2025 is going to be a heck of a year for deepfakes.
As Rick Hutchinson, CTO of VikingCloud, writes in Forbes, businesses are already struggling to keep up with cybercriminals’ pace of innovation, and according to a VikingCloud report, 53% of companies admit they’re unprepared to defend against new AI-based cyberattack methods. And that's before deepfakes are taken into account.
"As cybercriminals' most potent new weapon, deepfakes can impersonate anyone—from presidential candidates to C-suite executives. They can spread misinformation or proliferate high-value fraud scams. And they are becoming harder to detect and easier to develop," Hutchinson said.
Criminals don’t need special technology or expertise to create these deepfakes, and the impact is staggering. Face swap attacks increased 704% in the second half of 2023 alone. The scale of this problem will continue to grow as barriers to entry for cybercriminals continue to fall.
MSSPs need to be ready.
Now, here's today's MSSP market update. Drop me a line at [email protected] if you have news to share or want to say hi!
Today's MSSP Update
1. FireScam malware targets Android devices: SC Media reports that Android devices are being targeted by the novel FireScam information-stealing malware. The malware disguises itself as a fraudulent Telegram Premium app and is spread through the popular Russian app store-spoofing GitHub.io phishing site.
2. Windows LDAP vuln POC: Vulnerable internet-exposed Windows Server instances and domain controllers could crash and be rebooted through a new proof-of-concept exploit for the already patched high-severity Lightweight Directory Access Protocol denial-of-service flaw dubbed LDAPNightmare and tracked as CVE-2024-49113, reports Security Affairs. Only internet connectivity is required to facilitate the compromise, which starts with the delivery of a CLDAP referral response packet to disrupt the Local Security Authority Subsystem Service before a DCE/RPC request is sent to the targeted machine. The victim's machine is then designated as an LDAP client that requests CLDAP from the attacker's machine, according to SafeBreach researchers, who developed the PoC exploit.
3. Microsoft updates Entra ID: Microsoft has updated Entra with the Federated Identity Credentials system to curb authentication security risk by reducing user handoffs of credential information while using several services, according to SC Media. With the new feature, tokens issued by Microsoft Entra per user login will be accepted by all services with Microsoft Entra API support, limiting not only the entry of login details for other services but also the risk of potential data interception from a third party, noted Microsoft. The changes come as more identity management vendors, including Okta, look to adopt consolidated identity management systems.
4. Salt Typhoon attacks impact more telcos: The Wall Street Journal reported that U.S. telecommunications companies Windstream, Consolidated Communications, and Charter Communications have also been compromised by Chinese state-backed threat group Salt Typhoon in a cyberespionage operation previously confirmed to have targeted nine telcos across the country, including AT&T, T-Mobile, Verizon, and Lumen Technologies, according to Reuters. Attacks by Salt Typhoon also involved the targeting of vulnerable Fortinet network devices and large Cisco network routers.
5. Atos confirms third-party breach: French multinational IT firm Atos disclosed some files bearing its name were untowardly accessed in a Space Bears ransomware attack against a third party, but refuted assertions that its systems had been breached after the ransomware gang threatened to leak the data by Tuesday, reports The Register.
