CyberCX

CyberCX is advising customers that multiple global brands, including CyberCX, are being impersonated in a spam email campaign.   The campaign, which has been active for at least six months, refers to cyber security threats affecting the recipient and offers them a link to download security software. Emails closely mimic the impersonated organisations’ branding and ask recipients to click a link to download security software.   Watchpoints:  🔷 We will never send unsolicited emails asking you to download software. But criminals are using brand impersonation in spam and phishing emails, and they are becoming increasingly realistic.  🔷 Now’s a good time to remind your teams to “stop, think, and consider” before they click on links.

Join our upcoming webinar on Thursday 12 September to learn about new and important updates to ISO 27001, and how to plan your migration journey.   As host David Simpson will discuss, organisations wanting to maintain certification to ISO 27001 must transition to the new version by 31 October 2025.   "Like all frameworks, this standard is under continuous review to address changes in the global threat landscape," says David. "The latest version of 27001 was released in 2022 and targets a number of existing and emerging threats and technologies as part of the global certification framework."   Don't let your ISO certification lapse. Register for this free webinar:

CyberCX's Liam O’Shannessy told a special investigation from 60 Minutes that scammers are using artificial intelligence technology to convince victims they’re speaking to a real person.   Liam demonstrated live face-cloning technology that allows scammers to video call their victims – something that wasn’t possible a few years ago.   “We used to be able to tell people: ‘Hey, you’ve been chatting with this new friend overseas. It’s probably not that person. If you really believe it’s that person, get on a video call with them,' said Liam. “We can’t make that recommendation anymore." Read the full article and see Liam's demonstration here: https://lnkd.in/de922Rrv

CyberCX's Financial Services Lead Shameela Gonzalez joined the latest episode of Girls Talk Cyber to discuss one of the more unspoken about and underrepresented scam types - romance scams.    "It's a topic that's close to my heart because I wish that there was a way that we could encourage more victims to speak up about it, so that we could get better reporting numbers," said Shameela. "It's not just the volume of how many people would be able to come forward and report that they've been a victim of it, but that we can learn a little bit more about the tactics."   Shameela said the most worrying thing about romance scams is it carries a lot of personal humiliation and shame. "My message is, it absolutely shouldn't. But because I think it inherently does, it really restricts people from wanting to come forward."   "Information is powerful. We can only get smarter and better at being able to prevent against these if we know how they're happening." 

⚠ Organisations wanting to maintain certification to ISO 27001 must transition to the new version by 31 October 2025.   ISO/IEC 27001 is an internationally recognised risk-based standard, designed to help organisations continuously manage and uplift their security posture.   On 25 October 2022, the new ISO/IEC 27001:2022 standard was published, replacing the 2013 version that had remained in place for nine years. In February 2024, a further amendment was published to incorporate considerations for climate change as part of the new standard.   Read our blog to learn about the changes and how to transition to ISO 27001:2022: https://lnkd.in/ecn-j4RA

Alastair MacGibbon said CyberCX's discovery of the Green Cicada Network is one of the largest ever documented networks of inauthentic accounts found on a social media platform.   "This could be the first significant China-related information operation run by generative AI,” said Alastair.    The network of at least 5000 AI-run accounts on social media site X appears mostly focused on divisive US political issues as the country prepares for its presidential election in November.   CyberCX also picked up some Australia-focused activity, with the network spouting divisive content about nuclear energy, the embattled CFMEU and the government’s immigration policies.   Read more in the full article: https://lnkd.in/djwfJv_D

This week CyberCX Intelligence identified a network of at least 5,000 inauthentic X accounts almost certainly controlled in concert by an artificial intelligence (AI) Large Language Model (LLM) based system. The system controlling this network, which we have dubbed the Green Cicada Network, is strongly associated with China, including the likely use of a Chinese-language LLM system and links to an AI researcher affiliated with Tsinghua University and Zhipu AI, a prominent Chinese AI company. The Green Cicada Network primarily engages with divisive US political issues and may plausibly be staged to interfere in the upcoming presidential election. It has also amplified hot-button political issues in other democracies, including Australia, the UK, western Europe, India, Japan and other countries. CyberCX has published an Intelligence Update with the intention of exposing this network before it causes harm and to facilitate further research. The Green Cicada Network also offers important insights about emerging malicious uses of generative AI. You can download the full report here: https://lnkd.in/d4Hj8uXB

CyberCX's Hamish Krebs spoke to BusinessDesk NZ about the need for organisations to prepare on all fronts when it comes to best weathering the storm of a data breach or cyber event.   “Organisations need to shift their thinking from ‘if’ to ‘when’," said Hamish.    “Best practice is to strike the right balance between a technical investigation that can take time with fulfilling legal obligations and developing a strategy for engaging impacted stakeholder groups including staff, customers, partners and regulators,” Hamish continued.   Read the full article here: https://lnkd.in/dimCUN5W

CyberCX's Katherine Mansted joined The Project to discuss the China-associated AI network her team discovered on X, which they believe was deliberately set up to interfere with democracies.    "What we see some of these foreign governments and foreign networks being really good at is turning us against ourselves," said Katherine. "What makes information operations really successful is finding those existing wedges and trying to pull people apart further, and that's exactly what the Green Cicada Network is doing. It's finding points of division and then it's jumping in and trying to exacerbate both sides of the debate."    Katherine said what's most concerning is not necessarily what the network has done to date, but that it is getting smarter and is a capability sitting dormant that could be switched on or ramped up at any point. "It could really repurpose itself and turn itself to focus on any political issue, any divisive issue, any political party at a point in time of the creator choosing, and that's the real concern here."

Speaking to ABC Radio National this morning, CyberCX's Katherine Mansted outlined how our Cyber Intelligence team uncovered one of the largest ever networks of AI-controlled fake social media accounts.   Katherine explained how her team discovered the network after noticing several accounts on X 'malfunctioning' at the same time, using prompt language with noticeable errors.    "That gave us a glimpse into this system. What we know is that there is a person, or persons, asking thousands of accounts to start to engage with, write content, retweet and reply to politically divisive narratives."    Katherine said while this was badly done, the operators are learning and developing. "What we've seen over time is that the operator is picking up mistakes, like the 'as an AI' language model, and correcting them. So you see these mistakes spike, then they disappear."    You can listen to the full interview here: https://lnkd.in/dJVxSGTG