As we kick off the final week of June, there's a lot of upheaval in the realms of cyber threats, deepfake political interference, and the adoption of generative AI in security. Australian corporates are leading the charge with innovative cybersecurity measures, deploying Microsoft's Copilot for Security to bolster their defences against an ever-evolving landscape of digital threats.
Meanwhile, the NHS is reeling from a significant data breach caused by a ransomware attack, underscoring the critical need for robust cybersecurity in healthcare.
Political landscapes are also under siege as deepfakes emerge as powerful tools for disinformation. Reports from Trustwave and Microsoft reveal how these AI-generated videos are being strategically used to sway voter opinions and disrupt democratic processes. The implications extend beyond politics, affecting businesses and public figures, with deepfakes posing a real threat to reputations and economic stability.
In addition to these challenges, there's ongoing discord between security vendor Kapersky and the US government, particularly in light of recent allegations of links to Russia.
This week's CyberScan dives into these critical issues, providing insights into the complex interplay between cybersecurity innovations and the persistent threats posed by malicious actors.
Australian Corporates Exploring Generative AI In Cybersecurity
Australian organisations such as Australian Super, Powerlink Queensland, and TAL are pioneering the use of Microsoft's Copilot for Security, a cutting-edge generative AI security tool. This advanced product leverages large language models and Microsoft's extensive global threat intelligence to enable security teams to respond to threats swiftly and at scale. Early studies have demonstrated notable improvements in both the speed and accuracy of security analysts utilising Copilot, significantly enhancing their ability to manage and mitigate threats effectively.
Initially offered through Microsoft’s Early Access Program (EAP) starting in December 2023, Copilot for Security became available for general purchase earlier this month. It operates on a consumption-based pay-as-you-go model, making it accessible to organisations across Australia. Microsoft emphasises the critical importance of speed in cybersecurity, citing data from its Digital Defence Report which reveals that attackers can access an organisation’s private data within 72 minutes via a phishing email and start moving laterally within the network in just over an hour. By employing generative AI, defenders can respond to security incidents in a fraction of the time, underscoring the transformative potential of AI-driven security solutions in protecting corporate networks.
Kaspersky Denies Being a Security Threat Following U.S. Software Ban
The US Department of State has enacted a Kaspersky antivirus ‘ban’, citing threats to national security, that forbids current and future government entities from purchasing Kaspersky antivirus software, and blocks Kaspersky from entering into new and renewal agreements with the private sector after 20 July 20, 2024. After 29 September 20, 2024, Kaspersky will no longer be able to provide antivirus updates to its products and will be barred from continuing to operate its Kaspersky Security Network in the United States.
The Commerce Department that made the decision was explicit in noting in its June 14 ruling, published in the Federal Register on 25 June, that Kaspersky does a substantial portion of its business in Russia; that its founder Eugene Kaspersky is a Russian citizen who lives in Russia and is, accordingly, subject to Russian law.
Even though Kaspersky Corps objected to the findings of the investigation it launched, the Commerce Department ultimately found its decision to prohibit the software was“well supported.”
Major NHS Cyber Attack Leads To Significant Data Leak And Service Disruptions
The NHS is grappling with what is feared to be its most significant patient data leak in years following a ransomware attack on June 3rd. This cyber attack, orchestrated by the Russian-speaking cyber crime group Qilin, disrupted pathology services at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust in London. More than 1,130 planned operations and 2,190 outpatient appointments have been postponed, with an additional 1,294 outpatient appointments and 320 planned operations delayed between June 10th and June 16th. The attack targeted Synnovis, a pathology services provider for the NHS, causing widespread disruptions and diverting 46 organs to other trusts in the second week alone. NHS London declared a regional incident and has been actively managing the aftermath, yet insiders predict that recovery could take months.
Late on Thursday, Qilin uploaded 104 files, amounting to almost 400GB of data stolen from Synnovis. Cyber security firm Secureworks indicated that the files were compressed, potentially containing even more data if downloaded. NHS England is working with the National Cyber Security Centre and other partners to quickly ascertain the contents of the published files and determine whether they include patients’ personal details and test results. The investigation is ongoing as the NHS strives to mitigate the impact of this unprecedented cyber attack and restore normalcy to the affected services.
CDK Remains Crippled by Latest Cyber Attack
Retail software provider CDK Global remains in the grip of a severe cyberattack that first struck on June 19, 2024. The initial attack forced CDK to shut down most of its systems, including its dealership management system (DMS) and other critical applications used by over 15,000 dealerships. As the company was beginning to recover, a second cyberattack hit later the same day, prompting another shutdown of its systems. CDK Global has announced that it will likely take several days for its software to be fully operational again, as nearly 15,000 car dealerships across North America continue to experience significant disruptions.
CDK Global reported on Saturday that it has begun restoring its software, but the process will be gradual. A company spokesperson told CNN that they are actively engaging with customers and providing alternative ways to conduct business during the outage. The company is also investigating the shutdown after two cyber incidents brought its systems to a standstill, though it has not confirmed the perpetrators. U.S. media reports suggest the company was negotiating with an Eastern European-based hacker group demanding tens of millions of dollars in ransom. In the meantime, car manufacturers and dealerships have scrambled to implement temporary solutions to maintain retail operations, and CDK has advised employees to be cautious of phishing scams and secure sensitive information.
Ongoing Phishing Concerns And Increase Use Of Deepfakes: The Menacing Rise Of Cyber Attacks In Australia
Australia remains a hotbed for cybercriminal activity, ranking among the top 10 global sources of phishing attacks. The year 2023 saw an alarming 479.3% surge in phishing content hosted within the country. According to Sophos, the release of its annual State of Ransomware 2024 survey report, found that the average ransom payment has increased by 297% in the last year. Particularly hard-hit was the manufacturing industry, which endured over 5.9 million phishing attacks from January to December. This unprecedented wave of cyber threats underscores a critical vulnerability in Australia's digital infrastructure.
Adding to the complexity of this threat landscape is the rise of deepfake technology. Cybercriminals are increasingly using AI-generated audio, video, and text to create more convincing and realistic phishing attacks. This technological advancement has forced major platforms like Facebook and Instagram to implement stringent new policies aimed at curbing the use of AI-deepfakes. Despite these efforts, the sophistication of these attacks continues to grow, posing a significant challenge to cybersecurity measures worldwide. The evolving nature of these threats calls for heightened vigilance and more robust defences to protect against the ever-increasing risk of cyber intrusions
Deepfakes And Presidential Elections: Navigating A Maze Of Cyber Threats And Disinformation
The proliferation of deepfakes on the internet and social media platforms has become a significant cyber threat, particularly in the context of presidential elections. Trustwave analysts and Microsoft have released reports highlighting how these realistic AI-generated videos can sway voter opinions by introducing misinformation. During election campaigns, candidates address crucial issues like healthcare, the economy, and education, and deepfakes can be weaponized to create false narratives, influencing voters' decisions. A single, well-crafted deepfake video can exploit voters' fears and biases, targeting specific demographics based on age, race, and orientation, thereby undermining the democratic process.
The dangers of deepfakes extend beyond elections, affecting organisations, businesses, and public figures. For example, a deepfake video of a CEO making false statements could impact a company's stock or economic stability. Trustwave's report reveals the increasing use of AI-driven disinformation campaigns, particularly those originating from foreign entities aiming to influence elections and create societal discord. To combat this, everyone from voters to social media companies and news media must be vigilant.
The news media plays a critical role in verifying information, while campaign organisations can raise awareness and push for stringent checks on the content posted online. Nations are also implementing legislation to curb the misuse of AI, such as the US Federal Artificial Intelligence Risk Management Act and the EU AI Act. Tools like Intel's FakeCatcher and Deepware, along with expert human analysis, are essential in detecting and mitigating the impact of deepfakes.
Unfortunately, the average person will bear the brunt of vetting campaign ads and videos. Just as people have become aware of phishing and telephone scams, everyone must now question the authenticity of what they see online. For instance, a video showing President Joe Biden making multiple racist comments would be out of character and relatively easy to identify as fake. However, a more plausible scenario, such as a video of President Biden declaring an end to aid for Ukraine, would require viewers to consult multiple news sources to verify its authenticity. This highlights the importance of media literacy and the need for robust detection tools to navigate the growing labyrinth of deepfake threats.
The common fear regarding election interference is that a threat actor will gain access to either ballot machines or the networks that tally votes. However, there is a much easier method a person interested in interfering with a specific election can implement.
