Cisco faces fallout from a massive data leak exposing critical files, while China accuses the U.S. of cyber espionage amid rising tech tensions. AI governance sparks debate as Europe enforces strict rules, and ASIC sues HSBC for $23M scam failures. Global cyber affairs take center stage this week.
ASIC is suing HSBC Australia over $23M in scam losses, alleging systemic failures in fraud detection and delays in resolving complaints. Meanwhile, Singapore's proposed anti-scam law aims to freeze accounts of scam victims to prevent further losses, sparking debate on privacy and autonomy.
Broadcom joins Nvidia in the $1 trillion club, reshaping the AI chip race with a 51% revenue surge in Q4 2024 and VMware's $69B acquisition. As China invests $25B to boost semiconductor self-reliance, U.S.-China tensions escalate, redefining global innovation and geopolitical power dynamics.
In this Cyber Bites edition: North Korean IT workers resort to extortion, Singapore tightens chatbot controls, Casio faces a ransomware setback, and China challenges Intel amid U.S. tech rivalry. The stakes in cybersecurity are higher than ever!
In this edition, we delve into a series of global incidents that underscore the escalating cyber risks facing businesses, governments, and tech industries. North Korean IT operatives, under the guise of legitimate employment, are exploiting companies through extortion, creating new avenues for corporate vulnerability. Meanwhile, Singapore is stepping up efforts to safeguard AI systems, issuing guidelines that could serve as a template for global cybersecurity in the age of rogue chatbots and misinformation threats.
Across industries, the impact of cyberattacks continues to grow. Casio, a renowned Japanese watchmaker, has been hit hard by a ransomware attack, leading to product delays and data compromises. This incident highlights the operational and financial fallout that even the most established companies face when they fall victim to cybercrime.
Finally, the intensifying U.S.-China tech race takes centre stage, with China’s cybersecurity watchdog targeting Intel over alleged security risks, emphasising the geopolitical stakes tied to technology. As the global tech rivalry deepens, the scrutiny on supply chains and national security is reshaping the competitive landscape.
A recent report by cybersecurity firm Secureworks has revealed that a North Korean group known as Nickel Tapestry is escalating its illicit activities. Initially focused on securing illegal employment for North Korean IT professionals abroad, the group is now enabling these workers to steal sensitive data from their employers. This information is then used for extortion if the workers are terminated, posing significant risks to companies worldwide.
To mitigate these threats, businesses are advised to conduct thorough screenings of job applicants, including on-site interviews when possible. Red flags include candidates who are reluctant to participate in video calls, often citing malfunctioning webcams, and the use of remote access tools like Chrome Remote Desktop and AnyDesk if these are not standard within the company.
Companies should also monitor for connections to suspicious VPN IP addresses, such as those associated with Astrill VPN. Secureworks notes that these operatives are adapting by experimenting with new software to facilitate video calls, indicating evolving tactics to bypass security measures.
The Cyber Security Agency of Singapore (CSA) has published new guidelines to help businesses safeguard their AI systems against potential threats, including rogue chatbots that could disseminate misinformation or offensive content. Released on October 15, the "Guidelines on Securing AI Systems" urge companies to rigorously test and regularly monitor AI deployments, especially those interacting with the public or handling confidential customer data.
The CSA highlights dangers such as prompt injection attacks, where malicious text manipulates chatbots into revealing sensitive information from connected systems. Businesses are encouraged to perform frequent risk assessments, diligently audit machine learning systems, and scrutinise every component of their AI supply chain—including training data and models—to prevent vulnerabilities and malware.
The guidelines also recommend implementing user feedback channels for reporting concerns and establishing contingency plans for AI-related incidents. Announcing the guidelines at the Singapore International Cyber Week, Senior Minister and Coordinating Minister for National Security Teo Chee Hean emphasised the importance of managing risks associated with emerging technologies like AI to build trust in the digital domain.
Japanese watchmaker Casio has announced that product delivery delays will continue into November due to a ransomware attack that disrupted its systems on October 5. The cyberattack has caused significant backlogs in the delivery of items requested for repair, with many products delayed. The company is aiming to restore its systems by the end of November and has temporarily suspended the acceptance of repairs for personal products until then.
Casio confirmed the ransomware attack on October 11, stating that several systems were rendered unusable. The attack was later claimed by the "Underground" ransomware group, which alleges to have stolen approximately 205 GB of data, offering samples as proof. The company also acknowledged that personal information of temporary and contract employees, as well as data related to job applicants and business partners, was compromised. Japanese police and data privacy regulators have been notified. The incident underscores the significant operational and financial impact ransomware attacks can have on manufacturing companies, disrupting production and leading to substantial losses.
HONG KONG/TAIPEI – In a move that underscores the escalating technology race between China and the United States, the Cyber Security Association of China has called for a systematic cybersecurity review of Intel's products. The state-linked body warned that the leading U.S. chipmaker "continues to engage in actions that harm Chinese interests and threaten China's national security."
Chaired by a former senior official of the Cyberspace Administration of China, the association criticised Intel for allegedly selling central processing units (CPUs) with frequent security loopholes. "Using Intel products poses serious security risks to China," the association stated in an official post on Wednesday. It further accused Intel of ignoring customer complaints and cited a potential class-action lawsuit by U.S. law firm Abington Cole + Ellery over Intel's 13th and 14th generation Core CPUs.
The association also alleged that Intel, along with other companies like HP, is exploiting co-designed technologies to monitor server users.
"Intel actively cut off supply and services to Chinese companies such as Huawei and ZTE—a typical act of 'eating from the same bowl, but smashing the pot when done,'" the post added.
Intel, which counts China as one of its top revenue sources contributing about 27% of its global total last year, responded by emphasising its commitment to security.
"Security has long been a top priority for Intel, and we go to great lengths to protect our customers," the company said in a statement. "We look forward to working with the relevant officials on this matter to clarify any questions that may exist and demonstrate Intel’s deep commitment to the safety and security of our products."
This development comes as China aggressively seeks to reduce its dependence on foreign semiconductor suppliers amid severe U.S. export restrictions on advanced chips and chipmaking equipment. The scrutiny of Intel not only raises concerns over the security of supply chains but also highlights the competitive tensions in the global tech industry. As one Chinese official put it,
"Security risks in key technologies are not just technical issues but strategic ones that impact national interests."
Cisco faces fallout from a massive data leak exposing critical files, while China accuses the U.S. of cyber espionage amid rising tech tensions. AI governance sparks debate as Europe enforces strict rules, and ASIC sues HSBC for $23M scam failures. Global cyber affairs take center stage this week.
Australians face rising cyber scams during holiday shopping, with scammers using AI-driven tactics like phishing and deepfakes. Spending $70B online puts consumers at risk, as reports show $30.7K average losses. Visa's new measures push beyond SMS OTPs to combat fraud. Stay vigilant.
Cisco faces a major data breach, AT&T agrees to a $13M settlement for mishandling customer data, and Notion’s founders are revolutionising enterprise operations with AI-driven tools. Discover the latest developments impacting cybersecurity and business tech innovation.
Japan is racing to develop "unbreakable" quantum encryption by 2030. Chinese hackers breached US wiretap systems, Japan is tackling AI deepfake scams, and China is advancing silicon photonics to evade US tech bans. The cybersecurity competition is intensifying.
