Wise, a well-known money transfer and fintech company, stated that the personal data of some customers had been compromised in the recent Evolve Bank and Trust data breach. There is uncertainty about the extent of the breach and its impact on third-party companies, their customers, and users, as an increasing number of companies have come forward in recent days to disclose that they have been affected.
In an official statement, Wise states it had worked with Evolve from 2020 to 2023 and shared with the latter USD account details. This personal data included names, addresses, dates of birth, contact information, and Social Security numbers or Employer Identification Numbers. The statement suggests that due to the breach, there is a potential risk that customers’ personal information might be exposed. The extent of the impact on Wise customers remains undisclosed as the company continues its investigation. Yet the company assured that affected Wise customers would be notified via email. Despite the breach at Evolve, Wise assured that their systems remained integral and facilitated customers’ secure access to their accounts.
Evolve highlighted its ongoing efforts to address the cybersecurity incident following the ransomware attack by the LockBit cybercrime group by noting there was limited data loss and minimal operational disruptions due to available backups. Evolve ensured that it would individually notify all persons affected by the breach. Affirm, EarnIn, Marqeta, Melio, and Mercury, among other Evolve partners, are investigating the impact on their customers.
Australia’s Federal Police (AFP) have pressed charges against an Australian man for allegedly carrying out an ‘evil twin’ WiFi attack on multiple domestic flights and airports in Perth, Melbourne, and Adelaide with the aim of stealing email and social media credentials from unsuspecting passengers. The investigation by the police in Australia was initiated following reports from airline staff in April 2024. This led to the seizure of the man’s devices at the airport and discovery of incriminating evidence on them.
In an evil twin WiFi attack, a deceptive wireless access point is set up with the same SSID (WiFi network name) as a legitimate network in the vicinity. For instance, many flights provide in-flight WiFi services that require passengers to connect to the airline’s WiFi network. In this attack, cybercriminals create a fake network with the same name, tricking users into connecting to it. Once connected users are directed to a counterfeit login page or captive portal asking them to enter their login credentials.
The Australian individual apprehended by the AFP reportedly used a portable device to establish free WiFi access points at various locations making users log in using their email or social media accounts. The stolen information could potentially be exploited to gain access to sensitive data, take over social media accounts, extort victims, or sell the data to other cybercriminals. The charges brought against the suspect include unauthorised impairment of electronic communication, possession of data with intent to commit a serious offence, unauthorised access or modification of restricted data, dishonestly obtaining or dealing in personal financial information, and possession of identification information with intent to commit an offence, each carrying significant prison sentences.
While coming across malicious WiFi access points in public spaces is rare, individuals should exercise caution when sharing login credentials on such networks. It is advisable to disable file sharing on untrusted WiFi networks and use a VPN to encrypt internet traffic and safeguard sensitive information. While ‘even twin’ attacks are known in the cybersecurity world, they are not usually encountered outside of controlled environments like hacker conferences or when used by GRU operatives. Apart from a 2018 GRU case, where hackers employed evil twin attacks to surveil the internet traffic of targets from a wide range of organisations, no other incidents of this type have been reported to date.
On 8 June, Kadokawa, a Japanese media conglomerate, reported a data security incident on its website, stating that multiple servers within the Kadokawa Group had become inaccessible. In response, the company promptly shut down the affected systems and investigated to determine the incident’s nature and scope.
The ongoing investigation revealed various services, including Niconico, Kadokawa’s official website, and the e-commerce site ‘ebten,’ were impacted. Kadokawa is also looking into potential information leaks resulting from the incident.
Subsequent updates from Kadokawa confirmed that the disruption was caused by a large-scale cyberattack involving ransomware. Emergency measures were taken, such as shutting down servers and forming a task force to assess the damage, identify the cause, and restore operations. The ransomware attack primarily targeted Niconico’s systems, Japan’s popular video-sharing service, as well as affected the company’s payment system, leading to payment delays for some business partners.
The BlackSuit ransomware group claimed responsibility for the attack on Kadokawa and listed the company as a victim on its data leak site. The group alleges to have stolen over 1.5TB of confidential data and threatened to publish it on 1 July unless ransom demands were met.
Kadokawa acknowledged the hacker group’s claims and stated that they are investigating the possibility of data leakage with external cybersecurity experts. The company reassured stakeholders that no credit card information of customers, including Niconico users, is stored in their systems, ensuring that such data remains secure.
The City of London Corporation, London and Partners and Microsoft have launched an AI Innovation Challenge, where participants will vie to spot and stop cybercriminals using fake identities and audio and visual deepfakes to commit fraud. With the increase of such events and the ubiquity of GenAI models, Nvidia, the multinational AI chip-maker, is increasingly becoming the modern-day Standard Oil. Nvidia’s chips can be found in just about all areas of economic activity, from education to medicine and in nearly all financial and professional services.
With its growing usage, its potential for fighting cybercrime increases, given its ability to analyse vast amounts of data rapidly, decipher patterns, and ultimately lead to higher fraud detection rates and greater trust in and securitise customer services. Banks in the United Kingdom lead the way in AI adoption, particularly as some 90 percent of them have already onboarded generative AI models to their asset portfolios.
Participants of the AI Innovation Challenge have until 26 July 2024 to register for the competition, which is scheduled for six weeks between September and November. The final event promises to be a display of fraud detection and other cybersecurity innovations developed during the course of the competition.
A recent study has revealed that ChatGPT and similar large language models (LLMs) are highly effective in launching cyberattacks, raising significant concerns in the cybersecurity field.
Researchers Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang tested ChatGPT-4 against 15 real-life ‘one-day’ vulnerabilities, finding that it could exploit these vulnerabilities 87% of the time. These vulnerabilities included websites issues, container management software, and Python packages, all sourced from the CVE database.
The study utilised a detailed prompt with 1,056 tokens and 91 lines of code, including debugging and logging statements. The research team noted that ChatGPT-4’s success stemmed from its ability to handle complex, multi-step vulnerabilities and execute various attack methods. However, without the CVE code, ChatGPT-4’s success rate plummeted to just 7%, highlighting a significant limitation.
The researchers concluded that while ChatGPT-4 currently stands out in its ability to exploit one-day vulnerabilities, the potential for LLMs to become more powerful and destructive is a major concern. They emphasised the importance of the cybersecurity community and LLM providers collaborating to integrate these technologies into defensive measures and carefully consider their deployment.
A report by Howden has stated that cyber insurance premiums are on a downward trend worldwide despite the rise in ransomware attacks as businesses are upping their capacity to mitigate losses from cybercrime. The surge in insurance premiums first arose during 2021 and 2022 because of COVID-19 pandemic and an increase in cyber incidents but has since declined in the following years. The cyber insurance market witnessed significant price reductions in 2023/24, attributed to advancements such as multifactor authentication that significantly enhanced data protection, decreasing insurance claims.
Sarah Neild, the head of UK cyber retail at Howden, highlighted the fundamental role of multifactor authentication in securing data, comparing it to a basic security measure akin to locking the door when leaving the house. Neild stressed the multifaceted nature of cybersecurity, underscoring the importance of increased investments in IT security, including employee training.
Following Russia’s invasion of Ukraine in February 2022, global ransomware attacks saw a decline as hackers from these regions shifted their focus to military activities. However, recorded ransomware incidents surged by 18% in the first five months of 2024 compared to the previous year—ransomware functions by encrypting data where hackers typically offer victims a decryption key in exchange for cryptocurrency payments. While business interruption remains the primary cost after a cyberattack, businesses can mitigate these expenses by instituting improved backup systems such as cloud backup systems.
Although most of the cyber insurance business is concentrated in the United States, the report anticipates that the fastest-growing market will be Europe in the coming years due to lower current penetration levels. Finally, the report finds that smaller firms exhibit lower rates of cyber insurance adoption, which can partly be attributed to a need for more awareness regarding cyber risks.
Cambodia recently launched its messaging app, CoolApp, which is supported by former Prime Minister Hun Sen. He has emphasised that the app is crucial for national security, aiming to protect Cambodian information from foreign interference. Hun Sen’s endorsement of CoolApp aligns with his long-standing approach of maintaining tight control over the country’s communication channels, especially in the face of external influences. He compared the app to other national messaging services like China’s WeChat and Russia’s Telegram, indicating a desire for Cambodia to have a secure, homegrown platform.
However, the introduction of CoolApp has raised significant concerns among critics and opposition leaders. They argue that the app could be a tool for government surveillance, potentially used to monitor and suppress political discourse. Mu Sochua, an exiled opposition leader, warned that CoolApp represents a new method for mass surveillance and control of public discourse, reminiscent of practices seen in China. Another opposition figure, Sam Rainsy, called for a boycott of the app, suggesting that its true purpose is to strengthen the repressive tools available to the Cambodian regime. These concerns are amplified by Cambodia’s recent history of internet censorship, media blackouts, and persecution of government critics.
CoolApp’s founder and CEO, Lim Cheavutha, claims the app uses end-to-end encryption to ensure user privacy and has reached 150,000 downloads, with expectations to reach up to 1 million. However, these assurances do little to alleviate fears of government surveillance, given Cambodia’s history of using technology to control dissent.
The app’s launch comes amid broader security challenges in Cambodia, including online scams by Chinese gangs and close ties with China’s surveillance-heavy regime. The following situation highlights the ongoing tension between Cambodia’s national security and civil liberties.
Audi will integrate ChatGPT into its vehicles’ infotainment systems starting July, leveraging Microsoft Azure OpenAI Service. This integration will cover approximately two million Audi models equipped with the MIB 3 system since 2021. Drivers can interact with their cars using natural language, benefiting from voice control over infotainment, navigation, and climate systems, alongside accessing general knowledge.
Marcus Keith, Audi’s Vice President of Interior, Infotainment, and Connectivity Development, highlighted the seamless merging of ChatGPT’s capabilities with Audi’s voice control, promising customers an enhanced in-cabin experience with secure AI-based knowledge access.
.@Audi is taking in-car technology to the next level with ChatGPT, powered by @Microsoft Azure OpenAI Service. Come July, nearly two million Audi owners will reap the benefits of enhanced communication with their vehicles. https://t.co/PMyLkvNlr1pic.twitter.com/CpPLXfV9tl
— Microsoft News and Stories (@MSFTnews) June 27, 2024
This move follows Mercedes-Benz’s introduction of ChatGPT into its MBUX Voice Assistant in 2023, expanding AI usage across its US vehicle lineup. Volkswagen Group also showcased Cerence Inc.’s Chat Pro at CES 2024, extending AI integration via cloud updates in European models. Similarly, Škoda Auto announced ChatGPT integration into its Laura voice assistant for selected vehicle platforms, prioritising data security alongside enhanced AI functionalities.
Why does it matter?
These developments underscore the automotive industry’s commitment to integrating advanced AI technologies into vehicles, aiming to elevate user experience through intuitive and informative in-car interactions.
The IATSE’s tentative agreement represents a significant step forward in securing fair wages and job protections for Hollywood’s behind-the-scenes workers, ensuring that the rapid advancements in technology do not come at the expense of human employment.
OpenAI has launched CriticGPT, a new model based on GPT-4, designed to identify and critique errors in ChatGPT’s outputs. The tool aims to enhance human trainers’ effectiveness by assisting them in providing feedback on the chatbot’s performance.
Similar to ChatGPT’s training process, CriticGPT learns through human feedback, focusing on identifying intentionally inserted errors in ChatGPT’s code outputs. Evaluations showed that CriticGPT’s critiques were preferred over ChatGPT’s in 63% of cases involving naturally occurring bugs, highlighting its ability to minimize irrelevant feedback.
OpenAI plans to further develop CriticGPT’s capabilities, aiming to integrate advanced methods to improve human-generated feedback for GPT-4. The initiative underscores the ongoing role of human oversight in refining AI technologies despite their increasing automation capabilities.
A suspected Chinese state-linked hacking group is increasingly targeting Taiwanese entities, particularly those within government, education, technology, and diplomacy sectors, as reported by cybersecurity intelligence firm Recorded Future. In recent times, the relationship between China and Taiwan has faced escalating tensions. The cyber assaults attributed to the group dubbed RedJuliett occurred between November 2023 and April 2024, coinciding with Taiwan’s presidential elections in January and the subsequent change in leadership.
While RedJuliett has previously targeted Taiwanese organisations, the recent wave of attacks marked a significant escalation in scope. The hacking attempts by RedJuliett targeted over 70 Taiwanese entities, including universities, an optoelectronics firm, and a facial recognition company with government contracts. While the success of these infiltration attempts remains unclear, Recorded Future only confirmed the observed efforts to identify network vulnerabilities.
Recorded Future revealed that RedJuliett exploited a vulnerability in the SoftEther enterprise virtual private network (VPN) software to breach the servers of these organisations. The open-source VPN facilitates remote connections to an organisation’s networks. The modus operandi of RedJuliett aligns with tactics commonly associated with Chinese state-sponsored groups, as per Recorded Future’s analysis. The geolocations of IP addresses suggest that RedJuliett likely operates from Fuzhou, a city in China’s Fujian province facing Taiwan’s coast.
The report speculated that Chinese intelligence services in Fuzhou are likely engaged in intelligence gathering against Taiwanese targets to support Beijing’s policymaking on cross-strait relations through RedJuliett’s activities. While Taiwan’s Ministry of Foreign Affairs refrained from immediate comments, a spokesperson from the Chinese Foreign Ministry dismissed the allegations, citing a lack of credibility in Recorded Future’s claims.
Why does it matter?
China’s increased military exercises around Taiwan and diplomatic pressures have exacerbated tensions, particularly following the election of Taiwan’s President Lai Ching-te, labeled a ‘separatist’ by China. Amidst escalating cyberespionage activities globally, Recorded Future anticipates continued targeting of Taiwanese government agencies, universities, and critical technology firms by Chinese state-sponsored groups. The firm recommends organisations prioritise patching vulnerabilities promptly to enhance their cybersecurity.
