Cybersecurity Decrypted #41: July 4th Attacks, Bogus Bargains… And A Ransomware Group Has A Change Of Heart?

We know that cybercriminals are using AI—perhaps not to develop new, sophisticated malware, but certainly to improve the efficiency of their attacks. One area in which we’ve observed attackers using AI is social engineering: firstly, to scrape personal data from victims’ social media accounts to make attacks more targeted, and secondly to scale attacks globally. GenAI tools have removed the cost barrier of hiring translators, enabling attackers to create more accurate, well-translated phishing messages.

AI has also made it easier for criminal data analysts to understand what data they’ve managed to extract in a ransomware attack. They simply plug the stolen data into an LLM and ask it to highlight the personal details, credentials, hashes, and financial information—enabling them to quickly discover its value so they can extort the victim or sell it on the dark web.

But while AI is improving attack efficiency, should cybercriminals be worried about losing their jobs to AI?

We spoke to advisory CISO Joseph Carson about his recent experiences dealing with ransomware investigations.

Previously, a member of the investigation team would communicate with someone within the ransomware gang to negotiate the release of the victim’s data, typically via a burner email or messaging service. But in the second half of last year, that all changed, says Carson.

“Now, I’m not communicating with a person. I’m communicating with an AI chatbot.”

And we’re not just seeing this trend in the ransomware space: large scam operations are also using AI agents to carry out cold call social engineering attacks, enabling them to reach more victims at scale.

While this reduces costs for threat actor groups, it could make those considering a career in cybercrime re-evaluate their decision.

“There’s a lot of concern that AI is taking away people’s jobs. It’s not; it’s empowering people with superpowers,” says Carson. “But in the criminal world, it is taking away criminals’ jobs, and it’s doing it right now. Criminals are losing their jobs to AI chat bots.”

Industry news, including funding, acquisitions and new product releases to watch this week.

• SEC reaches SolarWinds settlement:The agreement resolves charges stemming from the Russian-backed “Orion” cyberattack on the company’s systems back in 2019, over which the SEC had previously sued SolarWinds for “understating or failing to disclose known risks.” 🔗
• Leonardo acquires Axiomatics: The Italian defense and aerospace giant will acquire the Swedish cybersecurity firm in order to expand its zero trust offering. This comes shortly after the company’sacquisition of a 24.55% share in the Finland’s SSH Communications Security Corporation. 🔗
• Exabeam introduces new AI agent: The new Nova Advisor Agent will help reduce investigation times and increase analysts’ productivity. 🔗

We recently released Game Changers: a new podcast series investigating the companies that have pushed the boundaries and found innovative solutions to cybersecurity problems.

We spoke with Torq about how they’ve killed off an entire cybersecurity category; with Abnormal about the impact of social engineering attacks; with Zama on driving innovation and research; and with John Kindervag on taking a fresh perspective to reimagine security policies.

From many hours in the editing suite, one theme recurred across the interviews: a good idea isn’t enough.  Yes, a brilliant new perspective to a preexisting obstacle is essential. But to make a successful company, something else is needed.

Creating a team of the right people, with the right attitude and drive, is just as important. Not only must they be technically skilled and have the right experience, but they also need to be the type of people who will bring the best out of each other.

These people, your team, will help build this idea into something more tangible that you can talk about, get excited about, and get investment in. Game Changers are not made in isolation but must situate themselves at the center of a web.

What can we learn from this? Well, in the wider cybersecurity sector, connection is key. Speak with colleagues, share ideas with peers, and learn from those around you. If you have a problem, you’re unlikely to be the only one.

Listen to all four episodes of Game Changers now on the Expert Insights Podcast.

Threats and APTs

• Ransomware hits Nova Scotia Power: Following a breach earlier this year, the company is notifying 280,000 customers that their private data may have been accessed, including addresses, driver’s licence numbers, bank account details, and Canadian Social Insurance numbers. 🔗
• Be wary of “BERT”: A new ransomware group is targeting healthcare, tech, and event services across Asis, Europe, and the US. The group’s techniques affect Windows and Linux systems and make it significantly difficult to recover lost data. 🔗
• Crypto-companies targeted by malware: A North Korean hacking group is using fake Zoom software updates to trick employees at web3 and crypto-related organizations into installing macOS malware. 🔗

Government and Policy

• European Commission announces new quantum strategy: The strategy will support research and innovation in Europe’s quantum sector, as well as prepare the continent’s public infrastructure for the threat posed by quantum computing, which is predicted to make many current encryption standards redundant. 🔗
• Google ordered to pay $314M in data privacy case: A US Court has ordered the tech giant to pay $314 million after ruling that it misused Android device users’ data without their permission. Google plans to appeal the 🔗
• US Treasury sanctions North Korean over IT worker scheme: The cyber actor Song Kum Hyok was sanctioned for his association with North Korean hacking group “Andariel” and for facilitating the fake IT worker schemes that have been making headlines in recent months. 🔗

This week, Brazilian police arrested an IT worker for allegedly selling his login credentials to a threat actor group, enabling them to breach a major instant payment system and steal over $540M Brazilian reais—the equivalent of over USD$98M.

40-year-old João Roque, who worked on the backend systems at C&M Software, was reportedly approached by the attackers in a bar earlier this year. According to a statement from Roque, he handed them his credentials in exchange for two cash payments totalling approximately USD$2,700. Using these credentials, the attackers we able to sign into PIX, an instant payment platform developed by Brazil’s Central Bank to enable the transfer of funds between bank accounts. From there, they stole the equivalent of almost USD$100M from at least six financial institutions using the software.

Authorities have frozen USD$50M linked to the attack and are now searching for the hackers behind it.

$2,700 for a trip to prison? We’ll pass!

How to fly high with AI copilots: Ben Kliger, Co-Founder of Zenity, explains the importance of securing AI agents with end-to-end security and governance. Listen now.

Paving the future of security: In this RSAC omnibus, Benny Porat, CEO at Twine Security, discusses how they’re building trustworthy Agentic AI professionals who understand and execute tasks just like your best employee would, and Ryan Chow, Co-Founder & CEO of Metalware, discusses how firmware fuzzing can proactively detect and remediate vulnerabilities in embedded systems before deployment. Listen now.

Subscribe today.

• Top RMM Solutions For MSPs
• Top Mobile Device Management (MDM) Solutions
• Top Email Security Gateways
• Top Email Security Solutions For Office 365
• Top Identity And Access Management Solutions
• Top Phishing Protection Solutions
• Top Phishing Simulation And Testing Solutions
• Top Cyber Threat Intelligence Solutions