Here are some interesting updates about cybersecurity threats and new trends.
The FBI reported a record $12.5 billion in losses from online scams in 2023, a $2 billion increase from the previous year. Investment scams accounted for over a third of these losses, with many involving fraudsters pretending to be someone's love interest and tricking them into investing in phony cryptocurrency schemes. The FBI also noted an increase in the damaging costs of ransomware attacks, with reported losses from ransomware attacks jumping from about $34 million in 2022 to about $59 million in 2023. However, the total financial impact from ransomware is much higher, as only a fraction of victims report these attacks to the bureau.
Cybercriminals extorted a record $1.1 billion in ransom payments from victim organizations in 2023, according to Chainalysis. The health care sector reported the most ransomware incidents, with 249 incidents in 2023. Despite these alarming figures, federal authorities advise against paying ransom, as it fuels the growth of the ransomware market and may not guarantee data recovery.
Source: CNN
The International Monetary Fund (IMF) is investigating a cybersecurity breach that led to the compromise of several internal email accounts. The incident was first detected on February 16, 2024, and a subsequent investigation with the assistance of independent cybersecurity experts determined that 11 IMF email accounts were compromised. The impacted email accounts were re-secured, and there is no indication of further compromise beyond these email accounts at this point in time.
The IMF has a robust cybersecurity program in place to respond quickly and effectively to such incidents. The IMF could be a popular target for a cyber-espionage attack by state-sponsored actors, especially those working for countries receiving or negotiating debt bailouts from the fund. However, no senior managers were impacted by the incident, and the investigation is ongoing.
The IMF last suffered a major compromise in 2011, when hackers exfiltrated data following a sophisticated spear phishing attack. The IMF took the decision to publicize the February 2024 attack to underline its commitment to transparency and as a reminder to employees to stick to internal cybersecurity policy.
Source: Infosecurity Magazine
Fujitsu, a Japanese tech corporation and the sixth largest IT firm in the world based on annual revenue, has confirmed that personal and customer information may have been obtained by hackers who deployed malware on multiple computers at the company's offices. The malware was discovered after an internal investigation, and the affected business computers were immediately disconnected. Fujitsu has reported the data breach to Japan's Personal Information Protection Commission and is currently investigating the circumstances surrounding the malware's intrusion and whether any information has been leaked. The company did not specify when the initial intrusion occurred or what information was taken. Affected individuals have been contacted individually through the Personal Information Protection Commission.
Source: The Record by Recorded Future
On September 27, 2023, Stanford University discovered that a threat actor had breached its Department of Public Safety (DPS) and deployed ransomware. The attackers gained access to the DPS network between May 12, 2023 and September 27, 2023 and exfiltrated data.
Stanford's investigation determined that the personal information of 27,000 individuals was stolen, including details like date of birth, Social Security numbers, government IDs, and more. For a smaller subset, even more sensitive information like biometric data and financial details were accessed.
Stanford has partnered with IDX to provide identity theft protection services to the affected individuals. They are also enhancing security measures in the DPS to prevent similar incidents.
The university only began notifying impacted individuals in March 2024, nearly 6 months after discovering the breach, citing the time needed to analyze the "nature and scope" of the incident.
Source: CPO Magazine
American Express Co. has informed an undisclosed number of cardholders that their account information may have been compromised in a recent hacking of a merchant processor. The breach may have affected current and previously issued American Express Card account numbers, expiration dates, and customer names. The incident occurred when a third-party service provider engaged by numerous merchants experienced unauthorized access to its system. American Express stressed that its own systems were not compromised in the incident. The company is actively monitoring the potentially impacted accounts for fraud and has urged customers to review their accounts for fraudulent activity, sign up for instant notifications of potential suspicious activity, and ensure their contact information is current.
Source: CBS News