By OptionOne Technologies
Cybersecurity News
Microsoft Exposes Cybercriminals Behind Azure AI Abuse Scheme
The Hacker News reported that Microsoft has exposed a cybercriminal group known as Storm-2139. The group allegedly is behind an Azure Enterprise abuse scheme that involves leveraging access to generative artificial intelligence (GenAI) services. Criminals typically get log-in credentials from the dark web, then use them to produce offensive and harmful content.
Members of the group are from around the world. The report cited individuals from Iran, the United Kingdom, China, Austria, Vietnam, and other countries, including the United States.
“Members of Storm-2139 exploited exposed customer credentials scraped from public sources to unlawfully access accounts with certain generative AI services,” said Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit (DCU).
“They then altered the capabilities of these services and resold access to other malicious actors, providing detailed instructions on how to generate harmful and illicit content, including non-consensual intimate images of celebrities and other sexually explicit content.”
According to the report, the group is structured into three roles: “Creators,” “Providers,” and “End Users.”
Creators develop tools for AI exploitation. Providers distribute these tools for profit. End Users apply them to create synthetic content that violates Microsoft’s Acceptable Use Policy and Code of Conduct.
A website they controlled called “aitism[.]net” has been shut down through a court order. Microsoft also identified two U.S.-based actors from Illinois and Florida connected to these activities, though their identities remain undisclosed to avoid jeopardizing investigations.
Anubis Ransomware Group Targets Critical Industrial Sectors
A new ransomware group called “Anubis” is targeting healthcare, engineering, construction, and industrial companies using double extortion and Ransomware-as-a-Service (RaaS) techniques, DarkReading reported. Some of the group’s victims include “Pound Road Medical Centre, an Australian healthcare company; Summit Home Health, a Canadian healthcare company; and Comercializadora S&E Perú, a Peruvian company in the engineering and construction sector,” the report said.
A U.S.-based engineering and construction company was recently added to the list of victims. This suggests that the group is “targeting entities in critical industrial sectors for maximum pressure and payoff,” the report said.
Anubis has been active since at least the fourth quarter of 2024, according to cybersecurity researchers. Its representatives have been active on RAMP, a Russian-language forum for ransomware operators. Most users wrote their posts in Russian.
Researchers at cybercrime monitoring and analysis company KELA believe that Anubis may include former affiliates of other ransomware groups.
Third-Party Cybersecurity Attacks Drove Major Financial Losses in 2024
According to cyber risk management firm Resilience, third-party made up 31% of all client insurance claims and 23% of all material losses in 2024, a report by Infosecurity Magazine said. Third-party attacks are cyberattacks that originate outside an organization, usually through a vendor, business partner, or trusted service provider that can access critical systems.
This marks a significant change since 2023 when Resilience said no third-party claims led to material losses for their clients.
Ransomware attacks targeting vendors made up 42% of the firm’s third-party claims. Losses from these incidents increased “four-fold compared to 2023,” the report said. Ransomware also held its position as the top cause of material losses for businesses from 2023 to 2024, and although first-party ransomware attacks made up 44% of clients’ material claims, ransomware targeting vendors made up 18%.
Meanwhile, phishing-related cyber incidents have dropped significantly among clients since 2023. These types of claims only made up 9% of those incurred in 2024: a 55% drop since 2023.
Cybersecurity Tips
Securing Unmanaged Devices While Respecting Employee Privacy
In a recent article published by DarkReading, Jeff Shiner, CEO of identity security company 1Password, provided some tips on how companies can secure unmanaged devices. Doing so can be difficult: It requires respect for employee privacy but insistence on protecting the organization.
In this case, “unmanaged devices” refers to smartphones, laptops, and tablets that employees use at work but that aren’t covered by the organization’s mobile device management (MDM) policy. Such devices might belong to full-time employees as well as contractors, or anyone else using a personal device under a bring-your-own-device (BYOD) policy.
“Part of that problem is that, until recently, you could get away with having unmanaged devices,” said Shiner.
“You can pass a SOC 2 audit or get through a security questionnaire without addressing them. But these details won’t matter to your customers in the event of a breach stemming from an unmanaged device.
Four Suggestions for Securing Unmanaged Devices
Here are some of Shiner’s suggestions:
- Implement Non-Invasive Cybersecurity Measures: Use tools that provide robust security without accessing personal data or invading employee privacy. For example, endpoint security solutions can monitor for potential threats on a device without collecting sensitive information about personal usage.
- Focus on Risk-Based Policies: Adopt policies that address specific risks while allowing flexibility for employees. Keep in mind, however, that “even seemingly ‘low-risk’ apps like email can give bad actors a crucial foothold.”
- Take a Layered Approach to Cybersecurity: Since unmanaged devices are “the next frontier in zero trust,” firms must take a layered approach to secure them. Use a variety of strategies based on different levels of risk—a sales rep’s smartphone may not require security measures that are as strict as a developer’s laptop that has elevated access to critical systems.
- Don’t Abandon BYOD Altogether: Allowing employees to use their own devices can “unleash a wave of creativity and productivity that we should embrace and enable,” said Shiner. It’s important to “strike a balance” between security and flexibility.
“Securing unmanaged devices won’t be simple or straightforward, but it’s a challenge we need to face head-on,” said Shiner.
“It must start by recognizing the nuances and complexities of the problem—and most importantly, it must start now.”
Thanks for Reading
That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.