesses globally, with nearly half affected by its growing sophistication. To combat this, organisations are enhancing their identity verification processes by incorporating liveness checks and strengthening biometric methods such as facial recognition and fingerprint scanning. However, traditional fraud methods, including fake IDs, remain prevalent. The industry is adapting to rising regulatory pressures and evolving workforce needs, with AI and machine learning playing an increasing role in fraud prevention. Moving forward, businesses must strike a balance between robust security measures and user-friendly solutions to meet compliance demands and customer expectations.
Misinformation Is No. 1 Global Risk, Cyber Espionage in Top 5
The World Economic Forum's Global Risks Report 2025 highlights misinformation and disinformation as the top global risk over the next two years, driven by the rise of generative AI and geopolitical tensions. Cyber espionage ranks fifth, with one in three CEOs citing it as a major concern. Despite growing threats, cyber resilience remains inadequate, particularly among small and mid-sized firms, with 35% feeling underprepared. Larger organisations face challenges with supply chain vulnerabilities, while AI presents both opportunities and risks, with 47% of firms concerned about its misuse. Public-private partnerships are crucial to enhancing cyber resilience and regulatory alignment.
Educate, Prepare, and Mitigate: The Keys to Unlocking Cyber Resilience
Recent cyber incidents have highlighted the real-world impact of poor cyber security, affecting healthcare services and retail supply chains, eroding public trust, and damaging brand reputations. With threats increasing year over year, organisations must focus on education, preparation, and mitigation to enhance resilience. Employee training, regular risk assessments, and penetration testing are crucial to identifying and addressing vulnerabilities. Additionally, having a robust incident response plan and business continuity plan, regularly tested and updated, ensures operational resilience and safeguards customer trust in the face of potential cyber attacks.
What is ‘Security Theatre’ and How Can Firms Move Beyond It?
Many organisations are trapped in ‘security theatre,’ relying on an increasing number of alerts and tools that create an illusion of protection rather than addressing the root causes of cyber threats. In 2024 alone, over 1 billion individuals were impacted by data breaches, a 409% rise from the previous year. Despite rising investments in cyber security, human error remains the primary attack vector, with 99% of identity attacks targeting passwords. To move beyond performative security, organisations must focus on reducing the attack surface by eliminating static credentials and minimising standing privileges.
SMEs Face Rising Cyber Threats Amid AI and Training Concerns
Sharp Europe’s latest study highlights the growing cyber security risks facing European SMEs, with 84% of employees now more concerned than a year ago. AI-driven threats are a major worry, with 43% citing AI as a key factor in their unease, while 72% lack confidence in identifying cyber threats. 41% of SME workers have not received cyber security training in the past two years. With over half of SMEs fearing they could go out of business within a week of a major incident, the report underscores the urgent need for improved training and proactive cyber security measures.
Sources:
https://www.mimecast.com/blog/when-risk-becomes-habit-employee-behavior-and-organizational-security/
Read our full report here: https://www.blackarrowcyber.com/blog/threat-briefing-24-january-2025
Sign up for our free weekly threat report emails: https://www.blackarrowcyber.com/subscribe