Tag: cybercrime
OpenAI’s voice cloning raises security concerns
OpenAI, the maker of Microsoft-backed consumer-facing artificial intelligence (AI) service ChatGPT, may have scored something of an own-goal with the unveiling of Voice Engine, billed as “a model for creating custom voices”. While OpenAI’s blog on Friday highlights the legitimate use of voice cloning, sometimes referred to as ‘deepfake voice’, such as providing reading assistance to non-readers and children, its widespread availability could soon metamorphose into a cybersecurity nightmare. Deepfake voice and video software are already being used by cybercriminals to mimic the voices of senior executives to commit financial fraud and other crimes. But the widespread availability and marketing of deepfake voice software is now set to make cybercrime a virtual cottage industry where any number can play. It will open the floodgates to a whole new generation of cybercriminals, terrorists, pranksters, and disgruntled employees.
SE Asian cybercriminals adopt drug-cartel tactics
A police raid on a Philippines online organization highlights not only the ongoing digital crime boom in Southeast Asia but also the increasingly blurred line between cybercrime and ordinary gangsters. Police raided the premises of the Tarlac Pogo firm following a complaint filed by a Vietnamese worker who bore signs of having been recently tortured in the form of electrocution scars. The police discovered 875 people, including 504 foreigners, who had been lured to work for what purported to be an online gaming company, but was actually a forced labour camp operating romance scams.
FBI reports record cybercrime losses in 2023
The US Federal Bureau of Investigation reports that last year the Internet Crime Complaint Center (IC3) received a record number of complaints, with potential losses exceeding $12.5 billion. Although the figures for 2023 represent a 10 percent increase over 2022 and a 22 percent rise in losses suffered, the FBI fears that even this only represents the tip of a vast unseen iceberg of cybercrime. The report quotes the FBI’s recent infiltration of the Hive ransomware group, which discovered that only 20 percent of victims had reported the incidents to law enforcement authorities.
Google’s Gemini AI Restricted to Answer Global Election Questions – March 13th
Google announced that the Gemini AI chatbot will be restricted to answering any global election-related questions to avoid any potential missteps. Users have found political questions toward Gemini to result in the answer "I'm still learning how to answer this question. In the meantime, try Google Search."
Ransomware alert for US critical infrastructure
The US Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a stark warning. The Phobos ransomware-as-a-service (RaaS) model is now being widely used by threat actors of all kinds to attack a wide variety of critical infrastructure across America. “Since May 2019, Phobos ransomware targeted municipal and county governments, emergency services, education, public healthcare, and other critical infrastructure entities,” says the joint cybersecurity advisory document. Phobos RaaS is particularly dangerous as it is an off-the-shelf software that can be deployed by even relatively unskilled threat actors in conjunction with other open-source tools such as Smokeloader, Cobalt Strike, and Bloodhound. These tools are all widely accessible and easy to use in various operating environments, making Phobos the obvious go-to choice for a wide variety of threat actors.
BlackCat gives go-ahead for healthcare attacks
Following actions taken against the infamous BlackCat ransomware group in December by the US Federal Bureau of Investigation (FBI), the cybercriminal gang has warned it is taking off the gloves in its fight with law enforcement. BlackCat previously took pride in regularly announcing that it does not encourage or support affiliates who target crucial sectors such as healthcare. But this approach has changed radically since the end of 2023. “Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023,” said the FBI.
Ransomware Attacks Decline by 11% in 2023 – February 21st
IBM X-Force released a report, disclosing that ransomware attacks declined by 11.5% in 2023, compared to 2022. IBM says the decline in ransomware attacks is largely due to the new cybercrime focus of infostealing tactics which rose by 32%. IBM X-Force's report gathered data for the report based on 150 billion daily security events from 130 countries last year.
International Law Enforcement Seizes LockBit’s Website – February 20th
U.S. and U.K. authorities announced the seizure of the LockBit ransomware gang's extortion website. The "Operation Cronos" campaign was led by the UK's National Crime Agency, the US Federal Bureau of Investigation, and Europol, in collaboration with a coalition of police agencies from 9 countries globally. However, LockBit posted messages on an encrypted messaging app saying its backup servers were unaffected.
Nation-state spyware goes mainstream
Commercial surveillance technology targeting smartphones, once the province of spymasters, is now becoming widely available on the open market. It is not only high-profile individuals such as politicians who are now threatened but also business people and ordinary smartphone users. Half of the known zero-day exploits (a previously unknown vulnerability) used against Google and Android devices can be attributed to commercial surveillance vendors (CSVs), according to a new 50-page report from Google, Buying Spying: Insights into Commercial Surveillance Vendors. “The commercial surveillance industry has emerged to fill a lucrative market niche: selling cutting edge technology to governments around the world that exploit vulnerabilities in consumer devices and applications to surreptitiously install spyware on individuals’ devices,” says Google.
Geopolitical tensions fuel botnet boom
Recent weeks have seen an exponential rise in malicious botnets performing reconnaissance scanning to scout out victims. According to researchers at cybersecurity firm Netscout, the number of potentially compromised devices rose from around 10,000 to roughly 144,000 over December, with no sign of the trend letting up. “The trend continued into the new year, with the largest spikes occurring on January 5 and 6, eclipsing one million distinct devices. The levels reached an unprecedented 1,294,416 on the 5th,” reports Netscout. The Netscout researchers say that this increased malicious scanning has been isolated to five key countries: The United States, China, Vietnam, Taiwan, and Russia. All have seen a rise in attackers using cheap or free cloud and hosting servers to create botnet launch pads.
Turkish Cyber Espionage Group Targeting Dutch Orgs – January 9th
Hunt & Hackett uncovered information on “Sea Turtle”, a Turkish-affiliated cyber espionage group that shifted focus to target Netherlands-based organizations. "Sea Turtle" was found to launch politically motivated evasive info-stealing campaigns targeting Dutch government, telco, media, and NGO organizations.
Cyber-gangs to launch media offensive in 2024
Cybercrime, which has become a multi-trillion-dollar industry over recent decades, became increasingly sophisticated during 2023, with criminal groups now adopting many of the business practices used by legitimate enterprises. According to a new report from cybersecurity firm, Sophos, leading ransomware gangs now increasingly employ their own internal HR and PR departments. Far from shying away from the media, as criminals always have in the past, some ransomware gangs have been swift to seize the opportunities it affords them. Some regularly issue press releases and take great pains to forge relationships with individual journalists using the same PR methods as those employed by legitimate corporations. Threat actors also offer Frequently Asked Questions (FAQs) and answers for journalists visiting their leak sites, encouraging reporters to get in touch, give in-depth interviews, and recruit writers, reports Sophos.