Tag: Microsoft
The UK is at ‘High Risk’ of Ransomware Attacks – December 14th
The Joint Committee on National Security Strategy (JCNSS) published a report "A hostage to fortune: ransomware and UK National Security," which revealed the UK's lack of planning against ransomware attacks. Targeted mainly at the critical cyber infrastructure of the UK government, the JCNSS report warns that a severe attack could disrupt the core of government services, healthcare, and child protection, which could lead to bringing the country to a 'standstill'.
US aerospace company hit by cyber-attack
An unknown threat actor has breached an as-yet-unnamed US aerospace company. According to BlackBerry, who first highlighted the attack, the threat actor’s weaponization of a phishing attack became operational around September 2022, with the offensive phase of the attack occurring almost a year later in July of this year. The cybercriminals responsible, whom BlackBerry has christened “AeroBlade,” are believed to have used the intervening nine months to develop the additional resources necessary to ensure access to the aerospace company’s systems to exfiltrate potentially highly valuable information - pointing to a high degree of professionalism and persistence on the part of the attacker.
Storm gathers over the cloud
News of the mass exploitation of ownCloud customers as a result of a zero-day vulnerability follows revelations earlier this month of a critical security vulnerability in Microsoft’s Azure cloud platform. Reports of gaping security flaws in cloud services come at a bad time for cloud service providers in general and Microsoft in particular. The Seattle-based computing giant is currently doing its utmost to persuade the US, UK, and Australian governments that its Azure Government Cloud is the best way for the AUKUS trio to securely update cross-border information and enhance mutual collaboration. This might prove problematic for Microsoft, whose Azure platform was recently proven to have a critical vulnerability, and some of whose government clients suffered a series of serious breaches earlier this year.
167% Rise in Malicious Bot Attacks Reported – November 23rd
Arkose Labs reported a 167% rise in malicious bot attacks for the first half of 2023. The Arkose Labs report focused on bots also stated that 73% of all website and app traffic measured comprised of malicious bots in order to initiate attack types such as SMS toll fraud, web scraping, card testing, and credential stuffing.
Interpol demands global action to tackle cybercrime
Interpol is demanding that the world’s governments and business leaders act together to stem the rapidly rising global tide of cybercrime. Speaking this week at the Global Cybersecurity Forum in Riyadh, Interpol's assistant director of cybercrime operations, Bernardo Pillot, urged the world’s governments and business leaders to adopt a more collective approach to online dangers.
Enterprises face a steep rise in insider threats
As we predicted earlier this year, harsh economic conditions across Western democracies are acting as a catalyst for cybercrime - particularly those cyber-attacks that target staff inside the organization. As cybersecurity becomes more effective, cybercriminals are finding ways to bypass digital security barriers by victimizing and sometimes terrorizing key personnel within the target organization.
Google’s Vulnerability Rewards Program (VRP) Expansion – October 27th
Google's Vulnerability Rewards Program (VRP), a program made to reward researchers who find system vulnerabilities, has been expanded for generative AI. Google explained the expansion of the VRP as a reaction to the risks brought by AI, and the magnified implications it has for traditional digital security.
BHI Energy comes clean about devastating data breach – October 24th
US energy firm BHI Energy has shared details about an Akira ransomware gang attack that breached its network in May this year. The gang used a third-party contractor's account to reach BHI's internal network through a VPN connection. In the weeks that followed the breach, 767K files, containing 690 GB of data were stolen. These included BHI's Windows Active Directory database.
Senior citizens targeted in Phantom Hacker scam – October 12th
State security in Pennsylvania, US has warned against a new hacker scam targeting senior citizens, called Phantom Hacker. The scam artists attempt to convince senior citizens that their accounts holding financial details have been hacked. They then suggest transferring money into an 'alias' account under the guise of being federal agency officials.
Cloud security compromised by constant upgrades
There is mounting evidence that companies may have been naive in accepting Big Tech’s optimistic assurances that sensitive data can be stored more securely in the cloud than on the company’s own servers. In its latest Attack Surface Threat report, Silicon Valley-based cybersecurity firm Palo Alto Networks reveals that the cloud has now become “the dominant attack surface”, with four out of five security vulnerabilities observed in organizations across all sectors coming from a cloud environment.
China uses AI to power new propaganda campaign
China has stepped up its propaganda and disinformation war with the US in the latest escalation of the Chinese Communist Party (CCP)’s cyber war on the West. Microsoft reports a marked rise in CCP-affiliated covert influence operations that engage with target US audiences on social media.
Threat actors’ preferred names? Microsoft, Meta, and Google
Microsoft, PayPal, Facebook, Google, and Amazon are some of the world's most respected brands, but they're also the most impersonated. With 300,000 successful phishing attacks recorded last year in the US alone and 71% of organizations experiencing an attempted or actual business email compromise the issue is only getting worse.