Tony Glover
Lebanon pager attack signals new era in cyber warfare
As the whole world is now aware, Beirut was thrown into chaos yesterday by 5,000 exploding weaponized pagers, leaving 900 people dead and a further 300 in critical condition. Iran’s ambassador to Lebanon, Mojtaba Amani, sustained injuries to his face and hand. Lebanon-based Islamist and paramilitary group Hezbollah claims that Israel was responsible. If so, then yesterday afternoon’s event in Beirut will have global repercussions for cyber warfare and targeted cyber-attacks. The idea of weaponizing communications devices is hardly new. Over a decade ago, for example, former US Vice President Dick Cheney disabled a function that allowed the pacemaker regulating his heart to be administered wirelessly. Because he believed terrorists might hack the device to deliver a fatal shock. Israel has also been previously accused of killing Hamas terrorists with booby-trapped cellphones.
Musk rattles skeletons in Brussels’ cupboard
The European Union (EU) suffered a major setback this week in its drive to recreate cyberspace in its own image. In a surprising turnaround, the EU appears to have caved into threats by X (formerly Twitter) owner Elon Musk to reveal “secret deals” offered by the EU to himself and other US-based global social network platforms. Until Monday, EU Commissioner Thierry Breton appeared to be preparing for a legal cage fight with Musk, a man who is tipped to become the world’s first trillionaire, over the issue of free speech and Musk’s refusal to censor political debate on X in line with Brussels’ wishes. Breton’s shock resignation yesterday is now being seen by many as evidence of the truth behind Musk’s allegations. X CEO Linda Yaccarino immediately referred to the resignation of European Union commissioner Thierry Breton as "a good day for free speech."
London’s transport cyber-breach is spreading fast
A cyber-attack on the London transport system earlier this month was far more serious than initially reported and is rapidly spreading across the UK. It is also now ringing loud alarm bells on both sides of the Atlantic, particularly in light of the upcoming US elections in November. Transport for London (TfL) has now admitted that over 5,000 customers’ personal details and, in many cases, their financial details have been stolen. TfL added that the breach is also rapidly starting to affect services outside London. The London Underground, the UK capital’s vast underground rail network, like most European metros, has a touchpad automatic electronic payment system using prepaid plastic cards. London also allows travelers simply to use their visa or MasterCard on the touchpads at the London underground barriers. This means that organizations such as TfL have become repositories of millions of commuters’ financial details, making them a tempting target for small-time cyber crooks.
EU spyware scandal spreads
This week, Poland’s Supreme Court quashed an ongoing probe into spyware abuses allegedly conducted by its own government - claiming it to be “unconstitutional”. Comprehensive new research, published earlier this month by the Atlantic Council’s Digital Forensic Research (DFR) Labs, also now shows that government abuse of spyware is now widespread across the European Union (EU). The findings of DFR Labs’ research provide a truly damning description of the widespread abuse of spyware by governments across Europe, accusing the EU of effectively turning a blind eye to the widespread abuse of its citizens’ rights despite being made aware of the widespread abuses at least two years ago. In 2022, the European Parliament (EP), frustrated by the Commission’s reluctance to tackle the growing scandal, established the PEGA Committee to investigate the misuse of surveillance spyware.
Cost of AI could rise tenfold – warns Gartner
Gartner issued a stern warning this week to organizations across all sectors that the cost of introducing artificial intelligence (AI) to the workplace could easily balloon by 500 -1,000 percent. Speaking at Gartner's flagship Symposium event in Australia, VP analyst Mary Mesaglio said: “Factors contributing to these inflated costs include vendor price increases and neglecting the expense of utilizing cloud-based resources.”
Brussels plots mass EU digital surveillance
While the world’s attention is focused on the arrest of Telegram owner, Pavel Durov, and Brazil’s decision to ban Elon Musk’s X platform ( formerly Twitter), the European Union (EU) Council in Brussels is hoping to quietly greenlight the EU’s proposed controversial “Chat Control” legislation. On Thursday, the EU is due to vote on planned legislation intended to introduce mass digital surveillance by means of fully automated real-time monitoring of messaging and chats, marking the end of private digital correspondence. Ostensibly, the proposal aims to prevent the online dissemination of child sexual abuse material. But there are growing concerns that the controversial new ruling will extend far beyond arresting purveyors of child porn and be used for the full-scale state-monitoring of personal and business communications in Europe and beyond.
Telegram chief arrested in Paris
Speculation is today mounting concerning the arrest of the popular encrypted messaging app Telegram head and founder, Pavel Durov, at Le Bourget airport north of Paris on Saturday evening. The arrest has been widely reported in France, although the authorities have yet to issue a full statement. In the past, the French president. Emmanuel Macron and his team have been enthusiastic users of Telegram, using it to orchestrate their political strategies. But Durov’s arrest on Saturday is now being seen as part of an attempt by the UK and the European Union to curtail the reach and influence of largely unregulated communications platforms such as Telegram and X (formerly Twitter). This theory is born out of sources close to the situation, who believe that Durov will face charges of complicity in drug trafficking, crimes against children, and fraud – all allegedly stemming from a lack of moderation controls on Telegram.
EU AI Act to act as a template for other regions
The European Union (EU) Artificial Intelligence (AI) Act, which came into effect earlier this month, is now set to act as a template for other regions, such as the US. The American government has already drafted an AI Bill of Rights, which aims to create a similar framework regulating AI. However, while governments are rightly concerned about the personal privacy aspect of the universal adoption of AI, some have a dangerously bullish view of the new technology’s potential. Despite a deluge of hilarious howlers, such as Google’s AI-driven images of African Vikings and American founding fathers, politicians anxious not to be left behind in the tech race swallowed Silicon Valley’s AI hype hook, line, and sinker.
Deepfakes set to deceive at DEF CON
It looks as if deepfakes will be the hot topic at the big international hacker conference DEF CON in Las Vegas next week, just as they took center stage at InfoSecurity Europe in London in June. Visitors to DEF CON’s Artificial Intelligence (AI) village will be encouraged to create their own highly professional deepfake videos of fellow conference attendees by cybersecurity company Bishop Fox’s red team. The purpose is to educate conference goers about the growing dangers now posed to all organizations by deepfake calls purporting to come from senior executives or highly-trusted members of staff.
Cyber-piracy on the high seas
Escalating geopolitical instability in the South China Seas and The Red Sea are being seen as the root cause behind a rapid rise in cyber-attacks on commercial shipping, as well as a sharp increase in cyber-assisted piracy. “The risk has escalated significantly in the past year due to heightened geopolitical tensions and increased cyber capabilities of threat actors…The average cost per data breach now exceeds $545,000 for a shipping organization,” says Freight Right Global Logistics CEO Robert Khachatryan. According to C. Todd Doss, Senior Managing Director at Guidepost Solutions: “Over the past year, these risks have escalated notably. Reports indicate that cyber-attacks on maritime infrastructure and vessels increased by over 20% in 2023 compared to the previous year .”
Exclusive: CrowdStrike crash is only the beginning…
The famous “blue screen of death,” witnessed with horror by 8.5 million Microsoft Windows users worldwide as a result of the ongoing CrowdStrike outage, may soon become a far more familiar sight across a wide range of sectors. While there is no evidence that the widespread Microsoft Windows outage caused by the CrowdStrike upgrade was anything but accidental, many in the cybersecurity industry are seeing the past week’s experience as a dummy run for a full-fledged cyber-attack aimed at crippling critical infrastructure. As the current media pictures of people sleeping in airports testify, some sectors appear to be faring better than others.
Exclusive: Hostile nations ramp up attacks on US infrastructure
Recent reports that ransomware attacks on industrial organizations increased by over 50 percent in 2023 represent only “the tip of the iceberg.” According to operational technology (OT) cybersecurity company IXDen, critical infrastructure across the US is being attacked at unprecedented levels. “The vast majority of cyber breaches of critical infrastructure such as water and power facilities go unreported, although a precise figure is impossible to gauge. Those that are reported in the media are only the tip of the iceberg. OT attacks on private businesses are not reported at all, and in public organizations, they are rarely reported,” says IXDen CEO and Co-Founder Zion Harel.
Exclusive: Expanding AI data centers have become tempting targets
Big Tech’s rapidly-expanding server farms are becoming increasingly tempting targets for ransomware gangs. In their Gadarene rush to be first with AI-based services, companies such as Google and Microsoft are not only abandoning any previous pretences about reducing their greenhouse emissions and energy consumption, they are also inadvertently building increasingly tempting targets for organized cybercriminals and nation-state threat actors. The online industry’s vast data centers and server farms run on similar operational technology (OT) systems to other industrial facilities. Originally designed to run offline, these systems are notoriously difficult to secure, particularly when they need to interface with newer information technology (IT) systems.
Exclusive: Deepfakes being used to manipulate share prices
Cash-rich cybercriminals are learning that the easiest way to make money on the stock markets while laundering cash at the same time is to use deepfake videos to impact share prices, albeit temporarily. According to Tim Grieveson, Senior Vice President of Global Cyber Risk, BitSight: “Using video and audio deepfakes to manipulate share prices for financial gain is definitely happening, but is something no one is currently talking about.” “Using a deepfake to announce a takeover could, for instance, drive up a stock in which the threat actor owns shares. Alternatively, a negative announcement such as a dire profits warning could be used to lower the share price so that the threat actor could buy the shares at a knock-down price, only to sell them again when the profits warning was seen to be fake” adds Grieveson.
Exclusive: Banks face a growing physical security threat
Banks, traditionally the main target for cybercriminal groups, are now being attacked not only by new online hacking techniques but also by a growing range of physical hacking tools and techniques. While financial institutions have high levels of cybersecurity and strong physical security, they currently face a growing threat from combined physical and digital assaults. “Physical security and cybersecurity convergence in the business environment. A favorite weapon in the hacker arsenal is the Flipper Zero, an inexpensive pocketable device that enables you to hack into nearby smartphones and IT systems,” says Tim Grieveson, Senior Vice President of Global Cyber Risk, BitSight.