3.9 min to readNews and UpdatesDigital WorkplaceCloud Services

Cyber security update, March

Ravi Bindra
Ravi BindraCISO
A woman's finger is pointing at a colorful screen.

SoftwareOne believes there is a need for additional information when it comes to cyber security, as organisations have made it clear that investment in a proper security strategy is paramount. SoftwareOne’s monthly “Cyber security update” provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats. We’ve rounded up the latest security headlines to keep you up to speed and prepared.

Latest security breaches

Nissan confirms ransomware attack exposed data of 100,000 people; the Akira ransomware gang took responsibility for the attack and claimed it had stolen 100GB of data, including documents containing personal employee information, NDAs, project data, and information on partners and clients.

Researchers from security firm Sysdig recently investigated an attack campaign that spawned 6,000 micro instances from a compromised AWS account across different regions and deployed the client for a blockchain-based content delivery service and bandwidth marketplace called the Meson Network.

Cyber security researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development.

IMF detected the breach after which it brought in independent cyber security experts to launch an in-depth investigation and determine the nature of the breach. The investigation determined that 11 IMF email accounts were compromised.

Fujitsu is the world's sixth largest IT services provider discovered that several of its systems were infected by malware and warns that the hackers stole customer data.

A verified App, a member of low-tier BreachForums 2, is selling a database belonging to the Ministry of Health of Saudi Arabia for $5 million. The sample provided by the threat actor includes full names, physical addresses, phone numbers, blood types, staff messages and emails, IDs, and other sensitive information. verifiedBpp claims the 500 GB dataset contains information from 2020 to 2024.This information can be used by cyber-criminals to facilitate social engineering attacks and identity theft. The credibility of verifiedBpp is low: the user registered their account in March 2024 and has authored 2 posts and 2 threads. The account has received no endorsements on the forum and has no confirmed sales.

On March 20, 2024, the cyber security company BlueVoyant reported that the threat actor group Narwhal Spider orchestrated a phishing campaign dubbed as ‘NaurLegal’. This campaign targets a broad spectrum of organisations through phishing emails containing malicious PDF attachments disguised as invoices from reputable law firms, using the WikiLoader loader malware to facilitate the deployment of further malicious payloads such as the IcedID banking Trojan. The company stated that this campaign represents a departure from Narwhal Spider’s typical victimology, which has been primarily focused on Italian organisations, to a broader set of victims within the legal sector.

Conversation Overflow' Cyberattacks Bypass AI Security to Target Execs. A new cyber-attack method called "Conversation Overflow" which aims to bypass artificial intelligence (AI) and machine learning (ML) security controls, SlashNext reported on March 19, 2024. The attack involves creating emails intended for AI/ML algorithms with two distinct parts, one visible to the recipient and one hidden. By including hidden text that mimics "known good" communication, the threat actors trick the AI/ML systems into categorising the email as safe and allowing it into the recipient's inbox. Once the attack bypasses security measures, the threat actors can deliver credential theft messages, requesting that executives re-authenticate passwords and logins.

Cyber security researchers have identified a new form of denial-of-service (DoS) attack that could disrupt over 300,000 internet-connected systems worldwide. This novel attack, which targets the application layer of network communication, has raised significant concerns due to its self-perpetuating nature and the ease with which it can be executed.

Cyber security awareness

A groundbreaking report released by Microsoft AI research yielded that an alarming 87% of UK organisations have been identified as vulnerable to cyber-attacks, highlighting a critical juncture in the nation’s cyber security and AI ambitions.

Cyber security intelligence

Google’s Gemini AI Vulnerability let Hackers Gain Control Over Users. Researchers discovered multiple vulnerabilities in Google’s Gemini Large Language Model (LLM) family, including Gemini Pro and Ultra, that allow attackers to manipulate the model’s response through prompt injection. This could potentially lead to the generation of misleading information, unauthorised access to confidential data, and the execution of malicious code.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024, according to open source reporting. Phobos is structured as a ransomware-as-a-service (RaaS) model. Since May 2019, Phobos ransomware incidents impacting state, local, tribal, and territorial (SLTT) governments have been regularly reported to the MS-ISAC. These incidents targeted municipal and county governments, emergency services, education, public healthcare, and other critical infrastructure entities to successfully ransom several million U.S. dollars

Major events of top security conferences in this year to those that are more narrowly focused, this list will help you find the security conferences relevant to you.

Learn the chaos of AI in elections through deepfakes and also explore how to protect your business in the age of deepfakes.

A blurred image of a car driving at night.

SoftwareOne Digital Workplace Security Services

We operate a dedicated security operations center (SOC) that tracks data vulnerabilities globally to prevent losses due to break-ins or employee errors.

SoftwareOne Digital Workplace Security Services

We operate a dedicated security operations center (SOC) that tracks data vulnerabilities globally to prevent losses due to break-ins or employee errors.


Ravi Bindra

Ravi Bindra

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.