Akshay JoshiHead of Industry and Partnerships, Centre for Cybersecurity, World Economic Forum
- This monthly round-up brings you key cybersecurity stories from the past month.
- Top cybersecurity news: US faces huge cyber-espionage campaign; Big British firms hit by cyberattacks on outsourcing suppliers; Highest AI cyberthreat will stem from deep fakes, says Microsoft’s Brad Smith.
1. US warns of huge cyber-espionage campaign targeting critical infrastructure
One of the largest known cyber-espionage campaigns has hit companies running critical US infrastructure, according to Western intelligence agencies and Microsoft.
Microsoft analysts say the group, which it is calling Volt Typhoon, appears to be developing capabilities to allow it to disrupt critical US-Asia communications infrastructure that would be used in the event of a crisis. The group could also trigger cyberattacks against oil and gas pipelines and rail systems, the US State Department has been warned.
The group has carried out its work by exploiting vulnerabilities in cybersecurity platform FortiGuard, the Financial Times reports.
The US and numerous international cybersecurity authorities have issued a joint Cybersecurity Advisory notice highlighting the “cluster of activity”. They say that one of Volt Typhoon’s primary tactics is Living off the Land (LOTL) attacks, which use software and functions already available in the target system – such as Windows – to evade detection.
2. Big British firms hit by cyberattacks on outsourcing suppliers
The BBC, British Airways (BA) and some of Britain’s other biggest companies have been hit by cyberattacks as a result of data hacks at outsourcing suppliers.
The BBC and BA had staff data compromised by an attack on software used by a firm that provides payroll services for nearly half of FTSE 100 companies. A Russian-speaking criminal gang was behind the cybersecurity breach of Zellis software, the Financial Times reports.
The hack targeted a weakness in MOVEit file-transfer software, underscoring how companies are vulnerable to attacks on flaws in various areas of their software supply chain.
The MOVEit security flaw has also allowed hackers to steal data from US users, security researchers say. Organizations that use MOVEit should ready themselves for potential extortion and publication of the stolen data, a figure in the sector says.
Two-thirds of companies have faced ransomware attacks in the past year, with the exploitation of security vulnerabilities the biggest cause, according to a survey by security firm Sophos covering 14 countries. Moreover, the US-led Joint Ransomware Task Force notes that “malicious actors have adjusted their ransomware tactics to be more destructive and impactful.”
Read full article.