Making Your Business Cybersafe

Deepfake fraud costs engineering giant Arup £20m

British engineering firm Arup, renowned for projects like the Sydney Opera House and Beijing Olympics’ Bird’s Nest stadium, recently fell victim to a sophisticated deepfake scam, resulting in a loss of HK$200 million (£20 million). An employee was deceived into transferring funds during a video conference featuring a digitally recreated version of the company’s CFO.

Despite the significant financial hit, Arup assured us that their financial stability and internal systems would remain unaffected. The incident highlights the increasing sophistication of cyber attacks, as even seasoned firms with robust security measures can be duped by advanced techniques like deepfakes.

Arup’s global chief information officer emphasised the rising frequency and complexity of cyber threats, including phishing, invoice fraud, and voice spoofing. He hopes that Arup’s experience will raise awareness about these evolving dangers and that we can all pull together to make your businesses cyber safe. The case underscores the critical importance of managed cyber security in the modern business landscape.

As cyber criminals employ increasingly advanced methods, businesses must stay vigilant and continuously update their security protocols to protect against such sophisticated cyber attacks. The incident serves as a stark reminder that even with strong defences, constant vigilance and education about new scam techniques are essential to safeguarding company assets.

AI Systems are vulnerable warns Government Report

The UK government’s AI Safety Institute (AISI) has published a report revealing significant vulnerabilities in large language models (LLMs). The report highlights that these AI systems are highly susceptible to jailbreaks, with some models generating harmful outputs even without attempts to bypass their safeguards.

Jailbreaking involves tricking the model into ignoring its safety mechanisms, and in testing, models responded to harmful queries between 98 and 100 percent of the time, even with relatively simple cyber attacks. This finding underscores the ease with which current AI models can be manipulated to produce harmful outputs despite built-in protections.

The AISI’s evaluation measured the models’ compliance and correctness when subjected to harmful queries, both directly and through developed attacks. The study found that while the compliance rates for harmful questions were relatively low without attacks, they could reach up to 28 percent for some models under AISI’s in-house attacks.

This indicates a significant vulnerability, as models can be easily manipulated to comply with harmful requests. The institute plans to extend its testing to other AI models and develop more robust evaluation metrics to improve the safety and reliability of AI systems. The AISI’s findings highlight the urgent need for continued testing and development of AI safeguards to mitigate these vulnerabilities.

It will be mandatory to report Ransomware attacks

The UK government is set to propose significant changes in its response to ransomware attacks, requiring all victims to report incidents and obtain a license before making extortion payments. These proposals, to be included in a public consultation next month, aim to enhance transparency and reduce ransomware’s profitability. A complete ban on ransom payments for organisations involved in critical national infrastructure is also being considered to dissuade hackers from targeting essential services.

Mandatory reporting is expected to help policymakers understand the true scale of the ransomware problem, which has been underreported. However, the effectiveness of this requirement may hinge on the successful replacement of Action Fraud, the UK’s current fraud and cyber crime reporting platform, which is experiencing delays. The proposed licensing regime aims to provide alternatives to paying ransoms, though there are concerns it could delay recovery and exacerbate harm.

These proposals will undergo public consultation, a process allowing stakeholders to provide feedback before any new legislation is introduced. With a general election approaching, it is uncertain whether the government will implement these changes soon. Nevertheless, the UK’s proactive stance, as co-lead of the Counter Ransomware Initiative, signals a robust international effort to tackle ransomware. This policy shift follows increasing data breaches due to ransomware, emphasising the need for strengthened cyber security measures against cyber criminals.

Contact Cybersafe.co.uk to ask for help on how we can help protect your business from cyber criminals and how to become Cybersafe. Whether you have sensitive data or confidential information within your business, you are always likely to be a target for cyber criminals. We also have a podcast where you can stay up-to-date with the latest cyber security measures that will help your company fight against these threats.