Political tensions are prompting nations to re-strategize cybersecurity. Countries that once sought international cooperation and joint strategies are now prioritizing domestic cyber capacities and national interests as a result of geopolitical instabilities.
An attempt to impersonate White House Chief of Staff Susie Wiles is currently being investigated by US federal agencies. The incident highlights the ongoing dangers posed by key individuals using their personal phones to store the phone numbers of important contacts, now that voice cloning enables cybercriminals to mimic anyone’s voice with ease.
In today’s daily roundup – Deepfake Phishing Targets Trump’s Chief of Staff, ConnectWise Breached by Suspected Nation-State Actor, and Unbound Security Raises $4M Seed Funding.
‘Smishing’ – cybercrime involving sending deceptive SMS text messages – has just been taken to a new and dangerous level by China’s crime syndicates. Cybersecurity company, Resecurity, has discovered a devastating new smishing kit known as “Panda Shop,” which comes complete with interactive manuals on how to use it.
Boeing Employees’ Credit Union (BECU) is a not-for-profit credit union based in Washington, dedicated to improving the financial well-being of its members and communities. It has grown beyond serving Boeing’s employees to more than 1.5 million members and $29 billion in assets. In an exclusive interview, Sean Murphy, Chief Information Security Officer (CISO) at BECU, explains the changing cyber-threats now facing consumers.
The cybersecurity challenges faced by all consumers have escalated with the growth of artificial intelligence (AI). We have witnessed the growing use of botnets, and AI is at such a stage that it can be used to attempt to gain access to accounts on an individual level. The use of virtual private networks (VPNs) simplifies this process and makes it difficult to track. Remember – while organizations are constantly monitoring for threats and attacks, the cybercriminals only have to get it right one time to cause a highly damaging breach. Advanced persistent threats (APTs) have now become a major ongoing threat. Financial institution employees are the first line of defense against cyber attackers and play a key role in protecting consumers. As such, a robust cybersecurity team and the regular training of employees is crucial.
The frequency of Advanced Persistent Threats (APTs) has surged, with Kaspersky’s latest report revealing a 74% increase in such attacks compared to last year. APTs were detected in 25% of organizations, accounting for 43% of high-severity security incidents, highlighting a sharp rise in sophisticated cyber threats.
Kaspersky’s analysis suggests attackers are refining their tactics to bypass security measures, leveraging human-operated techniques rather than automated exploits. The report underscores the growing persistence of APT actors, emphasizing the need for proactive defense strategies across industries.
Companies are largely ignorant of the looming threat of increased artificial intelligence (AI) identity theft, despite the fact that 93 per cent of companies surveyed suffered two or more identity-related breaches in 2024.
According to leading identity management company CyberArk Software, executives and employees alike are overconfident of their ability to spot ongoing ID-theft and subsequent cyber breaches, with over 75 per cent of respondents to a recent survey saying that they are confident their employees can identify deepfake videos or audio of their leaders.
“Employees are [also] largely confident in their ability to identify a deepfake video or audio of the leaders in their organization. Whether we chalk it up to the illusion of control, planning fallacy, or just plain human optimism, this level of systemic confidence is misguided,” warns Cyberark following a survey of 4,000 US-based employees.
Cybercrime just got easier. A new artificial intelligence off-the-shelf phishing kit named darcula now enables even inexperienced cyber criminals to impersonate any corporate brand with a complex, customizable campaign. Phishing generally refers to a form of online fraud where attackers attempt to steal sensitive information such as passwords, credit card numbers, or bank account details.
“The criminals at darcula are back for more blood, and they mean business with one of the more impactful innovations in phishing in recent years. The new version of their “Phishing-as-a-Service” (PhaaS) platform, darcula-suite adds first-of-its-kind personalization capabilities …to allow criminals to build advanced phishing kits that can now target any brand with the click of a button,” says Cybersecurity company, Netcraft.
This coming Friday is St Valentine’s Day and cybercriminals all over the world are rubbing their hands together with glee at the harvest they intend to reap. Developments in artificial intelligence and the widespread availability of off-the-shelf cybercrime software have enabled a new generation of cyber-scams specifically designed around St Valentine’s Day.
In the recent past, cybercriminals typically used February 14th as an excuse to introduce themselves to lonely people with a view to patiently winning their victims’ trust in the short-term and cruelly robbing them of their savings in the longer term.
A new and rising threat to decentralized financing has been identified. Threat intelligence researcher, the Insikt group, has uncovered “Crazy Evil,” a rapidly growing Russian crypto-scam gang that targets cryptocurrency users and influencers. According to Insikt Group, over ten active social media scams are linked directly to Crazy Evil, garnering millions of dollars in illicit funds and infiltrating tens of thousands of devices.
Crazy Evil is what is referred to as a “traffer” team, which Insikt describes as “a collective of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages.” Allegedly operating since 2021 on dark web forums and amassing thousands of followers on their public Telegram channels, Crazy Evil’s primary targets are cryptocurrency users, non-fungible token (NFT) traders and gaming professionals – all of whom often use decentralized platforms with little or no regulatory oversight.
CERT-UA warns of attackers impersonating the agency via fake AnyDesk requests for “security audits.” Remote access should only occur with prior approval through official channels to mitigate these risks.
Amid ongoing cyberattacks linked to the Russo-Ukrainian war, over 1,042 incidents were detected in 2024, including espionage and malware campaigns by groups like Gamaredon and Sticky Werewolf. Pro-Russian and pro-Ukrainian actors continue targeting each other with phishing and credential theft efforts.
Authorities in Korea and Beijing dismantled a sprawling voice phishing syndicate responsible for financial losses totaling US$ 1.1 billion. But South-East Asian observers believe this to be only the tip of an impenetrable iceberg of cybercrime in South-East Asia that is rapidly starting spread around the globe.
The Korean bust was part of an Interpol-co-ordinated global operation involving law enforcement from 40 countries, territories, and regions and has ended with the arrest of over 5,500 financial crime suspects and the seizure of more than US$400 million in virtual assets and government-backed currencies.
Cybercriminals now have an unprecedented of highly effective custom-made tools designed to defraud online retailers and shoppers during the holiday season.
“As we approach the end of 2024, the upcoming holiday season and events like Thanksgiving, Black Friday, Cyber Monday, and Christmas bring millions of shoppers online with attractive discounts and limited-time offers. They also create ideal conditions for cybercriminals to exploit users and shoppers,” warns threat intelligence firm FortiGuard in its report, Threat Actor Readiness for the Upcoming Holiday Season.
Scammers have stolen £11.4 billion from UK citizens over the last 12 months. According to the Global Anti-Scam Alliance’s (GASA) latest report, The State of Scams in the UK, conducted in association with the UK’s leading fraud prevention service, Cifas, this represents an increase of £4 billion over the previous year.
With the Black Friday sales bonanza looming on both sides of the Atlantic, the findings come as a timely warning to online shoppers. GASA and Cifas anticipate a further spike in scam attempts this week and re-urging consumers to remain vigilant. The warning comes as 1 in 7 (15 percent) consumers surveyed said they lost cash to criminals in 2024, an increase from 10 percent in 2023. The average loss per victim was £1,400, and only 18 percent of victims recovered all their money.
Since July of this year, cybersecurity firm Check Point has been tracking an ingenious form of online fraud that is rapidly spreading across the US, Europe, East Asia and South America. The attackers impersonate dozens of legitimate companies, claiming the victim’s organization has infringed their copyright.
Weaponized emails, which appear to come from the legal representatives of the impersonated companies, accuse the recipient of misusing their brand on the target’s social media page and requesting the removal of specific images and videos. The phishing emails are typically sent from Gmail accounts and prompt recipients to download an archive file. which then installs the latest version of the Rhadamanthys infostealer stealer (version 0.7) in order to steal critical information from the victim’s organization.
Software giant Microsoft has made an urgent public announcement that the Russian secret service is currently sending thousands of weaponized spear-phishing emails to key individuals in over 100 organizations in countries including the US and the UK.
According to Microsoft: “The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS)… In some of the lures, the actor attempted to add credibility to their malicious messages by impersonating Microsoft employees.”
A cybercriminal in Alabama, suspected of hacking into the US Securities and Exchange Commission’s (SEC’s) X account, has been arrested. He is accused of using the compromised account to post fake messages, causing the value of Bitcoin to boost by $1,000.
Hacker Eric Council Jr, also known as “EasyMunny” and “AGiantSchnauzer,” was allegedly able to secure the credentials for the SEC’s X account through a method called “Sim Swapping.” The council created a fake ID using the stolen personal information of someone who had access to the X account. With the fake ID, he was able to purchase a SIM card linked to the victim’s phone in a cellphone provider store in Alabama, giving Council access to the victim’s personal information and log-in credentials.
Cyber toolkits for threat actors are now harnessing the latest deepfake technology and artificial intelligence (AI) for targeted email attacks, known as ‘spear-phishing.’ According to cloud cybersecurity firm Egress, a staggering 82 percent of phishing toolkits mentioned deepfakes, and 75 percent referenced AI.
The growing threat presented by the use of deepfakes by cybercriminals was highlighted earlier this year at InfoSecurity Europe in London. Widely available toolkits now enable even relatively unskilled hackers to create highly convincing video and audio clips of chief executives (CEOs) and other senior staff members in any specific organization. All the threat actor needs is a short video clip of the person they wish to impersonate. This can easily be copied from a corporate seminar or from a video podcast.
It feels like fraudsters are consistently staying one step ahead of us. Back in early 2022, a study found that one out of every four accounts made online was fake—and that number has only gotten worse. The auto lending industry, for example, saw a staggering $7.9 billion in losses due to a 98% spike in synthetic fraud in 2023. They’re not alone in fending off more fraud attempts than ever as malicious actors turn to generative artificial intelligence to increase both the sophistication and the sheer number of fake accounts trying to bypass verification steps and swindle businesses.
The increase we’ve seen in synthetic identities is causing a new host of problems. Not only are more businesses finding themselves with fake customers in their systems—financial institutions mistakenly giving credit to synthetic identities, colleges and universities grappling with applications from fake students, and more—but some of the measures being taken to tamp down on fraudsters’ relentless advances have had the unfortunate side effect of pushing away legitimate customers.
This week, the US Department of Justice (DOJ) announced criminal charges against a Chinese national, Song Wu, accused of wire fraud and aggravated identity theft in an effort to obtain National Aeronautics and Space Administration (NASA) computer software and source code.
The DOJ has now revealed that the specialized software allegedly stolen by Song could be used by potentially hostile enemies to attack the US. According to the DOJ, the stolen software could be used for “industrial and military applications, such as development of advanced tactical missiles and aerodynamic design and assessment of weapons.”
A threat actor named “Voldemort” is impersonating tax authorities from governments in Europe, Asia, and the US – targeting dozens of organizations worldwide. Cybersecurity company Proofpoint believes “with moderate confidence” that Voldemort’s ultimate goal is cyber-espionage.
Since August 5 this year, Voldemort, named after the main villain in J. K. Rowling’s Harry Potter children’s books, has sent over 20,000 messages purported to be from various tax authorities to over 70 organizations around the world. The threat actor poses as the US Internal Revenue Services, the UK’s HM Revenue & Customs, France’s Direction Générale des Finances Publiques, Germany’s Bundeszentralamt für Steuern, Italy’s Agenzia delle Entrate, India‘s Income Tax Department and Japan’s National Tax Agency.
Organized cybercriminal gangs have lost little time in attempting to cash in on the ongoing CrowdStrike/Windows outage currently affecting banks, airlines and businesses.
According to the UK’s National Security Cyber Centre: “An increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation. This may be aimed at both organizations and individuals.”
Over 72,000 US consumers may have had their account details compromised following a cyber-attack on denim clothing giant Levi Strauss & Co. Almost two weeks ago, on June 13, Levi’s spotted an unusual spike in activity on its consumer-facing website and immediately realized its users were under threat.
“Our investigation showed characteristics associated with a “credential stuffing” attack where bad actor(s) who have obtained compromised account credentials from another source (such as a third-party data breach) then use a bot attack to test these credentials against another website – in this case www.levis.com,” said Levi’s in a published notice detailing the data breach.
Email scams aimed at business users are becoming increasingly sophisticated and increasingly tough to detect. Threat actors are now using artificial intelligence to research their targets in advance of an attack, a process known as ‘social engineering.’
Phishing attacks and email scams that appear to come from a trusted source make up 35.5% of all socially engineered threats, according to a report from cybersecurity firm Barracuda: Top Email Threats and Trends. Although these types of attacks have been around for some time, cybercriminals have recently devised ingenious new methods to avoid detection and being blocked by email-scanning technologies.
The Los Angeles County Department of Public Health has been breached by a cyber-attack that has compromised the personal information of over 200,000 private individuals. This is the latest breach in a series of major cyber-attacks on the healthcare sector.
As with so many breaches, the Los Angeles County breach was the result of a phishing attack aimed at unsuspecting staff. The attack enabled a hacker to gain the log-in credentials of 53 public health employees and subsequently compromised the personal information of 200,000 patients.
According to the LA County Department of Public Health: “The information identified in the potentially compromised e-mail accounts may have included DPH clients/employees/other individuals’ first and last name, date of birth, diagnosis, prescription, medical record number/patient ID, Medicare/Med-Cal number, health insurance information, Social Security Number, and other financial information.”
Microsoft revealed that it’s placing the AI-powered Copilot+ feature for PCs on hold due to critical safety concerns.
“We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security,” Microsoft said in an update.
Microsoft has identified a new North Korean threat actor, Moonstone Sleet. Also known as Storm-1789, Moonstone Sleet has set up fake companies and job opportunities to engage with potential targets and has even created a fully functioning computer game designed to trap the unwary.
The potentially hostile nation-state of North Korea has long been suspected of resorting to cybercrime, targeting the West to fund its military build-up and commit ongoing cyber espionage against countries such as the US and the UK. But Moonstone Sleet is taking cyber-attacks on the West to new levels of sophistication, posing a threat to all organizations.
Microsoft says Moonstone Sleet “uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and cyberespionage objectives.”
SlashNext’s report revealed a 341% increase in malicious phishing links, business email compromise (BEC), Quishing, and attachment-based threats in the past six months.
“The State of Phishing 2024” report also states that malicious email and messaging threats have increased by 856% over the past 12 months, amplified by the emergence of generative AI.
The US Federal Bureau of Investigation (FBI) has issued a joint advisory warning of a new tactic being used by North Korean intelligence-gathering cyber group Kimsuky. The warning is squarely aimed at think tanks, academic institutions, non-profit organizations, and members of the media in Western countries. Despite North Korea’s previous reliance on revenue from international crime to finance its weapons and military programs, the FBI reports that Kimsuky’s role is intelligence gathering.
Kimsuky exploits an improperly configured Domain Name System (DNS) to mimic legitimate email senders and hack targeted individuals. Without properly configured DNS Domain-based Message Authentication, Reporting, and Conformance (DMARC) policies, malicious hackers can send spoofed emails as if they came from a legitimate domain’s email exchange.
Organized cybercriminals continue to give artificial intelligence (AI) the cold shoulder. New research from US telecoms conglomerate Verizon confirms a report in November from cybersecurity firm Sophos revealing that cybercriminals judged AI to be “overrated, overhyped and redundant.”
According to Verizon’s 2024 Data Breach Investigations Report: “We did keep an eye out for any indications of the use of the emerging field of generative artificial intelligence (GenAI) in attacks and the potential effects of those technologies, but nothing materialized in the incident data we collected globally…The number of mentions of GenAI terms alongside traditional attack types and vectors such as “phishing,” “malware,” “vulnerability,” and “ransomware” was shockingly low, barely breaching 100 cumulative mentions over the past two years.”
International law enforcement is hailing last week’s bust of LabHost, the world’s largest phishing-as-a-service platform, as a major victory in the war against cybercrime. In addition to multiple arrests, the Europol-co-ordinated investigation also unearthed the identities of around 10,000 users of the illegal site, many of whom are now already under police investigation.
The year-long investigation, led by the UK’s London Metropolitan Police, resulted in the arrest of 37 suspects worldwide following Europol-coordinated raids across 70 addresses worldwide. Partners in the investigation also included Chainalysis, Intel 471, Microsoft, The Shadowserver Foundation, and Trend Micro.
Cisco Talos revealed its findings, showing that select Ukranian government agencies have been infected with the ‘OfflRouter’ malware since 2015.
Cisco Talos researcher, Vanja Svajcer said. “The virus is still active in Ukraine and is causing potentially confidential documents to be uploaded to publicly accessible document repositories.”
The US Department of Health and Human Services (HHS) reported that they fell victim to a social engineering scam over the phone, imitating HHS’ financial department, convincing them to hand over ID verification details.
The threat actors, aside from imitating HHS’ financial department, pulled the attack off by using local area codes and AI voice-changing technology to disguise themselves. The surrendered information could lead to threat actors bypassing multifactor authentication (MFA) security.
OpenAI, the maker of Microsoft-backed consumer-facing artificial intelligence (AI) service ChatGPT, may have scored something of an own-goal with the unveiling of Voice Engine, billed as “a model for creating custom voices”.
While OpenAI’s blog on Friday highlights the legitimate use of voice cloning, sometimes referred to as ‘deepfake voice’, such as providing reading assistance to non-readers and children, its widespread availability could soon metamorphose into a cybersecurity nightmare.
Deepfake voice and video software are already being used by cybercriminals to mimic the voices of senior executives to commit financial fraud and other crimes. But the widespread availability and marketing of deepfake voice software is now set to make cybercrime a virtual cottage industry where any number can play. It will open the floodgates to a whole new generation of cybercriminals, terrorists, pranksters, and disgruntled employees.
Google agreed to remove billions of personal records amid the previously announced lawsuit, accusing the tech giant of illegal surveillance.
The personal records belong to approximately 136 million Google Chrome users. To add to the settlement, Google will add more disclosures of the terms for their ‘incognito mode’ feature.
The Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against seven Chinese nationals based in Wuhan, China, for their affiliation with the ‘APT31’ hacking group.
According to OFAC, APT31 is a nation-state-backed Chinese hacking group focused on infiltrating critical infrastructure in Eastern Europe, France, and the US.
Microsoft’s Threat Intelligence arm issued a warning on the rise of new, sophisticated tax phishing scams that could lead to stolen personal and financial data.
These tax-related phishing scams are initiated by impersonating trusted employers, tax agencies, and payment processors. Victims click on a malicious attachment, which leads to a believable landing page designed to capture sensitive information.
An under-the-radar attack that creates fake Google docs is now playing havoc across multiple sectors in the US and UK, particularly in healthcare. Companies’ increasing reliance on widely-used off-the-shelf external software may save costs and create efficiencies in the short-term, but it also offers new inroads for the current generation of increasingly devious and skilled cybercriminals
Cybersecurity firm Netskope has identified a new Google Docs threat in the wild, AZORult infostealer. It is designed to steal sensitive information such as user credentials, browser information, credit card details and crypto-wallet data. A comprehensive study conducted by Netskope’s research team has uncovered a campaign where an attacker created fake Google Docs pages on Google sites from which to download malicious payloads.
Trend Micro reported on an advanced persistent threat actor linked to the Chinese government called ‘Earth Krahang’, compromising over 70 organizations, with a focus on governments.
Focusing on cyber espionage, ‘Earth Krahang’ and its attacks target government agencies, affecting 48 government organizations across Asia, the Americas, Europe, and Africa.
Editorial Team
