By John Weiler
Job ad scam snares victims in Southeast Asia, a fake Pentagon explosion highlights the dangers of AI and cybercriminals pounce on voice cloning technology in the latest move to develop an advantage. Here are the latest threats and advisories for the week of May 26, 2023.
Threat Advisories and Alerts
Updated #StopRansomware Guide Published by CISA and Partners
As ransomware techniques and tactics continue to evolve, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and partner agencies have updated the #StopRansomware Guide, which was initially released in 2020. The guide serves as a comprehensive resource for organizations to prevent, detect, respond and recover from ransomware attacks. The updates include lessons learned over the past two years along with additional resources, recommended actions and tools to reduce the spread and impact of ransomware.
FBI Warns Americans: Fake Job Ads Trap Victims in Crypto Investment Scheme Abroad
The U.S. Federal Bureau of Investigation (FBI) has issued a warning to Americans of criminals who lure victims to Southeast Asia through false job ads, subsequently subjecting them to enslavement and coercion to participate in cryptocurrency investment fraud schemes. The adverts entice victims with promises of lucrative benefits, competitive salaries, paid travel expenses and room and board. U.S. citizens can protect themselves by researching potential employers and informing family and friends of their employment details before relocating abroad.
Emerging Threats and Research
Voice Cloning-As-A-Service Gains Popularity among Cybercriminals
Fake news and artificial intelligence are making it increasingly difficult to separate truth from reality. As deepfake technology becomes more advanced, security experts warn that threat actors are now showing a surge of interest in voice cloning-as-a-service (VCaaS), which is gaining widespread availability on the dark web. Threat actors can use the technology to mimic people’s voices, enabling them to bypass multi-factor authentication, more effectively social engineer attacks and spread misinformation.
Cuba Ransomware Publishes Stolen Data from Philadelphia Inquirer Breach
The Cuba ransomware gang has claimed responsibility for the recent cyberattack on the Philadelphia Inquirer. The criminal group reportedly stole files from the newspaper giant on May 12 and have now published the stolen data on its extortion portal. The stolen files include financial and tax documents, balance sheets, source code and other sensitive information. The cyberattack, which temporarily halted the Inquirer's operations, marks the biggest disruption to the newspaper since the January blizzard of 1996, and came just days before the city’s mayoral primary election.
Dish Network Likely Paid Ransom in Breach That Impacted 300,000 People
New information has come to light in the Dish Network ransomware attack from last February, revealing nearly 300,000 people had their data stolen in the incident. Up until now, the U.S. broadcasting company hasn’t specified whose data was stolen, but Dish has now admitted it belonged to employees, their family members and “a limited number of other individuals,” rather than Dish customers. There is widespread speculation that Dish paid a ransom, as it seems to be implied by the company’s comment that “We have received confirmation that the extracted data has been deleted.” The ransomware gang Black Basta is suspected to be behind the attack.
Fake Pentagon Explosion Goes Viral on Twitter, Affecting Stock Market
Twitter users may have been shocked this week to see an image of an explosion near the Pentagon, the U.S. Department of Defense’s headquarters. Though it was later proved to be a fake, the AI-generated image went viral causing a dip in the stock market. The incident highlights a flaw in Twitter’s pay-to-be-verified system, as many verified accounts shared the image, increasing the photo’s credibility.
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.