Cybersecurity Monthly Newsletter December 2023

In this issue:

• 3 Cybersecurity Predictions for 2024

• Cybersecurity Shorts

• Software Updates

Welcome to your December Savvy Cybersecurity newsletter. Read on to learn more about:

• New cybersecurity threats aimed at financial services
• Cybersecurity predictions for 2024
• And much more

3 Cybersecurity Predictions for 2024

The end of the year gives us time to reflect on the past 12 months. And in the cybersecurity world, there’s a lot to reflect on for 2023. We saw a massive ransomware attack on one of the largest Las Vegas casinos and hotels—the MGM Grand costing over $100 million. There have also been new AI-powered scams we need to learn about.

What do we need to be aware of on the cybersecurity front in 2024? Here are some predictions we’ve been reading about.

1. AI scams

AI tools have constantly been in the headlines this year. This technology is growing exponentially and we have seen many impacts on cybersecurity—some good and some bad.

For example, Scammers are now using AI software to create voice clones. These programs used to need large samples to create a duplicate voice. Now, they only require a 3-second recording. The criminals will scan social media for voice clips they can duplicate. Typically, they can find enough information on these platforms to create a convincing scam.

AI is also being used to create malicious code and write phishing emails. On the other hand, AI tools can also help cybersecurity professionals quickly identify new malware strains.

We will continue to see advancements in AI scams and AI cybersecurity technology in 2024. The landscape is ever-changing. We will continue to update you in 2024 on AI scams to be aware.

2. Super-powered phishing

AI can also be used to create convincing, targeted phishing attacks. AI programs can be used to impersonate human behavior and create convincing text messages or emails. For example, AI could read through 20 messages sent from one person and create a message based on the language the person typically uses. This could make a malicious request appear normal to an unsuspecting user. It is likely we will see more of these cyber attacks in 2024. We need to continue being vigilant when receiving text messages and emails.

3. Start saying goodbye to passwords

For years, security experts have warned about the dangers of our reliance on passwords. We know that the majority of individuals are not following password best practices for every account they create leaving them vulnerable to hackers. But how can we protect ourselves online without passwords?

Google has taken a step in accelerating a “passwordless future” with the introduction of passkeys across the Google suite of products. An alternative to the traditional password, a passkey allows you to sign into an app or site as you would unlock your mobile device, with biometric data or a special PIN. Passkeys are stored locally on your device and are more secure than other options such as one-time text codes. Many companies are now rolling out this technology as a password alternative.

Looking forward

Each year brings us new cybersecurity threats to defend against—but also brings new ways to fight back. We must all stay vigilant with our cybersecurity plans and adapt when it’s indicated. We’re looking forward to this new year of cybersecurity vigilance and will continue to keep you updated with the latest news.

We wish you all a very happy 2024!

Cybersecurity shorts

A pattern of malicious cyber activity is emerging for financial services firms. A suspected ransomware attack against Fidelity National Financial comes after a backdrop of heightened threat activity targeting the financial services industry. Fidelity is one of the nation’s largest title insurance companies and had to shut down some of its systems earlier this month after a suspected threat group had gained access to the company’s system and stole credentials. This attack came just weeks after a suspected ransomware attack against the US trading arm of the Industrial and Commercial Bank of China. You can read more about the attack and its impact here.

Ukraine’s biggest mobile and internet provider down after reported cyberattack. This month, Ukraine’s largest telecommunications provider, Kyivstar, recently suffered a major cyber attack where millions of customers lost mobile phone and home internet service as a result the company recently announced. The company has 24.3 million mobile subscribers and more than 1.1 million home internet subscribers, which led to a ripple effect that caused outages and service surges for state institutions and the company’s competitors.

Authorities in the US and UK have sanctioned and indicted two Russian hackers. In a series of indictments and sanctions announced this month, authorities in the US and Britain have accused two Russian intelligence officers of orchestrating a long-running hack-and-leak operation aimed at meddling in US and UK politics. The two have been identified as Andrey Korinets and Ruslan Peretyatko. Additionally, the US State Department announced a $10M reward for any information related to the men or their wider operation. You can read more about their suspected phishing attacks on the US and Britain here.

U.S. Department of Health and Human Services sends urgent message to healthcare operators. Earlier this month, federal agencies warned healthcare organizations of a cybersecurity threat ominously titled the “Citrix bleed” which they said needed immediate attention. This issue was a vulnerability in hospital organizations’ network systems that could allow hackers to access private healthcare information by bypassing passwords and multifactor authentication. This threat was first reported by Citrix in October 2023 and since then, reports showed that hackers have been exploiting software since August.

Software updates

Adobe: Over 200 security vulnerabilities in Adobe products were patched with this month’s update. Some of these updates are considered critical. You can learn more here.

Microsoft: Microsoft released a small number of patches this month for security issues. However, some of the issues are considered critical and affect Windows 10, Office, Outlook, and Teams. Your devices should prompt you to update but you can learn more here.

SERVICES WE OFFER RELATED TO THIS TOPIC

The information contained in this post is for general use and educational purposes only.  However, we do offer specific services to our clients to help them implement the strategies mentioned above.  For specific information and to determine if these services may be a good fit for you, please select any of the services listed below.