Tag: Cybersecurity
Organizations’ staff are their biggest security risk
Careless employees are the main root cause of data loss in organizations. According to the cybersecurity and compliance company Proofpoint, almost three-quarters (74 percent) of CISOs believe human error is their biggest cyber vulnerability. This is up from 60 percent in 2023 and 56 percent in 2022. Even more (80 percent) believe human risk and employee negligence will be the key cybersecurity concerns for the next two years. “Our research shows that CISOs generally believe their people are aware of their critical role in defending the business from cyber threats. That CISOs still see their people as the primary risk factor suggests a disconnect between employees’ understanding of cyber threats and their ability to keep them at bay,” says Proofpoint.
341% Rise in Advanced Phishing Attacks – May 22nd
SlashNext's report revealed a 341% increase in malicious phishing links, business email compromise (BEC), Quishing, and attachment-based threats in the past six months. "The State of Phishing 2024" report also states that malicious email and messaging threats have increased by 856% over the past 12 months, amplified by the emergence of generative AI.
EPA Issues Warning for US Drinking Water Systems – May 21st
On Monday, May 20th, the Environmental Protection Agency (EPA) issued a warning, urging water utility systems in the US to take action to prevent vulnerabilities. The EPA says 70% of water systems inspected don't fully comply with the Safe Drinking Water Act requirements, stating that some have "critical cyber vulnerabilities" such as default passwords that may be easily compromised.
FBI takes down BreachForums -again!
The US Federal Bureau of Investigation (FBI) is investigating the criminal hacking forum BreachForums after taking down its website last week. This follows the announcement in February of the seizure of the LockBit ransomware gang’s extortion website. “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services,” says an FBI advisory.
UK engineering giant hit by $25m deepfake scam
The firm that lost $25 million to deepfake video scammers in Hong Kong earlier this year has been revealed to be UK-based engineering firm Ove Arup. Ove Arup is known for world landmarks, including the Sydney Opera House. The company employs roughly 18,000 people worldwide and has annual revenues of over £2 billion. In early February of this year, Cyber Intelligence reported that an as-yet-unidentified firm in Hong Kong had been defrauded of roughly US$25 million by criminals using deepfake video technology to pose as the company’s corporate finance officer (CFO) and other trusted colleagues. Not knowing how sophisticated even off-the-shelf deepfake video has become, the staff member who had been targeted was totally duped by what he logically assumed must be his CFO asking him to make the $25 million transfer during the course of an entirely fake but highly convincing video conference. When the attack was originally reported, the Hong Kong police gave a stark warning:
US and UK call time on Silicon Valley
A clarion call has gone out on both sides of the Atlantic for digital technologies to be made secure by design rather than by default. At San Francisco’s RSA cyber conference earlier this month, Jen Easterly, the director of CISA, the US Cyber Defense Agency, called for software to be made far more secure. This week, Ollie Whitehouse, the CTO of the NCSC, the UK’s National Cyber Security Centre, also echoed her thoughts, demanding that the technology industry make its products more cyber-secure from the start.
Millions of emails distributing LockBit ransomware
Affiliates of the infamous ransomware group LockBit have launched a potentially devastating new weaponized email tactic designed to cause maximum disruption to millions of companies in the US and around the world. At the end of April this year, researchers at cybersecurity firm Proofpoint began to observe high-volume ransomware campaigns sending out millions of fraudulent emails over a one-week period, facilitated by the Phorpiex botnet. In all cases, email messages purported to come from “Jenny Green” with the email address Jenny@gsd[.]com. These contained an attached ZIP file capable of downloading the LockBit Black ransomware payload from Phorpiex botnet infrastructure.
Android Malware Posing as WhatsApp, Instagram, and Snapchat – May 15th
The SonicWall Capture Labs team reported on threat actors developing malicious, fake Android apps to impersonate Google, Instagram, Snapchat, WhatsApp, and X. When downloaded by victims and once permissions have been granted to use them, illegitimate apps aim to steal sensitive data from Android devices, such as contacts, text messages, call logs, and passwords.
Critical infrastructure at risk from modem flaws
“Critical flaws” have been identified in modems deployed in millions of devices worldwide. Cybersecurity firm Kaspersky has issued a report warning companies of severe security vulnerabilities in Cinterion cellular modems. According to Kaspersky, Cinterion modems are cornerstone components in machine-to-machine (M2M) and Internet of Things (IoT) communications and now offer a back door for all kinds of threat actors. They support various applications, ranging from industrial automation and vehicle telematics to smart metering and healthcare monitoring. Gemalto, the initial developer of the modems, was subsequently acquired by Thales. In 2023, Telit acquired Thales’ cellular IoT products business, including the Cinterion modems.
Zscaler Clarifies, Only The Test Server Was Compromised – May 14th
In conclusion, in its investigations on hacking claims, Zscaler found that only an isolated test environment was compromised. The investigation arrived after a hacker named 'IntelBroker' confirmed that he breached Zscaler, offering to sell their data for $20K. The incident investigation is now also being conducted with Europol.
BogusBazarr signals red light for brands
By operating a “fraud-as-a-service’ (FaaS) website, BogusBazarr, operating out of China, runs 200 fraudulent webshops and has so far claimed 850,000 victims, mostly from the US and Western Europe. Victims who access BogusBazarr shops are offered amazing-sounding deals on shoes and apparel from well-known brands. But as the webshops are totally fraudulent, the victims end up having their credit card details stolen with nothing to show for it.
Boeing Discloses $200M Ransomware Attempt – May 13th
Boeing made a significant disclosure: The LockBit ransomware group targeted the company, which demanded a staggering $200M extortion payment. Boeing did not pay LockBit a ransom despite 43 GB of company data leaked on the ransomware group's website in November 2023. Boeing is now in contact with the FBI to mitigate the breach.