About the author
Associate Director | Corporate Development
Roland is an Associate Director in Thomas Murray’s Corporate Development team. He joined Thomas Murray in 2018 with responsibility for group strategy, partnerships and corporate finance. More recently, Roland’s role has focused on establishing Thomas Murray’s cyber risk business, starting in 2021 with the launch of our Orbit Security platform, and the development of our expert cyber risk consultancy. Roland has a BA in English Language and Literature from Oxford University.
As Cybersecurity Awareness Month wraps up for another year, just in time for Halloween, here are six tales of the spookiest cyber moments of 2023. Read on, if you dare…
The monster (data leak) at DarkBeam
DarkBeam is a digital protection firm that experienced a data leak that exposed more than 3.8 billion records – the biggest known data leak of 2023 so far.
Embarrassingly for DarkBeam, the leak was brought to its attention by a cyber security news site that discovered it on 18 September. Even worse for DarkBeam, the nature of the leak points towards the cause being “human error”, for example employees forgetting to password-protect data after running maintenance.
Proof, if it were needed, that sometimes the monster doesn’t have to try very hard to get in.
An apocalyptic warning from Lloyd’s
Lloyd’s of London has cried “beware!” and urged the global business world to tighten up its cyber security before it’s too late. Those who ignore the dire warning are, according to Lloyd’s, at risk of being the first entry point for hackers who will create “widespread disruption” to the global economy.
Lloyd’s researchers have found that a “hypothetical but plausible cyber attack” on a payments system could cost up to US$3.5tn – leaving cyber insurers like Lloyd’s fretting that such a high level of risk is uninsurable. Will Lloyd’s therefore leave the world’s financial infrastructure out in the cold? Stay tuned!
The masked attackers
ChatGPT and its cousins (like Bard) have a few black sheep in the family – such as WormGPT and FraudGPT, though the jury is still out on how effective these ‘evil’ versions of ChatGPT really are.
But, in a call with journalists in mid-2023, the FBI was clear that threat actors are using artificial intelligence to disguise themselves as trusted individuals and organisations to make their phishing attacks more targeted and more successful.
Although the FBI apparently didn’t name names, the agency official did disclose that hackers prefer free, customisable open-source tools. Maybe we all have more in common with the villains than we’d like to admit?
It came from the deep fake
UK ‘money saving expert’ and media personality Martin Lewis has long warned his audience about the prevalence of online scams, so he’s particularly upset about deep fake videos of him circulating on social media. The videos, which Lewis describes as “terrifying” and “frightening”, appear to show him endorsing investments in “Elon Musk’s new project” (which, of course, does not exist).
The computer-generated version of Lewis uses his face and voice, and is captioned with branding that mimics ITV’s This Morning, a show Lewis regularly appears on.
The unsettling clips give few clues that they feature a body-snatched version of Lewis, and he is not the only victim. Veteran Hollywood star Tom Hanks has also had to warn the public that it is a digital doppelgänger, not him, appearing in online ads for dental plans.
Zombie data comes back to bite AT&T
In March 2023, AT&T had to tell nearly nine million customers that their personal information had been exposed in a data breach through a third-party vendor (i.e. a supply chain attack).
AT&T says it is confident that very sensitive data, like payment card and Social Security numbers, have not been exposed. Even so, the US telecoms behemoth was forced to admit that in “a small percentage” of cases more specific data was affected, although it said that the information was “several years old”.
Disturbingly, AT&T did not disclose a good reason for keeping such out-dated information rattling around in its attic.
Black Cat, and other ghosts in the machine
The most horrifying malware groups in the world could have their tentacles snaking through your network right now. The scariest thing about malware is that, without continuous threat monitoring, you won’t even know that it’s there – until it’s too late.
These creepy creatures of darkness include Black Cat (a Ransomware-as-a-Service group), Black Basta (also a RaaS gang), the ransomware group Akira (which feeds on small-to-medium sized organisations), and Cl0p – the biggest and baddest of the bunch at the moment, as it counts US government departments, Shell and the BBC among its victims.
If you’d like help with banishing your cyber security fears, contact me and the team for more information about how we can help you with security ratings, continuous threat monitoring and more.