What’s in the paper for this week’s top cybersecurity news? In addition to the usual range of sophisticated attacks and critical breaches, this week saw the inauguration of the Annual RSA Conference in San Francisco. So, here is the most notable cybersecurity news from the week, including some highlights of RSA 2023.
AI takes the spotlights at RSA 2023
The 2023 RSA Conference placed significant emphasis on AI-powered cybersecurity tools, as vendors scrambled to showcase their AI-based features. Dozens of sessions explored the convergence of AI and cybersecurity, reflecting the growing importance of AI in addressing cyber threats.
Advancements in cloud capacity, processing power, and data storage technologies have been combined with improved machine learning algorithms to create an opportune moment for AI implementation in cybersecurity. Among the vendors showcasing AI-powered tools at the RSA Conference were Armorblox, Cisco, Abnormal Security, and NextDLP.
Armorblox introduced a language-based threat protection product for email that employs machine learning and user behaviour analysis to detect and prevent malicious emails. Cisco unveiled an extended detection and response offering that uses AI and machine learning to simplify security operations across platforms and detect advanced cyber threats.
Abnormal Security added three new AI-driven capabilities to its email security platform, focusing on messaging security, authentication activity monitoring, and security posture management. NextDLP also announced the enhancement of its Reveal platform by adding ChatGPT visibility, policy templates, and adaptive controls to provide better data protection and security in ChatGPT usage.
Four major UK banks affected by service outage
Several major UK banks, including Lloyds Bank, Halifax, TSB Bank, and Bank of Scotland, experienced web and mobile app outages today, leaving customers unable to access their account balances and information. The cause of the widespread outage remains unclear, but numerous customers reported difficulties logging into their online banking accounts since the morning.
The affected banks acknowledged the issue on their websites, stating that some customers were experiencing problems accessing Internet and mobile banking services. A service message on the website read, “We know some customers are having issues with Internet and/or Mobile Banking. We’re sorry for this. We’re working to get it back to normal soon.” The banks are actively working to resolve the issue.
Lloyds Banking Group, the parent company of Lloyds Bank, Halifax, and Bank of Scotland, and formerly linked to TSB, may share similar server infrastructure for these banks, as suggested by the visual and operational similarities between their websites.
Malicious Minecraft clones affecting Android users with adware
A group of 38 Minecraft imitation games on Google Play was found to be infecting devices with the Android adware ‘HiddenAds,’ generating revenue for its operators by stealthily loading ads in the background. Minecraft, a popular sandbox game with 140 million monthly active players, has inspired many publishers to create similar games. These adware-laden games were downloaded by approximately 35 million Android users worldwide, primarily from the United States, Canada, South Korea, and Brazil.
Users remained unaware of the malicious adware activity, as the games functioned as expected. Issues such as overheating, increased network data usage, or battery consumption caused by loading multiple ads were often attributed to the game itself. McAfee’s Mobile Research Team, a member of the App Defense Alliance dedicated to protecting Google Play from various threats, discovered the adware set.
Major Canadian directory publisher hit by ransomware
Canadian directory publisher Yellow Pages Group has confirmed to BleepingComputer that it fell victim to a cyberattack. The Black Basta ransomware and extortion gang claimed responsibility for the attack and released sensitive documents and data over the weekend. Although directory services like Yellow Pages primarily deal with public data, they may also possess personal or private corporate data.
Earlier this month, Black Basta took responsibility for a cyberattack on Capita, a UK-based professional outsourcing provider. The group threatened to sell the stolen data to interested buyers unless Capita paid the ransom. Last year, Black Basta targeted Canadian food retail giant Sobeys, causing IT issues and point-of-sale (POS) kiosk malfunctions.
In recent months, the ransomware group has become increasingly active, sometimes posting multiple high-profile victims simultaneously on its data leak portal. Cybersecurity analysts have suggested that Black Basta may be a rebrand of the Conti ransomware gang, based on similarities in their negotiation tactics.
Europe’s air-traffic control agency breached by pro-Russian hackers
Europe’s air-traffic agency, Eurocontrol, confirmed on Friday that it has been under attack since April 19, with pro-Russian hackers claiming responsibility for the disruption. The attack has caused interruptions to the agency’s website and web availability, but a spokesperson told The Register that there had been no impact on European aviation.
Eurocontrol coordinates commercial traffic between 41 states, including EU countries and their national air-traffic control entities. The outage has reportedly disrupted the agency’s communication systems and compelled some smaller airlines to rely on older technology to manage flight schedules, including a fax-era backup system.