In today's mid June Cyber Pulse edition the CNC Team explores the rise in ransomware incidents, China-backed Hackers Exploit Fortinet Vulnerability, AI-driven cyber threats and more
In a landmark case, several cyberhackers and scammers who orchestrated a complex fraud operation targeting Zambian victims have been sentenced to lengthy prison terms.
This severe punishment marks a significant step in the global fight against cybercrime. The convicted individuals, part of a well-organised international syndicate, exploited advanced hacking techniques and social engineering tactics to defraud countless victims, causing substantial financial losses and emotional turmoil.
Victims as far afield as Singapore, Peru, and the United Arab Emirates fell prey to their online scams, according to Zambian authorities.
The harsh sentences delivered by the court underscore the gravity of their crimes and serve as a stern warning to others engaged in similar illicit activities.
The operation culminated in the arrest of 77 suspects in April, following a crackdown on a Chinese-run company in Lusaka, in response to an alarming rise in internet fraud cases.
After a trial lasting several weeks, 22 of the perpetrators pleaded guilty to charges of computer-related misrepresentation, identity-related crimes, and illegally operating a network or service.
These key figures received sentences ranging from several years to over a decade in prison, reflecting the severity of their criminal activities.
The Zambian government and law enforcement agencies have vowed to intensify their efforts to dismantle such criminal networks, employing cutting-edge technology and international collaboration.
This case sets a new precedent for cybercrime penalties in the region, signalling an ominous future for those who seek to exploit the digital realm for nefarious purposes.
State-sponsored threat actors, backed by China, exploited a critical security flaw in Fortinet FortiGate systems, compromising 20,000 devices worldwide between 2022 and 2023.
This operation, broader in scope than previously understood, highlights significant global cybersecurity risks.
The Dutch National Cyber Security Centre (NCSC) revealed in a recent bulletin that these attackers were aware of the vulnerability at least two months before Fortinet publicly disclosed it.
"During this so-called zero-day period, the actor alone infected 14,000 devices," the NCSC stated.
The cyber campaign targeted multiple Western governments, international organisations, and numerous companies in the defence industry, although specific entities were not named.
This revelation builds on an advisory from February 2024, which reported that the attackers had breached a computer network used by the Dutch armed forces by exploiting CVE-2022-42475, a vulnerability with a CVSS score of 9.8 that allows remote code execution.
Security pros are cautiously optimistic about AI according to a survey report by the Cloud Security Alliance and Google Cloud, titled “The State of AI and Security Survey Report”
We have been anticipating the rise of artificial intelligence, and now it is becoming a common tool in the industry. Despite this, the McKinsey report indicates that we are not fully prepared, especially with the rapid growth of generative AI.
AI technologies, such as machine learning and natural language processing, are already integral to our daily operations. AI can understand, diagnose, and fix problems from both structured and unstructured data without requiring special code.
It is also highly effective in cybersecurity for detecting threats, recognizing anomalies in code, and identifying unauthorised devices and users within a network. Additionally, AI can assist SOC analysts in drafting comprehensive reports.
The trend towards AI tech could significantly impact data security. AI enhances safety in our connected world by facilitating security analytics and making operations easier to orchestrate.
However, it also poses risks as hackers can leverage AI to identify vulnerabilities and automate attacks, creating an asymmetrical threat landscape. While AI offers substantial benefits, it is crucial to be aware of its potential to be exploited maliciously.
Fortinet (NASDAQ: FTNT), a longstanding cybersecurity vendor, announced on Monday its plan to acquire Lacework, a cloud security startup valued at over $1 billion. While the financial details remain undisclosed, this acquisition is set to enhance Fortinet's cloud security offerings.
Founded in January 2015 by Sanjay Kalra (CPO) and Vikram Kapoor (CTO), Lacework aimed to simplify and automate enterprise cloud security. The company raised $1.9 billion in funding from notable investors like Google Ventures, Altimeter Capital, and Sutter Hill Ventures.
This deal will allow Fortinet to modernise its cloud security products by incorporating Lacework's advanced cloud data security technologies, which are already used by around 1,000 customers globally.
Fortinet plans to integrate Lacework's CNAPP product into its Unified SASE offering, providing comprehensive security from code to cloud.
“Specifically, the combination will allow customers to protect what’s happening inside the cloud app along with what’s happening between the app and the outside world,” said Fortinet executive John Maddison.
Fortinet assured a smooth transition for Lacework's customers and partners as part of this acquisition.
At this week’s WWDC 2024, Apple unveiled its vision for artificial intelligence, focusing less on the notion that an AI revolution will transform the world and more on the idea that an intuitive user experience can bring long-term benefits and, in the case of finicky neural networks in particular, feel like less of a rabbit hole than more explicit interfaces.
By limiting users to essentially three ways to generate images, all with an emphasis on tone rather than specificity (animation, illustration or sketch), Image Playground simplifies the AI image generation process compared with more specialised tools like MidJourney or DALL·E.
Meanwhile, to harness new advances in AI with private cloud compute without giving up one’s privacy, Apple makes the most of recent gains at the processor level. Feedforward, the computational method used for neural networks (and given its name in 1988 by computer scientists Bart Selman, David Haussler and Michael Kearns), still requires vast amounts of data.
Apple’s latest AI strategy also includes more mundane but equally defining experiences like an advanced iPad calculator app, all of it showing a specific commitment to get AI into user experiences. Focused feedback has also largely been positive from the tech industry – from fans to analysts to industry wide experts
The Intelligence Advanced Research Projects Activity (IARPA), part of the Office of the Director of National Intelligence, has launched a government-funded study to better understand and exploit hackers' biases and vulnerabilities to improve cybersecurity.
Five research teams, led by Charles River Analytics, GrammaTech, Peraton Labs, Raytheon Technologies Research Center, and SRI International, are involved in this project.
Approximately 150 experts, including scientists, software engineers, psychologists, and social scientists, are working to develop tools that predict and influence hacker behaviour.
"We think we can affect the attackers’ judgement and reaction and behaviour to the benefit of the offenders,” said Kimberly Ferguson-Walter, program manager.
Researchers face the challenge of studying hackers, who are not easily accessible subjects. To overcome this, they will analyse white-hat hackers and simulate hacker environments using employees and students with advanced computer skills.
The project's first phase, lasting about 18 months, aims to identify key decision-making biases and human limitations relevant to cybercriminals. The subsequent phases will focus on understanding and measuring ways to alter hackers' behaviour, developing software tools to counteract these biases, and integrating artificial intelligence to enhance these defences.
Ferguson-Walter hopes to create "an arsenal of new kinds of defences" for the US intelligence community and potentially for commercial use.
Mandiant's latest report reveals a significant uptick in ransomware activity in 2023 compared to the previous year. The analysis shows a 75% increase in posts on data leak sites (DLS) and over a 20% rise in Mandiant-led ransomware investigations. The resurgence in ransomware incidents is primarily driven by the profitability of these operations, with over $1 billion USD paid to attackers in 2023.
Notably, about one-third of new ransomware families identified were variants of previously known ransomware, indicating an evolution in existing threats rather than the emergence of entirely new ones.
Attackers are increasingly using legitimate remote access tools instead of traditional malware like Cobalt Strike BEACON to facilitate their operations.
Mandiant's observations highlight that ransomware is often deployed rapidly, with almost one-third of incidents seeing ransomware deployed within 48 hours of initial access.
The majority of these attacks occur outside of regular work hours, predominantly in the early morning. This trend suggests attackers are strategically timing their operations to maximise impact and minimise the likelihood of detection.
The report emphasises the need for robust cybersecurity measures and offers practical guidance in its white paper, "Ransomware Protection and Containment Strategies," to help organisations harden their defences and protect critical infrastructure, identities, and endpoints.
The ransomware landscape in 2023 saw the highest volume of posts on shaming sites since tracking began in early 2020, with Q3 2023 alone breaking records with over 1,300 posts. Despite significant law enforcement actions against prolific RaaS groups like ALPHV and LOCKBIT in late 2023 and early 2024, threat actors continue to demonstrate resilience.
New ransomware groups, such as RansomHub, are actively recruiting affiliates from disrupted operations, mirroring tactics used by LockBit RaaS.
While the full impact of these law enforcement actions is yet to be seen, the immediate aftermath indicates a temporary reduction in activity from some groups and the rise of new entrants eager to capitalise on the void left by dismantled networks.
A new report from Deep Instinct reveals that 97% of senior cybersecurity experts believe their organisations will eventually face an AI-driven security incident. The "Voice of SecOps" report, which surveyed 500 senior cyber experts from various industries including finance, healthcare, and critical infrastructure, highlights the growing concern over AI-powered attacks.
These experts are witnessing an escalation in the sophistication and frequency of AI-related threats, prompting an urgent need for robust cybersecurity strategies.
In parallel, a report by CyberArk underscores the critical issue of identity-related breaches, with 93% of organisations experiencing two or more such incidents in the past year.
The report highlights that machine identities are the primary drivers of identity growth and are seen as the riskiest type of identity. Alarmingly, only 38% of organisations classify all human and machine identities with sensitive access as privileged users, pointing to a significant gap in security practices.
A recent IDC Research survey warns of an impending IT skills shortage that is expected to affect 90% of organisations within the next two years. This shortage is obstructing digitization projects and the adoption of new technologies, including generative artificial intelligence (genAI).
The survey, which included over 800 North American IT leaders, revealed that nearly two-thirds have experienced missed revenue growth objectives, quality problems, and a decline in customer satisfaction due to a lack of skilled personnel.
"Getting the right people with the right skills into the right roles has never been so difficult," says Gina Smith, PhD, research director for IDC's IT Skills for Digital Business practice.
"As IT skills shortages widen and the arrival of new technology accelerates, enterprises must find creative ways to hire, train, upskill, and reskill their employees. A culture of learning is the single best way to get there."
However, organisations are facing significant challenges in expanding their employees' skills, including resistance to training. Common complaints include that courses are too long, learning options are too limited, and there is insufficient alignment between skills and career goals. Addressing these issues is crucial to overcoming the skills crisis and ensuring long-term business success.
The recent cyberattack on Frontier Communications by the rising ransomware gang RansomHub, posted this week on its leak site, casts a dark shadow over the telecommunications industry.
With over 2 million individuals' sensitive information compromised, this incident underscores a grim reality: even large, well-resourced companies are vulnerable to the relentless and evolving threats posed by cybercriminals.
Despite implementing containment measures and reporting the breach to the SEC, Frontier’s inability to prevent such a significant data compromise highlights critical weaknesses in cybersecurity defences that many companies continue to face.
An April cyberattack on a large telecommunications company has been claimed by a ransomware gang that is gaining steam as a cybercriminal operation.
Experts from NCC Group said RansomHub was the third most prolific ransomware gang that operated in March, with at least 27 attacks.
The group’s emergence has reinforced a longstanding assertion by security researchers that ransomware gangs are nebulous operations, with affiliates moving between different operations and selling stolen data or access to different groups.
This attack is indicative of a broader and more troubling trend. RansomHub, which has already claimed several high-profile victims, including Change Healthcare and Christie’s, represents a new breed of ransomware gangs that are not only sophisticated but also aggressive and opportunistic.
Their ability to exploit the shutdowns or failures of other ransomware groups, like LockBit and AlphV, by recruiting their displaced affiliates, signals an adaptive and resilient threat landscape.
This week’s Cyber Pulse Mid-Week Briefings cover Australia’s new Cyber Security Bill, rising ransomware claims, Zscaler's AI-driven platform growth, and cyber threats from East Asia, including Chinese influence operations, North Korean tech theft, and costly global data breach claims.
Telegram is tightening its policies, sharing user IPs and phone numbers of criminals with authorities. As hybrid warfare blends state-backed hacking with cybercrime, Telegram faces pressure to curb illegal activities exploiting its encryption features.
DDoS attacks are on the rise globally, targeting the Middle East, Israel, Ukraine, and key sectors like software, telecom, and banking.
BlackSuit Ransomware Strikes Again! The notorious hackers behind last year's Dallas attack have rebranded as BlackSuit, now demanding $500 million in ransoms! The FBI and CISA confirm the group's new identity, with aggressive tactics and enhanced methods to pressure victims into paying up.
