The Evolving Landscape of Cybersecurity: AI Scams, International Cyber-Activities, and the Rise in Global Cyber Attacks

12 May The Evolving Landscape of Cybersecurity: AI Scams, International Cyber-Activities, and the Rise in Global Cyber Attacks

Sophisticated AI Scams: A Warning from Switzerland

A concerning trend in cybercrime has emerged with scammers using AI-generated videos to impersonate CEOs and authorize fraudulent financial transactions. As reported by the Swiss daily Le Temps, these AI-generated deceits showcase high levels of realism, making them incredibly difficult to detect. This novel use of AI highlights the potential for technology to become a double-edged sword, posing significant threats to unwary businesses.

Automated Threats on the Rise

Recent studies indicate that automated internet traffic, primarily driven by bots, accounts for over 49% of global online activity. Alarmingly, nearly two-thirds of this automated traffic is identified as malicious, underscoring the increasing reliance on and the dangers posed by sophisticated botnets and automated cyber threats.

The USA expose Chinese malevolent, state-backed cyber-activities

On March 25, 2024, the U.S. Department of Justice (DoJ) released an indictment of seven hackers associated with APT31, a “hacking group in support of China’s Ministry of State Security” (MSS) which has been active for 14 years. On the same day, the Department of Treasury enacted sanctions on several entities.

According to our member Harfanglab, who has commented on this action and analysed the US report, the key takeaways are:

• APT31 is attributed to the Hubei State Security Department, located in Wuhan;
• Around 2010, APT31 created a front company named “Wuhan XRZ” and used it as a cover for its cyber operations. Another local company, “Wuhan Liuhe” (not accused of being at front line), provided support;
• APT31 created and used the RAWDOOR malware, handled a few other malware families used by other Chinese-speaking threat actors, and more recently started using cracked versions of CobaltStrike;
• The group favors a two-band approach to hacking, and goes after subsidiaries, MSPs or spouses of its targets as a means of initial access.

It has recently surfaced that APT31 has also sent to different French politicians malicious emails, with the goal to open an invisible “channel” between the devices used by the targets and some Chinese servers. The concerned persons were often known for exposing the crimes committed against the Ouigours or other bad Chinese practices…

LabHost was a phishing platform, where cyber criminals could find tools to deceive their targets and to manage malicious campaigns and ransom negotiations – such as the sadly known Labrat tool. Some 10 000 criminals were affiliated. Europol, with the help of a set of 19 police’s led by the London police department, has organized a crackdown on April 14-17, leading to arrests, capture on materials and exposure of a huge quantity of phishing domains.

IN BRIEF : new malicious attacks exposed

• APPLE has revealed iPhones are targeted by some spyware.
• TEHTRIS has detailed the active backdoor concerning the liblzma library used in the XZ compression tools. This backdoor is reported being very critical as hackers can use it to totally control devices.
• OT systems, a new target for cyber criminals. According to analysts, the MTBA (Mean Time Between Attcks) is rapidly decreasing, while the cost of an OT equipment being disrupted ramps up to more than 10 000 € a day. A zero trust policy should be implemented to protect OT systems, as well as it should be for IT ones.
• SANDWORM (APT44), a Russian cyber-criminals organization, targets water supply infrastructures in France and in the USA. This group is backed by the Russian government.
• APT28 : another hackers gang linked to the Russian intelligence services. Further to a long inquiry, Germany has officially stated that the cyber attack conducted on early 2023 against the Chancellor’s party SPD had been operated by APT28. Tchecq Republik has claimed the same. The French ANSSI had come to the same conclusion about attacks against French services that occurred on 2021-22.
• CISCO exposes a campaign to compromise some frequently used network devices. The infiltrated devices are used on the edge of the IT access networks. The aim of the malevolent campaign, which is reported to have started by mid-2023, was to take control of some governmental or other public networks. 

IN BRIEF Cyber-attacks flourish as spring is late in Europe

• The hospital of Cannes (France) has been hit by a cyber attack on April 15. The IT services have been immediately shut down, forcing the teams to go back to paperwork for a while. So far, no data leak has been discovered.
• Derichebourg, a company expert in metal recycling and in cleaning services, admits the cyber-attack they have suffered on November 2023 has led to a financial loss of some 15 – 20 M€, due to the unavailability of their main software tool and the disruption of services.
• Le Slip Français, a French underware manufacturer, has been hacked on April 15. Customers data have been fraudulously collected.
• The services of Floirac, a city close to Bordeaux, are down due to a cyber-attack which occurred on April 18. Most applications are out of reach, and the employees have flipped to howeworking. The town hall can be contacted by phone only. However, no evidence of data leak has been found, and the city has said it hopes to be back on line by Monday April 22.
• Speedy, the automobile repair company, has revealed having been hit by a cyber-attack on April 19. The on-line services are disrupted. Customers data have been captured. The French CNIL (Authority in charge of protecting data privacy) has been informed.
• ALBI, a French South-West city, is totally disrupted by a cyber-attack which occurred on April 22. The services are back to paperwork, even telephone connection is  damaged.
• CANNES hospital : as this French health center has refused to pay a ransom, a large set of data has been published on May 3 on the darkweb. 
• KAISER PERMANENTE, an health management US company, has suffered a huge data leak. 13 millions AMerican people are concerned. Some of the data may have been unduly shared with suppliers, an abnormal extension of some advertising agreements. Once again, the business model of many US firms is based on data monetization … this time without control !

SAFE CODE

The French start up TrustinSoft has developed TrustInSoft Analyzer, a system able to emulate billions tests in a single analysis, thus significantly reducing the efforts necessary to test software code and the costs. Moreover, the tool can generate a report better complying with the rules Cert C. TrustinSoft targets the huge market of software defined vehicles.

At the same time STRONG NETWORK, another young (Swiss) venture, is pursuing its mission to develop secure environments for collaborative coding. Secure and verified embarked code will be essential for many industries.

MOVEMENTS

FOUNDREIS.IO, an UK company providing security systems for IoT, has been acquired by the US giant QUALCOMM

Foundries expertise is on Edge systems, based on Open Source. Qualcomm has announced the company, which will stay managed independently, will reinforce Qualcomm group’s capabilities in Open Source based systems.

WIZ an Israeli vendor, has entered exclusive negotiations to acquire its US rival LACEWORK. Both companies are positioned on Cloud security. Usually, US companies purchase Israeli ones. If conclusive, this would be a first move the other way. At the same time, a confirmation that consolidation is on its way in Cybersecurity.
And there is another lesson of this projected move: the crucial importance of a turn of cybersecurity systems towards IT systems run in the Cloud. Let’s not forget, most cyber tools of today have been designed at a time when Information systems were “on prems”. Transforming them to adapt to Cloud is not that easy. Some companies have deliberately chosen to focus on Cloud hosted systems – by the way the ECA counts some of them. Disagree with this remark ? Please send us your views !

Hexatrust, a French association of cybersecurity vendors, to hold its « summer University » in Paris, Station F, on September 5 Detailed program here : https://lnkd.in/eJb2MAj7

The French General Directorate of Enterprises (DGE) has launched a « call for interest » to select experts to help SMEs progress on cybersecurity : https://lnkd.in/eAk6jeyf

ECSO is launching an European cybersecurity jobs platform.This initiative aims at helping users looking for talents, and job-seekers to have better access to offers. At the same time, with ECSO’s support some regions across Europe provide help to citizens to avoid phishing and scamming, build watch centers (C-SIRT) and to promote training in cybersecurity. Training does not only concern coding capabilities, but also how to manage cyber protection in different trades.

DORA EU REGULATION FOR THE FINANCIAL SECTOR :
As the DORA regulation is coming live for financial players, it should be clear that the recommandations are even more precise than the « basic NIS2 ». Among others, continuity schemes should make sure business is not disrupted, thanks to permanent replication of data over several supports. Moreover, players are encouraged to resort to early anomaly detection (such as unplanned encryption), thanks to automatized process. In NIS2, these two principles of replicating data and early detection are recommended but without such precisions. DORA clearly sets the tune for a real resilience.

MICROSOFT has announced bully measures against hacking

Microsoft announces a set of measures, including more caution in its development processes. At last … For years some critics have exposed the poor cyber-resilience of Microsoft software, and even some have questioned the meaning of these bad practices (a will to let open some backdoors?). Better late than never … but time will tell if this is simple bluff.