Cyber Security News March

AI Threats and Cybersecurity

As threats to organisations in 2024 continue to become more sophisticated as a result of artificial intelligence (AI). Organisations must work swiftly to utilise generative AI before attackers can exploit things to their advantage.

AI language models are transforming organisational cybersecurity, and as we push into 2024, these sophisticated models have demonstrated remarkable capabilities in understanding and generating human-like text. Security teams utilising large language models are empowering experts with the ability to sift through large amounts of data into actionable insights through simple queries.

While large language models will certainly continue to make an impact, they are still limited in their ability to understand and interpret the intricacies of specialised cybersecurity datasets. So as we move further into 2024, a trend has been noticed of security teams transitioning to small language models. These models are mentioned to be far more agile and specialised. Offering security teams access to more attuned and actionable insights. Training in real-time data systems will be the secret weapon for security teams to adapt swiftly to the ever-shifting world of cyber threats.

Data Breach Updates for March

An updated list of reported data breaches can be found by reading the below article. Recent updates for the month of March 2024 include 2 notable breaches:

Fujitsu Data Breach: Fujitsu has confirmed that it recently fell victim to a cyber attack after malware was found on a number of the company’s work computers. They did not reveal what kind of information had been exposed by the attack.
Vans Data Breach: Vans reported that ‘On December 13, we detected unauthorised activities on a part of our IT systems, apparently carried out by external threat actors’. The company further claims that no ‘detailed financial information’ or passwords were exposed during the incident.

China’s Industrial Cybersecurity

The Chinese Ministry of Industry and Information announced a plan in late February to improve data security across the country’s industrial sector. The primary aims of the plan are to address major risks by the end of 2026.

Measures to be applied to more than 45,000 companies in the industrial sector will include emergency drills replicating ransomware attacks and data security training.

Malaysia Cybersecurity Legislation

On March 27, Dewan Rakyat passed a Cyber Security Bill aimed at improving the nation’s cybersecurity through compliance. Under the bill, Digital Minister Gobind Singh Deo said there are 11 sectors specified as Critical National Information Infrastructure, including government, banking, finance, transport, defence, healthcare, water supply, communication, and the digital sector, to name a few.

The bill itself primarily aims to address compliance with certain measures, standards, and processes to manage cybersecurity threats. In addition, it also relates to the establishment of a National Cyber Security Committee and the designation of critical national information infrastructure entities.

Microsoft Updates to Cyber Attacks from Midnight Blizzard

In an update to the attack on the Microsoft corporate email systems on January 19, in recent weeks, Microsoft has seen evidence that Midnight Blizzard is using the information initially exfiltrated from the system to gain or attempt to gain unauthorised access. This access includes some of the company’s source code repositories and internal systems.

Since the attack, to date, Microsoft reports that they have found no evidence that Microsoft-hosted customer-facing systems have been compromised.

March 28, 2024 | Author: FortiPass Team