Quarterly cybersecurity threat update: Jul 2024

Some notable changes and alarming new patterns have emerged in the cybersecurity sector in recent months.

In this quarter, the cyberthreat landscape has seen significant developments. Ransomware continues to be a dominant threat, now employing more aggressive tactics and targeting a wider range of industries. The rise of deepfakes has introduced new challenges, complicating efforts to authenticate communications and verify identities. Initial access brokers have become more active, selling network access to the highest bidder, which has facilitated a surge in sophisticated attacks. Phishing remains a constant threat, evolving in complexity and exploiting human psychology to deceive even the most vigilant users.

Significant cyberthreats this quarter

Ransomware

This quarter has seen several high-profile ransomware attacks, continuing a trend observed in our previous threat reports. The Qilin ransomware-as-a-service group, mentioned last quarter, has significantly increased its activity. In the last four months alone, Qilin has claimed responsibility for over 50 hacks, including a notable attack on Big Issue. This breach led to the publication of 500GB of sensitive data on the dark web, which included passport scans and employee payroll information.

Qilin has also claimed responsibility for the ransomware attack on NHS medical services provider Synnovis on the 3rd of June. Following their threat, they published 400GB of private information on their darknet site on the 20th of June. This attack has severely disrupted more than 3,000 hospital and GP appointments.

According to a recent analysis by NCC Group, the LockBit group, whose operations were disrupted by Operation Cronos last quarter led by the UK National Crime Agency, has resurfaced as the most prominent ransomware actor in May 2024. LockBit 3.0 returned with a vengeance, launching 176 ransomware attacks and accounting for 37% of the total attacks that month

Related news articles

LockBit Most Prominent Ransomware Actor in May 2024 infosecurity-magazine.com

NHS confirms patient data stolen in cyber attack bbc.co.uk

Global ransomware threat expected to rise with AI, NCSC warns ncsc.gov.uk

https://www.nextgov.com/cybersecurity/2024/05/thwarted-cyberattack-targeted-library-congress-tandem-october-british-library-breach/396399/ nextgov.com

Phishing

Phishing tactics have become increasingly sophisticated and deceptive, creating convincing emails that mimic official notifications from trusted organisations.

Cybercriminals are adept at exploiting current events and trends to enhance the credibility of their phishing attempts. For instance, they capitalise on major sporting events, global news stories, or seasonal trends to craft phishing emails that appear relevant and urgent to recipients. This tactic aims to increase the likelihood of unsuspecting individuals falling victim to the scam.

The evolving sophistication of phishing tactics underscores the importance of enhancing cybersecurity awareness. Regular training on identifying phishing attempts, implementing robust email filtering and antivirus software, and adopting multi-factor authentication are essential defences against these pervasive and increasingly sophisticated cyber threats.

Related news articles

Hackers Are Exploiting the UEFA Euros for Phishing Attacks em360tech.com

Booking.com warns of up to 900% increase in travel scams bbc.co.uk

Amazon Prime Day 2024: Cyber criminals Are Ready – Are You? blog.checkpoint.com

Emerging threats

Initial access brokers

Initial access brokers are an emerging class of cybercriminals specialising in infiltrating businesses and then selling stolen usernames and passwords to ransomware gangs on the dark web. These brokers provide a critical link between hackers and the criminal underworld, enabling ransomware gangs to focus solely on extortion without having to perform the initial hacking themselves.

Recent trends indicate that initial access brokers offer a range of compromised account-based services, such as remote access to corporate networks and domain-level privileged account access. Their activities contribute to the estimated £27 billion annual cost of cybercrime in the United Kingdom, with cybercrime reports being filed every 15 minutes on average. These brokers exemplify the professionalisation and diversification of cybercrime, allowing less skilled actors to engage in increasingly sophisticated attacks.

Related news articles

How freelance crooks facilitate major corporate hacks cybernews.com

Means to enter ZircoDATA servers sold by an initial access broker itwire.com

Russian Hackers Charged For Selling Unauthorized Access To Computer Networks cybersecuritynews.com

How Can We Reduce Threats From the Initial Access Brokers Market? darkreading.com

Deepfakes

A deepfake is synthetic media, such as audio and videos, created or manipulated by AI to impersonate someone, or fabricate events. Although the technology has been mainstream since 2019, recent advancements in AI have made today’s deepfake technology highly convincing, with its sophistication rising sharply in recent months.

Earlier this year, UK engineering firm Arup fell victim to a deepfake scam, after an employee was duped into sending HK$200m (£20m) to criminals via an artificial intelligence-generated video call posing as senior officers of the company. High-profile companies such as WPP and LastPass have also been targeted by cybercriminals this quarter, with attackers posing as senior executives using deepfake technology to attempt fraud. Fortunately, these attempts were unsuccessful.

Related News Articles

UK engineering firm Arup falls victim to £20m deepfake scam theguardian.com

CEO of world’s biggest ad firm targeted by deepfake scam theguardian.com

LastPass Reports Voice Phishing Attempt on Employee Using Audio Deepfake of Company CEO cpomagazine.com

1 in 10 Executives Say Their Companies Have Already Faced Deepfake Threats business.com

Security Tips and Recommendations

  • Install security patches and updates as soon as they are available. They can fix critical flaws in your systems.
  • Use different and complex passwords for all accounts, use a password manager and use multi-factor authentication when possible. This can prevent unauthorised access to your accounts.
  • Do not click on suspicious links or open unexpected attachments and watch out for emails that claim to be from legitimate sources, even if they look authentic.
  • Request confirmation of unusual data access or fund transfer requests through a separate, trusted channel
  • Back up your important data regularly to a secure location. This can reduce the damage of a ransomware attack.
  • Stay informed: Keep up with the latest cybersecurity threats and best practices. Consider subscribing to reliable security blogs or newsletters.
  • Get a clear picture of any misconfigurations, software vulnerabilities, and outdated systems with a cybersecurity audit of your systems, penetration test and vulnerability scan.

Remember, even basic cybersecurity awareness can significantly improve your defence against cyberthreats. By adopting these simple practices and staying informed, you can proactively protect yourself and your data in the ever-evolving digital landscape.

Additional Resources

National Cyber Security Centre (NCSC)

Get Safe Online

SANS Cyber Security Newsletters

Graham Cluley Security Blog

SentinelOne Blog

Share
  • Share on LinkedIn