Cyber News Round-Up: May 2024

• UK MoD Hacked by China
• World’s Biggest Advertising Group Targeted by an Elaborate Deepfake Scam
• CISA and FBI Release Advisory on Black Basta Ransomware
• New Reporting Proposals for Ransomware Attacks in UK

UK MoD Hacked by China

In a recent breach during early May, a payroll system managed by an external contractor and utilized by the UK Ministry of Defence (MoD) was compromised. This led to the leaking of personal information, encompassing the names and bank details of both past and present servicemen and women. In rare instances, the data may also include personal addresses.

According to Sky News, the Ministry of Defence was reportedly targeted in a significant data breach, with allegations pointing towards the involvement of the Chinese state. Despite this, the UK government has chosen not to disclose the identity of the country responsible for the breach.

The Guardian exposed that the IT firm, which fell victim to a Chinese cyberattack resulting in the unauthorized access to the personal data of numerous Ministry of Defence personnel, neglected to report the security breach for an extended period.

World’s Biggest Advertising Group Targeted by Deepfake Scam

The CEO of WPP, Mark Read, found himself at the center of a sophisticated deepfake scam, where fraudsters utilized an artificial intelligence voice clone to impersonate top executives. In a recent email to company leadership, Read detailed the attempted fraud, cautioning others to remain vigilant against deceptive calls claiming to be from high-ranking officials.

Scammers went to great lengths by creating a WhatsApp account featuring a readily available image of Read, enabling them to orchestrate a faux Microsoft Teams meeting with him and a high-ranking WPP executive, as detailed in the email obtained by the Guardian. During the virtual meeting, the perpetrators cunningly employed a voice clone of the executive and incorporated YouTube footage to enhance their ruse. Operating discreetly off-camera, the fraudsters posed as Read through the meeting's chat function. Although their scheme targeting an "agency leader" ultimately failed, they attempted to coax money and personal information under the guise of establishing a new business.

CISA and FBI Release Advisory on Black Basta Ransomware

The FBI and CISA have collaborated on a joint advisory regarding Black Basta, a ransomware strain responsible for encrypting and stealing data from a minimum of 12 critical infrastructure sectors, encompassing the Healthcare and Public Health (HPH) Sector.

This collaborative advisory offers Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) gathered from FBI investigations and external sources. Black Basta, identified as a ransomware-as-a-service (RaaS) strain in April 2022, has had a significant impact on various businesses and critical infrastructure sectors across North America, Europe, and Australia. By May 2024, Black Basta affiliates have targeted and affected over 500 organizations worldwide.

New Reporting Proposals for Ransomware Attacks in UK

Authorities in the UK are gearing up to introduce significant changes in how the nation handles ransomware attacks. The proposed measures will mandate that all victims report incidents to the government and then obtain a license before considering any ransom payments. These proposals are expected to be part of a forthcoming public consultation set to be released next month, as disclosed by sources familiar with the situation speaking to Recorded Future News.