Cyber Attack News 2024. New Ways to Limit Cyber Attack Liability.
David Mauro
???Driving SMB Growth Uninterrupted ??? Concierge Cybersecurity??? NetGain Technologies??? Speaker, Cyber Educator, Podcast Host ??? A.I. Think Tank Fellow ??? InfraGard Member ???
With effective ways to protect business from cyber crime.
Editor: David Mauro , Cybersecurity and Compliance services from All Covered
Deep Fakes. An Emerging Threat with Demonstrated Success.
Still Believe What You See and Hear online?
Recent case studies demonstrate that new policies and strategies must be put in place by U.S. organizations, especially SMB businesses and financial institutions, to address social engineering and deep fake tactics.
Deep Fake Social Engineering Attack Succeeds in Live Video Call Resulting in $25+ MIL Loss
A finance clerk working at a Hong Kong branch of a large multinational corporation recently fell victim to an elaborate scam utilizing deepfake technology to impersonate senior executives and swindle more than $25 million, according to reports.
This reads like a matrix-like thriller movie.
Fraudsters used both live video and audio deepfake tech to trick a finance worker at a multinational Hong Kong-based firm into wiring over $25 million. The scheme commenced with the clerk receiving a deceptive message, allegedly from the company's chief financial officer, urging an urgent and confidential transaction.
Despite initial skepticism, the clerk's suspicions waned after participating in a video conference call where deepfakes convincingly impersonated both the CFO and other familiar senior managers. Subsequent police investigations unveiled that the deepfakes likely utilized publicly available company videos and audio to digitally replicate the appearances and voices of the executives. By limiting direct interaction with the clerk to a mere introduction, the fakes projected an aura of authenticity and authority.
In total it seems that there 7 people on the video call-all of which were deep fakes except for the target clerk.
The fraudsters posed as the CFO and several co-workers during a multi-person video call. The presence of familiar faces, recreated with staggering accuracy, led the worker to dismiss his doubts. Convinced of the authenticity of the meeting, the finance worker was manipulated into transferring 200 million Hong Kong dollars (approximately $25.6 million), as per the instructions given during the call.
The employee first got an email that seemed suspicious but was later reassured on the video call with his coworkers.
Senior superintendent Baron Chan Shun-ching summed up the situation succinctly: “it turns out that everyone [he saw] was fake."
Why Deep Fakes Are So Dangerous Today To U.S. Business
Is it on the whiteboard? Deepfake detection, training of employees, included in Incident response plans?
Are A.I. Risks from Deep Fakes Coming for the U.S. Financial Industry?
Companies using photos or audio to verify customers’ identities are now at higher risk.
The Wall Street Journal recently posted an article identifying risks from the legacy practice, still commonly used, of relaying on photo ID's and voice recognition for identification. It points out how reliance on this outdated practice increases risk.
Find more here.
Deep Fake Attacks Have Succeeded before and Alerts/Warnings Have been Issued.
The Hong Kong incident is not the only one in the media.
An unprecedented case of CEO fraud involving a deepfake audio, an AI-generated voice, had rocked the financial sector back in 2019. The cybercriminals utilized voice-generating AI software to impersonate the CEO of a Germany-based parent company, successfully conning a U.K.-based energy company out of $243,000. The fraudsters demanded an urgent wire transfer for a Hungary-based supplier, later diverting the funds through various locations, making it difficult to trace.
To combat such scams, it's crucial for organizations to verify fund transfer requests and remain vigilant of red flags in business transactions, including sudden changes in payment details. This incident underscores the critical need for heightened security measures and employee awareness to prevent falling victim to such sophisticated cyber threats.
Read more here
Fake Identifies Remain Easily Attainable (Not just for underage drinking).
Meanwhile, the underground Dark Web website OnlyFake is claiming to be using “neural networks” to generate highly convincing fake IDs for $15. Testing shows that you can make a fake ID in minutes that can do a lot more than just trick your local bouncer. The journalist used a fake ID to successfully pass the identity verification check on cryptocurrency exchange OKX.
Companies that offer or use identify verification services need to immediately make sure their tools can’t be fooled this easily. Find details here
Why it matters
This raises many issues, core to our fundamental history that “seeing is believing” with immediate attention needed for? extra verification policies and actions.
The other significant factor is this:
We are interested in knowing from anyone who is actively addressing this emerging threat.
FBI Warned U.S. Businesses on Deep Fakes back in 2022 and it’s happening today
Back in July 2022 the FBI issued a warning on the advancement of deepfake videos and how they were being used by cyber criminals to obtain remote work jobs and then, once hired, to steal data and confidential information. All of which they had been freely handed to them after being hired. Details here
For a detailed and entertaining analysis of how deepfakes are made, sample demos and the effects these have on our society, see the below video with former U.S. Secret Service leader, now with LexisNexis Risk Solutions Paul Eckloff
SOCIAL ENGINEERING-The Most Powerful Method: For Good or Evil
Understanding social engineering can be helpful in personal relationships, getting reservations at “sold out” venues and more. It can help you relate better to co-workers and loved ones. It also is by far the most influential tool in a cyber criminals tool belt.
Unassuming Facebook quizzes can be a goldmine for attackers, providing valuable intelligence. This article explains how these seemingly harmless quizzes can compromise personal information and highlights the importance for leaders to be aware of this threat.
Hackers are using YouTube channels to spread malware by promoting cracked or pirated video games, according to a report by Proofpoint.
They're placing links in the video descriptions that lead to websites where malware can be delivered. These videos claim to offer free software downloads or game upgrades, but in reality, they're just a cover for the malware. This is just the latest example of how YouTube can be used by threat actors, including cybercriminal groups and state-backed operations. Find details here.
Leaders should be aware of this issue because children and casual users are particularly at risk due to their potential lack of knowledge in identifying malicious content. As these threat actors target home computers, the value of the stolen information is significant, presenting serious implications for individuals' financial and personal security.
Moreover, the nefarious approach of using video content, payload delivery, and deception methods similar across a multitude of seemingly unconnected threat actors makes it difficult to attribute such cybercrime. This underscores the necessity of advanced cybersecurity solutions capable of proactively monitoring and combating ever-evolving threats.
To understand Social Engineering foundations and the difference between the various types, see the following discussion with Christopher Hadnagy CEO of Social-Engineer, LLC and TEDx speaker, 5x best-selling author on the topic.
领英推荐
Higher Education Institution Faces New Class-Action from Data Breach
A cybersecurity breach at Lewis & Clark College has led to a class-action lawsuit claiming negligence. The breach exposed sensitive information of students and alumni, including Social Security numbers and financial data. This class-action incident raises concerns about the college's security measures and highlights the importance of cybersecurity for leaders. Leaders need to prioritize the protection of sensitive data to avoid legal repercussions and maintain trust with their stakeholders.
Find details here
Healthcare Insight from Cyber Crime News You Can Use
Lessons Learned in Recent Major Ransomware Attack
The Change Healthcare breach has played out with many life lessons. First, BLACK CAT Ransomware gang whose cyber mercenary "affiliate" attacked and breached the system, conducted what amounted to an exit scam.
What happened: after the massive breach, Black Cat accepted $22 MIL in ransom in exchange for deleting the victim data.
The issue: After collecting the ransom money from this breach, and several others, Black Cat closed up shop on the Dark Web in what most feel is an "exit scam". They claimed their systems were taken down by International joint law enforcement, but this was false.
Black Cat took the money and ran, ripping off their own "affiliates".
While we all know Criminals can't be trusted, this shows a bold move within their community. All indicators show they merely took the money and got out of the business altogether. More likely, is that they are merely re-branding under a different name.
This illustrates the fact that victims, whenever possible, should never Pay the Ransom since there is no guarantee they actually delete your data.
Most recently, a new Ransomware Gang has claimed they are attemtping to extort Change Healthcare again from the data which was not deleted from the original breach. The former "affiliate" of ALPHV/Blackcat behind the Change Healthcare ransomware attack has claimed not to have been paid a share of the $22 million ransom payment.
The affiliate, who operates under the name notchy on the Dark Web, claims to still be holding a copy of the 6TB of data stolen in the attack; to date, the data does not appear to have been publicly leaked and cybersecurity researchers have not identified any attempts to sell the data.
A new ransomware group called Ransom Hub has emerged. Ransom Hub claims to have the only copy of the stolen data and the post lists some of the affected healthcare providers. Ransom Hub is threatening to leak the stolen data and has given Change Healthcare and UnitedHealth Group 12 days to pay the ransom.?
They issued a new recent ransom demand to Change Healthcare. A top security researcher, Dom Alvieri, states that even though ALPHV stole the $22 million they apparently do not have the data and did not delete it. Details here.
How the Change Healthcare Breach is destroying Medical Practices.
An AMA survey on the impact of the Change Healthcare cyberattack revealed that physician practices, especially smaller ones, have been severely affected. The disruptions have led to suspended functionalities, forcing practices to resort to workarounds and personal funds to keep operations running.
Small practices left vulnerable after Change Healthcare ransomware attack, with some considering bankruptcy.
Many practices have faced financial strain, with some unable to pay employees or vendors. Despite efforts to adapt, the cyberattack has caused significant service disruptions, leading to lost revenue and concerns about patient care.
Why This matters
The survey highlights the fragility of physician practices and the challenges they face in dealing with cyberattacks. This information is important for business owners because it demonstrates the potential financial and operational impact of cyberattacks on small practices.
It also highlights the need for robust cybersecurity measures. There are many at little or no cost that smaller organizations can infuse and the failure to do so it tantamount to negligence itself. Additionally, it emphasizes the importance of having incident response planning and contingency plans in place to mitigate the effects of such attacks.
Find details here.
After Ransomware Hits, Counties Declare States of Emergency
Counties in Crisis: Ransomware Attack Fallout
Multiple local governments are dealing with cyberattacks, including ransomware incidents, this week, causing outages and problems for county hospitals, libraries and other local services.
Although fundamental functions like instruction and transportation remain unaffected, the district's email system and other applications have been compromised.
The attacks prompted the them to seek assistance from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). These incidents underscore the urgent need for robust cybersecurity measures and heightened vigilance in the face of evolving cyber threats.
They also show that proactive cybersecurity measures are crucial to mitigating the impact of ransomware attacks and safeguarding critical infrastructure.
Stay Vigilant,
David Mauro, National Manager, Finance Practice
Cybersecurity and Compliance Services
Konica Minolta MIT North America
(614) 584-4583
Intelligent Cybersecurity Services: 24/7 SOC~MSIEM/MDR~MEDR~VMaaS~IR Planning~Ethical Hacking/Pen Testing ~ Managed & Live Security Awareness Trainings
Past Editions.
Let's Connect.
We conduct Investigative Security Research and Interviews with Global Leaders, Hackers and Law Enforcement
?
?
?
Podcast & YouTube. Leadership interviews. True Cyber Crime Stories. Translating Cyber into Plain Terms to Raise Awareness.
10 个月Paul Eckloff
Podcast & YouTube. Leadership interviews. True Cyber Crime Stories. Translating Cyber into Plain Terms to Raise Awareness.
10 个月Mark Mosher Kevin Kroening Ken L. Rick Frisenda John Lee