This blog provides a comprehensive update on a major data breach at the UK Ministry of Defence, a strategic shift in ransomware targets towards smaller businesses, and the increasing utilisation of generative AI in cybercrime.

The realm of hacktivism is rapidly expanding, its contours continually shifting and adapting to the geopolitical climate. Within this dynamic landscape, specific regions and industry sectors face heightened risks. Hacktivism, by its very essence, thrives in the public eye, as its actors strive to effect political or social change.

One issue that is raised frequently is the way in which security or IT teams struggle to speak the “business language” to members of the senior leadership that take the final decisions on spending and investment.

When it comes to cybersecurity and online protection, many regional ISP and telco providers are very late to the party to defend against malicious actors, like in the case of Russian APT groups. The COVID-19 crisis outlined the importance of the internet and computers. However, it also emphasized the importance of online security. One report showed that over 7.9 billion records had been exposed by data breaches from January to September of 2019.

Initial access brokers (IABs) form a key part of the cybercriminal ecosystem. They facilitate access for ransomware groups, data leakers, and advanced persistent threat groups (APTs) into corporate networks. They are highly specialised, and professional, and operate in an established, lucrative market often characterised by rigid rules and conventions. Every ransomware attack or data breach begins with initial access, following the reconnaissance phase of an attack.

To find out, check out Episode 20 of the Cyjax Geopolitical and Cybersecurity Podcast. Here’s a summary of what’s on the table… In the latest episode of the Cybersecurity & Geopolitical Discussion, the hosts Ian Thornton-Trump CD, CISO for Cyjax, Lisa Forte of Red Goat Security and Philip Ingram MBE of Grey Hare Media, delve into the complexities of China’s image from an outsider’s perspective.

Cyjax analysts have identified the distribution of STOP ransomware on Google Groups through mass spam attacks on Usenet. Over 385,000 posts have been observed, which contain malicious links resulting in ransomware infection. This campaign, henceforth referred to as “STOPNET.GG”, has been in operation since at least May 2023, and is ongoing at the time of writing.

To find out, check out Episode 19 of the Cyjax Geopolitical and Cybersecurity Podcast. Here’s a summary of what’s on the table… A new year brings new threats! So join our CISO Ian Thornton-Trump CD and his guests Lisa Forte, Partner at Red Goat Security and Philip Ingram MBE of Grey Hare Media, for expert analysis of how some of the more compelling world events set to take place this year could impact global stability and security.

As businesses have evolved, so have cybercriminals and the means they use to try and penetrate their digital assets. Every day, new threats arise and unscrupulous organisations create means to attack physical networks, cloud services, and other key business functions and this is why having a robust cyber security risk management plan is critical.

In today’s digital age, the cybersecurity landscape is more akin to an ever-shifting battleground, where the only constant is change. Threat actors continuously evolve their strategies, exploiting new vulnerabilities and adapting to the latest defences.