How you can learn from breaches and malicious activity online

Information Security never ceases to be a hot topic. Here, Sarah Coles looks at 3 recent newsworthy breaches and shares her takeaways on how you can stay protected. 

FCA warns financial firms to boost protections against AI scams [1]

What happened?

The FCA is concerned about an increase in the sophistication and effectiveness of fraudulent activity using artificial intelligence (AI). Their latest warning encourages companies to invest in fraud prevention tools and to accelerate operational and cyber resilience to combat this new threat.

Nikhil Rathi, the FCA’s Chief Executive, referenced a  deepfake investment scam ad  recently published on Facebook, impersonating Martin Lewis [2].  According to Action Fraud, in the 6 months leading up to March 2023, 400 scam related crimes featuring Martin Lewis  resulted in financial losses of £6 million.   Deepfakes use AI to create convincing   fictional images, audio, or videos, often using well-known people as a lure.

Recently a mother in America received a call demanding a ransom  of $1m for the release of the daughter he claimed to have  kidnapped.  The call began with her daughter screaming for help [3].  However, this was fake,  generated by AI which can impersonate someone’s voice from something as simple as a few seconds of social media video clips.. Thankfully the mum stalled the ‘kidnapper’ enough to confirm her daughter was safe.

There’s also been an increase in sextortion scams utilising AI. Here,  photos and videos, often taken from someone’s social media accounts, are altered to make them sexually explicit.  The victims are then harassed with these fictional images and asked for money to prevent the images being shared with friends, family, or colleagues.

Key Takeaway

1. Educate staff on the use of AI in scams and how it can be used against them. This includes the need to be careful with sharing information online, making sure social media accounts are private and rejecting connection requests from people they don't know.
   
   
2. Keep on top of AI developments to understand how tools can be used internally to improve your business versus how they could be used against you. 

[1] https://www.fca.org.uk/news/speeches/our-emerging-regulatory-approach-big-tech-and-artificial-intelligence

[2] https://www.infosecurity-magazine.com/news/martin-lewis-deepfake-investment/

[3] https://amp-cnn-com.cdn.ampproject.org/c/s/amp.cnn.com/cnn/2023/04/29/us/ai-scam-calls-kidnapping-cec/index.html

[4] https://www.infosecurity-magazine.com/news/fbi-warns-surge-deepfake-2/

Ransomware group exploits an unknown vulnerability

What happened?

The Russian hacking gang, Clop, began exploiting a previously unknown vulnerability (known as a ‘zero-day vulnerability’) in the popular file transfer platform MOVEit, in May 2023. Many high-profile businesses around the world use MOVEit to securely share documents.

Progress Software, the owners of MOVEit, released a patch to fix the vulnerability a couple of days later, but an estimated 150 companies and over 16 million individuals had already been compromised and this number continues to rise [5].  This makes the MOVEit vulnerability one of the largest supply chain attacks in history. 

Once Clop gains access to a company’s MOVEit account, they steal their data, which often includes confidential information being shared with clients and supply chain. 

Clop’s demands are simple. They ask for a ransom payment, and in exchange they promise to delete the stolen data and not publish the company name on their data leak site.

Recently, Clop added 62 Ernst & Young (EY) clients to their leak site, after stealing 3 terabytes of critical information about EY clients, including financial reports and accounting documents in client folders, passport scans, Visa scans, risk and asset management documents, contracts and agreements, credit agreements, audit reports and account balances [6]. 

Other high-profile victims include the BBC, energy giant Shell, cyber security firm Qualys, British Airways and Ofcom.

Key Takeaway

1. Having a swift critical patch process in place is essential to avoid breaches. It's surprising how many companies are losing the race to patch their vulnerability before the Clop gang gained access to their accounts.
   
   
2. Make sure you have a regularly rehearsed incident response plan in place, which includes notifications to third parties in a timely manner.

[5] https://www.bankinfosecurity.com/clops-moveit-campaign-impacts-over-15-million-individuals-a-22398

[6] https://www.bankinfosecurity.com/clop-crime-group-adds-62-ernst-young-clients-to-leak-sites-a-22514

USB drive malware attacks are spiking again

What happened?

Cybersecurity experts  recorded a spike in USB-based incidents in the first half of 2023, with a threefold increase in the number of attacks using USB drives to steal secrets [7].

It’s thought  these attacks are part of a cyber-espionage campaign – a cyber attack that attempts to gain unauthorised access to sensitive or classified information for economic gain, competitive advantage, or political reasons.

Cyber security company, Check Point, first discovered malicious software that self-propagates after a European hospital reported a cyber-attack. An employee of the hospital had attended a conference in Asia and shared their USB with a colleague whose device was infected with the malware, which transferred the malware to the USB [8]. This shows how dangerous the self-propagating malware is, , as any new USB attached to an infected device will subsequently be infected.

Since then, Check Point has discovered USB malware infections across Great Britain, India, Russia, and South Korea.

Key Takeaway

1. Educate and remind staff about the potential dangers or using USBs, including accepting free USBs at conferences and events, or plugging in USBs to another device.
   
   
2. Enhance your security by enforcing USB blocking policies - this helps prevent malicious software as well as confidential data loss. If USBs are required for certain roles, limit this to approved users only and continually monitor whether access is still needed. 

[7] https://www.mandiant.com/resources/blog/infected-usb-steal-secrets

[8] https://blog.checkpoint.com/security/stealthy-usb-new-versions-of-chinese-espionage-malware-propagating-through-usb-devices-found-by-check-point-research/

This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity.

Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.