AI will make bogus emails appear genuine, and other cybersecurity news to know this month

Published · Updated
Hands typing on laptop keyboard.

Also in this cybersecurity round-up: Water companies fall prey to ransomware and investment in data protection rises. Image: Unsplash/Kaitlyn Baker

Akshay Joshi
Head of Industry and Partnerships, Centre for Cybersecurity, World Economic Forum
  • This monthly round-up brings you key cybersecurity stories from the past month.
  • Top cybersecurity news: AI will make fake emails appear legitimate; US and UK water companies targeted by ransomware; Organizations will increase data-protection investment but recover less in 2024; and the Forum releases its Global Cybersecurity Outlook 2024.

1. AI will make bogus emails appear genuine, warns UK cyber agency

The latest assessment from the NCSC, part of the GCHQ intelligence agency, notes that generative AI has become widely available to the public through open-source chatbot systems like ChatGPT, which create content from simple prompts.

The result is ever more convincing fake emails, free of tell-tale grammar and spelling mistakes, including phishing messages that trick recipients into revealing account passwords or personal information.

“To 2025, generative AI and large language models will make it difficult for everyone, regardless of their level of cybersecurity understanding, to assess whether an email or password reset request is genuine, or to identify phishing, spoofing or social engineering attempts,” the agency said.

It added that ransomware attacks are also expected to increase as AI makes it easier for amateur cybercriminals and hackers to target victims and access sensitive information or even paralyse their systems.

2. Ransomware attack on key US and UK water companies

One of the world's largest private players in the water sector, US company Veolia, announced it was hit by a ransomware attack that affected backend systems and servers. The cyberattack targeted the company's municipal water division, disrupting online bill-payment systems.

Personal information of "a limited number of individuals" may have been compromised, but there is no evidence to indicate water or wastewater treatment operations were impacted, the company said.

In the UK, the Black Basta ransomware group has claimed responsibility for an attack on Southern Water. The group says it has stolen 750Gb of files, including personal information and corporate documents, which it is threatening to make public unless a ransom is paid.

The water utility has begun an investigation, but so far says it has found no evidence of the attack.

“Our services are not impacted and are operating normally,” it said.

Summary of most common findings in ransomware response engagements.
These are the most common factors contributing to weak protection against ransomware. Image: Microsoft Digital Defence Report 2022

Weak identity controls, ineffective security operations and limited data protection are the most common vulnerabilities to such attacks, according to Microsoft's Digital Defence Report 2022.


3. News in brief: Top cybersecurity stories this month

Organizations will increase data protection investment but recover less in 2024, according to a survey by Veeam Software. Data protection budgets are expected to increase by 6.6% in 2024 amid continued threats from ransomware and cyberattacks.

The UK's University of Worcester is launching its cybersecurity degree a year ahead of schedule due to strong demand, and to equip students with the skills to handle cybersecurity issues, the BBC reports.

Data from two prominent online gaming platforms in India and has been offered for sale by cybercriminals known as "roshtosh", raising concerns about user information on online gaming sites, according to the Cyber Express news site.


How is the Forum tackling global cybersecurity challenges?

A Russian cybercriminal has been sanctioned for his role in hacking Australia's health insurer Medibank, which the country's Home Affairs Minister Clare O'Neil described as "the single most devastating cyberattack we have experienced as a nation". Sensitive documents were posted online relating to millions of Australians, including abortion records.

4. More about cybersecurity on Agenda

In early January, the World Economic Forum released its Global Cybersecurity Outlook 2024, which examines the cybersecurity trends that will affect economies and societies in the year to come. The report and the state of cybersecurity were major topics of discussion during the Forum's Annual Meeting 2024 in Davos, Switzerland. Experts from across the public and private sector gathered to discuss cyber inequity, the cyber skills gap and cyber's increasing role as a strategic imperative, among other issue areas.

To harness the opportunities quantum computing could bring to the finance sector, four principles can inform global regulatory approaches towards a quantum-secure transition.

Currently, the world faces a cybersecurity staffing shortfall of about 4 million professionals. Are you thinking about a career in cybersecurity? If so, these are the programmes you need to know about.

Have you read?
1. AI will make bogus emails appear genuine, warns UK cyber agency2. Ransomware attack on key US and UK water companies3. News in brief: Top cybersecurity stories this month4. More about cybersecurity on Agenda

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum