• Optics giant Hoya hit with $10 million ransomware demand

  Optics leader sees ransomware blur

  Bleeping Computer | Link Hoya Corporation, a major player in optics, faced a cyberattack by the "Hunters International" ransomware group, demanding a $10 million ransom to avoid the release of 1.7 million stolen files. The attack disrupted Hoya's production and IT systems, significantly impacting their operations. This incident highlights the continued threat of ransomware to global businesses.

  Sentiment: Negative | Time to Impact: Immediate

• Analyzing Forest Blizzard’s Custom Post-Compromise Tool for Exploiting CVE-2022-38028

  GooseEgg cracks system shells.

  Microsoft Security Blog | Link Microsoft's analysis reveals that the Russian-based threat actor Forest Blizzard has developed a custom tool, GooseEgg, to exploit CVE-2022-38028 and gain elevated system access. This tool is part of a broader strategy targeting governmental and non-governmental organizations, primarily in the U.S., Europe, and the Middle East, to steal credentials and sensitive information.

  Sentiment: Negative | Time to Impact: Immediate

• US imposes visa bans on 13 spyware makers and their families

  Bleeping Computer | Link The US Department of State has started imposing visa restrictions on 13 individuals and their immediate family members involved in commercial spyware activities. These sanctions, detailed in the State Department's Country Reports on Human Rights Practices, aim to combat the proliferation and misuse of spyware which threatens privacy and security globally.

  Sentiment: Positive | Time to Impact: Immediate

  ---

Insight

Mastercard's Advanced AI Initiatives in Fraud Prevention

Introduction

Mastercard is revolutionizing its approach to combating fraud with state-of-the-art artificial intelligence (AI) technologies that enhance the security of digital payments. This shift comes at a time when the sophistication of cyber threats continues to evolve, demanding more robust defenses within the financial sector.

Core AI Strategies

Mastercard's deployment of generative AI is at the forefront of its strategy to bolster consumer protection. The company's Decision Intelligence (DI) technology, which already processes over 143 billion transactions annually, is now enhanced with generative AI to analyze approximately one trillion data points across transactions. This helps in predicting the legitimacy of transactions with unprecedented accuracy and speed, potentially increasing fraud detection rates by up to 300% in certain scenarios​​.

Real-time Fraud Detection and Prevention

The real-time aspect of Mastercard's AI application is critical. Its AI-powered tools operate within milliseconds to assess transaction risks, thereby preventing fraudulent transactions before any financial damage can occur. This rapid analysis is part of Mastercard's broader suite of Payment Resiliency solutions that also includes enhancements like Dynamic Decisioning and Account Balance Listing to support banks in making more informed decisions swiftly​​​​.

Global Impact and Implementation

The global deployment of these AI tools has significant implications. In the UK, the introduction of the Consumer Fraud Risk tool has already shown promising results, with one bank reporting a potential annual savings of nearly £100 million from prevented fraud cases. Mastercard plans to expand these services internationally, tailoring solutions to meet regional needs and regulatory requirements​​.

Cybersecurity Enhancements

In addition to protecting against payment fraud, Mastercard is strengthening its cybersecurity framework. The acquisition of Baffin Bay Networks enhances its capability to defend against a spectrum of cyber threats, including malware and ransomware attacks. This acquisition is part of a broader strategy to integrate advanced cybersecurity measures across Mastercard's global network, ensuring comprehensive protection for all transactions​​.

Challenges and Future Directions

While Mastercard's AI innovations present a formidable barrier against fraud, challenges remain, particularly in the realms of crypto fraud and more sophisticated cyber scams. The company's partnership with Feedzai to expand crypto fraud protection illustrates its proactive approach to these challenges, reflecting an ongoing commitment to securing digital transactions on a global scale​​.

Mastercard's integration of AI into its security infrastructure not only enhances the safety of digital transactions but also sets a new standard for the payment industry. By leveraging cutting-edge technology, Mastercard aims to stay ahead of cybercriminals, safeguarding consumer trust in an increasingly digital world. As these technologies evolve, so too will the strategies to implement them, promising a future where digital payments are both seamless and secure.

Scammer’s Corner

The Rise of Deepfake Scams: A $25 Million Heist

Introduction

This week, the financial world was shaken by a sophisticated scam involving deepfake technology that led to a staggering $25 million loss for a multinational company. This incident highlights the evolving landscape of cyber threats and the increasing use of artificial intelligence in executing financial frauds.

Details of the Scam

The scam began with a phishing message purportedly from the chief financial officer (CFO) of the company's UK branch, which was sent to an employee in the finance department. When the employee showed hesitation, the scammers escalated their efforts by arranging a conference call. This call featured deepfake videos of the CFO and other employees, convincingly urging the victim to initiate money transfers. The employee, deceived by the realistic appearance of their colleagues, proceeded to make 15 transfers to various bank accounts in Hong Kong​​.

The Aftermath

The fraudulent transactions were only discovered a week later, prompting the company officials to involve the police. This incident is a stark reminder of the potential for AI technology to be used for malicious purposes. The scammers utilized publicly available audio and video of the employees to create credible deepfakes, showcasing the critical need for advanced cybersecurity measures in the face of AI-driven threats​​.

Prevention and Protection

To protect against such advanced scams, it is vital for companies and individuals to enhance their cybersecurity protocols. This includes training employees to recognize phishing attempts, verifying unusual requests through multiple channels, and implementing technology capable of detecting synthetic media and other AI-generated content. Moreover, the rapid advancement of AI technologies necessitates continuous updates to security strategies to address new vulnerabilities.

The $25 million deepfake scam serves as a cautionary tale about the dark potential of AI technologies when used by cybercriminals. It underscores the importance of heightened vigilance and advanced security measures to combat the increasingly sophisticated tactics employed by scammers. As AI continues to integrate into various aspects of digital communication, the imperative for robust cybersecurity defenses becomes ever more critical.

The Deep Dive

Significant Data Breach at Sisense: Impact and Response

Introduction

A recent data breach at Sisense, a prominent business intelligence software provider, has compromised sensitive data, affecting numerous customers and prompting a swift response from the Cybersecurity and Infrastructure Security Agency (CISA). This article details the breach's implications, the measures taken by Sisense and CISA, and the ongoing investigations aimed at mitigating future risks.

The Breach

Earlier this week, Sisense confirmed that an unauthorized party gained access to one of its primary data servers, resulting in a significant exposure of customer data. The breach was detected during a routine security check, revealing that confidential information including names, email addresses, and possibly financial details of thousands of users had been compromised.

Immediate Impact on Customers

The direct impact on Sisense’s customers has been considerable. The exposed data encompasses sensitive information that could potentially be used for identity theft, financial fraud, and targeted phishing attacks. Customers have reported receiving suspicious emails and notices of unauthorized attempts to access other online accounts, suggesting that the stolen data is already being misused.

• Customers are facing increased risks of identity theft.
• Potential exposure of credit card information and other financial data.
• Businesses using Sisense’s services may experience disruptions due to the need to secure their accounts and data.

Response by Sisense

Upon detecting the breach, Sisense initiated an incident response, which included shutting down affected systems, notifying impacted customers, and implementing enhanced security measures to prevent further unauthorized access. The company has also offered free credit monitoring services to affected customers and is working closely with cybersecurity experts to bolster their defenses.

CISA’s Involvement

The Cybersecurity and Infrastructure Security Agency (CISA) quickly stepped in to assist with the investigation and to help coordinate a response. CISA has issued alerts and recommendations for affected users, urging them to be vigilant for signs of identity theft and to strengthen their personal and professional account security. The agency is also working with Sisense to understand the breach's mechanics and prevent similar incidents in the future.

• Guidance and Alerts: CISA has published guidance for affected users on how to secure their accounts.
• Investigative Support: Assisting Sisense in tracing the source of the breach and understanding the attackers’ methods.
• Broader Security Measures: Recommendations for industry-wide security enhancements.

The involvement of the Cybersecurity and Infrastructure Security Agency (CISA) in the Sisense data breach is notable and signifies the breach's severity and potential implications for national security. CISA's engagement also illustrates the agency's role in fortifying the nation's cybersecurity infrastructure against increasing threats.

Reasons for CISA's Involvement

1. Severity and Scale: The scale of the breach and the nature of the data involved likely triggered CISA’s involvement. Given that Sisense works with a range of clients, including potentially government entities and large corporations, the implications of such a breach could extend to critical infrastructure sectors.
2. Risk of Widespread Exploitation: The sensitive nature of the exposed data could lead to widespread security vulnerabilities, not just for individuals but for entire organizations, necessitating federal oversight and intervention to manage the risk.
3. Precedent for Future Security Measures: By involving itself in high-profile cases like the Sisense breach, CISA can set precedents and develop frameworks that other companies might adopt, enhancing overall national cybersecurity resilience.

Implications of CISA's Involvement

The active participation of CISA implies a few key considerations for Sisense and similar companies:

• Increased Scrutiny: CISA's involvement likely means that there will be increased scrutiny on how Sisense and similar tech companies secure their data and manage data privacy. This could lead to more stringent regulatory requirements in the future.
• Guidance and Support: While it brings scrutiny, CISA also provides expert guidance and support to help navigate the aftermath of the breach. This includes access to top-tier cybersecurity resources and expertise that can help mitigate the impact of the breach and prevent future incidents.
• Public and Industry Confidence: By stepping in, CISA also helps maintain public confidence in the digital economy and the security of critical technology infrastructures. Their involvement assures the public and industry stakeholders that significant measures are being taken to address the breach comprehensively.
• Setting Industry Standards: CISA’s response to the breach will likely influence cybersecurity practices across the industry. Their recommendations and the outcomes of their investigative efforts often lead to better security standards and practices that benefit the industry as a whole.

Broader Industry Implications

This breach underscores the vulnerabilities that even well-protected organizations face and highlights the ongoing challenges in cybersecurity for the tech industry. It serves as a reminder of the importance of robust security protocols and the need for continual assessment and enhancement of security measures.

• Industry-Wide Reevaluation of Security Practices: Encouraging other companies to review and improve their cybersecurity strategies.
• Legislative and Regulatory Considerations: Possible implications for stricter data protection laws and regulations.

Ongoing Investigations and Future Measures

Sisense, in collaboration with CISA and other cybersecurity entities, continues to investigate the breach. The focus is on identifying the breach's full scope, preventing the misuse of stolen data, and implementing stronger security measures to safeguard against future incidents.

• Deepening Security Investments: Increased investment in cybersecurity infrastructure and training.
• Long-Term Strategies for Data Protection: Development of more robust data protection strategies to guard against similar breaches.

CISA's involvement in the Sisense data breach is a critical aspect of the ongoing response and recovery efforts. It underscores the importance of federal oversight in managing significant cybersecurity threats and highlights the interconnected nature of security across private and public sectors. This involvement not only aids in immediate remedial actions but also contributes to the broader goal of enhancing the cybersecurity posture of organizations nationwide, setting a standard for how serious breaches are handled in the future.

And Finally ….

Over the past week, the cyber landscape has been dominated by notable incidents of cyberwarfare, espionage, and extortion across multiple countries:

1. Russian Espionage on Embassies: Russian hackers initiated an espionage campaign targeting the embassies of Georgia, Poland, Ukraine, and Iran, injecting malware into embassy servers to collect political and military information from Europe and Iran​​.
2. Data Breaches and Exposures: In China, a cybersecurity company experienced a leak of 190 megabytes of data revealing its espionage activities on several governments including the UK and India​​. Meanwhile, a significant data breach in France affected 33 million citizens, exposing sensitive personal data but not medical histories​​.
3. Cyber Attacks on Infrastructure: The Royal Canadian Mounted Police reported a cyberattack, the details of which are still under investigation for potential impacts on operations and security​​. Additionally, U.S. officials took action against an Iranian military spy ship as a counter-response to threats in the Red Sea​​.
4. Accusations and Sanctions: The US Treasury imposed sanctions on Chinese hackers linked to APT31, who are known for targeting U.S. critical infrastructure sectors. This action reflects growing concerns over the malicious cyber operations emanating from China​​.

These events highlight the ongoing and complex threats in the cyber domain, affecting both national security and personal data across global infrastructures. The diverse nature of these threats—from state-sponsored espionage to critical data breaches—underscores the need for robust cybersecurity measures and international cooperation to mitigate these risks.

Being informed has never been more important, so join us next week when we’ll discuss the attack methods we’re seeing in use by adversaries (delayed due to the interesting current events, the ongoing ransomware crisis in UK retailer CarpetRight, and of course, news headlines that have come our way and serve as the ice cubes in the water indicating that somewhere ahead, is something that will rip the keel off our ship.

Thanks for reading Cyberwarfare, Espionage & Extortion! Subscribe for free to receive new posts and support my work.

Meet me on the Socials

- Computercrime on LinkedIn
- X (formerly Twitter)
- That Fraud Guy on Mastodon
- Read my stuff on Dark Reading