Every week on the ACDS blog, we highlight the most pivotal news articles to have swept across the cybersecurity world. In this week's recap, we've witnessed new government warnings on AI, significant cyberattacks on Australia’s ports and Plume Wi-Fi, as well as significant research around DMARC implementation. It's crucial for organisations and their leaders to remain current on cybersecurity developments to make well-informed choices.
AI Among the Biggest Threats to the UK, Cybersecurity Agency Warns
In its annual review released earlier this week, the National Cyber Security Centre (NCSC) issued a warning about the ongoing geopolitical challenges and the role of artificial intelligence (AI) as potential threats to UK elections. The report, part of GCHQ, noted the emergence of a new breed of cyber adversaries over the past year: state-aligned actors motivated by ideology rather than financial gain. The NCSC emphasised the persistent and significant threats posed by China and Russia to the cybersecurity landscape in the UK. The report highlighted that many of the new state-aligned groups identified by the NCSC displayed sympathies toward Russia's invasion of Ukraine, marking a concerning development in the cyber threat landscape.
Analyst Comments: This warning raises awareness about the shifting dynamics in cybersecurity, emphasising the need for a proactive and adaptive approach to address the growing threats posed by state-aligned actors with ideological motivations, particularly from China and Russia. Moving away from financial motivations suggests a more complex and nuanced landscape in the realm of cybersecurity that we need to take note of.
Australia Locks Down Ports After ‘Nationally Significant’ Cyberattack
Australia has acknowledged its response to a persistent cyberattack aimed at major ports, leading operator DP World to impose temporary network access restrictions on Saturday. The decision to shut down four key ports in Sydney, Melbourne, Brisbane, and Fremantle came after the detection of a cybersecurity incident late on Friday night. DP World, responsible for 40% of Australia's maritime freight, took these measures in response to the ongoing threat.
This cyberattack could have a major impact on the wider supply chain. Supply chain security is imperative. Our experts have explained why in a recent e-book, which can be downloaded here.
Analyst Comments: Although the response to shut down the ports was quick after detecting the cyber incident, it would have had immediate economic implications, and there are further concerns about potential disruptions to the supply chain. Ports are crucial for many organisations as they carry out the majority of their trades. To ensure smooth operations, they have to rely on an uninterrupted supply of goods. Cyber attacks like this cause significant disruption to those within the supply chain, and incidents as vast as this highlight the danger of a supplier being a weak link.
Many Governments and Banks Lack Key Email Protection
According to new research, a mere 35% of government domains and 34% of large companies have implemented DMARC protection, a crucial measure in preventing phishing scams.
In the face of relentless cyberattacks disrupting vital industries worldwide, organisations of varying sizes find themselves vulnerable targets. The research scrutinized over 187,000 organisations to assess the prevalence of DMARC, a comprehensive email authentication, policy, and reporting protocol.
The findings indicate that a concerning 41% of the global banking institutions analysed lack DMARC protection for their domains. This vulnerability increases the risk of scammers successfully mimicking unprotected banking domains, deceiving individuals into transferring money through fraudulent means.
Analyst Comments: These statistics are worrying, but not surprising. Email security needs to be pushed to the top of the priority list in terms of cybersecurity for organisations of all sizes. In particular, large organisations that send over 5,000 emails a day to Gmail and Yahoo accounts, will have to implement SPF, DKIM and DMARC policies in order for their emails to be delivered to the recipient. Organisations have until 1 Feb 2024 for these guidelines to come into effect but the measures should be implemented as soon as possible. Need advice? Contact us at ACDS today for more information on our solution, Email Guard.
ChatGPT Has Changed the Face of Phishing
New research has revealed that phishing attacks have surged by an astonishing 1265% since December 2022, a remarkable four-figure increase attributed to the widespread adoption of ChatGPT, a globally recognised AI tool.
Evidently, scammers from across the globe have identified a new opportunity in the widely used text generator, ChatGPT. This AI tool has facilitated the creation of a diverse range of malicious software, often bearing names such as FraudGPT or DarkBERT.
While the prevalence of scams has seen a notable rise, it's important to note that not all online activities involve malicious intent. However, phishing remains a concern for businesses, as our experts have explained in a blog.
Analyst Comments: The recent surge in phishing attacks is alarming, particularly as it may be attributed to the advancements in AI technology that have lowered the entry barriers for cybercriminals to create and distribute phishing attacks. This trend is expected to continue, which should serve as a warning for organisations to take preventive measures against such attacks. The current measures in place are not sufficient, and a proactive approach with multi-layered protection is necessary to mitigate the risks.
Ransomware gang files SEC complaint over victim’s undisclosed breach
The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack. The threat actor listed the software company MeridianLink on their data leak with a threat that they would leak allegedly stolen data unless a ransom is paid in 24 hours.
While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.
Analyst Comments: If ransomware attacks weren’t scary enough, this new extortion tactic is one that will pressure organisations that do not notify the SEC of a breach into paying the ransom. With new measures being introduced and coming into play next month, this smart tactic of ‘snitching’ marks a potential paradigm shift in how cyber threats could intersect with regulatory compliance.
In today's ever-changing landscape, staying well-informed about the latest advancements in the industry remains incredibly important. By staying up to date with relevant news, leaders can make informed decisions, proactively implement security measures, and effectively shield their organisations from cyberattacks. Maintaining a vigilant mindset, embracing best practices, and leveraging cutting-edge technologies are all crucial components in building a secure digital future. Let's embrace these principles to safeguard our digital assets and pave the way for a safer tomorrow.