China’s "Salt Typhoon" hackers have breached U.S. telecoms, raising cyber tensions. Experts warn of the threat to international stability, emphasizing the need for collaborative strategies to prevent escalation amid ongoing economic competition.
The EU’s ESMA calls for mandatory crypto cybersecurity audits as threats grow, while the U.S. expands AI in defense with a focus on responsible use. Both moves underscore the need for stricter tech policies to safeguard assets and uphold ethical standards in evolving digital realms.
Tech giants Meta, Google, Apple, Microsoft, and Tesla are propelling the S&P 500's bull market ahead of the U.S. elections. Robust earnings from these companies have boosted investor confidence, driving gains despite election uncertainties and global tensions impacting the outlook.
June's Key Developments in Security, Money, & Cybercrime Crackdowns
In today's mid June Cyber Pulse edition the CNC Team explores the rise in ransomware incidents, China-backed Hackers Exploit Fortinet Vulnerability, AI-driven cyber threats and more
Severe Penalties for Cybercriminals in Zambia Sends a Stark Warning
In a landmark case, several cyberhackers and scammers who orchestrated a complex fraud operation targeting Zambian victims have been sentenced to lengthy prison terms.
This severe punishment marks a significant step in the global fight against cybercrime. The convicted individuals, part of a well-organised international syndicate, exploited advanced hacking techniques and social engineering tactics to defraud countless victims, causing substantial financial losses and emotional turmoil.
Victims as far afield as Singapore, Peru, and the United Arab Emirates fell prey to their online scams, according to Zambian authorities.
The harsh sentences delivered by the court underscore the gravity of their crimes and serve as a stern warning to others engaged in similar illicit activities.
The operation culminated in the arrest of 77 suspects in April, following a crackdown on a Chinese-run company in Lusaka, in response to an alarming rise in internet fraud cases.
After a trial lasting several weeks, 22 of the perpetrators pleaded guilty to charges of computer-related misrepresentation, identity-related crimes, and illegally operating a network or service.
These key figures received sentences ranging from several years to over a decade in prison, reflecting the severity of their criminal activities.
The Zambian government and law enforcement agencies have vowed to intensify their efforts to dismantle such criminal networks, employing cutting-edge technology and international collaboration.
This case sets a new precedent for cybercrime penalties in the region, signalling an ominous future for those who seek to exploit the digital realm for nefarious purposes.
China-backed Hackers Exploit Fortinet Vulnerability to Breach 20,000 Systems Globally
State-sponsored threat actors, backed by China, exploited a critical security flaw in Fortinet FortiGate systems, compromising 20,000 devices worldwide between 2022 and 2023.
This operation, broader in scope than previously understood, highlights significant global cybersecurity risks.
The Dutch National Cyber Security Centre (NCSC) revealed in a recent bulletin that these attackers were aware of the vulnerability at least two months before Fortinet publicly disclosed it.
"During this so-called zero-day period, the actor alone infected 14,000 devices," the NCSC stated.
The cyber campaign targeted multiple Western governments, international organisations, and numerous companies in the defence industry, although specific entities were not named.
This revelation builds on an advisory from February 2024, which reported that the attackers had breached a computer network used by the Dutch armed forces by exploiting CVE-2022-42475, a vulnerability with a CVSS score of 9.8 that allows remote code execution.
Cloud Security Alliance and Google Reveal AI Trends in Cybersecurity.
55% of organisations plan to adopt GenAI solutions within this year, signalling a substantial surge in GenAI integration.
48% of professionals expressed confidence in their organisation’s ability to execute a strategy for leveraging AI in security.
12% of security professionals believe AI will completely replace their role.
There is a notable disconnect between C-suite executives and IT/security staff regarding the understanding and implementation of AI. While 52% of C-suite executives report high familiarity with AI technologies, only 11% of staff share this sentiment
CNC Perspective
We have been anticipating the rise of artificial intelligence, and now it is becoming a common tool in the industry. Despite this, the McKinsey report indicates that we are not fully prepared, especially with the rapid growth of generative AI.
AI technologies, such as machine learning and natural language processing, are already integral to our daily operations. AI can understand, diagnose, and fix problems from both structured and unstructured data without requiring special code.
It is also highly effective in cybersecurity for detecting threats, recognizing anomalies in code, and identifying unauthorised devices and users within a network. Additionally, AI can assist SOC analysts in drafting comprehensive reports.
The trend towards AI tech could significantly impact data security. AI enhances safety in our connected world by facilitating security analytics and making operations easier to orchestrate.
However, it also poses risks as hackers can leverage AI to identify vulnerabilities and automate attacks, creating an asymmetrical threat landscape. While AI offers substantial benefits, it is crucial to be aware of its potential to be exploited maliciously.
Fortinet Expands Cloud Arsenal with $1 Billion Acquisition of Lacework: Enhancing Security from Code to Cloud
Fortinet (NASDAQ: FTNT), a longstanding cybersecurity vendor, announced on Monday its plan to acquire Lacework, a cloud security startup valued at over $1 billion. While the financial details remain undisclosed, this acquisition is set to enhance Fortinet's cloud security offerings.
Founded in January 2015 by Sanjay Kalra (CPO) and Vikram Kapoor (CTO), Lacework aimed to simplify and automate enterprise cloud security. The company raised $1.9 billion in funding from notable investors like Google Ventures, Altimeter Capital, and Sutter Hill Ventures.
This deal will allow Fortinet to modernise its cloud security products by incorporating Lacework's advanced cloud data security technologies, which are already used by around 1,000 customers globally.
Fortinet plans to integrate Lacework's CNAPP product into its Unified SASE offering, providing comprehensive security from code to cloud.
“Specifically, the combination will allow customers to protect what’s happening inside the cloud app along with what’s happening between the app and the outside world,” said Fortinet executive John Maddison.
Fortinet assured a smooth transition for Lacework's customers and partners as part of this acquisition.
Apple Intelligence Announced at WWDC 2024
At this week’s WWDC 2024, Apple unveiled its vision for artificial intelligence, focusing less on the notion that an AI revolution will transform the world and more on the idea that an intuitive user experience can bring long-term benefits and, in the case of finicky neural networks in particular, feel like less of a rabbit hole than more explicit interfaces.
By limiting users to essentially three ways to generate images, all with an emphasis on tone rather than specificity (animation, illustration or sketch), Image Playground simplifies the AI image generation process compared with more specialised tools like MidJourney or DALL·E.
Meanwhile, to harness new advances in AI with private cloud compute without giving up one’s privacy, Apple makes the most of recent gains at the processor level. Feedforward, the computational method used for neural networks (and given its name in 1988 by computer scientists Bart Selman, David Haussler and Michael Kearns), still requires vast amounts of data.
Apple’s latest AI strategy also includes more mundane but equally defining experiences like an advanced iPad calculator app, all of it showing a specific commitment to get AI into user experiences. Focused feedback has also largely been positive from the tech industry – from fans to analysts to industry wide experts
Government Study Aims to Thwart Hackers by Exploiting Their Biases
The Intelligence Advanced Research Projects Activity (IARPA), part of the Office of the Director of National Intelligence, has launched a government-funded study to better understand and exploit hackers' biases and vulnerabilities to improve cybersecurity.
Five research teams, led by Charles River Analytics, GrammaTech, Peraton Labs, Raytheon Technologies Research Center, and SRI International, are involved in this project.
Approximately 150 experts, including scientists, software engineers, psychologists, and social scientists, are working to develop tools that predict and influence hacker behaviour.
"We think we can affect the attackers’ judgement and reaction and behaviour to the benefit of the offenders,” said Kimberly Ferguson-Walter, program manager.
Researchers face the challenge of studying hackers, who are not easily accessible subjects. To overcome this, they will analyse white-hat hackers and simulate hacker environments using employees and students with advanced computer skills.
The project's first phase, lasting about 18 months, aims to identify key decision-making biases and human limitations relevant to cybercriminals. The subsequent phases will focus on understanding and measuring ways to alter hackers' behaviour, developing software tools to counteract these biases, and integrating artificial intelligence to enhance these defences.
Ferguson-Walter hopes to create "an arsenal of new kinds of defences" for the US intelligence community and potentially for commercial use.
Google Mandiant latest insights: Surge in Ransomware Activity in 2023
Mandiant's latest report reveals a significant uptick in ransomware activity in 2023 compared to the previous year. The analysis shows a 75% increase in posts on data leak sites (DLS) and over a 20% rise in Mandiant-led ransomware investigations. The resurgence in ransomware incidents is primarily driven by the profitability of these operations, with over $1 billion USD paid to attackers in 2023.
Notably, about one-third of new ransomware families identified were variants of previously known ransomware, indicating an evolution in existing threats rather than the emergence of entirely new ones.
Attackers are increasingly using legitimate remote access tools instead of traditional malware like Cobalt Strike BEACON to facilitate their operations.
Ransomware Deployment Tactics and Patterns
Mandiant's observations highlight that ransomware is often deployed rapidly, with almost one-third of incidents seeing ransomware deployed within 48 hours of initial access.
The majority of these attacks occur outside of regular work hours, predominantly in the early morning. This trend suggests attackers are strategically timing their operations to maximise impact and minimise the likelihood of detection.
The report emphasises the need for robust cybersecurity measures and offers practical guidance in its white paper, "Ransomware Protection and Containment Strategies," to help organisations harden their defences and protect critical infrastructure, identities, and endpoints.
Dynamics and Future Outlook
The ransomware landscape in 2023 saw the highest volume of posts on shaming sites since tracking began in early 2020, with Q3 2023 alone breaking records with over 1,300 posts. Despite significant law enforcement actions against prolific RaaS groups like ALPHV and LOCKBIT in late 2023 and early 2024, threat actors continue to demonstrate resilience.
New ransomware groups, such as RansomHub, are actively recruiting affiliates from disrupted operations, mirroring tactics used by LockBit RaaS.
While the full impact of these law enforcement actions is yet to be seen, the immediate aftermath indicates a temporary reduction in activity from some groups and the rise of new entrants eager to capitalise on the void left by dismantled networks.
AI-Related Security Concerns Among Experts: “Generative AI in Cybersecurity: Friend or Foe?”
A new report from Deep Instinct reveals that 97% of senior cybersecurity experts believe their organisations will eventually face an AI-driven security incident. The "Voice of SecOps" report, which surveyed 500 senior cyber experts from various industries including finance, healthcare, and critical infrastructure, highlights the growing concern over AI-powered attacks.
These experts are witnessing an escalation in the sophistication and frequency of AI-related threats, prompting an urgent need for robust cybersecurity strategies.
Identity-Related Breaches: A Growing Concern
In parallel, a report by CyberArk underscores the critical issue of identity-related breaches, with 93% of organisations experiencing two or more such incidents in the past year.
The report highlights that machine identities are the primary drivers of identity growth and are seen as the riskiest type of identity. Alarmingly, only 38% of organisations classify all human and machine identities with sensitive access as privileged users, pointing to a significant gap in security practices.
Critical Tech Skills Shortage Looms
A recent IDC Research survey warns of an impending IT skills shortage that is expected to affect 90% of organisations within the next two years. This shortage is obstructing digitization projects and the adoption of new technologies, including generative artificial intelligence (genAI).
The survey, which included over 800 North American IT leaders, revealed that nearly two-thirds have experienced missed revenue growth objectives, quality problems, and a decline in customer satisfaction due to a lack of skilled personnel.
Overcoming Skills Shortages
"Getting the right people with the right skills into the right roles has never been so difficult," says Gina Smith, PhD, research director for IDC's IT Skills for Digital Business practice.
"As IT skills shortages widen and the arrival of new technology accelerates, enterprises must find creative ways to hire, train, upskill, and reskill their employees. A culture of learning is the single best way to get there."
However, organisations are facing significant challenges in expanding their employees' skills, including resistance to training. Common complaints include that courses are too long, learning options are too limited, and there is insufficient alignment between skills and career goals. Addressing these issues is crucial to overcoming the skills crisis and ensuring long-term business success.
Massive Data Breach at Frontier: Over 2 Million Affected by RansomHub Cyberattack
The recent cyberattack on Frontier Communications by the rising ransomware gang RansomHub, posted this week on its leak site, casts a dark shadow over the telecommunications industry.
With over 2 million individuals' sensitive information compromised, this incident underscores a grim reality: even large, well-resourced companies are vulnerable to the relentless and evolving threats posed by cybercriminals.
Despite implementing containment measures and reporting the breach to the SEC, Frontier’s inability to prevent such a significant data compromise highlights critical weaknesses in cybersecurity defences that many companies continue to face.
An April cyberattack on a large telecommunications company has been claimed by a ransomware gang that is gaining steam as a cybercriminal operation.
Experts from NCC Group said RansomHub was the third most prolific ransomware gang that operated in March, with at least 27 attacks.
The group’s emergence has reinforced a longstanding assertion by security researchers that ransomware gangs are nebulous operations, with affiliates moving between different operations and selling stolen data or access to different groups.
This attack is indicative of a broader and more troubling trend. RansomHub, which has already claimed several high-profile victims, including Change Healthcare and Christie’s, represents a new breed of ransomware gangs that are not only sophisticated but also aggressive and opportunistic.
Their ability to exploit the shutdowns or failures of other ransomware groups, like LockBit and AlphV, by recruiting their displaced affiliates, signals an adaptive and resilient threat landscape.
Cybercriminals and state-sponsored actors exploit social media for espionage and disinformation. Telegram is under fire for sharing data with Russia’s FSB, prompting Ukraine to restrict it. OpenAI's Ben Nimmo fights AI-driven disinformation targeting U.S. and European elections.
This week’s Cyber Pulse Mid-Week Briefings cover Australia’s new Cyber Security Bill, rising ransomware claims, Zscaler's AI-driven platform growth, and cyber threats from East Asia, including Chinese influence operations, North Korean tech theft, and costly global data breach claims.
Telegram is tightening its policies, sharing user IPs and phone numbers of criminals with authorities. As hybrid warfare blends state-backed hacking with cybercrime, Telegram faces pressure to curb illegal activities exploiting its encryption features.