Cyber News

AI Set to Play Key Role in Future Phishing Attacks and More in This Week's Cyber News

With cyber threats constantly on the rise, staying informed about the latest news and developments in the field is essential for maintaining digital safety. Because of this, cybersecurity remains a critical concern for organisations, governments, and individuals. In this blog post, we will explore the top cybersecurity news stories from this week, shedding light on significant events, and noteworthy security incidents.

This week new research revealed that SMEs struggle to identify and prioritise critical threat remediation, Carpetright revealed that they were targeted by hackers, and the US congress passed a bill to ban TikTok.

Overloaded by Security Tools, SMEs Struggle to Respond to Threats

The findings of a new survey reveal a troubling trend for small and medium-sized businesses (SMEs): The complexity of managing numerous security tools is overwhelming IT staff, leading them to miss critical security alerts and leaving companies vulnerable.

The survey found a staggering 73% of security professionals in SMEs have failed to address critical alerts. The top reasons cited were lack of staff and insufficient time. These professionals are swamped by the demands of monitoring security platforms, managing, and updating devices and security agents, patching vulnerabilities, and integrating new security tools. This overload creates a significant gap in their defences, potentially allowing cyberattacks to slip through the cracks.

Attack Surface Management tools, like our OBSERVATORY solution, can help manage and prioritise the most critical vulnerabilities.

AI set to play key role in future phishing attacks

A recent report has revealed a concerning trend in phishing tactics. QR code scams, known as quishing, have skyrocketed, rising from a negligible presence in 2021 to over 12% of attacks in 2023. This worrying trend persists in 2024, with quishing attempts currently at 10.8%.

The report also identifies a shift in social engineering techniques. Phishing emails are becoming lengthier, potentially due to the use of generative AI, and now incorporate social engineering tactics in nearly 19% of attacks. This suggests a move away from solely relying on malicious attachments to manipulate victims.

British Company Carpetright Hit by Cyberattack

British flooring retailer Carpetright fell victim to a cyberattack. Hackers deployed malware to infiltrate the company's systems, forcing staff to shut down the network at their Essex headquarters on Tuesday. This disruption impacted hundreds of customer orders.

Carpetright assures customers that the virus was contained before any data breach occurred. Staff received an email yesterday confirming the attack involved a malicious program.

UnitedHealth Confirms Ransom Payment and Data Breach at Change Healthcare

UnitedHealth Group revealed on Monday that they paid a ransom to cybercriminals following a February attack on their subsidiary, Change Healthcare. This attack compromised patient data, including both personal information and protected health information.

The company, with over 152 million customers, confirmed a significant portion of the US population could be affected. While the exact number of impacted individuals remains unknown, the scale suggests a substantial data breach.

Lazarus Group Targets Asia with New Kaolin RAT

A recent report by Avast security researcher Luigino Camastra details a cyberattack campaign by the North Korea-linked Lazarus Group. The group used fake job offers to target individuals in Asia during summer 2023. These lures delivered a new remote access trojan (RAT) called Kaolin RAT.

Beyond standard RAT functions, Kaolin allows attackers to manipulate file timestamps and load malicious code received from their command-and-control server. This RAT appears to be a gateway for deploying the FudModule rootkit. FudModule exploits a recently patched vulnerability (CVE-2024-21338) in the appid.sys driver to gain complete control of the infected system and disable security measures.

US Congress Passes Bill to Ban TikTok

The US Senate has voted on a bill that will either ban TikTok or force its parent company, ByteDance, to forfeit ownership of the social media app. During the vote, senators voted in favour of the bill, with only 18 voting against.

The vote occurred on April 24, ten days after the House of Representatives passed the bill, titled Protecting Americans from Foreign Adversary Controlled Applicants Act, by a margin of 360 to 58. A few hours after the Senate vote, US President Joe Biden signed it.

Remaining well-informed about the latest developments in the industry is paramount in combating cybercrime. By staying abreast of relevant news, leaders can make informed decisions, proactively implement security measures, and effectively protect their organisations from cyberattacks. Maintaining a vigilant mindset, adhering to best practices, and leveraging cutting-edge technologies are all essential elements in constructing a secure digital future.