Here's your go-to source for the freshest and most crucial updates from the world of cyber security.
1. Cyber attack on IT service provider CTS disrupts over 80 UK law firms, hindering legal services and real estate transactions
Last Wednesday’s cyberattack on CTS, a prominent UK-based provider of managed IT services for law firms and the professional services industry, continued to cause widespread disruption this week.
The attack specifically impacted cloud hosting and solutions for legal entities in the UK and Ireland, leading to significant operational challenges for law firms specializing in real estate.
Between 80 to 200 UK law firms have been affected by the attack resulting in a major outage, hindering the ability of these firms to access their case files and conduct normal operations. This disruption has had a notable impact on real estate transactions, as many of these law firms are involved in conveyancing and other property-related legal services.
The incident at CTS highlights the vulnerability of legal firms to cyber threats and underscores the critical nature of cyber security in the legal sector. It has caused significant operational challenges and delays in service provision, affecting numerous organizations within the legal sector. Close to 80 law firms reported being unable to access their case files since the incident occurred, leading to delayed or disrupted legal services.
The full extent of the impact on law firms and their clients is still unfolding.
2. Cyberattack on KyberSwap leads to $54.7 million cryptocurrency heist
KyberSwap, a decentralized exchange protocol, revealed that it experienced a significant cyberattack on November 22, 2023, resulting in the loss of nearly $54.7 million in cryptocurrency.
The attack was executed through a complex series of exploitative swaps, which enabled the unauthorized withdrawal of user funds. This event underscores the vulnerability of cryptocurrency platforms to targeted cyberattacks and highlights the challenges in securing digital assets in the burgeoning field of decentralized finance DeFi.
In the wake of the attack, KyberSwap's team urgently advised its users to withdraw their funds. The company is actively attempting to recover the stolen assets. This cyberattack not only represents a significant financial loss but also casts a spotlight on the ongoing security concerns within the cryptocurrency industry, particularly for decentralized platforms.
Kyber Network, the entity behind KyberSwap, acknowledged the severity of the hack, noting that the loss of more than $54.7 million in digital assets stands out in the history of cryptocurrency exploits. The incident has raised concerns about the robustness of security measures in place at cryptocurrency exchanges and the need for enhanced protections against sophisticated cyber threats.
3. UK NCSC and US CISA launch joint guidelines for strengthening cyber security in AI system development
The UK National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) released ‘Guidelines for Secure AI System Development’ this week. The move marks a significant advancement in addressing the interplay between artificial intelligence (AI) and cyber security with the guidelines aimed at assisting developers throughout the AI system development process, ensuring that security is a fundamental aspect.
The guidelines emphasize the secure operation and maintenance of AI systems, particularly focusing on the stages following deployment. This includes logging and monitoring, update management, and information sharing. Adhering to the 'secure by default' principle. The NCSC stated that the guidelines strive to incorporate security at every stage of an AI system's lifecycle.
This collaboration extends to other international partners as well, reinforcing the goal of creating AI systems that are safe, secure, and trustworthy. By integrating 'secure by design' principles, the guidelines advocate for a comprehensive approach to cyber security in the development, deployment, and operation of AI systems.
4. Japan's Space Agency reports unauthorized access
The Japan Aerospace Exploration Agency (JAXA) reported that it had experienced a cyber incident on Wednesday, with unauthorized access to its network server being highly likely. The government announced the security breach, noting that sensitive information did not appear to have been stolen in the incident. The cyberattack, has raised concerns about the potential access to sensitive space-related technologies.
Government spokesman Hirokazu Matsuno confirmed that JAXA reported the possibility of unauthorized access to its central server, which controls the agency's intranet. The nature and extent of the penetration by the attackers remains unclear, but it has highlighted the vulnerabilities within the organization's cyber security infrastructure.
Following the cyberattack, a spokesperson from JAXA reassured the public that no sensitive data linked to satellite or rocket operations had been compromised.
The incident underscores the growing cyber security challenges faced by space agencies globally and highlights the need for robust security measures to protect sensitive information and infrastructure in the space exploration and technology fields.
If you're concerned about any of the threats mentioned in this bulletin or need guidance on the necessary steps to safeguard your organization from significant risks, please don't hesitate to reach out. We're here to help you understand your options and protect your organization effectively.
Get in touch with us today to explore the best ways to secure your business.
Comments