- This regular round-up brings you key cybersecurity stories from the past month.
- Top cybersecurity news: Black Friday phishing emails soar; Australia announces new cybersecurity plan; Ransomware gang ringleader arrested in Ukraine.
1. Black Friday phishing emails soar
The annual shopping bonanza that is Black Friday has caused the number of phishing emails to soar. Cybersecurity company Egress reports a 237% increase in emails sent in the first two weeks of November compared to September and October.
Black Friday and Cyber Monday have been a target for cybercriminals for some years with globally recognised brands often being mimicked to encourage clicks.
Ahead of the shopping event, organizations including the UK's National Cyber Security Centre warned consumers to be more vigilant, highlighting how AI technology has enhanced the threat. Last year, shoppers in the UK alone lost £10 million to festive scams.
2. Australia announces new cybersecurity plan after breaches
Australia has unveiled a new wide-reaching cybersecurity plan, with the aim of becoming a leader in the cybersecurity space by 2030.
The country has suffered a number of high-profile breaches in recent months, affecting the personal data of millions of citizens.
The new strategy aims to shift the perception of cybersecurity from a technical issue to something all citizens and businesses can have an impact on. Support will be expanded for small and medium-sized businesses and new provisions to better protect critical infrastructure.
How is the Forum tackling global cybersecurity challenges?
The World Economic Forum's Centre for Cybersecurity at the forefront of addressing global cybersecurity challenges and making the digital world safer for everyone.
Our goal is to enable secure and resilient digital and technological advancements for both individuals and organizations. As an independent and impartial platform, the Centre brings together a diverse range of experts from public and private sectors. We focus on elevating cybersecurity as a key strategic priority and drive collaborative initiatives worldwide to respond effectively to the most pressing security threats in the digital realm.
Learn more about our impact:
- Cybersecurity training: In collaboration with Salesforce, Fortinet and the Global Cyber Alliance, we are providing free training to the next generation of cybersecurity experts. To date, we have trained more than 122,000 people worldwide.
- Cyber resilience: Working with more than 170 partners, our centre is playing a pivotal role in enhancing cyber resilience across multiple industries: oil and gas, electricity, manufacturing and aviation.
Want to know more about our centre’s impact or get involved? Contact us.
3. News in brief: Top cybersecurity stories this month
A man suspected of being the ringleader of a ransomware gang operating in Ukraine has been arrested in a series of raids by police. The gang has allegedly extorted several hundred million dollars from victims in over 70 countries. Four more of the gang's most active players were also arrested, Europol said.
The US Federal Bureau of Investigation has warned of a growing trend of ransomware criminals attacking casinos via third parties. Caesars Entertainment and MGM Resort were both subject to cyberattacks in recent months, with customer data stolen.
India's Central Bureau of Investigation has carried out a series of raids in cities across the country as part of the fight back against tech support fraud. Coordinated action between Microsoft, Amazon and law enforcement saw the CBI raid illegal call centres set up to impersonate customer support at the two companies.
Slovenia's largest power generator has been hit by a ransomware attack that affected its systems and encrypted files. Holding Slovenske Elektrarne, which generates approximately 60% of the country's domestic supply, said the incident did not affect electric power production.
A number of state-linked cyber actors from the Democratic People's Republic of Korea have targeted software supply chain products used by government agencies, financial institutions, and defence companies around the world, according to the National Intelligence Service of the Republic of Korea and the National Cyber Security Centre of the United Kingdom. The attacks are attributed to the Lazarus threat group.
General Electric (GE) is investigating claims a threat actor hacked and leaked allegedly stolen data from the company's development environment. Known as IntelBroker, the threat actor is selling access to GE's "development and software pipeline". This allegedly includes a significant amount of Defense Advanced Research Projects Agency data, linked to technologies used by the US military.
A hack on Okta's customer support system has resulted in data from all of its customers being stolen. The US Department of Defense and certain other government clients using a more secure environment were not impacted, the company said.
4. More on cybersecurity on Agenda
Using ChatGPT and other large language models can improve efficiency and productivity at home and at work - but there are risks involved. Generative AI can suffer from bias and accuracy issues, and care needs to be taken around sensitive issues. Here are some tips to help you use it safely.
Individuals can request that organizations remove and delete their personal information from online platforms under the EU's right to be forgotten. For the request to be successful, specific criteria must be met, such as that the information is outdated or offensive.
There is a shortage of cybersecurity professionals, which is a problem for the global economy. To close this skills gap, public and private sectors must work together to cultivate relevant talent.
Over 80% of companies have been affected by ransomware, according to research by cybercrime analytics firm SpyCloud. By looking at how attacks happen we can spot the signs earlier help prevent them.
World Economic Forum