Tag: Cybersecurity
Top 10 US energy firms hit by 3rd-party attacks
Nine out of ten of the world’s leading energy companies, including the top ten US energy companies, experienced a third-party data breach sometime in the last 12 months. According to cybersecurity ratings company Security Scorecard, while only four percent of leading energy companies worldwide suffered a direct data breach, most were compromised via a supplier, contractor, or other third-party organization. “Fueling the global economy and daily life, reliance on the energy sector elevates it as a prime target for cyberattacks. Amid economic and political uncertainties, concerns about safeguarding this vital sector intensified. Energy attacks not only result in financial losses and disruptions but ripple through manufacturing, healthcare, and transportation sectors,” says Security ScoreCard.
US aerospace company hit by cyber-attack
An unknown threat actor has breached an as-yet-unnamed US aerospace company. According to BlackBerry, who first highlighted the attack, the threat actor’s weaponization of a phishing attack became operational around September 2022, with the offensive phase of the attack occurring almost a year later in July of this year. The cybercriminals responsible, whom BlackBerry has christened “AeroBlade,” are believed to have used the intervening nine months to develop the additional resources necessary to ensure access to the aerospace company’s systems to exfiltrate potentially highly valuable information - pointing to a high degree of professionalism and persistence on the part of the attacker.
LockBit Keeps Role as Biggest Global Ransomware Threat in 2023 – December 7th
According to a report by ZeroFox, LockBit was involved in more than a quarter of global ransomware and digital extortion (R&DE) attacks in 2023. The report found 30% of LockBit's attacks target Europe and 25% in North America. Despite remaining the global leader in ransomware, ZeroFox notes there to be a downward trajectory in the number of LockBit's attacks compared to 2022.
New Sophisticated Attacks Demonstrated by Disney+ Impersonators – December 6th
Abnormal Security published a study revealing a Disney+ impersonation attack, demonstrating never-before-seen phishing tactics. The cybercriminals initiated the impersonation attack through an auto-generated notification email, about pending charges for their Disney+ subscription. The emails also demonstrated customized PDFs, with legitimate numbers & emails, inflated charges, and believable branding.
Nuclear facility reportedly hacked by Russia and China
In what is an urgent and stark warning to nuclear facilities around the world, UK nuclear facility Sellafield, formerly called Windscale, is reported to have been hacked by groups linked to China and Russia. The 70-year-old sprawling six-square-kilometre facility, located on the North-West coast of England, holds the planet's largest store of plutonium as a result of processing nuclear waste from decades of atomic power generation and weapons programs. The UK authorities do not know exactly when the hack originally occurred, according to The Guardian newspaper, although breaches are said to have been detected as long ago as 2015, when sleeper malware, used to attack systems remotely and at will over a long period, was found to have been embedded. In what amounts to a national scandal for the UK, it is still not yet known if the malware has actually been eradicated.
EU’s planned AI rulings meet opposition
Next Wednesday will see the last round in a “King Kong meets Godzilla"-style contest between the European Union and the global technology sector over proposed regulations from Brussels to control AI. The opening rounds have been fought by lawyers, lobbyists, and bureaucrats over the monitoring of foundation model AI services such as GPT-4, access to source codes, fines for disobeying the Brussels rulings, and other related topics. However, EU member states France, Germany, and Italy are known to be opposed to the EU’s proposed rulings and to favor self-legislation by the technology sector, as opposed to being constrained by hard rules dictated by Brussels. French AI company Mistral and Germany's Aleph Alpha have criticized the EU’s tiered approach to regulating foundation models, defined as those with more than 45 million users.
Storm gathers over the cloud
News of the mass exploitation of ownCloud customers as a result of a zero-day vulnerability follows revelations earlier this month of a critical security vulnerability in Microsoft’s Azure cloud platform. Reports of gaping security flaws in cloud services come at a bad time for cloud service providers in general and Microsoft in particular. The Seattle-based computing giant is currently doing its utmost to persuade the US, UK, and Australian governments that its Azure Government Cloud is the best way for the AUKUS trio to securely update cross-border information and enhance mutual collaboration. This might prove problematic for Microsoft, whose Azure platform was recently proven to have a critical vulnerability, and some of whose government clients suffered a series of serious breaches earlier this year.
Behind the Navy’s First Cyber Strategy – December 1st
To improve cybersecurity readiness, the U.S. Navy launched its first cybersecurity strategy. The 14-page Navy cyber strategy outlined cybersecurity as a core competency in modern warfare and highlighted the importance of protecting the information environment.
GE Military Project Hack Sparks National Security Concerns – November 30th
General Electric (GE) recognized the data theft from threat actor IntelBroker pertaining to a project involving the Defence Advanced Research Projects Agency, sparking national security concerns. The GE Spokesperson commented on the data theft, saying they are thoroughly investigating the claims, will work on further protecting the integrity of their security systems, and that business operations will not be affected.
US Consumers Receive 2B Spam Calls Monthly – November 29th
According to Truecaller, US consumers were faced with two billion spam calls per month. Truecaller's Monthly US Spam and Scam Report also unveiled that around 195 million hours were wasted by answering these scam calls. The goal of these scam calls is to carry out credit card fraud, identity theft, and sensitive data collection.
AI “overrated and overhyped” say cybercriminals
The verdict on artificial intelligence (AI) from the real experts is finally in; professional cybercriminal fraternities have judged AI to be “overrated, overhyped and redundant,” according to fresh research from cybersecurity firm Sophos. It has, hitherto, been accepted wisdom in the cybersecurity industry that cybercriminals, free from any regulatory authority or moral scruples, were among the first to harness the awesome power of AI to create bespoke and virtually unstoppable malware. However, having infiltrated the Dark Web forums where top professional cybercriminals discuss their trade, Sophos reports that the cybercrime sector has thoroughly tested the capabilities of AI and found it wanting.
Pittsburgh-area Water Authority Hit by Cyber Attack – November 28th
The Municipal Water Authority of Aliquippa reported a cyberattack that shut down their water pressure technology, to the U.S. Department of Homeland Security this past weekend. According to the U.S. Department of Homeland Security, the unassuming cyberattack may come with serious international implications, with the attack suspected to come from an anti-Israeli Iranian threat actor group labeled as "Cyber Av3ngers". This nation-state cyberattack is not the first to disrupt critical water infrastructure.