SoftwareOne logo

3.9 min to readDigital WorkplaceCloud ServicesNews and Updates

Cyber security update, February

Ravi Bindra
Ravi BindraCISO
A blue square on a blue background.

We believe there is a need for additional information when it comes to cyber security, as organisations have made it clear that investment in a proper security strategy is paramount. SoftwareOne’s monthly “Cyber security update” provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats. We’ve rounded up the latest security headlines to keep you up to speed and prepared.

Latest security breaches

America’s second largest insurance company Prudential Financial has reported a security breach that leaked corporate and user data. In an 8-K regulatory filing with the US Securities and Exchange Commission (SEC), Prudential said it detected the cyber incident on February 5, 2024a day after the threat actor gained access to certain internal systems.

A Chinese-backed threat group is stealing biometric data from bank clients so it can mimic them and illegally access their bank accounts. Group-IB, which unveiled the research, claims that it’s the first attack of this kind to use deepfakes. GoldPickaxe, believed to be an offshoot of Chinese-speaking threat group GoldFactory, is described as as “a previously unknown iOS trojan capable of collecting identity documents, facial recognition data, and intercepting SMS.”

Advania, a Nordic information technology provider serving the public and private sectors, has suffered a cybersecurity incident affecting at least 60 of its customers in Sweden.

About 57,000 Bank of America customers are being warned that their personal information may have been exposed during a November cyberattack on bank service provider Infosys McCamish Systems. The data breach, attributed to the LockBit ransomware group, occurred on Infosys McCamish’s system on November 3 and was reported to Bank of America on November 24. However, consumers whose data may have been compromised were not notified of the security failure until February 1, or about 90 days after the breach was discovered, potentially violating state notification laws.

A Verizon insider data breach has impacted employee data of 63,206 employees, the company has disclosed in a regulatory filing.

Around 37 million T-Mobile customers recently had their personal information compromised in the company’s second major hack in less than two years. Hackers were additionally able to see customers’ emails, phone numbers and details about their plans, including account numbers, T-Mobile said in a regulatory filing.

Cyber security awareness

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon. Among the many noteworthy findings in the 2024 edition of the IBM X-Force report, three major trends stand out which are important for security professionals and CISOs to observe:

  • A sharp increase in abuse of valid accounts
  • A pivot in the approach of major ransomware groups
  • Analysis of the timing and shape of the impact of generative AI (gen AI) on cybersecurity

In another market research study published by Custom Market Insights, the demand analysis of Global Banking Cyber Security Market size & share revenue was valued at approximately USD 75.9 Billion in 2022 and is expected to reach USD 77.1 Billion in 2023 (final figures not confirmed for 2023) and is expected to reach around USD 285.4 Billion by 2032, at a CAGR of 15.2% between 2023 and 2032.

Cyber security intelligence

NCSC UK have published the report “The near-term impact of AI on the cyber threat”, an NCSC assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber threat over the next two years.

Apple has advised users to patch their devices against a vulnerability affecting the Apple Shortcuts application that can allow hackers to access sensitive data without invoking user permission. Tracked as CVE-2024-23204, the flaw has a critical rating (CVSS 7.5/10) because of its zero-click exploitation, affecting a range of Apple devices including MacBooks, iPhones, iPads, and Apple watches, as they all support the Shortcuts application.

International law enforcement agencies combined their efforts to take down LockBit, the world’s most harmful cybercrime group. On 19 February, the UK's National Crime Agency (NCA), working with the FBI and other national police forces, seized control of the LockBit extortion website.

Hot topic of the month: Gen AI and cyber security

2024 will see security leaders respond to the combined impact of these forces by adopting a range of practices, technical capabilities and structural reforms within their security programs, with a view to improving organisational resilience and the cybersecurity function’s performance.

According to Gartner, Inc, Generative AI (GenAI), unsecure employee behaviour, third-party risks, continuous threat exposure, boardroom communication gaps and identity-first approaches to security are the driving forces behind the top cybersecurity trends for 2024. Click here to learn more.

The following six trends will have broad impact across these areas:

  1. Generative AI – Short-term Skepticism, Longer-Term Hope
  2. Cybersecurity Outcome-Driven Metrics: Bridging Boardroom Communication Gap
  3. Security Behavior and Culture Programs Gain Increasing Traction to Reduce Human Risks
  4. Resilience-Driven, Resource-Efficient Third-Party Cybersecurity Risk Management
  5. Continuous Threat Exposure Management Programs Gain Momentum
  6. Extending the Role of Identity & Access Management (IAM) to Improve Cybersecurity Outcomes
A blurry image of a computer screen with numbers on it.

Put a lock on your critical data

Digital productivity comes with a long checklist of security responsibilities that tax IT teams. SoftwareOne Cloud Security Services help reduce security costs for companies, nonprofits, and governments worldwide.

Put a lock on your critical data

Digital productivity comes with a long checklist of security responsibilities that tax IT teams. SoftwareOne Cloud Security Services help reduce security costs for companies, nonprofits, and governments worldwide.

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.