Cyber Markets Round-up: Week 31, August '23: Cyber threats to the next level: the old and new

What's happening with the Microsoft hack?

Watch the full episode here.

Did you miss?Cyber Markets Roundup's last edition?

New AI Tool 'FraudGPT' Emerges, Tailored for Sophisticated Attacks from The Hacker News

Following the footsteps of WormGPT, threat actors are advertising yet another cybercrime generative artificial intelligence (AI) tool dubbed FraudGPT on various dark web marketplaces and Telegram channels.

The development comes as the threat actors are increasingly riding on the advent of OpenAI ChatGPT-like AI tools to concoct new adversarial variants that are explicitly engineered to promote all kinds of cybercriminal activity sans any restrictions.

Such tools, besides taking the phishing-as-a-service (PhaaS) model to the next level, could act as a launchpad for novice actors looking to mount convincing phishing and business email compromise (BEC) attacks at scale, leading to the theft of sensitive information and unauthorized wire payments.

US SEC adopts new cyber rule, unveils brokerage AI proposal from Reuters

Wall Street's top regulator on Wednesday adopted new rules requiring publicly traded companies to disclose hacking incidents, a measure officials said was to help the investing public contend with the mounting cost and frequency of cyber attacks.

On a party-line vote, the five-member U.S. Securities and Exchange Commission also voted to propose requiring broker-dealers to address conflicts of interest in the use of artificial intelligence in trading, a reform partly influenced by the events of the 2021 "meme stock" rally when officials found robo-advisers and brokers used AI and game-like features to drive user behavior.

The new cybersecurity rule will require companies to disclose a cyber breach within four days after determining it is serious enough to be material to investors. The rule would allow delays if the Justice Department deems them necessary to protect national security or police investigations, the SEC said.

From Cybersecurity to Cyber Resilience from Wall Street Journal

Meeting a growing threat

By 2025, companies around the world are expected to spend about $1.75 trillion on cybersecurity-related tools and services. But the costs of global cybercrime over the same period are expected to be even higher—$10.5 trillion. “To thrive in this environment, companies will have to take a holistic approach to assessing, measuring and managing cyber risk,” says Richard Seiersen, Chief Cyber Resilience Officer at Resilience, a provider of cyber risk solutions. Instead of cybersecurity, companies should focus on cyber resilience, balancing technical security measures with the proper level of insurance, while accepting certain predictable risks with a company’s predetermined appetite.

Thousands of B.C. health-care workers’ information exposed in data breach from Global News Canada

A major cyber attack in British Columbia may have resulted in the theft of personal information belonging to hundreds of thousands of people working in the province’s health-care sector.

At a briefing Tuesday, health officials revealed the attack targeted three professional service websites hosted by the Health Employers Association of British Columbia (HEABC), which represents 200 public health sector employers and conducts most bargaining with health-care workers.

Attackers were able to access a server hosting the sites and application forms for Health Match BC, the BC Care Aide and Community Health Worker Registry, and the Locums for Rural BC programs.

If you enjoyed this edition of the Cyber Markets Roundup, we are inviting you to connect with us on?Susbtack?for free and let us build a community of like-minded individuals who are interested in cybersecurity, stocks, and financial markets.