Cyber News

This Week in Cyber: 23rd October 2023 – 27th October 2023

In today's rapidly changing technological landscape, cybersecurity has become a hot topic for organisations, governments, and individuals alike – and rightly so. The continuous surge in cyber threats, news that cyber criminals are becoming more sophisticated and ever-expanding networks and endpoints makes it more vital than ever that people stay up to date with the latest developments in the field.

This blog post explores the most noteworthy cybersecurity news stories of the week, offering insights into significant events, the latest research and notable security incidents. By shedding light on these topics, we aim to enhance awareness and understanding of the ever-evolving world of cybersecurity.

Small Businesses Suffer Record Number of Cyberattacks

According to the Identity Theft Resource Centre (ITRC)’s 2023 Business Impact Report, based on interviews with 551 small business owners and employees, 73% of small business owners in the United States experienced a cyberattack in the past year. These attacks primarily targeted employee and customer data in data breaches. Interestingly, despite the substantial increase in cyberattacks, 85% of respondents claimed to be well prepared to handle cyber incidents, marking an increase from the 70% reported the previous year.

Although, with budget cuts and a talent shortage, it can be hard to know how best to approach cybersecurity effectively for SMEs. Our experts advise taking steps such as automatically updating your devices and implementing MFA as easy ways to bolster security postures for small businesses.

Analyst Comments: Small businesses are often hit with cyberattacks as they are perceived as easy targets for attackers due to having small budgets for cybersecurity and often the weak link to target larger organisations within their supply chain. It is surprising to see such a high percentage of respondents claiming to be well prepared to handle cyber incidents; although this is a positive figure, it would be interesting to know what ‘well prepared’ looks like in reality. Perhaps small businesses need to work on a more proactive approach to help prevent an attack rather than a reactive approach to pick up the pieces once an attack has occured.

Okta Reveals Breach Via Stolen Credential

Okta, a specialist in Identity and Access Management (IAM), recently fell victim to a security breach. A malicious actor successfully accessed the system using a stolen credential. Unfortunately, what this shows is that anyone can fall victim to a cyberattack.

Analyst Comments: This is the classic case of ‘it can happen to anyone’ and, unfortunately, this is the scary aspect of cybersecurity. The incident highlights the ripply effect a security incident can have, particularly when it involves an identity and access management platform. Threat actors exploited a stolen authentication token and breached Okta’s support management system, which allowed the attacker to view critical files and access sensitive data. As a result of this attack, customers and suppliers of Okta face a significant threat, severely damaging trust and reputation.

Police Dismantle Ragnar Locker Ransomware Group

In the continuing battle against ransomware, global law enforcement agencies have achieved another significant victory. They managed to seize infrastructure and apprehend a suspected crucial member of the Ragnar Locker group. This operation took place from 16th to 20th October and involved coordinated searches in Czechia, Spain, and Latvia. Notably, among these searches was the residence of their primary target, believed to be a developer for the group.

With ransomware attacks on the rise, it’s important that organisations understand the basics. Our experts have explained why on our blog.

Analyst Comments: Now, this is a good one for the books. It’s nice to see news where the bad guys are actually getting caught. It does go to show that law enforcement is putting in the effort to try and rid the world of these terrible cybercriminals, but as it is one of the easiest crimes to remain anonymous, therefore, they are incredibly hard to catch. Let’s hope this is a warning to other ransomware gangs that they are not invincible…

Research Finds That ChatGPT Can Generate Phishing Emails Nearly as Convincing as a Human

IBM X-Force research has unveiled that artificial intelligence (AI) has the capability to compose effective phishing emails, although not with the same level of persuasiveness as human-generated ones. In a phishing experiment designed to assess which would yield a higher click-through rate, ChatGPT was able to craft a compelling email within minutes using only five basic prompts. The AI-generated email proved to be nearly as enticing as a human-generated counterpart, though not quite on par.

Analyst Comments: We always talk about how the use of AI is making attacks, like phishing, even easier for cybercriminals to commit because it does all of the work for them. Although the phishing attempts from ChatGPT are not as compelling, I think it is only a matter of time until it evolves into a tool with increased persuasiveness. In the meantime, it is important to alter training to be able to spot common phishing techniques used by AI tools to reduce human error. Training will have to continuously evolve as AI does, but removing the human element of having to decide whether an email is a phishing attempt or not is the best way to keep your organisation secure.

With the cybersecurity ecosystem always evolving, it’s important to stay up to date with the latest developments across the industry. Keeping an eye on the latest news can help leaders make informed decisions going forward and help them to implement proactive security measures and protect against cyber-attacks. Maintaining a state of vigilance, adopting best practices, and harnessing the power of the latest technologies are crucial steps in working together to create a secure digital future.