Microsoft announced the cyber campaign by the Russian-state-sponsored ‘Midnight Blizzard’ hackers, resulting in the group stealing the tech giant’s source code.
The sophisticated ‘Midnight Blizzard’ campaign is said to be rooted in a grander scheme to gain unauthorized access to Microsoft’s environment using the stolen source code.
Zscaler discovered a new remote access trojan (RAT) campaign that lures victims through fake online meeting links.
Once the victims are lured into downloading the RAT through the meeting links impersonating Skype, Google Meet, and Zoom, the RAT payload may enable threat actors to steal sensitive information.
Companies using public artificial intelligence (AI) services such as Microsoft-backed ChatGPT are at increasing risk of allowing cybercriminals to access confidential data. According to cybersecurity firm Group-IB’s Hi-Tech Crime Trends Report 2023/2024, between June and October of 2023, over 130,000 unique hosts with access to OpenAI were compromised, representing a 36 percent rise over the first five months of the year.
Companies currently take one of two main approaches to integrating AI into workflows. One is to use public AI models and the second is to create bespoke proprietary AI systems based on pre-trained and available models. The second approach is by far the safest as it helps control data exchange with AI systems at every stage, guaranteeing confidentiality. But this is far more expensive and labor-intensive than using more insecure publicly available AI services.
Cyberint reported that three threat actor groups (Skynet, Godzilla, and Anonymous Sudan) are suspected to be behind the temporary shutdown of Meta social media platforms; Facebook, Instagram, and Threads.
Despite the claims from the three threat actor groups on the Meta shutdown across various Telegram groups, there is still suspicion that these claims could be a hoax.
American Express released a notification to its customers, informing them of a third-party data breach, placing ‘some’ customer information at risk.
Despite the breach, American Express ensured that its systems remain secure, is taking measures to address the issue, and will constantly monitor the integrity of its accounts for fraudulent activity.
Following actions taken against the infamous BlackCat ransomware group in December by the US Federal Bureau of Investigation (FBI), the cybercriminal gang has warned it is taking off the gloves in its fight with law enforcement. BlackCat previously took pride in regularly announcing that it does not encourage or support affiliates who target crucial sectors such as healthcare. But this approach has changed radically since the end of 2023.
“Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023,” said the FBI.
US President Joe Biden has dealt a potentially devastating blow to China’s tottering economy by accusing China’s auto industry of posing a serious cyber risk to US national security. An impassioned speech from the President concerning the cyber threat posed by China comes only weeks after a similar warning from the US Federal Bureau of Investigation (FBI) concerning China’s plans to launch a cyber-attack on US national infrastructure.
“China is determined to dominate the future of the auto market, including by using unfair practices. China’s policies could flood our market with its vehicles, posing risks to our national security. I’m not going to let that happen on my watch,” promises the President.
Researchers from the Israel Institute of Technology, in collaboration with Intuit, and Cornell Tech developed the “Morris II Worm” to automatically leverage GenAI systems to spread malware and steal data.
The researchers made the worm to demonstrate the dangers behind GenAI systems through the dangerous “0-click propagation” worm which unleashes unprompted payloads, allowing easier attacks from threat actors.
As geopolitical tensions and conflicts rise across the globe, so are cyber-attacks on critical Western infrastructure, particularly industrial facilities running on operation technology (OT) systems.
Ransomware attacks on industrial organizations increased by over 50 percent in 2023, according to a report by cybersecurity firm Dragos: OT Cybersecurity – 2023 in Review. Seventy percent of all ransomware attacks targeted 638 manufacturing entities in 33 unique manufacturing subsectors.
Dragos tracked a total of 21 threat groups targeting industrial organizations including three new threat groups: Gananite, Laurionite, and Voltzite. Dragos reports all three new groups as conducting diverse operations against various organizations, including cybersecurity research firms, government and military defense entities, rail, manufacturing, automotive, and utilities. Voltzite has been the most active of the three in targeting critical infrastructure.
A Viakoo survey unveiled that 50% of respondents experienced IoT cyber incidents in 2023.
Among those IoT cyber incidents, 44% were reported to be ‘severe’, while 22% were labeled as ‘threatening’.
As part of the US Biden-Harris administration’s “Investing in America” agenda, the US energy sector received a $45M investment to bolster the sector’s cybersecurity infrastructure.
The announcement strengthens the US government’s initiatives to boost cybersecurity efforts for critical infrastructure, in light of attacks on US critical infrastructure.
There is growing evidence that ransomware gangs are rapidly evolving into full-scale protection rackets. Ransomware gangs are increasingly returning to fleece their victims multiple times, even after the ransom has been paid.
“Despite most victims agreeing to pay the ransom, less than half who did get their systems and data back uncorrupted. And most were breached again within a year,” says security company Cybereason’s report Ransomware: the true cost to business 2024.
All of the 1008 enterprise IT professionals surveyed had been breached at least once in the past 24 months. While 84 percent paid the ‘ransom’, only 47 percent got their data and services back intact. But this new generation of ransomware attacks frequently do not stop – even once the ransom is paid. An astonishing 78 percent were breached again and 63 percent were asked to pay more the second time. In 36 percent of the cases, the second attack was carried out by the same gang that conducted the first.
Arriving days after law enforcement agencies took down LockBit’s servers, the ransomware gang resurfaces with a new data leak portal on the dark web.
On a public announcement of their re-launch, a LockBit administrator disclosed that their websites were confiscated, however, their operations recovered due to backup servers.
The U.S. Federal Trade Commission (FTC) filed a complaint against Avast for selling user data, along with a $16.5M fine.
The FTC’s complaint claims “Avast unfairly collected consumers’ browsing information through the company’s browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and consumer consent.”
Russian hacktivists named Doppelgänger have been interfering in Germany’s elections with a view to influence the outcome of upcoming European elections, according to a report from SentinelLabs and ClearSky Cyber Security.
“Doppelgänger represents an active instrument of information warfare. We anticipate that Doppelgänger’s activities, targeting not only Germany but also other Western countries, will persist and evolve, particularly in light of the major elections scheduled across the EU and the USA in the coming years,” says the report.
The Chinese Police reported on a nation-state sensitive data leak on Chinese company, I-Soon.
The data uncovers in detail, methods used by Chinese authorities to surveil dissidents, and hacking networks across Central and Southeast Asia.
US Federal Bureau of Investigation (FBI) director Christopher Wray used his keynote speech at the weekend’s Munich Cyber Security Conference, which many regard as the security version of Davos, to effectively declare cyber-war on the People’s Republic of China (PRC).
“Our adversaries have been improving exponentially,” warns Wray. “Chief among those adversaries is the Chinese government…the cyber threat posed by the Chinese government is massive.”
Wray added that China’s hacking program is larger than that of all the other major world nations combined and that the PRC is using AI technology stolen from the Western powers to vastly increase the present threat. The FBI director told the major world powers assembled in Munich at the weekend that a new enhanced level of cooperation between government agencies such as his and the private sector is the only way to counter this new Red Menace.
Airline security has just entered a new era with news that on Saturday cybercriminals hacked the communications network on a commercial flight and tried to divert the plane to a fake destination and into the hands of the gang.
On Sunday, EL AL Israel Airlines confirmed the attack on one of its planes. During the attack, instructions were given to the El Al crew that differed from their set route, alerting them to the possibility that terrorists were planning to crash the plane or that their attackers were planning a kidnapping.
IBM X-Force released a report, disclosing that ransomware attacks declined by 11.5% in 2023, compared to 2022.
IBM says the decline in ransomware attacks is largely due to the new cybercrime focus of infostealing tactics which rose by 32%. IBM X-Force’s report gathered data for the report based on 150 billion daily security events from 130 countries last year.
In an exclusive interview with Cyber Intelligence, top Israeli military scientist Prof. Isaac Ben-Israel reveals that Iran has tested a missile in space that could strike the UK and assesses the likelihood and nature of a full-scale outer-space cyber war and why children should be taught cybersecurity in elementary school.
U.S. and U.K. authorities announced the seizure of the LockBit ransomware gang’s extortion website.
The “Operation Cronos” campaign was led by the UK’s National Crime Agency, the US Federal Bureau of Investigation, and Europol, in collaboration with a coalition of police agencies from 9 countries globally. However, LockBit posted messages on an encrypted messaging app saying its backup servers were unaffected.
Nine out of 10 US citizens do not trust social media. In some other developed markets, trust in services such as Facebook is even lower. In the UK, only three percent of consumers trust social media services with their personal data, and in Japan, it is only two percent, about one in fifty.
Thales 2024 Digital Trust Index, which surveyed 12,426 people worldwide, reports that, while the majority of users mistrust social media and online retail and entertainment services, trust in some other services is far higher. Consumers have much more trust in banking, healthcare, and government services when it comes to sharing their personal data – a universal trend witnessed in all the markets surveyed. Banking services are the most highly trusted with 44 percent of users placing their trust in them. This was closely followed by healthcare with 41 percent and government services with 37 percent.
Cyberint announced the launch of ‘Ransomania’ a free-to-use ransomware attack repository featuring thousands of recorded ransomware attacks.
Ransomania allows users to browse a global map of ransomware hotspots, filtered by region, industry, and time of attack.
Group-IB discovered a new iOS Trojan named “GoldPickaxe.iOS” that was built to steal facial recognition data from infected iOS devices.
The ‘GoldPickaxe’ Trojan abuses the TestFlight exploit, which sends users innocent URLs that downloads the malware when clicked. According to Group-IB, the stolen biometric data is used to gain unauthorized access to banking accounts.
The Mozilla Foundation released research that unveils that all 11 romantic AI chatbots tested, failed security and privacy tests.
All 11 chatbots feature data privacy concerns, pulling much more data than is needed from the collective 100 million users of these chatbots. Mozilla urges these chatbots to minimize exploiting vulnerable users through more transparent data privacy practices.
Highly organized cybercriminals suspected to be based in Russia and Nigeria are targeting hundreds of executives in dozens of organizations in an ongoing Microsoft Azure cloud account takeover (ATO) campaign.
According to US cybersecurity firm Proofpoint: “As part of this campaign, which is still active, threat actors target users with individualized phishing lures within shared documents.”
Innocent but weaponized documents sent to key executives include embedded links to “View Document”, which automatically directs them to a malicious site. The users affected by the attacks occupy a variety of trusted positions within their organizations. Victims include chief financial officers (CFOs), finance managers, account managers, corporate vice presidents, and sales directors. Proofpoint believes that targeting this variety of executive positions is far from being a series of random phishing attacks.
According to the US Federal Trade Commission (FTC), US adults lost over $10B to cyber fraud incidents in 2023, led by investment scams.
Marking a historic rise, the rates of US fraud incidents rose by 14% compared to 2022. Leading fraud incidents consist of investment scams, e-commerce fraud, fake prize scams, and business and job opportunity scams.
Last year, ransomware payments topped US$1 billion for the first time. According to a report from blockchain analyst firm Chainalysis, in 2023 ransomware gangs reached “an unprecedented milestone” in extorted cryptocurrency payments.
“This number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over US$100 million,” warns the report.
In the UK’s move to phase out physical immigration documents by 2025, the UK’s Home Office claims the implementation of e-Visas to be not only for convenience and cost safety but also for ‘enhanced security’.
Although not much information is known on the newly implemented e-visa, the UK Home Office claims the e-visa to be securely linked with biometric information for enhanced security measures.
Artificial Intelligence (AI) tools such as face swaps are now being used in Mission Impossible-style cyber-enabled financial crimes. The South China Morning Post reports that last month criminals defrauded a multinational Hong Kong firm of HK$200 million (US$26 million) by using deepfake video technology.
The cybercriminal gang initially sent a message to an employee in the finance department of the unnamed company, inviting him to a video conference via a message purporting to be from the organization’s chief financial officer (CFO). While on the video conference, the employee was joined by what looked and sounded sufficiently like his CFO and other colleagues to convince him to make a fraudulent transfer of company funds.
Commercial surveillance technology targeting smartphones, once the province of spymasters, is now becoming widely available on the open market. It is not only high-profile individuals such as politicians who are now threatened but also business people and ordinary smartphone users.
Half of the known zero-day exploits (a previously unknown vulnerability) used against Google and Android devices can be attributed to commercial surveillance vendors (CSVs), according to a new 50-page report from Google, Buying Spying: Insights into Commercial Surveillance Vendors.
“The commercial surveillance industry has emerged to fill a lucrative market niche: selling cutting edge technology to governments around the world that exploit vulnerabilities in consumer devices and applications to surreptitiously install spyware on individuals’ devices,” says Google.
According to Chainalysis, the estimated total value received by ransomware attackers reached $1.1B in 2023.
The Chainalysis report also states that the estimated $1.1B only pertains to ransomware demands collected, and does not account for operational and third-party disruption costs.
Specialists from the Netherlands’ Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) announced a Chinese nation-state-sponsored malware ‘Coathanger’ and its breach on the Dutch Ministry of Defense (MoD).
The stealthy ‘Coathanger’ malware’s code revealed a remote access trojan (RAT) specifically built to infiltrate Fortinet’s FortiGate firewalls through the ‘CVE-2022-42475’ vulnerability, which resulted in stolen user account credentials from the Dutch MoD’s servers.
‘Pig Butchering’, a new and particularly mean and ruthless form of cryptocurrency fraud that originated in China, has evolved into a global scourge.
Sha zhu pan, which translates as “pig-butchering”, uses sophisticated fraudulent decentralized finance (DeFi) applications to bypass most of the defenses provided by mobile device vendors. WhatsApp is the preferred platform for targets outside China; Telegram is also used, as is Skype.
According to cybersecurity firm Sophos: “Originating in China at the beginning of the COVID pandemic, ‘pig butchering’ scams have expanded globally ever since, becoming a multi-billion-dollar fraud phenomenon.”
Officials from the Administrative Office of Pennsylvania Courts announced their website was hit by a Distributed Denial of Service (DDoS) attack, which the city says did not compromise data or halt government operations.
The attack is now being investigated by the U.S. Department of Homeland Security and the Federal Bureau of Investigation to uncover the hackers behind the attack and to ensure it is not a symptom of a larger-scale ransomware attack.
Silicon Valley has a new problem – a generation that is turning off its digital lifestyle and ditching its smartphones. Gen Z, young people born between 1997 and 2012, have given Silicon Valley’s meticulously planned digital future for humanity a firm thumbs down.
Fifty percent of Gen Z’ers are interested in taking a break from their smartphones, while only 20 percent of Boomers, people born from 1946 to 1964, want a break, according to a survey from web-hosting company Squarespace. Last year, smartphone sales shipments dipped by around 70 million units, hitting the lowest shipment level in a decade, driven by falling sales in North America and China. At the same time, the new generation is buying old-school flip phones, nicknamed ‘dumbphones’, in preference to the latest Apple smartphones.
According to market researcher Counterpoint Research: “Feature phones in the US market have made a resurgence as Gen Z and millennials are advocating for digital detoxes due to the mental health concerns brought on by smartphones and social media…Given the relatively cheap price point of feature phones ($20-$50 with a prepaid carrier and $50-$100 unlocked), more people are trying out these devices and sharing their experiences on social media.”.
The US Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions placed on six Iranian officials behind cyberattacks on US critical infrastructure entities.
The Treasury Department further stated all six officials have strong involvement in US critical infrastructure attacks using Israel-made programmable logic controllers and are suspected to span the water, healthcare, and public sectors.
France-based Schneider Electric became the latest utility company to succumb to a ransomware attack on January 17, when some of its business divisions serving several critical industries were taken down. Although access to the system was eventually re-opened on January 31st, the incident underlines the growing seriousness of cyber-attacks aimed at the West’s critical infrastructure. Schnieder Electric has an annual turnover of over 42 billion and employs over 150,000 people.
The ransomware attack on Schneider Electric coincides with news that, in the US, the Federal Bureau of Investigation (FBI) has recently neutralized a botnet controlled by a Chinese threat group. The White House had previously authorized the FBI to take down the botnet after federal agencies and private sector researchers had accused cyberespionage gang Volt Typhoon of a major campaign aimed at a wide range of the US’s critical infrastructure.
CISA and EPA Launch Water Sector Cyber Toolkit Amid the recent string of critical water infrastructure cyber attacks, the Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) co-launched a toolkit to fortify the cybersecurity posture of water and wastewater systems in the United States. The water sector cyber toolkit serves as […]
admin
