This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.
Stan’s Corner
With all the bad news, I’m happy to promote this feel-good story about using AI against phone scammers. Kudos to Prof Dali Kaafar and his team from Macquarie University’s Cyber Security Hub. Macquarie University is a public research university located in Sydney, Australia.
- Real criminals, fake victims: how chatbots are being deployed in the global fight against phone scammers: New scambaiting AI technology Apate aims to keep scammers on the line while collecting data that could help disrupt their business model. … A scammer calls, and asks for a passcode. Malcolm, an elderly man with an English accent, is confused. … “What’s this business you’re talking about?” Malcolm asks. … Another day, another scam phone call. … This time, Ibrahim, a cooperative and polite man with an Egyptian accent, picks up. “Frankly, I am not too sure I can recall buying anything recently,” he tells the hopeful con artist. “Maybe one of the kids did,” Ibrahim goes on, “but that’s not your fault, is it?” … The scammers are real, but Malcolm and Ibrahim are not. They’re just two of the conversational artificial intelligence bots created by Prof Dali Kaafar and his team. Through his research at Macquarie University, Kaafar founded Apate – named for the Greek goddess of deception. … Apate’s aim is to defeat global phone scams with conversational AI, taking advantage of systems already in place where telecommunications companies divert calls they can identify as coming from scammers. … Thanks in part to $720,000 of funding from the Office of National Intelligence, there are now potentially hundreds of thousands of “victim chatbots”, too many to name individually. Bots of various “ages” speak English with a range of accents. They have a range of emotions, personalities, responses. Sometimes they’re naive, sometimes sceptical, sometimes rude. … If a telecommunications company detects a scammer and diverts it to a system like Apate, the bots will work to keep the scammers busy. … Telecommunications companies in Australia have blocked almost 2bn scam phone calls since December 2020.
From SecureTheVillage
- Smaller business? Nonprofit? Take your security to the next level. Apply Now! If you’re a small business or nonprofit in the greater Los Angeles area, apply NOW for LA Cybersecure. Protect your organization with our innovative team-based learn-by-doing program with coaching and guidance that costs less than two cups of coffee a week.
- IT Service Provider / MSP? Take your client’s security to the next level. Apply Now! If you’re an IT service provider in the greater Los Angeles area, apply NOW for LA Cybersecure. With our innovative team-based learn-by-doing program, you’ll have both that “seat at the table” and the peace of mind that you’re providing your clients with the IT security management they need.
- The LA Cybersecure Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.
- Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription!
- How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basic controls and download our free updated 13-step guide.
- Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardiansTM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village TM.
Cybersecurity Nonprofit of the Week … The Anti Phishing Working Group (APWG)
Kudos this week to the Anti Phishing Working Group (APWG). APWG unifies the global response to common cybercrimes and related infrastructure abuse through technical diplomacy; curation of a real-time clearinghouse of internet event data; development of applied research; and deployment and maintenance of global cybersecurity awareness campaigns. All of us can help APWG help us by forwarding malicious-appearing phishing messages to reportphishing@apwg.org. Like SecureTheVillage, APWG is a fellow-member of Nonprofit Cyber.
Cyber Humor
Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
To raise awareness and help people stay safe from cyber-scams SecureTheVillage offers our How Hackable Are You webinar to groups and organizations. Email us for more information: info@SecureTheVillage.org.
- Scammers are swiping billions from Americans every year. Worse, most crooks are getting away with it: The scammers are winning. … Sophisticated overseas criminals are stealing tens of billions of dollars from Americans every year, a crime wave projected to get worse as the U.S. population ages and technology like AI makes it easier than ever to perpetrate fraud and get away with it. … Internet and telephone scams have grown “exponentially,” overwhelming police and prosecutors who catch and convict relatively few of the perpetrators, said Kathy Stokes, director of fraud prevention at AARP’s Fraud Watch Network. … Victims rarely get their money back, including older people who have lost life savings to romance scams, grandparent scams, technical support fraud and other common grifts. … “We are at a crisis level in fraud in society,” Stokes said. “So many people have joined the fray because it is pretty easy to be a criminal. They don’t have to follow any rules. And you can make a lot of money, and then there’s very little chance that you’re going to get caught.”
Excellent advice on the AT&T breach.
- How the AT&T breach affects us and what we can do to limit risk at home and at work: Let’s breakdown how the AT&T breach will impact us at home and at work and what we can do to protect ourselves. … The AT&T breach includes numbers called and texted, the number of call and text interactions, the call length, and some people had cell site identification numbers leaked (which leaks the approximate location of person at the time that the call or text was placed). … How does this breach increase risk for us at home and at work?
Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.
The international cyber-temperature continues to rise in Southeast Asia as eight allies call out China’s hacking activity.
- U.S., Allies Issue Rare Warning on Chinese Hacking Group: An advisory by Australia, along with the U.S. and six other countries, details a group known as APT40 … SYDNEY—Australia, the U.S. and six other allies warned that a Chinese state-sponsored hacking group poses a threat to their networks, in an unusual coordinated move by Western governments to call out a global hacking operation they say is directed by Beijing’s intelligence services. … Tuesday’s advisory was a rare instance of Washington’s major allies in the Pacific and elsewhere joining to sound the alarm on China’s cyber activity. Australia led and published the advisory. It was joined by the U.S., U.K., Canada and New Zealand, which along with Australia are part of an intelligence-sharing group of countries known as the Five Eyes. Germany, Japan and South Korea also signed on. … The warning marked the first time South Korea and Japan joined with Australia in attributing malicious cyber activity to China. It was also the first time that Australia—which has been reluctant to point the finger at China, its largest trading partner—led such an effort, according to a person familiar with the matter.
An allegation which, if confirmed, would represent an extremely serious breach of national security.
- 1.4 GB NSA Data Leaked Online – Email Address, Phone Number & Gov Classified Data Exposed: Cyber Press Researchers discover another sensitive data leak on a well-known Data breach forum containing 1.4 GB of classified National Security Agency (NSA) data. … The agency’s operations are highly classified and utilize advanced technology and methods. … Threat actors claim that the data was allegedly obtained from Acuity Inc data breach., a company that works closely with the United States government and its allies.
As expected public comments will give CISA much to consider as it works to provide an improved regulatory base for securing our critical infrastructure from cyber-attack.
- Critical infrastructure organizations want CISA to dial back cyber reporting: Public comments from industry on the cyber agency’s draft proposal call for clearer terms and hard limits on what information can be collected. … The Cybersecurity and Infrastructure Security Agency will be spending the next few months going over comments from critical infrastructure owners and operators, industry trade groups, cybersecurity companies, and other interested parties after comments for the proposed rule ended Wednesday. The cyber incident reporting law, which is aimed at gaining more information on the threat landscape, comes with the acknowledgement that the defensive posture around cyberattacks against critical infrastructure amounts to reliance on a hodgepodge of state laws, sector-specific regulations, voluntary reporting, and differing levels of access from cybersecurity firms. … The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) … requires that select critical infrastructure owners and operators report substantial cyber incidents and ransomware payments to CISA within 24 hours.
Another piece in ProPublica’s ongoing story of the cascading national security implications of Microsoft’s failure to fix a critical cybersecurity weakness in its code.
- The President Ordered a Board to Probe a Massive Russian Cyberattack. It Never Did.: By not investigating the underlying weakness in Microsoft software that was key to the SolarWinds hack, the Cyber Safety Review Board missed an opportunity to prevent future attacks, experts say. … After Russian intelligence launched one of the most devastating cyber espionage attacks in history against U.S. government agencies, the Biden administration … issued an executive order establishing the Cyber Safety Review Board in May 2021 and ordered it to start work by reviewing the SolarWinds attack. … But for reasons that experts say remain unclear, that never happened.
A variety of other cybersecurity news.
- US, international authorities seize Russian AI bot farm: FBI officials say that software relying on AI to generate bot accounts was developed under a top editor at Russian state-owned news outlet RT. … The Department of Justice said Tuesday that it had seized a pair of internet domains and hundreds of social media accounts that authorities claim were part of a Russian-government bot farm that used AI to generate content aimed at meddling in American politics.
- HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia: Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that’s widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. … “Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion,” Elliptic said in a report shared with The Hacker News. … The British blockchain analytics firm said that the marketplace is part of HuiOne Group, a Cambodian conglomerate with links to Cambodia’s ruling Hun family and that another HuiOne business, HuiOne International Payments, is actively involved in laundering scam proceeds globally. … According to its website, HuiOne’s financial services arm is said to have 500,000 registered users. It also touts Alipay, Huawei, PayGo Wallet, UnionPay, and Yes Seatel as its customers.
- Major ISP Accused of Mass Malware Attack on Customers: A major South Korean ISP is accused of installing malware on over 600,000 customers’ PCs to curb torrent traffic, raising concerns about user privacy and ethical business practices.
This week in cybercrime.
- British engineering giant Arup revealed as $25 million deepfake scam victim: London-based company Arup has confirmed it was the victim of a deepfake scam in Hong Kong. … A British multinational design and engineering company behind world-famous buildings such as the Sydney Opera House has confirmed that it was the target of a deepfake scam that led to one of its Hong Kong employees paying out $25 million to fraudsters.
- Yet another top US healthcare service provider has been hacked, with patient data exposed: Following the likes of ChangeHealthcare, Kaiser, Cencora, and several others during the past few months, another major US healthcare service has reported suffering a cyberattack that resulted in the theft of sensitive patient data. … This latest victim is HealthEquity, which was on the receiving end of an apparent supply chain attack. In an 8-K form, filed with the US Securities and Exchange Commission (SEC) earlier this week, HealthEquity reported how earlier this year, as it was routinely monitoring its systems, it discovered “anomalous behavior by a personal use device belonging to a business partner.”
- Hacktivists release two gigabytes of Heritage Foundation data: A politically-oriented cybercrime group carried out the attack in response to Heritage’s Project 2025. … An established cybercrime group with a track record of attacking political targets posted on Tuesday roughly two gigabytes of data from the Heritage Foundation, a prominent conservative think tank based in Washington, D.C.
- Former Nuance Employee Arrested After Geisinger Data Breach Exposed 1.2 Million Records: Pennsylvania healthcare provider Geisinger is facing a class action lawsuit after a former Nuance employee accessed the personal information of more than 1.2 million individuals in November 2023. … Geisinger discovered the data breach in late November and immediately notified Nuance – a Microsoft-owned company – that “a former Nuance employee had accessed certain Geisinger patient information two days after the employee had been terminated,” the company said in an incident notice.
- Data breach exposes millions of mSpy spyware customers: Customer service emails dating back to 2014 exposed in May breach. … A data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it. … Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. While hacks of spyware purveyors are becoming increasingly common, they remain notable because of the highly sensitive personal information often included in the data, in this case about the customers who use the service.
- ‘Serious hacker attack’ forces Frankfurt university to shut down IT systems: The Frankfurt University of Applied Sciences announced on Monday it was targeted by “a serious hacker attack” that has led to a total shutdown of its IT systems. … It is the latest in a string of disruptive cyber incidents to have affected German universities, particularly those specializing in applied sciences.
Section 4: Managing Information Security and Privacy in the Organization.
- More than a CISO: the rise of the dual-titled IT leader: The rise of dual-title CISOs reflects the changing dynamics of the role from gatekeepers of cybersecurity to managing business risk. … Dual-title roles give CISOs new levers to work with and more scope to drive strategic integration and alignment of cybersecurity within the organization. … The role of the CISO is expanding and these C-level leaders have been acquiring responsibilities and adding roles beyond their principal function. Dual-title roles such as CISO plus CIO, CTO, VP of engineering, head of product, or head of infrastructure reflect a shift towards broader responsibilities and workplace recognition of the diverse skills of CISOs. … Many of the qualities that make a strong CISO, such as risk management, strategic thinking, leadership, and the ability to align technology initiatives with business goals, are ones that drive positive outcomes in these expanded roles. They leverage the CISO’s expertise in embedding security within business operations and managing complex systems. However, those in these roles say it requires clear ownership of risk, team support, balancing technical and business goals, and mastering a strategic shift in priorities.
