Cybersecurity News – AI Email Security: Next-Gen, Manchester Students’ Data Leak, Russian APT: Email Server Breach
Listen to this blog post below
With malicious actors employing innovative techniques to infiltrate network systems using phishing emails, organizations must deploy AI/ML-powered email phishing protection systems to prevent data privacy violations. Here are the latest email security-related updates:
AI-Powered Email Security Is the Next Big Thing in Cybersecurity – Next-Gen Email Threat Protection
With AI (Artificial Intelligence) ruling the roost in the industry, it is no surprise that cybersecurity experts are turning to it for email protection. Modern tools like Trustifi can identify malicious email behavior and nip the chances of a cyberattack in the bud.
With cyberattacks becoming more sophisticated, traditional email phishing protection techniques no longer hold good. Hence, adopting AI has become the go-to solution for all organizations to ensure effective and efficient email security. AI and ML (Machine Learning) can perform better with higher efficiency. However, the following must be considered seriously:
- AI/ML systems only work if it has uncorrupted data for support.
- It is essential to incorporate data into AI-human intervention ML algorithms to ensure success.
- AI-powered solutions work well if organizations recruit AI-focused cybersecurity staff with data analytics and science expertise.
Image sourced from data-flair.training
The University of Manchester Students Warned of an Imminent Data Leak
Threat actors have become bolder, and they have begun warning students of educational institutions like the University of Manchester of leaking their data and other credentials on the internet if their ransom demands are not met.
On June 6, 2023, threat actors managed to infiltrate the University of Manchester’s servers and steal 7 TB of data belonging to students, lecturers, and administration staff. The malicious actors have sent an email to the University asking for a ransom. While the University has confirmed the attack on its network and likely data loss, it has ruled out similarities with the recent MOVEit Transfer Data Theft attacks or the data breach at Zellis.
The University has not confirmed the ransom, but the information security reporter Bleeping Computer has learned it was a ransomware attack. Besides, the threat actors have emailed students and shared with Bleeping Computer that they have stolen 7 TB of data, including personal credentials, research data, police reports, medical data, HR documents, drug test results, finance documents, and databases.
Russian APT Group Caught Red-handed While Compromising Roundcube Email Servers
Cybercrime does not know any international borders, with Russia always at the forefront of launching cyberattacks on other countries’ networks.
A malicious Russian group has been caught red-handed while infiltrating Roundcube email servers to spy on Ukraine’s military installations and government institutions.
Recorded Future, a threat intelligence organization, has advised that malicious actors use Roundcube server infections to run exfiltration scripts and reconnaissance runs, redirecting incoming emails to gather user credentials, address books, and session cookies.
Recorded Future has documented the activity along with Ukraine’s CERT-UA (Computer Emergency Response Team) and attributed it to Russia’s GRU Military Spy Unit. The attack involves sending phishing emails, encouraging recipients to open them, and compromising vulnerable Roundcube servers.
American Airlines, Southwest Airlines Issue Data Breach Notification Affecting Pilots
Two of the world’s largest airlines, American Airlines and Southwest Airlines, recently disclosed data breaches caused because the hackers compromised Pilot Credentials from a third-party vendor managing multiple airlines’ recruitment portals and pilot applications. Both airlines published a notice notifying about the Pilot Credentials breach, which they say was limited to the thirty-party vendor’s systems. Thus, the breach had no impact on the airlines’ systems and networks.
An unauthorized person accessed Pilot Credentials’ systems and stole documents that contained information provided by applicants in their pilot and cadet hiring process.
According to the breach notifications that the companies filed with Maine’s Office of the Attorney General, Southwest said the data breach impacted 3009 pilots and applicants, while American Airlines reported 5745. American Airlines said the data includes personal information like name, date of birth, Social Security number, passport number, Airman Certificate number, driver’s license number, and other government-issued identification numbers(s).
Although there is no evidence indicating that hackers specifically exploited pilots’ personal information to commit fraud, the airlines said that from now, they would direct all the cadet and pilot applicants using self-managed internal portals.
Southwest Airlines explained that they are no longer utilizing the vendor and directing all Pilot applicants to an internal Southwest-managed portal.
Southwest Airlines and American Airlines also notified relevant law enforcement authorities regarding the breaches and are cooperating with their investigation into the matter.