24 May 2024

6 min read

Arup confirmed as victim of USD 20 million deepfake scam | Cyber Intelligence Briefing: 24 May

May 2024
Cyber Intelligence Briefing


Top news stories this week

  1. AI deepfakes. Arup comes forward as victim of USD 20 million deepfake attack as UK sets up funding for AI safety research.
  2. Licence please. British government proposes mandatory ransomware reporting requirements.
  3. Family affair. Private wealth management advisory firms at increasing risk of cyber attacks.
  4. Locked out. Hacktivists use leaked ransomware builders to target Philippine government.
  5. Patch now. GitHub, Mozilla, and Veeam release fixes for critical vulnerabilities.
  6. Sticky situation. BlackBasta ransomware group hacks major US oil distributor Atlas Oil. 

1. Arup confirms it was victim of USD 20 million deepfake video call scam

British design and engineering firm Arup has confirmed it was the victim of the USD 20 million deepfake scam earlier this year. The incident occurred after an employee in Hong Kong, tricked by a deepfake impersonation of the CFO, transferred funds to scammers. The company hopes that its transparency will raise awareness about the increased frequency and sophistication of AI cyber attacks.

Separately, the UK government has announced GBP 8.5 million in research grants focusing on AI safety. The funding aims to address the potential malicious uses of AI in cyber-related attacks and ensure the safe deployment of AI.

So What?

AI has changed the cyber threat landscape. Organisations should adopt additional verification steps for operations involving financial and sensitive transactions to account for this new threat.

[Researcher: Adelaide Parker] 

2. UK government to propose mandatory ransomware reporting requirements

The UK government is reportedly considering mandatory ransomware incident reporting and a requirement for victims to get a licence before paying ransoms. A potential ban on ransom payments for critical infrastructure is also being considered, which is intended to remove financial incentives for hackers targeting these organisations. A public consultation on the proposals is expected to be published next month.

So what?

The proposals are a major departure from the current status quo, and risk introducing complexity and red tape to highly sensitive business critical decisions.

[Researcher: Amy Gregan]

3. Private wealth management advisory firms at increasing risk of cyber attacks   

Private wealth management advisory firms, known as family offices, have become prime targets for cyber attacks, according to a study by global law firm Dentons. A quarter of family offices surveyed reported suffering a cyber attack in 2023, with less than a third of respondents confident that they have sufficient cyber training or risk management programmes in place.

So what?

Family offices should proactively invest in cyber defences to avoid the more costly financial and reputational repercussions of a successful breach.  

[Researcher: Anna Tankovics]

4. Hacktivists use leaked ransomware builders to target Philippine government

Hacktivist groups are leveraging leaked ransomware builders to target the government of the Philippines in politically-motivated campaigns aimed at causing disruption. Ransomware variants such as LockBit, Vice Society, and ALPHV are being used by groups to encrypt systems and steal data, including attacks on critical government infrastructure.

So what?

The proliferation of ransomware builders is lowering the barrier to entry for threat actors. To limit the impact of these attacks it is critical to implement immutable backups.

[Researcher: David Broome]

5. GitHub, Mozilla, and Veeam release patches for critical vulnerabilities


It is vital to ensure that you have a patch management programme in place to keep software and hardware up to date.

[Researcher: Lena Krummeich]

6. Major US oil distributor hacked

The ransomware group BlackBasta has claimed to have breached the US oil distributor Atlas Oil, allegedly stealing 730 GB of data. As proof, the group has posted a file tree of the stolen confidential data, including HR, finance, and legal information, on their leak site.

So what?

Critical infrastructure organisations should ensure they have well-rehearsed incident response plans to minimise the potential of wider economic disruption resulting from ransomware attacks.

[Researcher: Aditya Ganjam Mahesh]


The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.