Tag: Cybersecurity
Telegram: The New “Epicenter for Cybercrime” – February 1st
A report released by cybersecurity researchers at Guardio Labs called attention to the emergence of Telegram as the 'epicenter for cybercrime'. The Guardio researchers attribute the rise of Telegram for cybercrime to the "democratization" of the phishing ecosystem enabled by the messaging platform, allowing threat actors to initiate a mass attack for as low as $230.
Sextortion racket triggers US youth suicides
Financial sextortion is now the most rapidly growing crime targeting American, Canadian, and Australian youth. The US Federal Bureau of Investigation (FBI) has called it: “a global crisis that demands everyone’s attention” - having observed a one thousand percent increase in financial sextortion incidents over the last 18 months. In a December 2023 hearing, FBI Director Wray warned Congress that sextortion is “a rapidly escalating threat,” and teenage victims “don’t know where to turn.” Almost all this activity is linked to West African cybercriminals known as the “Yahoo Boys”, who primarily target English-speaking minors and young adults on the online social networks: Instagram, Snapchat, and Wizz, according to the Network Contagion Research Institute (NCRI) report, “A Digital Pandemic: Uncovering the role of ‘Yahoo Boys’ in the Surge of Social Media-enabled Financial Sextortion Targeting Minors.
Schneider Electric Confirms Data Breach from Ransomware Attack – January 31st
Schneider Electric announced that they were hit by a ransomware attack on January 17th, resulting in a data breach exposing their customer's information. The 'Cactus' ransomware group claimed the ransomware attack. Schneider has since informed the affected customers of the breach, which include Hilton, Pepsico, and Walmart. The attack also caused Schneider to shut down several division-specific systems.
Critical Sectors Faced 13 Cyber Attacks per Second in 2023 – January 30th
A Forescout Research - Vedere Labs report disclosed that over 420 million attacks were recorded between January and December 2023 in the medical, power, communications, waste, manufacturing, and transportation equipment sectors, amounting to 13 attacks per second. Forescout's report "2023 Global Threat Roundup” states that despite the ongoing surge in cyber attacks, the cybersecurity landscape remains optimistic considering proceedingly enhanced visibility and proactive defense strategies in the affected sectors.
Supply-chain attacks impacted 54m victims in 2023
Last year saw exponential growth in the number of organizations impacted by supply-chain attacks, although the increase in the number of organizations targeted has remained slow. According to the 2023 data breach report from the Identity Theft Resource Center (ITRC) the number of organizations impacted has surged by more than 2,600 percent since 2018, affecting over 54 million victims. “We must acknowledge the significant impact of Supply Chain Attacks and their effect on all organizations. A single supply chain attack can directly or indirectly impact hundreds or thousands of businesses that rely on the same vendor,” warns the ITRC. While supply chain attacks have been around for many years, the ability to automate and launch the attacks at scale accelerated in 2018. The MOVEit attack last year shows the scope and scale a Supply Chain Attack can have. According to the report, 102 entities were directly impacted by threat actors exploiting a MOVEit product. However, 1,271 organizations were indirectly affected when information stored in or accessed by a MOVEit product or service was compromised via a vendor or vendors.
Businesses turn their back on GenAI
The reaction of businesses to the introduction of generative AI (GenAI) in the year since the launch of Microsoft-backed ChatGPT is one of increasing suspicion and disappointment. Over one in four organizations have banned the use of GenAI outright. The majority of companies are now also refusing to trust a technology that has already gained a reputation for making errors and even entirely fabricating information, a failing that is referred to as “hallucinating”. According to Cisco’s newly-released 2024 Data Privacy Benchmark Study, 68 percent of organizations mistrust GenAI because it gets results wrong and 69 percent also believe it could hurt their company’s legal rights. The study draws on responses from 2,600 privacy and security professionals across 12 geographies.
Budget shortfalls power cybercrime surge
Over half of all companies worldwide quote inadequate cybersecurity budgets as a key factor underpinning a dramatic rise in global cybercrime in the first three quarters of 2023. According to a survey of almost 2,000 cybersecurity practitioners worldwide undertaken by the Ponemon Institute and commissioned by cybersecurity firm Barracuda: “There are a number of common factors that contribute to organizations’ exposable security postures. These include significant IT security budget shortfalls, a general lack of consistent enterprise-wide security policies and programs, ineffective (or no) incident response plans, and an inability to protect against automated security attacks criminals create using generative AI technology.” Fifty-five percent of respondents quoted inadequate IT security budgets as the chief cause of their growing vulnerability to cyber-attacks. A further 42 percent highlighted inadequate enterprise-wide security policies and programs. A lack of inventory of third parties with access to sensitive and confidential data adversely impacted 38 percent. Another key factor is a lack of support from senior leadership, with 25 percent of respondents saying that management teams fail to regard cyberattacks as a significant risk.
Exfiltrated Info Automatically Spread on Discord Bot Channel – January 23rd
On an analysis published by Trellix security researcher Gurumoorthi Ramanathan, the "NS-STEALER" malware distributed via a hidden ZIP file could lead to captured data automatically displayed on the Discord bot channel "EventListener". The hidden malware "NS-STEALER" when deployed onto a user's system, can automatically collect screenshots, cookies, credentials, autofill data, and system information from web browsers.
Iran targets Western journalists
Hackers with close ties to the intelligence arm of Iran’s military, the Islamic Revolutionary Guard, are now personally targeting journalists, professors, and researchers. According to Microsoft, which detected the new activity, Iran is anxious to gather information on the entire range of Western views regarding the ongoing conflict in the Middle East. “Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, this campaign may be an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum,” says Microsoft. The Iran-backed hackers, known as Mint Sandstorm, a composite name used to describe several subgroups of activity with ties to the Islamic Revolutionary Guard, use a range of new techniques. For example, the hackers use legitimate but compromised email accounts to conduct highly planned phishing attacks against key journalists.
Russia-Backed Hackers Infiltrate Microsoft’s Corporate Email System – January 22nd
Microsoft announced on a blog post that the email intrusion attack began in November 2023 and was discovered on January 12th, 2024. Microsoft deduced that the attack originated from a Russian nation-state hacking group. The Microsoft blog post stated the attack gained access to a small percentage of Microsoft corporate email accounts, consisting of Microsoft leadership, security, and IT team members. The incident is still under investigation and reported to the SEC, Microsoft vowed to take any further necessary action while being as transparent as possible.
Third-Party Attacks on the Rise
Criminal gangs are exploiting a new “side door” into organizations via connected third-party applications including everything from calendars to creative tools. Thwarted by the recent success of anti-phishing cybersecurity and aided by artificial intelligence (AI), criminal gangs are now compromising email accounts through third-party attacks. “Third-party applications connected to the email environment are being exploited, and organizations are making the lives of bad actors easier as they continue to connect more applications with high-risk permissions. Application overload is a common and dangerous trend,” says cybersecurity firm Abnormal Security. Abnormal Security believes that, although vulnerabilities in third-party software accounted for 13% of all breaches in 2022, costing organizations an average of US$4.55 million per incident, the problem has since worsened considerably. It quotes a recent vendor email compromise (VEC) attack that almost netted the criminals US$36 million, although most VEC attacks target less than US$150,000.
Cybersecurity Experts Question ‘Cyber Scam Warning’ Effectiveness – January 19th
The concern of official cyber scam warnings potentially being ineffective was raised by cybersecurity firms, Praxis Labs, eSentire, stemming from Dubai and Ghana cyber and law enforcement agency reports. After multiple cyber scam warnings issued by the Dubai Police and the Cyber Security Authority of Ghana, reports of victims continuously poured in for these “search engine scams”. Following the incidents, researchers at Praxis Labs and eSentire released statements on human behavior corresponding to cyber, by being on "default mode" and for search engines, the issuance of "implicit trust".