Deepfake Attack Victim, Gucci Parent Breached, Shipping Industry Targeted
Hello folks! It’s already the 3rd week of September, and we are excited to bring you the latest updates from the world of cybersecurity. Every week, we gather some of the most important cybersecurity news that you must know about. This proactive cyberawareness is the key to staying a step ahead of potential cyberattacks.
This week, our cyber bulletin will cover the deepfake mishap that occurred in Bengaluru and resulted in a loss of approximately $428k. Next, we will talk about the recent threat attack on Gucci’s parent company. Lastly, we will wind up today’s bulletin by discussing the trend of a sudden rise in cyberattacks on the global shipping industry.
Let’s not waste time and start with the juicy details!
Indian woman falls prey to deepfake attack!
An Indian woman recently fell prey to deepfake technology while scrolling YouTube. The cyberattack cost her a massive $428K!
Varsha Gupta, a resident of Bengaluru, was scrolling through YouTube on 20th February. While watching videos, she came across a fake video of popular Indian figure Sadhguru. In the video, the AI-generated Sadhguru claimed that investing USD 250 through a specific link would bring in massive financial gains. Varsha, being a true believer, fell for the deepfake video and clicked on the malicious link.
Later, a man named Mr Waleed B contacted her and posed as the representative of MirroxApp. He used different international phone numbers and email addresses to connect with her. Further, he asked her to download the Mirrox app and shared trading lessons through the virtual meeting app Zoom. There was another person named Michael C, who used to guide Varsha with trading lessons in the absence of Mr Waleed.
As per their guidance and instructions, Varsha transferred a sum total of around $428K to different accounts provided by these scamsters. She also shared her credit card details with the scammers.
An investigation is underway, and cyber experts believe that a huge cybercrime racket is running such threat campaigns actively. According to cyber experts, adopting DMARC, DKIM, and SPF is crucial for enhancing email security and defending against phishing threats.
ShinyHunters’ latest prey is Gucci’s parent company.
The latest victim of ShinyHunters’ cyberattack is Kering, the parent company of multiple luxury brands, including Gucci, Yves Saint Laurent, and Balenciaga. ShinyHunters has been attacking organizations left, right, and center for the last couple of months. They have successfully bypassed the security setups of Salesforce systems. The latter offers customer relationship management or CRM services to some of the biggies like Google and Adidas.
Kering is also one of the clients of Salesforce and has confirmed that data of a whopping 7.4 million customers have been breached by the threat group.
Kering has informed concerned authorities about the cyber mishap. Meanwhile, ShinyHunters has contacted the BBC through Telegram to share further details on the cyberattack.
The threat attack took place back in April, and the group demanded ransom in June. Kering has informed the BBC that they are in no mood to show leniency and that they have declined the ransom demand.
A Kering spokesperson said that “no financial information–such as bank account numbers, credit card information, or government-issued identification numbers–was involved in the incident.”
Louis Vitton and Cartier also experienced similar threat attacks in April.
Global shipping industry is the latest favorite of threat actors!
Lawyer Henry Clack is way more familiar with certain Nigerian criminal gangs than he would like to be. He works at a London-based law firm named HFW. He offers legal assistance to shipping companies that fall prey to cyberattacks.
Nigerian cybercriminals are the major perpetrators behind these cyberattacks. They mainly use the “man-in-the-middle” fraud to break into email communications between two different shipping parties. They communicate in such a way that the victims divulge sensitive financial details and passwords. They are also capable of taking full control of any company’s computer system.
As per the data of HFW, the average expense of threat attacks comes somewhere between $550,000. In case of ransom demands, the cost can go as high as $3.2M. Since 80% of the world trade relies on sea routes, such cyberattacks can create a massive crisis.
As per industry experts, the shipping sector has become one of the top picks for cybercrooks. From just 10 instances of cyberattack back in 2021, the number of attacks increased to a staggering 64 in the last year.
From random cybercriminals to state-sponsored hackers, the global shipping sector is rife with the risk of cyberattacks. Experts believe that because of digitization and satellite internet, the shipping industry has been prone to cyber threats. Old ships suffer all the more because they don’t have adequate technology to keep pace with sophisticated cyberattacks.
Because of increased cyber threats, the global shipping sector must now upgrade its cybersecurity mechanisms to prevent any massive disruption in global businesses.
