This week, we dive into the major shake-up in Singapore as banks overhaul security measures to combat phishing threats, and Australian authorities crack down on Medibank in one of the largest health fund legal cases.
Welcome back to the Mid-July Cyber Scan Headlines and AI Insights midweek edition! This week, we dive into the major shake-up in Singapore as banks overhaul security measures to combat phishing threats, and Australian authorities crack down on Medibank in one of the largest health fund legal cases. Meanwhile, OpenAI reveals a groundbreaking hierarchical system for tracking AGI progress, and tech giants Microsoft and Apple withdraw their board observers from OpenAI amid rising antitrust scrutiny.
In the business world, Google makes headlines with a potential $23 billion acquisition of cybersecurity startup Wiz, marking its largest deal since 2012. Plus, Australia's fertility treatment landscape gets a futuristic boost with the arrival of AI-powered IVF technology from AIVF. Stay tuned for all these stories and more in this action-packed edition of Cyber Scan!
In response to the escalating threat of phishing scams, the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) have announced significant security upgrades for major retail banks. Over the next three months, these banks will phase out One-Time Passwords (OTPs) for customers using digital tokens, shifting to a more secure authentication method to safeguard online accounts.
Phishing scams have become increasingly sophisticated, exploiting vulnerabilities in OTPs through tactics like fake banking websites. By requiring digital tokens for login authentication, Singapore's banks aim to provide stronger protection against unauthorised access, enhancing the overall security and resilience of the banking sector.
Mrs. Ong-Ang Ai Boon, Director at ABS, emphasised the importance of these measures, stating,
"This initiative is crucial for providing customers with enhanced security against unauthorised access. While it may cause some inconvenience, these steps are necessary to prevent scams and protect customers' financial data.”
The recently disclosed AT&T data breach has been linked to an American hacker residing in Turkey. The telecom giant reportedly paid a substantial ransom to ensure the stolen information was deleted. In April, hackers exfiltrated customer call and text records from AT&T’s workspace on a third-party cloud platform, affecting nearly all wireless customers.
The compromised data included phone numbers, call or text counts, and call durations but not the content of calls or texts. “While the data doesn’t include customer names, there are often ways to find a name associated with a phone number using publicly available online tools,” AT&T stated. The company confirmed that “at least one person has been apprehended” and is notifying approximately 110 million customers about the breach.
Additional details emerged over the weekend, revealing AT&T paid roughly $370,000 in bitcoin to prevent the data from being leaked. This hacker, a member of the notorious ShinyHunters group, provided proof of the transaction. Initially demanding a $1 million ransom, the hacker settled for less and showed AT&T a video of the data being deleted.
The customer data originated from the Snowflake data storage platform, which has seen multiple breaches, including those of major companies like Ticketmaster and Neiman Marcus. Wired reported that John Binns, an American hacker in Turkey known for hacking T-Mobile, is implicated in the breach. Binns was arrested in May 2024, leading to the ransom payment being redirected to another ShinyHunters member. Despite the data's deletion, samples may have been shared with others before the ransom was paid.
Last month, the Australian Information Commissioner sued Medibank over one of the largest data breaches of Australian customer information. The 2022 breach exposed the personal details of 9.7 million customers on the dark web, revealing sensitive health information. Home Affairs Minister Clare O'Neil condemned the attackers as "cowards and scumbags" for stealing and publishing personal data.
Comparing the Medibank lawsuit to other major global data breaches highlights its unique aspects. Although the scale, affecting 9.7 million, is significant, it pales in comparison to breaches like Yahoo's, which impacted over 3 billion accounts, and LinkedIn's, with 700 million records exposed.
However, the sensitivity of the data involved in the Medibank breach, particularly health information, makes it especially severe. The lawsuit by the Australian Information Commissioner underscores a growing trend where government regulators are increasingly taking legal action against companies for failing to protect customer data, reflecting similar global movements towards stricter data protection laws.
In the broader context, the Medibank breach and the ensuing lawsuit are notable due to the sensitive nature of the data and the regulatory response. Medibank’s refusal to pay the ransom demanded by the attackers aligns with the Australian Cyber Security Centre (ACSC) guidelines and O'Neil's advice, reflecting a firm stance against cybercriminals.
The Home Affairs Minister , who spearheaded the 2030 Cybersecurity Strategy for Australia, also announced in November 2023, the Six Shields program to enhance accountability, education and Cyber Security resources program with “Red Spice” aimed towards the development of a globally secure economy by 2030 . She has flagged reforms to protect personal data, including making it illegal to pay ransoms to hackers and pushing for tighter data retention regulations, calling current laws a "national vulnerability."
OpenAI has recently unveiled a new five-level system to track progress towards Artificial General Intelligence (AGI), as reported by Bloomberg. This classification system aims to provide a structured framework for understanding the advancement of AI capabilities and potential risks associated with each stage.
Currently, we are at level one, which includes conversational AI like ChatGPT, considered to pose minimal risk. The next level, termed Reasoners, involves AI systems solving basic problems as effectively as a human with a doctorate-level education. OpenAI believes it is on the cusp of reaching this stage with the upcoming GPT-5 model.
The higher levels—Agents, Innovators, and Organisations—represent progressively advanced AI capabilities, from acting autonomously to managing entire organisational functions. While the system offers a clear framework for benchmarking progress and assessing risks, it has faced criticism for being too broad and potentially accelerating rapidly through stages.
Critics like Mario Canestra argue that once level two is achieved, progression to higher levels may occur swiftly, possibly undermining the system's utility. Additionally, ethical concerns remain due to the recent dissolution of OpenAI's safety team and the departure of key researchers.
Microsoft and Apple are stepping back from their board observer roles at OpenAI, likely due to rising antitrust scrutiny. These roles, initially intended to provide visibility without direct influence, have instead led to increased regulatory pressure. Martin Peers from The Information suggests that the regulatory scrutiny made these roles "not worth the hassle," especially given the intensified focus from regulatory bodies in the US and UK.
This strategic shift underscores the delicate balance between fostering innovation and navigating regulatory landscapes. With Microsoft's deep partnership with OpenAI and Apple's recent involvement through integrating ChatGPT into iPhones, it seems that both companies must have found an alternative way to maintain their strategic advantages with Open AI board members without attracting undue regulatory attention.
Google is in advanced talks for its largest acquisition since 2012, as Alphabet Inc. (NASDAQ: GOOGL), the parent company of Google, is reportedly negotiating to acquire cybersecurity startup Wiz for approximately $23 billion.
This acquisition would surpass Google's previous record purchase of Motorola Mobility for $12.5 billion in 2012 and underscores the company's strategic pivot towards enhancing its cloud security offerings. Wiz, founded in 2020, has rapidly become a prominent player in the cybersecurity sector, providing comprehensive security analysis across major cloud platforms like AWS, Azure, and Google Cloud.
The timing of this potential acquisition is particularly noteworthy, as it comes just days after Alphabet decided to abandon its plans to acquire HubSpot, a marketing software company valued at over $24 billion. The decision to forgo the HubSpot deal was reportedly influenced by concerns over potential antitrust scrutiny. This move to acquire Wiz aligns more seamlessly with Alphabet's long-term goals in the cybersecurity domain, an area deemed less contentious and more critical for its cloud service expansion.
AIVF, a leading IVF company, has introduced its AI-powered fertility technologies to the Australian market, aiming to accelerate time to pregnancy and improve clinical success rates. Developed through five years of intensive research, AIVF's technology analyses embryos using advanced AI models, including the Embryo Resilience Model, Morphokinetics Model, and Segmentation Model, to enhance the effectiveness of fertility treatments. These innovations are expected to revolutionise the IVF process by providing more precise embryo evaluations and improving overall outcomes.
The Australian fertility treatment market, valued at US$527.82 million in 2023, is projected to grow to US$670.26 million by 2030. AIVF's entry into this market signifies a significant advancement in fertility care.
"We are excited to bring our innovative solutions to Australia, marking a significant step forward in our mission to support individuals and couples on their journey to parenthood," said Daniella Gilboa, CEO and co-founder of AIVF.
This optimistic outlook underscores the potential impact of AI-driven technologies on improving fertility treatment success rates and optimising patient care.
In this Cyber Bites edition: North Korean IT workers resort to extortion, Singapore tightens chatbot controls, Casio faces a ransomware setback, and China challenges Intel amid U.S. tech rivalry. The stakes in cybersecurity are higher than ever!
Cisco faces a major data breach, AT&T agrees to a $13M settlement for mishandling customer data, and Notion’s founders are revolutionising enterprise operations with AI-driven tools. Discover the latest developments impacting cybersecurity and business tech innovation.
Cybercriminals and state-sponsored actors exploit social media for espionage and disinformation. Telegram is under fire for sharing data with Russia’s FSB, prompting Ukraine to restrict it. OpenAI's Ben Nimmo fights AI-driven disinformation targeting U.S. and European elections.
This week’s Cyber Pulse Mid-Week Briefings cover Australia’s new Cyber Security Bill, rising ransomware claims, Zscaler's AI-driven platform growth, and cyber threats from East Asia, including Chinese influence operations, North Korean tech theft, and costly global data breach claims.
