The Hong Kong Securities and Futures Commission (SFC) recently warned about a scam involving deepfake videos of Elon Musk promoting a cryptocurrency trading platform called ‘Quantum AI.’ The scam, which promises unrealistic returns, highlights the growing use of AI for fraudulent activities, particularly in Asia. The SFC has requested the Hong Kong Police to block access to the associated websites and social media pages, many of which are now inaccessible.
Deepfake-related fraud incidents have surged in the Asia-Pacific region, with a 1,530 percent increase last year, notably affecting Vietnam and Japan. Penny Chai, Sumsub’s vice president for business development in APAC, noted that the high volume of digital financial transactions in emerging Asian markets creates a fertile ground for such scams. Videos promoting Quantum AI, often featuring altered footage of Musk, have been debunked and traced back to old appearances of Musk at events like the 2019 World AI Conference.
Why does it matter?
The use of deepfakes in fraud has become more prevalent, with Hong Kong identified as a major target. The rate of identity fraud in Hong Kong was 3.3% last year, with significant financial losses reported. In one case, a Japanese bank manager was tricked into transferring $35 million due to a deepfake audio mimicking his director’s voice. The SFC has been vigilant in flagging suspicious virtual asset trading platforms, issuing numerous warnings this year alone, particularly after the significant JPEX cryptocurrency exchange fraud.
Additionally, the SFC warned about other risky crypto-related products, such as the LENA Network, which involves cryptocurrency staking, borrowing, and lending. The regulator emphasised that these arrangements might be unauthorised collective investment schemes and carry high risks.
Following a major cyberattack last year that saw China-linked hackers infiltrate the US Department of State’s network, the agency has expanded its cybersecurity efforts beyond its reliance on Microsoft. This reinforcement of the defence strategy comes after the breach compromised around 60,000 State Department emails, including those of high-profile officials like Commerce Secretary Gina Raimondo. Criticism was directed at Microsoft, with the Cyber Safety Review Board questioning the company’s transparency regarding the incident.
Kelly Fletcher, the department’s chief information officer, highlighted concerns about the security of corporate networks, emphasising the importance of all vendors ensuring secure systems. The hacking group, identified by Microsoft as Storm-558, obtained access to a digital key, allowing them to breach government inboxes. Despite tensions, the embassy of China in Washington denied any involvement of Chinese government-linked hackers in the attack.
In response to the breach, the US State Department has diversified its vendor portfolio, incorporating companies like Palo Alto, Zscaler, and Cisco alongside Microsoft. While Microsoft managed to revoke the hackers’ access, Fletcher expressed concerns over the potential broader impact of the breach. The department has since bolstered its security measures, including multifactor authentication and data encryption, significantly increasing cybersecurity fundamentals across its systems.
Despite criticism, Microsoft remains a key player in the State Department’s cybersecurity framework. The agency thoroughly analysed its communications with Microsoft following a separate breach linked to Russian hackers, concluding that sensitive information was not compromised. With ongoing efforts to fortify its cybersecurity posture, the State Department aims to mitigate future threats and maintain the integrity of its digital infrastructure.
Spain’s High Court has reignited an investigation into the use of NSO Group’s Pegasus software to spy on Prime Minister Pedro Sanchez and other Spanish politicians. The legal move comes after a previous probe was shelved due to a lack of cooperation from Israeli authorities. Investigators plan to collaborate with France, where similar surveillance targeted politicians and public figures.
The investigation aims to uncover the perpetrators behind the spying activities, which triggered a political crisis in Spain in 2022 and resulted in the resignation of the country’s spy chief. However, no individuals or groups have been formally accused yet. The Spanish government has not disclosed whether foreign or domestic entities are suspected of orchestrating the espionage.
Judge Jose Luis Calama decided to reopen the case following revelations from France regarding the use of Pegasus software to surveil journalists, lawyers, and government officials. French President Emmanuel Macron even changed his mobile phone and number due to security concerns arising from the Pegasus spyware case. Calama emphasised the importance of analysing technical data from both countries’ investigations to identify the culprits behind the cyber attacks.
The judge has ordered expert analysis to compare technical elements gathered by Spanish and French authorities, expecting closer collaboration once this analysis is complete. Calama envisions joint efforts between French and Spanish judicial authorities to determine the origin of the Pegasus spy program’s infiltration in both countries. This renewed investigation signals a concerted effort to address concerns surrounding digital surveillance and protect the privacy of politicians and citizens alike.
South Korean police disclosed that major North Korean hacking groups have been relentlessly conducting cyber assaults on South Korean defence firms for over a year. These attacks have resulted in breaches of internal networks and the theft of crucial technical data. Identified groups include Lazarus, Kimsuky, and Andariel, all linked to North Korea’s intelligence apparatus.
Hackers successfully infiltrated networks using various methods, such as planting malicious codes directly into defence companies’ systems or through their contractors. Police, collaborating with national spy agencies and private sector experts, tracked these attacks. They used indicators such as source IP addresses, signal rerouting architecture, and malware signatures to identify the perpetrators.
One notable case, dating back to November 2022, saw hackers inserting a code into a company’s public network. This code later infected the intranet during a temporary disengagement of the internal security system for a network test. Exploiting security oversights, hackers gained entry through subcontractors’ accounts, who used identical passcodes for personal and official email accounts, extracting confidential technical data.
Although the police did not disclose the affected companies or the specifics of the data breaches, South Korea has become a significant global defence exporter. In recent years, lucrative contracts for items such as mechanised howitzers, tanks, and fighter jets have been valued at billions of dollars. This latest revelation underscores the persistent threat posed by North Korean cyber operations, which extend beyond national borders and target critical industries worldwide.
Capita, a British outsourcing company, has issued a warning that it expects to incur a financial impact of £15 million to £20 million following a cyberattack on its systems earlier this year.
The company, known for providing business support services to both government entities and private companies, stated that the cyber incident had resulted in the compromise of data from less than 0.1% of its server estate. Capita assured that it is taking necessary measures to recover and secure its systems. It emphasised its close collaboration with regulatory authorities, customers, suppliers, and employees to address the incident, notify affected parties, and implement any remaining essential steps.
Western Digital, a technology company, has notified its customers after the March 2023 data breach and confirmed that the customer data was stolen.
In a press release, the company mentioned it worked with external forensic experts and determined that the hackers obtained a copy of a database which contained limited personal information of online store customers. The exact number of affected customers has not been disclosed. The company has notified affected customers and advised them to remain vigilant against potential phishing attempts.
The March data breach had previously been reported in early April when the company disclosed it has suffered a cyberattack. TechCrunch reported that an ‘unnamed’ hacking group breached Western Digital, claiming to have stolen ten terabytes of data.
The hackers subsequently published some of the stolen data and threatened to release more if their demands were not met. Western Digital has restored the majority of its impacted systems and services and continues to investigate the incident.
The World Economic Forum and the Council on the Connected World published the State of the Connected World 2023 report exploring governance gaps related to the internet of things (IoT). The report outlines the findings of a survey conducted with 271 experts worldwide to understand the state of IoT affairs. The COVID-19 pandemic has increased IoT demand in health, manufacturing, and consumer IoT. However, there is a lack of confidence when it comes to matters such as privacy and security.
Two main governance gaps are identified: (1) a lack of governmental regulation and implementation of industry standards and (2) IoT users are more susceptible to cyber threats and cyberattacks.
One recommendation is for businesses and governments to develop and implement practices to improve privacy and security and create a more inclusive and accessible IoT ecosystem. The need to improve equal access to technology and its benefits is also underscored.
The third edition of Cyber Signals, a yearly report which highlights security trends and insights from Microsoft’s 8,500 security experts and 43 trillion daily security signals, was recently launched. In this edition, experts present new information on broader threats to critical infrastructure posed by converging information technologies, the Internet of Things (IoT), and operational technology (OT) systems.
Unpatched, high-security vulnerabilities identified in 75% of the most common industrial controllers in customer OT networks.
Over one million connected devices publicly visible on the internet running Boa, an outdated and unsupported software widely used in IoT devices and software development kits.
An 78% increase in disclosures of high-severity vulnerabilities from 2020 to 2022 in industrial control equipment produced by popular vendors.
The US National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCoE) published a draft practice guide for trusted internet of things (IoT) onboarding and lifecycle management. This guide demonstrates how organisations can protect their IoT devices and networks. It details standards, practices, and technology to demonstrate mechanisms for trusted network-layer onboarding of IoT devices. The guide also shows how to provide network credentials to IoT devices in a trusted manner and maintain a secure posture throughout the device lifecycle.
