Attack

We are less than a year away from a cyber attack credited to ChatGPT

We are less than a year away from a cyber attack credited to ChatGPT

Jonathan Jackson, director of sales engineering APJ at BlackBerry Cybersecurity, writes about why cyber attacks linked to artificial intelligence are inevitable. ChatGPT has answers for almost everything, but there is one answer we may not know for a while: will its unintended consequences for cyber security turn this tool into a genie that its creators regret taking out of the bottle? BlackBerry surveyed 1,500 IT decision makers across North America, the UK and Australia and half (51 percent) predicted we are less than a year away from a cyber attack credited to ChatGPT. Three-quarters of respondents believe foreign states are…
Read More
IOTW: Source code stolen in Reddit phishing attack

IOTW: Source code stolen in Reddit phishing attack

A “highly targeted” phishing attack against social media site Reddit’s internal network has seen malicious actors steal the company’s source code and internal documents. The breach occurred on February 5, after a phishing attack was launched at Reddit employees. The site said the attack contained “plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens”.  After obtaining an employee’s credentials, the malicious actors were then able to gain access to Reddit’s internal systems. This meant that the hacker accessed Reddit’s internal business systems, dashboard, documents and…
Read More
What is business email compromise?

What is business email compromise?

In this article, Cyber Security Hub explores how cyber attackers use threat vectors like phishing, social engineering and ransomware to enact business email compromise (BEC). Cybercrime is an ever-growing issue across virtually every industry. Expected to have a global cost as much as US$10trn by 2025, companies must fight to combat malicious actors seeking to gain from cyber attacks against them. Threat actors increasingly use multiple threat vectors during attacks to overwhelm companies and make it easier for them to gain access to their network. This is makes it more important than ever to safeguard the most common vehicle for…
Read More
What is the difference between cyber risk management and cyber resilience?

What is the difference between cyber risk management and cyber resilience?

Cyber Security Hub speaks to Sourabh Haldar, threat policy implementation lead of information and cyber security at Standard Chartered Bank about the importance of cyber resilience in the face of emerging threats. Cyber Security Hub: What do you think will be the biggest threat vector and/or threat target in 2023? Sourabh Haldar: From a sector-wide perspective, phishing and social engineering-based attacks are definitely a concern. Phishing is the easiest way for malicious actors to gain a primary entry point for cyber attacks.   I come from the banking and finance sector and we receive hundreds, if not thousands, of phishing…
Read More
The dangerous vulnerabilities caused by weak email security

The dangerous vulnerabilities caused by weak email security

Why email security Threats to email security are on the rise. Research conducted for Cyber Security Hub’s Mid-Year Market Report 2022 found that 75 percent of cyber security practitioners think that email-based attacks such as phishing and social engineering are the ‘most dangerous’ cyber security threat to their organizations. Companies must protect this vulnerable asset without compromising its efficiency in communication. Email security is integral to protecting companies from external threats but also essential to protecting a brand’s customers from outbound threats such as phishing, data breaches and business email compromise (BEC). Without sufficient email security strategies, companies open themselves,…
Read More
IOTW: Malicious actors gain access to GitHub source code

IOTW: Malicious actors gain access to GitHub source code

GitHub has reported that a malicious actor gained access to a set of repositories used in the planning and development of GitHub Desktop and text and source code editor Atom. The source code repository said that it became aware of the data breach after “unauthorized access” was detected on its servers on December 7, 2022. A set of encrypted code-signing certificates were stolen during a breach. GitHub reported that the certificates were password-protected and there was “no evidence of malicious use”. The hacker gained access to the source-code repositories on December 6, 2022, after using a compromised Personal Access Token…
Read More
JD Sports data breach affects 10 million customers

JD Sports data breach affects 10 million customers

British sports clothing retailer JD Sports has reported a data breach that has affected more than 10 million customers. The retailer said on January 30 that the data breach occurred after a malicious party gained unauthorized access to a system containing customer data relating to orders placed between November 2018 and October 2020. This included orders from other JD Sports group companies including JD, Blacks, Size?, Scotts, Millets and MilletSport. JD Sports told the London Stock Exchange the data accessed was “limited” as the retailer “does not believe passwords were accessed” and does not save payment information. Information accessed during…
Read More
Why do hackers target cryptocurrencies?

Why do hackers target cryptocurrencies?

Cyber Security Hub explores why and how hackers are targeting cryptocurrency investors. With more than 420 million cryptocurrency users, more than 12,000 cryptocurrencies worldwide and an estimated value of US$2.2bn by 2026, the digital currency marketplace is growing rapidly. This rapid growth, however, has made it a target for cyber attackers looking to defraud victims.  Here, Cyber Security Hub explores the threat vectors used and vulnerabilities exploited by hackers specific to cryptocurrency-based cyber crime. Why do hackers target cryptocurrency? Cryptocurrency attacks can have large payouts With Bitcoin, Ethereum and Tether having market caps of $330.6bn, $152.6bn and $68.2bn respectively, cryptocurrency…
Read More
IOTW: Hackers steal the data of 37 million T-Mobile customers

IOTW: Hackers steal the data of 37 million T-Mobile customers

T-Mobile, the Deutsche Telekom-owned mobile communications brand, has suffered a data breach that exposed the records of 37 million customers. The breach was first discovered by T-Mobile on January 5 after the company noticed “unusual activity” on its American networks and was then reported to the general public on January 19. The company said that it believed the hacker had gained access to customer information “using a single Application Programming Interface (or API)”. T-Mobile said the breach was shut down within 24 hours of detection.  It believes the hacker has been using the API to access customer data since November…
Read More
Top tips for employee cyber security training

Top tips for employee cyber security training

In this article, Cyber Security Hub explores the best ways to educate employees on email-based cyber attacks and how to ensure they follow cyber security safety practices.  When surveyed by Cyber Security Hub for its Mid-Year Market report 2022, three in four cyber security experts said email-based threat vectors social engineering and phishing attacks were ‘the most dangerous threat’ to cyber security.  One of the reasons why these threats are so dangerous is because of how widespread these attacks are. International consortium and fraud prevention group the Anti-Phishing Working Group (APWG) recording a total of 3,394,662 phishing attacks in the…
Read More