18 October 2024

6 min read

Hong Kong police arrest 27 over USD 46 million deepfake romance scam | Cyber Intelligence Briefing: 18 October 2024

October 2024
SRM Cyber Intelligence Briefing
Hong Kong police arrest 27 over USD 46 million deepfake romance scam | Cyber Intelligence Briefing: 18 October 2024
4:01

Top news stories this week

  1. Fauxmance. Hong Kong police arrest 27 over USD 46 million deepfake romance scam.
  2. Breached? Cisco and SAP investigate potential hack by threat actor IntelBroker.
  3. Bankrupted. National Public Data files for bankruptcy following data breach.  
  4. Passkey revolution. Amazon customers adopt passkeys as industry shifts towards password-less authentication.
  5. Double-edged sword. Fewer ransomware incidents result in encryption despite overall increase in attacks.
  6. Patch now. Thousands of Fortinet devices still vulnerable to flaw flagged as “must patch” by CISA. 

 

1. Hong Kong police arrest 27 people over USD 46 million deepfake romance scam 

Hong Kong police have arrested 27 people in connection with a romance scam that used AI deepfakes to convince victims to invest in fraudulent cryptocurrency schemes. The scammers created fake social media profiles and used deepfake technology to transform themselves into women as part of the scam.

So What?

Advancements in deepfake technology have made these crimes more sophisticated and harder to spot. It is important to exercise caution when being requested to transfer funds.

[Researcher: Adelaide Parker] 


2. Cisco and SAP investigate alleged IntelBroker data breach 

Cisco is investigating a potential data breach after the threat actor IntelBroker posted purportedly stolen developer data from the company on a dark web marketplace. According to Cisco, there is no indication that its systems have been compromised. The breach also allegedly affected several Cisco customers, including German software company SAP, which is conducting its own investigation into the matter.

So what?

Some criminals announce data breaches to raise their profile, however the claims of threat actors should be thoroughly investigated and verified.

[Researcher: Milda Petraityte]


3. National Public Data files for bankruptcy following data breach

National Public Data, a US background verification service provider, has filed for bankruptcy after class action lawsuits were filed over a data security incident that led to 899 million unique Social Security numbers being advertised on the dark web by a threat actor called USDoD.

So what?

The reputational damage and litigation costs associated with cyber breaches can often have irrecoverable impacts on businesses.

[Researcher: Anna Tankovics]


4. More than 175 million Amazon customers use passkeys as industry moves towards password-less authentication 

Amazon has revealed that more than 175 million customers have adopted passkeys instead of passwords, making the sign-in process six times faster. Meanwhile, tech researchers have unveiled two projects to help organisations move away from passwords, including an initiative to make passkeys portable across digital ecosystems.

SO WHAT? 

Passkeys enhance usability and security, offering a superior alternative to traditional strong password policies. If your organisation isn't ready for passkeys, ensure you have a strong password policy with multi-factor authentication.

[Researcher: Aditya Ganjam Mahesh]


5. Fewer ransomware incidents result in encryption despite overall increase in attacks

Ransomware attacks increased by 2.75 times compared to last year, according to a new Microsoft report. However, the same report outlined that attacks reaching the encryption stage have had a three-fold decrease over the past two years, largely due to the proliferation of defensive technology such as Endpoint Detection and Response (EDR).

SO WHAT? 

While not a silver bullet, EDR can significantly reduce the risk of a ransomware attack progressing to data encryption. 

[Researcher: David Broome]


6. Fortinet devices still vulnerable to flaw flagged as “must patch” by CISA 

More than 87,000 internet-facing Fortinet devices are still vulnerable to a FortiOS vulnerability, CVE-2024-23113, that lets remote hackers run code without authentication. The vulnerability, which has been flagged as a "must patch” by CISA, was first observed in February 2024.

So what?

Organisations vulnerable to the flaw should follow Fortinet guidance and issue the fix in line with their organisation’s patch management programme.

[Researcher: Lena Krummeich]

 

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.