In this week's Cyber Pulse, we delve into the escalating cyber threats and advancements in AI technology shaping the global landscape
Australia has emerged as a major hub for cybercriminal activity, ranking among the top 10 sources of phishing attacks worldwide. The year 2023 saw an alarming 479.3% surge in phishing content hosted within the country, with the manufacturing sector particularly hard-hit.
Adding to the complexity, the rise of deepfake technology has enabled more realistic and convincing phishing attacks, compelling platforms like Facebook and Instagram to introduce stringent new policies to combat these threats. As cybercriminals become more sophisticated, the need for robust defences and vigilant cybersecurity measures has never been more critical.
Meanwhile, the automotive industry faces significant disruption following dual cyberattacks on CDK Global, a crucial software provider for car dealerships across North America.
These attacks, which forced CDK to shut down critical systems, have crippled operations at thousands of dealerships. Additionally, Optus remains under scrutiny after the Federal Court rejected its attempt to keep a forensic investigation report on a major data breach confidential.
On the AI front, major announcements from OpenAI’s former chief scientist Ilya Sutskever and Anthropic’s release of Claude 3.5 Sonnet highlight the rapid advancements in AI technology, while Microsoft’s latest report on AI-powered disinformation campaigns linked to the Chinese government underscores the growing threat of AI-driven manipulation in global politics.
Australia remains a hotbed for cybercriminal activity, ranking among the top 10 global sources of phishing attacks. The year 2023 saw an alarming 479.3% surge in phishing content hosted within the country. According to Sophos, the release of its annual State of Ransomware 2024 survey report, found that the average ransom payment has increased by 297% in the last year. Particularly hard-hit was the manufacturing industry, which endured over 5.9 million phishing attacks from January to December. This unprecedented wave of cyber threats underscores a critical vulnerability in Australia's digital infrastructure.
Adding to the complexity of this threat landscape is the rise of deepfake technology. Cybercriminals are increasingly using AI-generated audio, video, and text to create more convincing and realistic phishing attacks. This technological advancement has forced major platforms like Facebook and Instagram to implement stringent new policies aimed at curbing the use of AI-deepfakes. Despite these efforts, the sophistication of these attacks continues to grow, posing a significant challenge to cybersecurity measures worldwide. The evolving nature of these threats calls for heightened vigilance and more robust defences to protect against the ever-increasing risk of cyber intrusions.
The automotive industry has been rocked by a series of cyberattacks targeting CDK Global, a major software provider for car dealerships across North America. The first attack occurred on June 19, 2024, forcing CDK to shut down most of its systems, including its dealership management system (DMS) and other critical applications used by over 15,000 dealerships. Just as the company was recovering from the initial incident, a second cyberattack struck late on June 19, prompting CDK to once again shut down its systems. Brad Holton, CEO of Proton Dealership IT, a cybersecurity and IT services firm for car dealerships, told BleepingComputer that the attack caused CDK to take its two data centres offline at approximately 2 AM Thursday Morning.
The impact of these attacks has been widespread and severe, crippling operations at thousands of car dealerships across the United States and Canada. Dealerships have been left unable to access customer records, complete transactions, handle repair orders, or schedule appointments. Many have resorted to manual processes or have had to send employees home due to the outages. The company has advised that its systems may be unavailable for several days, causing significant disruption during the peak summer car-buying season.
The Federal Court recently rejected Optus' bid to keep a forensic investigation report on a significant data breach confidential, a decision that paves the way for class action lawyers to scrutinise the document. This breach, which compromised the personal information of up to 9.8 million customers, including driver’s licences, passport numbers, home addresses, and dates of birth, underscores a severe lapse in Optus' data protection measures. Despite the court's ruling, as of June 14, 2024, Optus has yet to submit the Deloitte-authored report to the Australian Communications and Media Authority (ACMA), raising serious concerns about its commitment to transparency and regulatory compliance.
Adding to the gravity of the situation, the ACMA has alleged that Optus breached the law by failing to adequately protect its customers' personally identifiable information from hackers. This allegation highlights the telco's systemic failures in safeguarding sensitive data and points to broader issues within its security protocols. Optus' reluctance to disclose the forensic report not only hinders regulatory oversight but also exacerbates public distrust. This incident underscores the urgent need for stricter regulatory measures and greater corporate accountability in the handling of personal data. The Federal Court's decision sets a critical precedent for transparency and accountability in the aftermath of significant data breaches.
Ilya Sutskever, OpenAI’s co-founder and former chief scientist, is starting a new AI company focused on safety. In a post on Wednesday, Sutskever revealed Safe Superintelligence Inc. (SSI), a startup with “one goal and one product:” creating a safe and powerful AI system.
The announcement describes SSI as a startup that “approaches safety and capabilities in tandem,” letting the company quickly advance its AI system while still prioritising safety. It also calls out the external pressure AI teams at companies like OpenAI, Google, and Microsoft often face, saying the company’s “singular focus” allows it to avoid “distraction by management overhead or product cycles.”
Microsoft's latest cyber-threat report reveals an alarming rise in AI-driven disinformation campaigns linked to the Chinese government. These campaigns are increasingly targeting voters in the United States and other countries, aiming to manipulate public opinion and create discord. According to the report, "These operations are designed to exploit divisive domestic political issues," with the ultimate objective of influencing election outcomes.
Central to these disinformation efforts are deepfakes—AI-generated images, videos, or audio recordings that appear incredibly realistic, making them difficult to identify as fake. The sophistication of these AI-generated deepfakes poses a significant threat to democratic processes. Microsoft's report emphasises that these disinformation campaigns utilise deepfakes to create false narratives and mislead the public, a tactic that may prove increasingly effective over time.
The AI arms race just hit another milestone: Anthropic has unleashed Claude 3.5 Sonnet, their newest and most impressive AI model yet. This powerhouse is designed to take on the best of the best, including OpenAI’s GPT-4o and Google’s Gemini, and it’s already turning heads with its performance. Claude 3.5 Sonnet is available now for all Claude users on the web and iOS, and developers can get their hands on it too. This model sits in the middle of Anthropic’s lineup—right between the smaller Haiku and the high-end Opus. But don’t be fooled by its “middle” status; Claude 3.5 Sonnet outperforms the previous 3 Opus by a wide margin and operates at twice the speed. That’s right, it’s not just smarter; it’s faster too.
AI benchmarks can be tricky, but Claude 3.5 Sonnet’s results are hard to ignore. It outscored GPT-4o, Gemini 1.5 Pro, and Meta’s Llama 3 400B in seven out of nine overall benchmarks and four out of five vision benchmarks. These numbers suggest that Anthropic has built a serious contender in the AI space. For those eager to dive deeper, check out Anthropic’s official site for more details on Claude 3.5 Sonnet and see how it’s setting new standards in the AI world.
Cybercriminals and state-sponsored actors exploit social media for espionage and disinformation. Telegram is under fire for sharing data with Russia’s FSB, prompting Ukraine to restrict it. OpenAI's Ben Nimmo fights AI-driven disinformation targeting U.S. and European elections.
This week’s Cyber Pulse Mid-Week Briefings cover Australia’s new Cyber Security Bill, rising ransomware claims, Zscaler's AI-driven platform growth, and cyber threats from East Asia, including Chinese influence operations, North Korean tech theft, and costly global data breach claims.
Telegram is tightening its policies, sharing user IPs and phone numbers of criminals with authorities. As hybrid warfare blends state-backed hacking with cybercrime, Telegram faces pressure to curb illegal activities exploiting its encryption features.
DDoS attacks are on the rise globally, targeting the Middle East, Israel, Ukraine, and key sectors like software, telecom, and banking.
