AI will make bogus emails appear genuine, and other cybersecurity news to know this month

Artificial intelligence (AI) will make it easy for amateur cyber scammers to conduct phishing attacks using fake emails that appear genuine, according to the UK's National Cyber Security Centre (NCSC).

The latest assessment from the NCSC, part of the GCHQ intelligence agency, notes that generative AI has become widely available to the public through open-source chatbot systems like ChatGPT, which create content from simple prompts.

The result is ever more convincing fake emails, free of tell-tale grammar and spelling mistakes, including phishing messages that trick recipients into revealing account passwords or personal information.

“To 2025, generative AI and large language models will make it difficult for everyone, regardless of their level of cybersecurity understanding, to assess whether an email or password reset request is genuine, or to identify phishing, spoofing or social engineering attempts,” the agency said.

It added that ransomware attacks are also expected to increase as AI makes it easier for amateur cybercriminals and hackers to target victims and access sensitive information or even paralyse their systems.

Two major water utility companies in the US and UK have been targeted by separate ransomware attacks resulting in apparent data breaches, Security Week reports.

One of the world's largest private players in the water sector, US company Veolia, announced it was hit by a ransomware attack that affected backend systems and servers. The cyberattack targeted the company's municipal water division, disrupting online bill-payment systems.

Personal information of "a limited number of individuals" may have been compromised, but there is no evidence to indicate water or wastewater treatment operations were impacted, the company said.

In the UK, the Black Basta ransomware group has claimed responsibility for an attack on Southern Water. The group says it has stolen 750Gb of files, including personal information and corporate documents, which it is threatening to make public unless a ransom is paid.

The water utility has begun an investigation, but so far says it has found no evidence of the attack.

“Our services are not impacted and are operating normally,” it said.

Weak identity controls, ineffective security operations and limited data protection are the most common vulnerabilities to such attacks, according to Microsoft's Digital Defence Report 2022.

Organizations will increase data protection investment but recover less in 2024, according to a survey by Veeam Software. Data protection budgets are expected to increase by 6.6% in 2024 amid continued threats from ransomware and cyberattacks.

The UK's University of Worcester is launching its cybersecurity degree a year ahead of schedule due to strong demand, and to equip students with the skills to handle cybersecurity issues, the BBC reports.

Data from two prominent online gaming platforms in India –Teenpatti.com and Mpl.live – has been offered for sale by cybercriminals known as "roshtosh", raising concerns about user information on online gaming sites, according to the Cyber Express news site.

A Russian cybercriminal has been sanctioned for his role in hacking Australia's health insurer Medibank, which the country's Home Affairs Minister Clare O'Neil described as "the single most devastating cyberattack we have experienced as a nation". Sensitive documents were posted online relating to millions of Australians, including abortion records.

The US Securities and Exchange Commission confirmed a key security feature on its X – formerly Twitter – account had been disabled for six months when hackers made a fake post about Bitcoin, resulting in a temporary spike in its value.

In early January, the World Economic Forum released its Global Cybersecurity Outlook 2024, which examines the cybersecurity trends that will affect economies and societies in the year to come. The report and the state of cybersecurity were major topics of discussion during the Forum's Annual Meeting 2024 in Davos, Switzerland. Experts from across the public and private sector gathered to discuss cyber inequity, the cyber skills gap and cyber's increasing role as a strategic imperative, among other issue areas.

To harness the opportunities quantum computing could bring to the finance sector, four principles can inform global regulatory approaches towards a quantum-secure transition.

The global challenge of cybercrime requires an equally global response. In the battle between cyberspace's bad and good guys, this is how the defenders can increase their capacity and win.

Currently, the world faces a cybersecurity staffing shortfall of about 4 million professionals. Are you thinking about a career in cybersecurity? If so, these are the programmes you need to know about.