Welcome to “The Cyber Security Loop" - News Bites #8

Welcome back for 2025 and already we are seeing cyber security threats ramp up along with a lot of hysteria and rhetoric on DeepSeek AI!? So let’s get into it

If you have been following the various media outlets, you will have seen that DeepSeek AI has now been banned by a number of countries, including Australia.? This morning, the Australian government announced it was banning the use of DeepSeek AI on all government devices, which follows its previous advice for TikTok.? The OAIC has also stated that it will continue to monitor what other international partners are doing but, at this stage, will not make any determinations. That’s a missed opportunity for the OAIC; I am sure they have their reasons, but if Australia wants to show some strength, they should be leading the conversation.

If you missed my previous posts, I will be hosting a Legal AI workshop on 13 February in Sydney.? It’s going to be a lot of fun, and you don’t need a PhD in mathematics or machine learning to attend! Just turn up with your laptop, and as long as you know how to use ChatGPT, you are good to go. The link is below to find out more and register. I hope to see some of you there!

Workshop Registration: https://cyooda.chat/legalai

In other security news:

• Microsoft has patched a critical Azure AI Face Service vulnerability.? For those not familiar with what the Azure AI Face service is, it essentially is a service that allows AI algorithms to detect, recognise and analyse human faces.
• Law firm Bell & Graham hit by cyber attack.? The SafePay ransomware group listed Bell & Graham on their leak site on 14 January saying they had allegedly stolen 15 Gb of data.?
• A Canadian charged with stealing $65 million using DeFi crypto exploits. According to U.S. Justice department court documents a 22 yr old Canadian man exploited vulnerabilities in automated smart contract processes used by 2 exchanges.? He was able to successfully drain them of digital tokens, if found guilty he could face up to 10 years for unauthorised access to computer systems and up to 20 years for money laundering.?
• Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members.? The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralised in December 2024.
• Ardex an Australian tiling, flooring and waterproofing company has been hit by the Medusa ransomware group.? Medusa have given them 22 days to pay a $300,000 ransom.
• An Australian lawyer was caught recently using ChatGPT filed court documents referencing ‘non-existent’ cases.? In a ruling by the federal circuit and family court on Friday, Justice Rania Skaros referred the lawyer, who had his name redacted from the ruling, to the Office of the NSW Legal Services Commissioner (OLSC) for consideration.

TIP

“Think Before You Click – That Email Might Be a Trojan Horse”

Phishing scams are getting smarter. A single click on a bad link or what you think to be a policy or contract document could give hackers access to confidential client data. Always hover over links before clicking, and if an email feels suspicious, verify it through another channel. No case is worth a ransomware lockdown.

TOOL

Data breaches don’t just leak information — they sink reputations. BigID helps law firms take control of sensitive data by using AI to discover, classify, and protect client information across document management systems (such as iManage and Netdocs), databases, cloud storage, and endpoints. Whether it’s PI, contracts, or privileged documents, BigID ensures you know where your data lives and who has access —before a cybercriminal does.

RESOURCE

The EU commission has published its draft guidelines on prohibited artificial intelligence practices.? Be warned the draft is a whopping 144 pages for 8 guidelines!?

[ https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-prohibited-artificial-intelligence-ai-practices-defined-ai-act ]

QUOTE?

“Security is not a product, but a process.” – Bruce Schneier

Law firms are gold mines for cybercriminals, and the legal industry is increasingly under attack. If you wouldn’t leave client files on a cafe table, don’t leave your firm’s digital doors wide open.