Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks threatening the private and sensitive data of businesses all over the UK. As technology evolves, so do cyber criminals and their methods of attack. If your company does not have the right cyber security processes in place, it runs a serious risk of cyber attackers infiltrating its network and data. The results could devastate your business if your data falls into the wrong hands. Whether it be paying a ransom which could cost you a fortune, losing all your data and not being able to recover it, a fine due to GDPR breaches, or reputational damage, all of these effects could have a severe impact on how (and if) your business will be able to move forwards.
18th April 2024 – Below, we update business leaders on what you and your employees need to look out for when assessing cyber threats to their data.
Here are the most prominent cyber threats to businesses which you should be aware of:
Hackers tried to breach and then disable widely used open-source Java tools
Hackers recently made attempts to infiltrate and disrupt widely used open-source Java tools, raising serious concerns about the security of open-source software. These incidents, which targeted primary tools like XZ Utils and JavaScript projects, underscore the ongoing threat posed by malicious actors to the integrity of open-source systems.
Both the Open Source Security Foundation and OpenJS Foundation have sounded the alarm, suggesting that these attacks may not be isolated occurrences, thus emphasising the urgency of the situation. It’s imperative for business owners to disseminate information about these cyber threats among their workforce, enabling them to remain vigilant and utilise their phishing awareness training effectively.
The foundations stress the pivotal role of vigilance among open-source maintainers in safeguarding against such attacks. Detecting social engineering takeover attempts and identifying early threat patterns are critical tasks in maintaining the security of open-source projects, which are relied upon globally. These projects heavily depend on community contributions for updates and patches, often discussed among volunteer maintainers in forums, underscoring the integral role these individuals play in ensuring the security of open-source software.
Despite the recent attempts not to compromise any builds, the potential ramifications are severe. Backdoors, if successful, could render entire open-source ecosystems vulnerable to exploitation, particularly by nation-state hackers. This incident serves as a reminder of the fragility of key points in the open-source ecosystem and the risks associated with maintainer burnout, which could compromise control over sensitive information.
Given that open-source code is prevalent in commercial systems, with the majority containing vulnerabilities, it’s crucial for businesses relying on such software to implement robust cyber security measures. This includes enhancing defences against potential cyber attacks and staying abreast of emerging threats. By prioritising cyber security, businesses can mitigate the risks associated with open-source vulnerabilities and ensure the integrity and security of their systems and data.
Cisco Duo warns of customer data breach through telephony provider attack
Cisco Duo has reported a recent data breach involving the theft of VoIP and SMS logs used for multi-factor authentication (MFA) messages. The breach occurred on April 1, 2024, and resulted from the exploitation of employee credentials obtained through a phishing attack targeting an undisclosed telephony provider.
During the breach, unauthorised access was gained to SMS and VoIP MFA message logs associated with specific Duo accounts between March 1, 2024, and March 31, 2024. Although message contents were not accessed, the stolen logs contain sensitive data, including phone numbers, carriers, locations, dates, times, and message types.
Cisco is actively collaborating with the affected provider to investigate and address the incident. Security measures have been reinforced, including invalidating compromised credentials, analysing activity logs, and notifying affected parties. Additionally, Cisco is assessing the breach’s scope and impact using the exposed message logs provided by the provider.
Businesses impacted by this breach are advised to maintain vigilance against potential SMS phishing or social engineering attacks utilising the stolen information. It is crucial to promptly report any suspicious activity to relevant incident response teams and to educate users about the risks associated with social engineering tactics.
Is AI a threat to businesses?
The UK’s Competition and Markets Authority (CMA) is expressing concerns about the dominance of major tech firms in the AI Foundation Models (FMs) market, fearing potential manipulation of competition and price hikes. Highlighting risks such as control over crucial inputs and possible collusion, the CMA is taking steps to ensure fair play, including closely examining alliances like Microsoft’s investment in OpenAI. Business owners in AI-related sectors should remain vigilant against anti-competitive practices and collaborate with regulators to maintain a level playing field.
As the CMA scrutinises the high-end AI landscape, it advocates for transparency and fair competition to prevent major tech players from monopolising the market. Such monopolisation could stifle innovation and limit options for businesses and consumers. By adhering to responsible AI principles and staying informed about regulatory developments, businesses can contribute to upholding fair competition in this rapidly evolving sector.
