Over 3,500 cybercriminals were arrested and $300M worth of assets were seized by Europol, the South Korean government, along with cooperation from law enforcement agencies from 34 countries on a large-scale sting operation labeled “HAECHI IV”.
The operation spanning from July to December 2023, targeted predominantly email, e-commerce, and investment cyber fraudsters.
Based on a Netwrix survey, the financial sector in 2023 experienced the most cyberattacks among any other sector in 2023.
Surveying 1,610 IT and security professionals from more than 100 countries, the survey also revealed phishing and malware to be the most common attacks across all sectors.
Threat actor group Gonjeshke Darande, which translates to “Predatory Sparrow” claimed the cyberattacks against Iranian petrol stations, rail networks, and steel factories, according to Iranian State Media.
‘Predatory Sparrow’, speculated to be linked to Israel, explains the attack to be in response to “the aggression of the Islamic Republic and its proxies in the region”.
The New Year is set to start with a call to regulate artificial intelligence (AI) coming from a man whose views are considered by hundreds of millions of people to be infallible. On New Year’s Day, His Holiness Pope Francis is scheduled to issue a stark warning to the governments of the world on the dangers inherent in AI.
On January 1, 2024, His Holiness will announce: “Techno-scientific advances, by making it possible to exercise hitherto unprecedented control over reality, are placing in human hands a vast array of options, including some that may pose a risk to our survival and endanger our common home”.
Having warned that AI is a threat not to humanity but to the existence of the Planet Earth itself, His Holiness will then exhort “the global community of nations” to urgently adopt a binding international treaty to regulate not only the use of AI, but also its development.
MongoDB revealed a data breach exposing customer metadata and sensitive information in an email announcement to their customers.
The email, alerting MongoDB’s customers of the cyberattack, also informed customers to be aware of heightened phishing email risk due to the data breach, and to set up multi-factor authentication for their accounts as a phishing safety measure.
The UK’s Newsquest Media Group reported a cyberattack that disrupted the company’s websites and apps to the UK National Cyber Security Centre (NCSC) on Monday, December 11th.
The UK media company with over 250 local news sites’ stated that the series of Distributed Denial-of-Service (DDoS) attacks disrupted the reading experience of an estimated 48 million monthly readers.
The Joint Committee on National Security Strategy (JCNSS) published a report “A hostage to fortune: ransomware and UK National Security,” which revealed the UK’s lack of planning against ransomware attacks.
Targeted mainly at the critical cyber infrastructure of the UK government, the JCNSS report warns that a severe attack could disrupt the core of government services, healthcare, and child protection, which could lead to bringing the country to a ‘standstill’.
Kyivstar, Ukraine’s largest telecom provider announced it was hit by a devastating cyberattack, disrupting internet access for over 26 million users.
Kyivstar’s parent company, VEON Ltd confirmed the devastating cyberattack, claiming it to be “one of the largest cyberattacks in the history of the global telecom market.”
Revealed in a presentation at last month’s Black Hat Middle East and Africa conference, was a corporate information leak tactic targeting Saudi Arabian workers using fraudulent LinkedIn profiles.
The LinkedIn attacks start with fraudulent accounts pretending to be Muslim women in their 20s who say they work in Southeast Asia. Once the connection is made, attempts to harvest sensitive corporate information through long, seemingly legitimate professional conversations ensue.
Researchers from the International Institute of Information Technology (IIIT) presented a new attack named ‘AutoSpill’ that enables attackers to steal account credentials on Android devices via an autofill operation, during the Black Hat Europe security conference.
IIIT researchers pinpointed WebView, the Android feature used to open external links through an internal browser view as the starting point of the security flaw, leaving autofilled usernames and passwords vulnerable.
Nine out of ten of the world’s leading energy companies, including the top ten US energy companies, experienced a third-party data breach sometime in the last 12 months. According to cybersecurity ratings company Security Scorecard, while only four percent of leading energy companies worldwide suffered a direct data breach, most were compromised via a supplier, contractor, or other third-party organization.
“Fueling the global economy and daily life, reliance on the energy sector elevates it as a prime target for cyberattacks. Amid economic and political uncertainties, concerns about safeguarding this vital sector intensified. Energy attacks not only result in financial losses and disruptions but ripple through manufacturing, healthcare, and transportation sectors,” says Security ScoreCard.
An unknown threat actor has breached an as-yet-unnamed US aerospace company. According to BlackBerry, who first highlighted the attack, the threat actor’s weaponization of a phishing attack became operational around September 2022, with the offensive phase of the attack occurring almost a year later in July of this year.
The cybercriminals responsible, whom BlackBerry has christened “AeroBlade,” are believed to have used the intervening nine months to develop the additional resources necessary to ensure access to the aerospace company’s systems to exfiltrate potentially highly valuable information – pointing to a high degree of professionalism and persistence on the part of the attacker.
According to a report by ZeroFox, LockBit was involved in more than a quarter of global ransomware and digital extortion (R&DE) attacks in 2023.
The report found 30% of LockBit’s attacks target Europe and 25% in North America. Despite remaining the global leader in ransomware, ZeroFox notes there to be a downward trajectory in the number of LockBit’s attacks compared to 2022.
Abnormal Security published a study revealing a Disney+ impersonation attack, demonstrating never-before-seen phishing tactics.
The cybercriminals initiated the impersonation attack through an auto-generated notification email, about pending charges for their Disney+ subscription. The emails also demonstrated customized PDFs, with legitimate numbers & emails, inflated charges, and believable branding.
In what is an urgent and stark warning to nuclear facilities around the world, UK nuclear facility Sellafield, formerly called Windscale, is reported to have been hacked by groups linked to China and Russia. The 70-year-old sprawling six-square-kilometre facility, located on the North-West coast of England, holds the planet’s largest store of plutonium as a result of processing nuclear waste from decades of atomic power generation and weapons programs.
The UK authorities do not know exactly when the hack originally occurred, according to The Guardian newspaper, although breaches are said to have been detected as long ago as 2015, when sleeper malware, used to attack systems remotely and at will over a long period, was found to have been embedded. In what amounts to a national scandal for the UK, it is still not yet known if the malware has actually been eradicated.
Next Wednesday will see the last round in a “King Kong meets Godzilla”-style contest between the European Union and the global technology sector over proposed regulations from Brussels to control AI. The opening rounds have been fought by lawyers, lobbyists, and bureaucrats over the monitoring of foundation model AI services such as GPT-4, access to source codes, fines for disobeying the Brussels rulings, and other related topics.
However, EU member states France, Germany, and Italy are known to be opposed to the EU’s proposed rulings and to favor self-legislation by the technology sector, as opposed to being constrained by hard rules dictated by Brussels. French AI company Mistral and Germany’s Aleph Alpha have criticized the EU’s tiered approach to regulating foundation models, defined as those with more than 45 million users.
News of the mass exploitation of ownCloud customers as a result of a zero-day vulnerability follows revelations earlier this month of a critical security vulnerability in Microsoft’s Azure cloud platform.
Reports of gaping security flaws in cloud services come at a bad time for cloud service providers in general and Microsoft in particular. The Seattle-based computing giant is currently doing its utmost to persuade the US, UK, and Australian governments that its Azure Government Cloud is the best way for the AUKUS trio to securely update cross-border information and enhance mutual collaboration. This might prove problematic for Microsoft, whose Azure platform was recently proven to have a critical vulnerability, and some of whose government clients suffered a series of serious breaches earlier this year.
To improve cybersecurity readiness, the U.S. Navy launched its first cybersecurity strategy.
The 14-page Navy cyber strategy outlined cybersecurity as a core competency in modern warfare and highlighted the importance of protecting the information environment.
General Electric (GE) recognized the data theft from threat actor IntelBroker pertaining to a project involving the Defence Advanced Research Projects Agency, sparking national security concerns.
The GE Spokesperson commented on the data theft, saying they are thoroughly investigating the claims, will work on further protecting the integrity of their security systems, and that business operations will not be affected.
According to Truecaller, US consumers were faced with two billion spam calls per month.
Truecaller’s Monthly US Spam and Scam Report also unveiled that around 195 million hours were wasted by answering these scam calls. The goal of these scam calls is to carry out credit card fraud, identity theft, and sensitive data collection.
The verdict on artificial intelligence (AI) from the real experts is finally in; professional cybercriminal fraternities have judged AI to be “overrated, overhyped and redundant,” according to fresh research from cybersecurity firm Sophos.
It has, hitherto, been accepted wisdom in the cybersecurity industry that cybercriminals, free from any regulatory authority or moral scruples, were among the first to harness the awesome power of AI to create bespoke and virtually unstoppable malware. However, having infiltrated the Dark Web forums where top professional cybercriminals discuss their trade, Sophos reports that the cybercrime sector has thoroughly tested the capabilities of AI and found it wanting.
The Municipal Water Authority of Aliquippa reported a cyberattack that shut down their water pressure technology, to the U.S. Department of Homeland Security this past weekend.
According to the U.S. Department of Homeland Security, the unassuming cyberattack may come with serious international implications, with the attack suspected to come from an anti-Israeli Iranian threat actor group labeled as “Cyber Av3ngers”. This nation-state cyberattack is not the first to disrupt critical water infrastructure.
As the Biden administration prepares to impose further limits on China’s access to leading-edge chip technology, news has broken over the weekend that Chinese hackers have been siphoning off some of Europe’s ground-breaking chip technology for years.
The infamous Chinese hacker group Chimera, had access to the network of Dutch semiconductor giant NXP, for over two years, from late 2017 to the beginning of 2020. The hackers, believed to be backed by the Chinese Communist Party (CCP), are understood to have consistently stolen intellectual property, including, crucially, the company’s cutting-edge chip designs. According to sources close to the situation, the full extent of the threat has still to be disclosed.
The UK’s National Cyber Security Center (NCSC), in partnership with the US’s Cybersecurity and Infrastructure Security Agency (CISA) launched the ‘Guidelines for Secure AI System Development’.
The guidelines are set to secure AI system development, to help developers make informed cybersecurity decisions at every step of the AI development process. These AI guidelines were also co-signed in cooperation with 21 other international agencies and ministries from across the world.
The European Union’s Cybersecurity Agency (ENISA) is studying the possibility of broadening the proposed cybersecurity labeling rules that may affect big tech operating in Europe.
The proposed EU certification scheme (EUCS) vouches for further cybersecurity measures of cloud services, ensuring companies in the bloc select an EU-based certified cybersecurity vendor for their business.
New cybersecurity rulings due to come into full force less than a month from today are being blocked in the US Congress and the House of Representatives. The new rulings include the mandatory reporting of any ‘material’ cyber-attack within four working days and were drawn up by the Securities and Exchange Commission (SEC).
But, according to a statement issued by Congressman Andrew Barbarino, Chairman of Homeland Security’s Cybersecurity and Infrastructure Protection Subcommittee, and Senator Thom Tillis: “This cybersecurity disclosure rule is a complete overreach on the part of the SEC … also increasing cybersecurity risk without a congressional mandate and in direct contradiction to public law that is intended to secure the homeland.”
LivaNova reported a cyber attack to the SEC, resulting in disruption of the company’s operations.
The MedTech company is now in the process of executing its incident response plan and placed some of its systems offline to minimize the damages of the attack.
In a startling revelation, Vikas Singla, the former COO of cybersecurity firm Securolytics, confessed to hacking two Georgia hospitals in June 2021 to enhance the company’s profile. Singla disrupted services at Gwinnett Medical Center hospitals, stealing patient data and publicizing the breach on Twitter.
Facing 17 counts of computer damage and one count of information theft, Vikas Singla agreed to pay over $817,000 in restitution. Due to health issues, prosecutors recommended 57 months of probation, raising concerns about cyber threats jeopardizing public safety and healthcare data.
Samsung notified its customers in the UK that a recent data breach potentially exposed customer data, stemming from a third-party business application vulnerability.
Samsung UK further stated that the data affected only covers customers that purchased Samsung items in the UK online store, and ensured customers that the breach does not include passwords or financial data.
Ransomware gang, ALPHV/BlackCat has reported MeridianLink to the SEC, for not disclosing cyber attack.
ALPHV/BlackCat informed the SEC that MeridianLink did not disclose details of the attack, which could potentially affect the data of the publicly traded company’s thousands of financial organizations, banks, credit unions, and mortgage lenders. The lack of cyber compliance from MeridianLink breaks the SEC’s rule of disclosing cyber attacks within 4 days of the attack occurring to the agency.
ThreatX revealed in their latest research that 97% of consumers expect more cyberattacks this coming year.
The ThreatX research also indicates that 69% of consumers predict these cyberattacks to become more complex, while only 13% believe they will be protected from cyberattacks.
The European Union Agency for Cybersecurity (ENISA) signed a Working Agreement with Ukraine’s Administration of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) to boost cybersecurity efforts.
The Working Agreement signed by ENISA and SSSCIP will focus on the EU supporting Ukraine in its efforts to protect itself from geopolitically-fueled cyber attacks from Russian threat actors through improving critical infrastructure, cybersecurity skills, and capacity building.
The Cybersecurity and Infrastructure Security Agency (CISA) announced a signed Memorandum of Understanding (MoU) with the Republic of Korea’s National Intelligence Service (NIS) to establish collaboration efforts under the bilateral Cyber Framework between the US and the Republic of Korea signed in April.
The framework between the Republic of Korea and the US includes sharing technical and operational cyber threat information and best practices in cyber crisis management.
The attacks first identified by the FBI frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons. As of June 2023, the FBI also reports that the Silent Ransom Group (SRG), also called Luna Moth, conducted callback phishing data theft and extortion attacks by sending victims a phone number in a phishing attempt, usually relating to pending charges on the victim’s account. When the victims called the provided phone number, cybercriminals directed them to a legitimate system management tool via a link provided in a follow-up email.
Conducting an innocent online search for any business-related document, such as a legal contract, has become as potentially risky as opening a link in an unsolicited email. Ransomware gangs, usually outside US, UK, and EU jurisdiction, are now luring business users of popular search engines to compromised websites designed to look like professional forums, creating a back door into the searcher’s entire organization.
The US Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Emergency Management Agency (FEMA) launched the “Shields Ready” cybersecurity campaign to promote critical national infrastructure (CNI).
The “Shields Ready” campaign will tackle CNI by establishing focused strategic strategies to protect organizations from potential disruption, and by building cyber-resilient systems.
Palo Alto Networks announced its purchase of Talon Cyber Security for $625 million to ramp up its merger and acquisition efforts.
Palo Alto Networks credited the acquisition of Talon to its ability to navigate the challenges of today’s connected digital environments.
Ransomware Attacks Double Over Past Two Years Akamai Technologies found that organizations faced an average of 86 ransomware attacks in the past 12 months, based on their latest report “The State of Segmentation 2023”. In comparison, organizations only faced 43 annual attacks two years ago. The 1,200 IT and security professionals who participated in the […]
OpenAI has announced a new team, intended to counter the risks brought by generative AI systems.
Labeled the “preparedness” unit, the new OpenAI branch will be tasked to set preventive measures for systemic AI risks which include individual persuasion, cybersecurity, autonomous replication and adaptation, and chemical, biological, radiological, and nuclear (CBRN) threats.
admin
