US warns of huge cyber-espionage campaign, and other cybersecurity news to know this month

The US State Department has been warned of cybersecurity risks affecting both the public and private sectors.
The US State Department has been warned of cybersecurity risks affecting both the public and private sectors.
Image: REUTERS/Yara Nardi
  • This monthly round-up brings you key cybersecurity stories from the past month.
  • Top cybersecurity news: US faces huge cyber-espionage campaign; Big British firms hit by cyberattacks on outsourcing suppliers; Highest AI cyberthreat will stem from deep fakes, says Microsoft's Brad Smith.

1. US warns of huge cyber-espionage campaign targeting critical infrastructure

Microsoft analysts say the group, which it is calling Volt Typhoon, appears to be developing capabilities to allow it to disrupt critical US-Asia communications infrastructure that would be used in the event of a crisis. The group could also trigger cyberattacks against oil and gas pipelines and rail systems, the US State Department has been warned.

The group has carried out its work by exploiting vulnerabilities in cybersecurity platform FortiGuard, the Financial Times reports.

The US and numerous international cybersecurity authorities have issued a joint Cybersecurity Advisory notice highlighting the "cluster of activity". They say that one of Volt Typhoon's primary tactics is Living off the Land (LOTL) attacks, which use software and functions already available in the target system – such as Windows – to evade detection.

2. Big British firms hit by cyberattacks on outsourcing suppliers

The BBC, British Airways (BA) and some of Britain's other biggest companies have been hit by cyberattacks as a result of data hacks at outsourcing suppliers.

The BBC and BA had staff data compromised by an attack on software used by a firm that provides payroll services for nearly half of FTSE 100 companies. A Russian-speaking criminal gang was behind the cybersecurity breach of Zellis software, the Financial Times reports.

The hack targeted a weakness in MOVEit file-transfer software, underscoring how companies are vulnerable to attacks on flaws in various areas of their software supply chain.

The MOVEit security flaw has also allowed hackers to steal data from US users, security researchers say. Organizations that use MOVEit should ready themselves for potential extortion and publication of the stolen data, a figure in the sector says.

Two-thirds of companies have faced ransomware attacks in the past year, with the exploitation of security vulnerabilities the biggest cause, according to a survey by security firm Sophos covering 14 countries. Moreover, the US-led Joint Ransomware Task Force notes that "malicious actors have adjusted their ransomware tactics to be more destructive and impactful."

The state of ransomware 2023. Hackers exploiting cybersecurity vulnerabilities is the leading cause of ransomware attacks.
Hackers exploiting cybersecurity vulnerabilities is the leading cause of ransomware attacks.
Image: Sophos

UK pension schemes run by major retailer Marks and Spencer, drinks company Diageo and consumer goods manufacturer Unilever have also fallen victim to cyberattacks on outsourcing firm Capita this year. And local government bodies say their files have been put at risk by an "unsecured cloud-based data storage system" controlled by Capita, according to the Financial Times.

Capita says it is facing costs of $19 million to $25 million from its efforts to deal with the incident, including specialist professional fees, recovery and remediation costs and investment to reinforce its cybersecurity system.

3. News in brief: Top cybersecurity stories this month

The biggest cyberthreat stemming from AI will come from deep fakes, according to Microsoft President Brad Smith. He believes realistic-looking but false content could drive government-led "cyber-influence operations". Smith says there is a need for AI licensing, with "obligations to protect security, physical security, cybersecurity, national security," Reuters reports.

US cloud service providers looking to operate in the European Union (EU) could need to set up a joint venture with an EU-based company to obtain an EU cybersecurity label. A draft proposal from EU cybersecurity agency ENISA says the cloud service must be run and maintained in the EU, and all customer data must be stored and processed there.

Portugal may ban telecom operators from using Chinese equipment in 5G networks. Security risks arise when suppliers are based in countries that do not have agreements on cybersecurity, data and intellectual property protection with Portugal or the EU, the Portuguese cybersecurity council says.

Centre: Cybersecurity

How is the Forum tackling global cybersecurity challenges?

The World Economic Forum's Centre for Cybersecurity at the forefront of addressing global cybersecurity challenges and making the digital world safer for everyone.

Our goal is to enable secure and resilient digital and technological advancements for both individuals and organizations. As an independent and impartial platform, the Centre brings together a diverse range of experts from public and private sectors. We focus on elevating cybersecurity as a key strategic priority and drive collaborative initiatives worldwide to respond effectively to the most pressing security threats in the digital realm.

Learn more about our impact:

Want to know more about our centre’s impact or get involved? Contact us.

A "heavy cyberattack" hit the Italian Industry Ministry in late May. The attack took out its web portal and applications. Italian institutions have recently been targeted by several cyberattacks, raising questions over their network safety, according to Bloomberg.

Indonesia's biggest Islamic lender is working to boost its cybersecurity after 15 million of its customers had their details published online. The data breach at Bank Syariah Indonesia was the biggest ever at an Indonesian financial institution, a cybersecurity expert said.

The world's biggest privately-owned cybersecurity lab has opened in the UK. It will help check how safe vehicles, planes and industrial systems are from cyberattack. The site is run by private company IOActive and is located near the base of UK intelligence agency GCHQ.

Former US President Donald Trump's decision to fire a top cybersecurity official after he lost the 2020 election is to be probed by a US special counsel. Christopher Krebs was fired days after the Cybersecurity and Infrastructure Security Agency he headed up described the election as "the most secure in American history".

4. More on cybersecurity on Agenda

Losses from cybercrime are expected to rise from $8.44 trillion in 2022 to $11 trillion in 2023. Here's what your organization needs to know about cyber insurance.

The Asia-Pacific region is experiencing a huge increase in cyberattacks compared with its global counterparts. Why is this happening, and what can be done to prevent cybercrime?

Weak passwords are one way our internet behaviour could be compromising our digital security. Here are five other ways we could be putting our cybersecurity at risk.

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum