Cisco faces fallout from a massive data leak exposing critical files, while China accuses the U.S. of cyber espionage amid rising tech tensions. AI governance sparks debate as Europe enforces strict rules, and ASIC sues HSBC for $23M scam failures. Global cyber affairs take center stage this week.
ASIC is suing HSBC Australia over $23M in scam losses, alleging systemic failures in fraud detection and delays in resolving complaints. Meanwhile, Singapore's proposed anti-scam law aims to freeze accounts of scam victims to prevent further losses, sparking debate on privacy and autonomy.
Broadcom joins Nvidia in the $1 trillion club, reshaping the AI chip race with a 51% revenue surge in Q4 2024 and VMware's $69B acquisition. As China invests $25B to boost semiconductor self-reliance, U.S.-China tensions escalate, redefining global innovation and geopolitical power dynamics.
BlackSuit Ransomware Strikes Again! The notorious hackers behind last year's Dallas attack have rebranded as BlackSuit, now demanding $500 million in ransoms! The FBI and CISA confirm the group's new identity, with aggressive tactics and enhanced methods to pressure victims into paying up.
The hackers behind the infamous ransomware attack on Dallas last year have rebranded as a new group named BlackSuit, demanding over $500 million in ransoms. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) updated their advisory, confirming that the group, formerly known as Royal, now operates under the BlackSuit name.
The new advisory provides extensive technical details to help defenders identify the group's activities, which included ransom demands reaching up to $60 million. The transition to BlackSuit branding was noted as early as November, and recent attacks continue under this new name.
“Ransom demands have typically ranged from approximately $1 million to $10 million, with payment demanded in Bitcoin,” the agencies stated. “BlackSuit actors have exhibited a willingness to negotiate payment amounts.” The advisory highlights numerous coding similarities linking the Royal and BlackSuit groups, while also noting BlackSuit's enhanced capabilities.
The hackers predominantly use phishing emails for initial access, followed by disabling antivirus software, exfiltrating large amounts of data, and deploying ransomware. A rise in direct communication from BlackSuit actors to victims has been observed, a tactic aimed at pressuring ransom payments.
New technical data on BlackSuit, derived from FBI threat response incidents as of July 2024, reveals the hackers' use of legitimate tools and accounts to navigate victim systems. They deactivate antivirus software and maintain access using remote monitoring and management software. The advisory also lists IP addresses for organizations to investigate.
BlackSuit has claimed responsibility for several recent attacks on U.S. schools, colleges, prominent companies, and local governments. CISA Director Jen Easterly emphasised the urgency of cybersecurity, stating, “Because of ransomware attacks, people are waking up to the idea of ‘what do I need to do to protect my family and my community?’”
LAS VEGAS — Recent global technology outages caused by a CrowdStrike update should serve as a “dress rehearsal” for potential destructive cyberattacks from China-linked hackers, warns Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA). Speaking at the BlackHat cybersecurity conference, Easterly highlighted that escalating tensions between China and Taiwan have led Beijing to explore ways to launch destructive attacks against Taiwan and its allies, including the U.S.
“We are building resilience into our networks and our systems so that we can withstand a significant disruption or at least drive down the recovery time to be able to provide services,”
Easterly said, describing the CrowdStrike incident as a useful exercise in preparation for possible Chinese cyberattacks.
U.S. officials continue to hunt for and eliminate compromises caused by Volt Typhoon, a Chinese state-sponsored group aiming to prepare for such attacks. While China has denied involvement, CISA and the FBI have repeatedly warned that Volt Typhoon hackers are “seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.” Evidence of Volt Typhoon hackers has been found in U.S. critical infrastructure in Guam and near other military bases, aiming to slow potential mobilisation of forces.
Easterly stressed the importance of building resilience now to prepare for massive disruptions. The CrowdStrike incident affected thousands of hospitals, airports, and businesses worldwide, requiring extensive IT work to resolve. CISA worked alongside other government agencies and Microsoft to provide mitigation guidance and assess the impact on critical infrastructure. Easterly emphasised the need for coordination, stating, “This is exactly what China wants to do,” and urged the public to be prepared for incidents causing significant technology outages.
SINGAPORE - Keppel Telecommunications & Transportation (KTT) has been fined $120,000 after failing to delete personal data from a server of a business it sold in 2022, which was subsequently hacked. The Personal Data Protection Commission (PDPC) revealed in a decision published online on August 2 that personal data belonging to about 22,659 people was at risk of unauthorised access and leakage.
The affected individuals included current and former employees of KTT and its subsidiaries, KTT’s shareholders when it was listed on the Singapore Exchange, and those with business dealings with the company. Evidence of the data leak surfaced when a ransomware group published nine encrypted files on the Dark Web, claiming they contained personal data of up to 7,184 individuals. "Such failures in data protection are unacceptable and must be addressed with utmost urgency," a PDPC spokesperson commented.
Despite KTT's inability to confirm if all personal data was compromised, the leak included signatures, images of identification cards, and bank account numbers.
Investigations revealed that an unknown entity infiltrated the server on September 5, 2022, through a compromised account of a vendor for Geodis Logistics Singapore (GLS), divested from KTT two months prior. The PDPC found KTT failed to delete the personal data after migrating it to cloud storage in 2020 and before selling the business in 2022. Although KTT took prompt actions to mitigate the incident's impact and cooperated fully with investigations, the PDPC cited systemic shortcomings in KTT’s data protection processes, leading to the fine.
ASIC is suing HSBC Australia over $23M in scam losses, alleging systemic failures in fraud detection and delays in resolving complaints. Meanwhile, Singapore's proposed anti-scam law aims to freeze accounts of scam victims to prevent further losses, sparking debate on privacy and autonomy.
As Black Friday scams surge, Australians face rising threats with $500K lost to fake sites. Meanwhile, Salt Typhoon targets telecom giants in a global espionage campaign. RomCom exploits zero-day vulnerabilities on Firefox and Windows, while Trump eyes an 'AI czar' to reshape US tech policy.
Hacker "UnicornLover67" claims to have data on 47,300 Telstra employees, raising concerns in Australia. The UK launches an AI Security Lab to counter Russian cyber threats. The EU's Cyber Resilience Act mandates strict digital security from December 2024, with heavy fines for non-compliance.
Australia’s push for bold social media laws to protect youth faces challenges, Bunnings sparks backlash over its facial recognition rollout, and AI fuels parliamentary security debates. These key issues underscore the growing tension between innovation, governance, and safeguarding privacy rights.
