Jul 13 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that finally knows Huw dunnit 😏 We promise to protect you from cybercriminals as well as the BBC protects its own 😬🤮💀
Today’s hottest cyber security stories:
💰 Ransomware bill for 2023 closes in on half a billion. And it’s only July 😳
🤖 AI: Our guide on how to stay safe from AI phishing attacks 🎣
🍜 China-backed cyber espionage targets 24 American gov’t agencies
It looks like the ransomware problem is going to get a whole lot worse before it gets better, folks. The numbers are in for the first half of 2023. And suffice to say, they ain’t great 😬
The one tiny little silver lining we can take away from this new report is the fact that ransomware is the only cryptocurrency-based crime to grow in 2023. But boy has it grown! 😲
So, let’s get into it, shall we? So, longtime readers of Gone Phishing will know all too well that 2021, and to a slightly lesser extent 2022, were terrible years for ransomware attacks, with Australia bearing the brunt but really, nobody was safe when it came to having data stolen or locked away for ransom.
Well, 2023 is fixing to put 2022 to shame. Cybercriminals have so far extorted nearly $175.8 million more than they did a year ago, according to findings from Chainalysis. Yikes!
“Ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.1 million through June,” the blockchain analytics firm said in its midyear crypto crime report.
“If this pace continues, ransomware attackers will extort $898.6 million from victims in 2023, trailing only 2021’s $939.9 million.” So, 2021 is still the year to beat, then 💀
The rise since 2022 appears to be driven by large unrelenting threat actors such as Cl0p which has been running riot with its attacks on MOVEit Transfer application, extensively covered by Gone Phishing 🎣
“Clop’s preference for targeting larger companies (>$5 million/year revenue) and capitalising on newer-but-disclosed vulnerabilities has been the primary driver of its success in the first half of 2023,” Sophos researcher David Wallace said in a report earlier this week, calling the group a “loud, adaptable, persistent player.”
Here’s hoping law enforcement agencies start getting some wins, eh? They’re long overdue when it comes to the big players. Stay safe folks and don’t negotiate with terrorists! 💪
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
If you are interested in joining the group you can through the link below.
nothing else for this story than an image generated by AI via midjourney 😉
Here’s our quickfire, bullet point guide to recognising (and mitigating!) the phishing threats of AI. Enjoy!
AI phishing attacks: Cybercriminals use AI to enhance phishing attempts.
Automated Phishing Campaigns: AI automates large-scale phishing emails, making them appear genuine by mimicking individuals.
Spear Phishing with Social Engineering: AI gathers data from social media and tailors phishing emails to targets, making them difficult to distinguish from genuine communications.
Natural Language Processing (NLP) Attacks: AI crafts contextually relevant phishing emails that bypass traditional filters.
How to stay safe:
Employee training: Teach employees to recognize phishing attempts.
Multi-factor authentication: Implement additional layers of security.
AI-based solutions: Use AI to detect and defend against evolving phishing techniques.
DNS filtering: Employ as a first layer of protection.
Regulation and legal risks:
Evolving laws and regulations: Governments are creating rules for AI use, and non-compliance can result in penalties.
Liability for AI harms: Businesses may be held accountable for AI system errors causing financial loss or harm.
Intellectual property disputes: Legal conflicts over data ownership or AI system ownership may arise.
Countries and Companies Restricting AI:
European Union: GDPR and proposed AI Act establish rules for responsible AI use.
United States: Ongoing discussions on AI governance.
China: AI-specific regulations focus on data security and accountability.
Summing things up:
Implement comprehensive protection systems and consult legal departments to address AI risks.
Consider blocking AI services if risks outweigh benefits and compliance guidelines advise against their use.
Use DNS filtering from SafeDNS to mitigate data loss risks, maintain legal compliance, and adhere to company requirements.
Hope that helps!
🗞️ Extra, Extra! Read all about it 🗞️
Each week, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
💸 Millionaire Habits: Learn how to steal the simple habits of millionaire in 3 minutes or less straight from your inbox
🤯 Bot Eat Brain: Teaches how to harness the awesome power of AI whilst avoiding common pitfalls.
💅 Stand the f*ck out: Anxious about AI, wary customers, and rising competition? This on-trend newsletter could be just the ticket.
Let us know what you think!
So, an anonymous Federal Civilian Executive Branch agency recently detected some shady email activity. But that’s not all!
They issued a CISA and desist to China 😁
In a joint announcement from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), it was revealed that the masterminds behind this diabolical plan was none other than a China-linked espionage group.
Apparently, these sneaky cyber villains infiltrated not one, not two, but a whopping two dozen organisations! 🕵️♂️
And while the government agency involved remains shrouded in mystery (cue X-Files theme), insiders (made public by CNN and the Washington Post), claim it might be the U.S. State Department.
Lock her up!
Moreover, the Commerce Department and even the email accounts of prominent figures (Hillary Clinton? 😂 JK) like a congressional staffer, a human rights advocate, and think tanks also found themselves in the crosshairs.
Even though 24 organisations were targeted, they reckon only ‘single-digits’ worth have been successfully infiltrated.
Stay tuned for more twists and turns as the story unfolds! 🌎🍿 So sad that it should come to this.
So long and thanks for reading all the phish!