Cyber (In)Securities – Issue 110

CyAN

Contents:

News

  1. Labor has passed its proposed social media ban for under-16s. Here’s what we know – and what we don’t
  2. NHS major ‘cyber incident’ forces hospitals to use pen and paper
  3. Beware: AI-Driven Black Friday Scams Are Looming — Here’s What to Know
  4. The only thing worse than being fired is scammers fooling you into thinking you’re fired
  5. Sweden Requests Chinese Bulk Carrier To Stay in Swedish Water as Investigation Into Undersea Fiber-Optic Cables Continues
  6. Script Kiddie ‘Matrix’ Builds Massive Botnet
  7. How an AI granny is combating phone scams
  8. Starbucks has gone back to pen and paper after vendor ransomware attack
  9. Data broker leaves 600K+ sensitive files exposed online
  10. Romania’s president summons defense council over cyber election interference risk
  11. Victims Must Disclose Ransom Payments Under Australian Law
  12. Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa
  13. Man accused of hilariously bad opsec as alleged cybercrime spree detailed
  14. New NachoVPN attack uses rogue VPN servers to install malicious update
  15. “RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor
  16. Medical Specialty Groups: Why Cybercriminals are After Them
  17. Stronger cyber protections in health care targeted in new Senate bill
  18. Sextortion attacks on the rise and growing in sophistication
  19. AFP gathers intel after Manila scam ‘boiler room’ raid
  20. Telco engineer who spied on US employer for Beijing gets four years in the clink
  21. CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks
  22. How the far right is weaponising AI-generated content in Europe
  23. Britain Putin up stronger AI defences to counter growing cyber threats
  24. Cyberattacks cost British businesses $55 billion in past five years, broker says
  25. Meta Has Removed Two Million Scam Account This Year

Analysis

  1. Australia introduces Comprehensive Cyber Security Legislation
  2. Closing the Cybersecurity Career Diversity Gap
  3. An opportunity for Trump’s deregulation journey: Cybersecurity harmonization

Statistics & Insights – Powered by evisec

  1. Highlights from last week’s cybersecurity research sources by evisec

CyAN News

  1. CyAN APAC Event: Mentorship and Allies

Events

News:

Labor has passed its proposed social media ban for under-16s. Here’s what we know – and what we don’t

https://www.theguardian.com/australia-news/2024/nov/21/labor-social-media-ban-under-16s-details-what-is-covered-which-platform

The newly passed social media ban for under-16s without parental consent has sparked debate about its enforcement and broader implications. Critics question how age verification will work, particularly the potential need for children to provide ID, raising privacy concerns about how such data will be collected, stored, and used.

While the policy aims to shield minors from harmful content and exploitation, concerns persist about excluding young people from valuable educational and social opportunities online. Advocates argue that it sets a global benchmark for protecting children in digital spaces. This bold move forces Australia to navigate the complex balance between safety, privacy, and digital inclusivity.

NHS major ‘cyber incident’ forces hospitals to use pen and paper

https://www.theregister.com/2024/11/25/salt_typhoon_mark_warner_warning/

A severe cyberattack has disrupted NHS services, forcing hospitals to revert to manual operations using pen and paper. The incident has significantly slowed medical workflows and impacted patient care, underlining the vulnerabilities in healthcare IT systems. Experts stress the need for robust cybersecurity measures, including regular patching and incident response planning, to safeguard critical healthcare infrastructure. Investigations are ongoing to determine the attackers’ methods and motives. This event highlights the growing threat of ransomware targeting essential public services.

Beware: AI-Driven Black Friday Scams Are Looming — Here’s What to Know

https://www.eweek.com/news/ai-driven-scams-black-friday/

As Black Friday approaches, cybercriminals are leveraging AI to create convincing scams that target online shoppers. Techniques include fake websites, phishing emails, and AI-generated voice scams designed to steal personal and financial information. Security experts advise consumers to verify websites, use secure payment methods, and be cautious of deals that appear too good to be true. Retailers are also urged to bolster their defences against potential fraud. Awareness and vigilance remain key to preventing holiday-season cybercrime.

The only thing worse than being fired is scammers fooling you into thinking you’re fired

https://www.theregister.com/2024/11/28/fired_phishing_campaign_cloudflare/

Cybercriminals are exploiting fears of job insecurity by sending fake termination notices designed to trick employees into revealing sensitive information. These scams prey on emotional responses, leading victims to click on malicious links or download malware. Security experts recommend verifying such notices through official channels and being cautious of unexpected emails. The rise of this tactic underscores the need for heightened awareness and employee training on phishing threats. Organisations are urged to implement strong email security measures to prevent such attacks.

Sweden Requests Chinese Bulk Carrier To Stay in Swedish Water as Investigation Into Undersea Fiber-Optic Cables Continues |

https://www.wired.com/story/chineses-surveillance-state-is-selling-citizens-data-as-a-side-hustle

Swedish authorities have detained a Chinese bulk carrier as part of an investigation into damage to undersea fiber-optic cables. These cables are critical to global internet connectivity, and their sabotage raises concerns about geopolitical tensions and cyber-physical security. Investigators suspect potential tampering linked to state-backed actors, though evidence remains inconclusive. This incident highlights the vulnerability of subsea infrastructure to disruption and the need for enhanced monitoring. International cooperation is crucial to safeguarding this vital communication backbone.

Script Kiddie ‘Matrix’ Builds Massive Botnet

https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/

A hacker known as “Matrix” has constructed a vast botnet using off-the-shelf tools, demonstrating that even low-skill attackers can create significant disruptions. The botnet has been used for DDoS attacks and credential theft, exploiting vulnerable IoT devices. Experts emphasise the importance of patching and securing internet-connected devices to prevent such large-scale attacks. This case underscores how accessible hacking tools have lowered the barrier to entry for cybercriminals. Organisations must prioritise robust defences to mitigate such threats.

How an AI granny is combating phone scams

https://edition.cnn.com/2024/11/26/business/daisy-ai-granny-scammers-o2-intl/index.html

An AI-powered “granny” chatbot is being used to waste scammers’ time and protect potential victims from falling for phone scams. Developed as a decoy, the AI engages fraudsters in lengthy conversations, diverting their resources and reducing their ability to target real victims. The project highlights innovative approaches to combating social engineering and telecommunication fraud. While effective, experts warn it’s not a replacement for broader public awareness and systemic regulatory measures. The initiative demonstrates the creative use of AI for defensive purposes in cybersecurity.

Starbucks has gone back to pen and paper after vendor ransomware attack

https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html

A ransomware attack on a key Starbucks vendor has disrupted digital systems, forcing stores to revert to manual operations. The breach highlights supply chain vulnerabilities and the risks of third-party dependencies in business continuity. Experts stress the need for robust vendor assessments, incident response plans, and zero-trust architectures to mitigate such risks. Starbucks is working to restore operations while ensuring no customer data was compromised. This incident emphasises the broader impact of ransomware attacks beyond direct victims.

Data broker leaves 600K+ sensitive files exposed online

https://www.theregister.com/2024/11/24/water_defcon_hacker/

A data broker has left over 600,000 sensitive files unsecured on a publicly accessible server, exposing personal information such as names, addresses, and financial records. The breach highlights the dangers of inadequate data management and the need for stricter regulation of data brokerage firms. Cybersecurity experts urge businesses to audit their data storage practices regularly and ensure sensitive information is adequately protected. The exposed data poses risks of identity theft and fraud to affected individuals. Regulatory action may be necessary to address industry-wide negligence.

Romania’s president summons defense council over cyber election interference risk

https://www.theguardian.com/business/2024/nov/24/small-business-data-security-methods

Romania’s president has convened a defense council meeting to address growing concerns about cyber threats targeting the country’s upcoming elections. Officials cite risks of disinformation campaigns, infrastructure sabotage, and digital voter manipulation. This move underscores the increasing geopolitical impact of cyberattacks on democratic processes. Experts recommend enhanced cybersecurity measures, public awareness campaigns, and international collaboration to safeguard electoral integrity. The situation reflects broader global concerns about cyber threats to elections.

Victims Must Disclose Ransom Payments Under Australian Law

https://securityaffairs.com/171319/cyber-crime/doj-seized-credit-card-marketplace-popeyetools.html

Australia’s new legislation mandates that victims of ransomware attacks must report ransom payments to the government within a set timeframe. The law aims to provide authorities with better data on ransomware trends and disrupt criminal operations. While proponents praise the move as a step toward transparency, critics argue it may deter businesses from reporting incidents altogether. Experts emphasise the need for supportive frameworks to encourage compliance without penalising victims. The law reflects Australia’s broader effort to combat ransomware effectively.

Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa

https://www.securityweek.com/interpol-clamps-down-on-cybercrime-and-arrests-over-1000-suspects-in-africa/

Interpol has arrested over 1,000 suspects in a major crackdown on cybercrime operations across Africa. The coordinated effort targeted phishing schemes, financial fraud, and online scams, seizing millions in assets. Authorities credit international collaboration for the operation’s success, highlighting the global nature of cybercrime. Experts stress the importance of continuing such efforts to dismantle criminal networks and build cybersecurity capacity in vulnerable regions. This marks a significant step in addressing the digital threats facing developing economies.

Man accused of hilariously bad opsec as alleged cybercrime spree detailed

https://www.theregister.com/2024/11/26/kansas_city_cybercrime_charges/

A suspected cybercriminal has been arrested following a series of attacks marred by poor operational security (opsec). Authorities discovered key evidence, including incriminating files and personal identifiers, stored in unencrypted formats. The case underscores the importance of thorough investigative work and highlights how even basic mistakes can lead to the downfall of cybercriminals. Experts note that while the case is amusing, it reflects broader concerns about the accessibility of hacking tools. Improved public-private cooperation remains critical to combating cybercrime effectively.

New NachoVPN attack uses rogue VPN servers to install malicious update

https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/

Cybercriminals are exploiting rogue VPN servers under the guise of NachoVPN to distribute malicious updates to unsuspecting users. The malware targets credentials and sensitive data, emphasising the risks of using untrusted VPN providers. Experts urge businesses and individuals to vet their VPN services carefully and implement strong endpoint protections. This attack highlights the dangers of relying on third-party tools without adequate scrutiny. Users are advised to adopt zero-trust principles for secure network access.

“RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

https://www.darkreading.com/application-security/romcom-apt-zero-day-zero-click-browser-escapes-firefox-tor

The RomCom APT group has launched sophisticated attacks exploiting zero-day vulnerabilities in Firefox and Tor browsers. These zero-click exploits allow attackers to compromise systems without user interaction, posing significant risks to privacy-focused individuals and organisations. Experts recommend applying security patches immediately and using layered defences to mitigate potential breaches. This incident underscores the increasing complexity of APT tactics and the importance of proactive threat management. Organisations must remain vigilant against emerging threats targeting critical applications.

Medical Specialty Groups: Why Cybercriminals are After Them

https://www.databreachtoday.com/medical-specialty-groups-cybercriminals-are-after-them-a-26900

Cybercriminals are increasingly targeting medical specialty groups due to their access to sensitive patient data and limited cybersecurity resources. These groups often lack the infrastructure to defend against sophisticated attacks, making them prime targets for ransomware and data theft. Experts urge healthcare organisations to adopt stronger encryption, implement zero-trust architectures, and conduct regular security training for staff. The rise in attacks highlights vulnerabilities in niche healthcare sectors. Greater investment in cybersecurity is essential to protect patient privacy and maintain operational resilience.

Senators propose law to require bare minimum security standards

https://www.theregister.com/2024/11/26/us_senators_healthcare_cybersecurity/

US lawmakers have introduced a bill mandating basic cybersecurity standards for all devices connected to the internet. The proposed legislation seeks to close gaps exploited by attackers targeting poorly secured systems, such as IoT devices. Critics argue the bill doesn’t go far enough, while proponents see it as a necessary first step toward broader regulatory reform. Security experts emphasise the importance of public-private collaboration to ensure compliance and effective implementation. If passed, this could mark a turning point in addressing systemic vulnerabilities.

Sextortion attacks on the rise and growing in sophistication

https://itwire.com/business-it-news/security/sextortion-attacks-on-the-rise-and-growing-in-sophistication.html

Sextortion scams are increasing in frequency and complexity, with attackers leveraging social engineering and advanced technologies to exploit victims. Cybercriminals are using AI-generated content and detailed personal data to lend credibility to their threats. Experts recommend public awareness campaigns, strong privacy practices, and multi-factor authentication to reduce exposure to such scams. Law enforcement agencies are ramping up efforts to combat sextortion, but collaboration with tech platforms is critical. This trend underscores the need for vigilance against emerging online threats.

AFP gathers intel after Manila scam ‘boiler room’ raid

https://www.itnews.com.au/news/afp-gathers-intel-after-manila-scam-boiler-room-raid-613406

The Australian Federal Police (AFP) is analysing data seized during a raid on a Manila-based scam operation, known as a “boiler room.” The group allegedly targeted Australian victims with fraudulent investment schemes, stealing millions. This operation highlights the global nature of financial fraud and the importance of cross-border cooperation in tackling cybercrime. Experts stress the need for tighter regulations and improved consumer awareness to mitigate such risks. The AFP’s investigation is expected to uncover valuable insights into the scammers’ tactics.

Telco engineer who spied on US employer for Beijing gets four years in the clink

https://www.theregister.com/2024/11/27/telco_spy_beijing_jailed/

A telecom engineer has been sentenced to four years in prison for spying on their US employer and sharing sensitive information with Chinese authorities. The case highlights the persistent risks of insider threats, particularly in sectors handling critical infrastructure and national security. Organisations are urged to strengthen insider threat programs, implement stricter access controls, and monitor for suspicious activity. This incident underscores the role of human factors in cybersecurity breaches. Governments are calling for increased vigilance against state-sponsored espionage.

CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks

https://thehackernews.com/2024/11/cisa-urges-agencies-to-patch-critical.html

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to patch a critical vulnerability in Array Networks devices. The flaw is actively being exploited by attackers to gain unauthorised access to sensitive systems. Experts warn that delayed patching could leave critical infrastructure vulnerable to significant breaches. Organisations are urged to prioritise updates and enhance monitoring to detect potential exploitation. This incident underscores the need for proactive vulnerability management to mitigate risks.

How the far right is weaponising AI-generated content in Europe

https://www.theguardian.com/technology/2024/nov/26/far-right-weaponising-ai-generated-content-europe

A proposed law banning under-16s from social media in Australia is facing criticism and potential legal challenges over concerns it infringes on personal freedoms and parental rights. The policy aims to protect minors from harmful content but raises questions about enforcement and the broader implications for digital access. Experts warn that implementing such a ban could face significant hurdles in the High Court, with some advocating for improved safety features over outright restrictions.

Britain Putin up stronger AI defences to counter growing cyber threats

https://www.theregister.com/2024/11/26/uk_ai_security/

The UK government is ramping up its AI defences to counteract the rising threat of AI-driven cyberattacks. Initiatives include funding for research into AI security, developing national strategies, and enhancing collaboration with international allies. Experts emphasise the importance of securing AI systems to prevent exploitation by malicious actors. The move reflects growing recognition of AI as both an opportunity and a potential threat in the cybersecurity landscape. Public and private sectors are urged to work together to build resilient defences against emerging AI-related risks.

Cyberattacks cost British businesses $55 billion in past five years, broker says

https://www.reuters.com/technology/cybersecurity/cyberattacks-cost-british-businesses-55-billion-past-five-years-broker-says-2024-11-25

Australia’s first Cyber Security Bill has been a milestone in addressing evolving cyber threats. The legislation introduces mandatory reporting for cyber incidents, alongside a compliance framework for critical infrastructure providers. Legal experts praise its potential to enhance national security but caution that the implementation may burden smaller businesses. The bill reflects Australia’s commitment to cybersecurity, signalling a shift toward proactive defense measures in the digital age.

Meta Has Removed Two Million Scam Account This Year

https://tech.co/news/meta-two-million-scam-accounts

Meta has announced the removal of over two million scam accounts in 2023, targeting fraudulent activities such as phishing, financial scams, and fake advertisements. The company has enhanced its detection algorithms and partnered with law enforcement to address these threats. While these efforts mark progress, experts warn that scammers are adapting quickly, requiring ongoing vigilance and innovation in platform security. Users are advised to remain cautious and report suspicious accounts. The scale of this takedown underscores the persistent challenge of combating online fraud.

Analysis:

Australia introduces Comprehensive Cyber Security Legislation

https://www.corrs.com.au/insights/australia-introduces-comprehensive-cyber-security-legislation

Australia has introduced a landmark Cyber Security Act aimed at safeguarding critical infrastructure and mandating incident reporting for cyberattacks. The legislation sets out compliance obligations for businesses, emphasising accountability, resilience, and robust defences against evolving threats. While experts praise the Act as a step forward in strengthening national cybersecurity, concerns remain about its enforcement and the burden it places on smaller enterprises. The Act highlights Australia’s proactive stance in addressing its digital vulnerabilities. Its implementation is expected to set a global benchmark for cybersecurity governance.

Closing the Cybersecurity Career Diversity Gap

https://www.darkreading.com/cybersecurity-operations/closing-cybersecurity-career-diversity-gap

The lack of diversity in the cybersecurity workforce continues to hinder innovation and problem-solving within the industry. Women and underrepresented groups face barriers to entry, including unconscious bias and limited access to mentorship opportunities. Experts advocate for targeted initiatives, such as scholarships, mentorship programs, and inclusive hiring practices, to close the gap. Increasing diversity is not only an ethical imperative but also a strategic advantage in tackling evolving cyber threats. Industry leaders are urged to prioritise inclusivity to foster a more dynamic and resilient cybersecurity landscape.

An opportunity for Trump’s deregulation journey: Cybersecurity harmonization

https://cyberscoop.com/cyber-regulatory-harmonization-opportunities-op-ed-brandon-pugh/

Former President Trump’s deregulation agenda could extend to cybersecurity harmonisation, emphasising streamlined standards to reduce compliance burdens on businesses. Proponents argue that consolidating regulations could enhance efficiency and foster innovation, while critics warn it may weaken protections. Harmonisation efforts must balance business interests with the need to safeguard critical systems from escalating cyber threats. Experts call for industry input and collaboration to ensure such reforms achieve meaningful outcomes. The proposal reflects ongoing debates about the role of regulation in cybersecurity.

Statistics & Insights – Powered by evisec:

Highlights from last week’s cybersecurity research sources by evisec (Cybersecurity Research Digest #12)

https://evisec.xyz/crd-12

This edition’s topics:

  • A paradoxical reality: A survey of 2,800 security professionals shows that 100% are using AI in development, yet they rank “AI-generated code” as their top security concern.
  • Security vs speed: 84% say security processes are the main source of delays, while 71% acknowledge that rushed time-to-market pressures still lead to vulnerabilities.
  • Shift to managed services: Nearly 20% of companies are cutting hiring budgets, reflecting a growing reliance on Managed Security Services.
  • False positives: Practitioners estimate that 34% of threat detection alerts are false positives, exposing inefficiencies in existing tools.

CyAN Updates:

CyAN APAC Event: Mentorship and Allies

https://cybersecurityadvisors.network/2024/11/29/cyan-apac-event-mentorship-and-allies/

CyAN organized a successful event in Sydney (AU), around the theme of building a support network for women in cyber.

Events: