CYBERSECURITY

Opportunity hacks

Cybercriminals are going low and scamming high.

Early 2023 reports from government, academia, and industry demonstrate an uptick in investment scams—a big-money tactic that’s difficult for victims to detect, given effective trust-building with targets and convincing designs from the fraudster.

“For an external party looking at one of these sites, there’s no really obvious indicators of why it’s fake. There’s no, like, bank logo,” Robert Duncan, VP of product strategy at cybersecurity company Netcraft, told IT Brew.

Investment fraud led the FBI’s list of “costliest” crimes in 2023, the agency said in their recently released annual Internet Crime Report; the pull from the phony money-making opps surpassed amounts earned from classic fraud schemes like business email compromise and tech-support scams.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

PRESENTED BY AMAZON WEB SERVICES DEVOPS

Get Cre(A)t(I)ve

Your marketing and sales teams know how to present exciting ideas in fresh, engaging ways. Why not give them an extra leg up?

Generative AI can help your teams by inspiring new ideas + developing stronger content, all to bolster the end goal of converting more prospects into customers. And let’s get one thing straight: AI is all about elevating human work, not replacing it.

Need some tips on how to leverage generative AI? Check out AWS’s ebook that's all about revolutionizing your marketing and sales strategies with it. Capabilities include:

• automating repetitive marketing and sales tasks to expedite workflows
• accelerating customer acquisition
• personalizing sales proposals

Snag your copy—and unlock next-level marketing chops.

CYBERSECURITY

Threat detected

Hackers in North Korea have sought to launch cyberattacks against semiconductor firms in South Korea “from the second half of last year until recently,” South Korea’s National Intelligence Service (NIS) said on March 4. The hacking entities breached at least two firms, specifically targeting semiconductor companies “whose servers were connected to the internet and exposed vulnerabilities.”

Last December, threat actors targeted two companies—which the agency did not name—by hacking one company’s “configuration management server” and another’s “security policy server.” The NIS said the hackers also stole “product design drawings” and “facility site photos.”

North Korea could be eyeing chips to help bolster its military offerings amidst sanctions. “We believe that North Korea might possibly be preparing to produce its own semiconductors in the face of difficulties in procuring them due to sanctions,” the NIS said in its statement, according to the BBC; the agency also noted the increased demand “due to the development of weapons such as satellites and missiles.”

Read more here.—AF

Do you work in IT or have information about your IT department you want to share? Email [email protected].

CYBERSECURITY

CISA down

The Cybersecurity and Infrastructure Security Agency (CISA), the federal agency responsible for the nation’s cyber defenses, was forced to take two systems offline last month following a security breach.

“US officials briefed on the matter” confirmed to CNN that two systems were compromised: one that allows officials at various levels of government to access security assessment tools, and another that stores data related to security measures at chemical facilities. The Record, which first broke news of the attack, identified those systems as the Infrastructure Protection (IP) Gateway and Chemical Security Assessment Tool (CSAT).

CISA has not shared many details about the attack. CISA spokesperson Scott McConnell told IT Brew in a statement shared with other outlets, “The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time.”

“This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience,” the statement continued.

Keep reading here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

TOGETHER WITH VEEAM

Meet Veeam Data Cloud. Want the peace of mind that comes with reliable data backup and recovery for Microsoft 365 and Azure—without adding a bunch of confusing, complex processes? You need Veeam Data Cloud. This hassle-free, all-in-one backup service comes with everything you need to continuously back up your org. No guesswork, no headaches. Invest in radically resilient protection.

PATCH NOTES

JOBS