Global cyber attacks were up 44% last year as AI and nation-state tactics evolve

Cyber attacks surged 44% globally in 2024, driven by evolving nation-state strategies and generative AI. According to the new annual report from Check Point Software there was a shift towards chronic campaigns eroding trust. AI-powered disinformation targeted a third of elections between September 2023 and February 2024, with examples like Russian APT group CopyCop using deepfake videos during US primaries.

Ransomware tactics evolved, focusing on data exfiltration and extortion. Healthcare saw a 47% rise in attacks, while state-sponsored botnets exploited routers and VPNs. Infostealers surged, trading stolen data on platforms like Telegram, escalating threats to corporate networks.

AI-fuelled financial crime also rose, alongside supply chain attacks. New regulations such as DORA and NIS2 add pressure, emphasising resilience. Our experts urge strengthening BYOD security, patch management, and edge device protections.

Russian hackers target Swiss municipalities and banks amid World Economic Forum

Russian hackers, believed to be the NoName group, launched Distributed Denial-of-Service (DDoS) attacks against several Swiss municipalities and banks on Tuesday, coinciding with the World Economic Forum (WEF) in Davos. The National Cyber Security Centre had anticipated such incidents during the high-profile event, describing the attacks as online demonstrations designed to gain attention.

The cyberattacks targeted the cantonal banks of Zurich and Vaud, as well as the Lucerne municipalities of Adligenswil, Kriens, and Ebikon. DDoS attacks overwhelm websites and applications with excessive traffic, rendering them inaccessible but causing no data breaches, according to the cyber security office.

This is not the first incident involving the NoName group, which also paralysed several Swiss federal government websites in June 2023. Authorities continue to monitor the situation, emphasising the importance of robust cyber defences during globally significant events like the WEF.

Experts warn of potential ChatGPT misuse for DDoS attacks

Cyber security researchers have discovered a vulnerability in OpenAI's ChatGPT API that could allow threat actors to launch Distributed Denial of Service (DDoS) attacks. Researcher Benjamin Flesch identified that the API’s handling of HTTP POST requests permits users to submit an unlimited number of links via the “urls” parameter. By including thousands of hyperlinks to the same target, malicious actors could exploit OpenAI’s servers to overwhelm a victim’s website with HTTP requests, causing service disruptions.

Flesch recommends OpenAI address this issue by imposing strict limits on URL submissions, restricting duplicate requests, and implementing rate-limiting measures to curb potential abuse.

This revelation highlights the broader challenge of preventing generative AI misuse. While OpenAI has implemented safeguards to stop ChatGPT from generating harmful content, hackers continue to engage in "GenAI jailbreaking" to bypass these restrictions. These efforts underscore the need for constant vigilance and proactive measures to secure AI systems.

Half of UK higher education institutions face weekly cyberattacks

As digital dependency grows, cybercriminals increasingly target healthcare and education. Research reveals half of UK higher education institutions face weekly cyberattacks, and ESET’s latest study highlights a worrying cyber security gap in the education sector.

One in five UK educational organisations has suffered three or more cyberattacks in the past five years, yet many lack even basic protections. A third of institutions operate without antivirus software or strong password policies, and 79% have not adopted advanced measures like managed detection and response.

Cyber insurance remains underused, with only 44% of primary schools and 36% of secondary schools holding policies. Budget constraints are a significant barrier, with 7% of schools reporting no annual cyber security budget and many citing high insurance costs.

While 76% of institutions trust their staff’s cyber awareness, nearly half say proving financial risks is key to securing larger budgets for better protection

Ransomware gangs use new email bombing tactics and Teams calls to infiltrate networks

Ransomware groups are employing new tactics, combining email bombing with fake IT support calls via Microsoft Teams to infiltrate corporate networks. Threat actors bombard employees with thousands of spam emails before initiating Teams calls from adversary-controlled Office 365 accounts, posing as IT support.

Sophos researchers attribute these methods to groups like STAC5143 and STAC5777, with links to Black Basta ransomware and potential connections to the FIN7 cybercrime gang. The attackers exploit default Microsoft Teams configurations that allow external calls and chats, tricking victims into granting remote access.

In one case, attackers dropped malware hosted on external SharePoint links, establishing command-and-control channels and deploying tools like RPivot for network pivoting. Another campaign leveraged Microsoft Quick Assist to gain full control, harvesting credentials and scanning networks.

Organisations are urged to block external Teams messages, disable Quick Assist in critical environments, and adopt stricter security policies to combat these sophisticated ransomware techniques.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.