Cyber Security Headlines: FBI dismantles Qakbot operation, University of Michigan cuts internet after cyberattack, Microsoft criticizes UN cybercrime treaty

FBI dismantles Qakbot operation that took millions in ransom 

On Tuesday, the Department of Justice (DoJ) announced the dismantling of the notorious Qakbot malware system that infected more than 700,000 computers globally with ransomware and financial fraud attacks. The multinational effort, dubbed Operation Duck Hunt, was led by the FBI and redirected Qakbot botnet traffic through FBI servers which instructed infected computers to download a utility that automatically uninstalled the malware. The DoJ said the takedown included seizure of more than $8.6 million in cryptocurrency in illicit profits. The Qakbot disruption is being hailed as the largest US-led financial and technical botnet disruption. 

(SecurityWeek and Bloomberg)

University of Michigan severs ties to internet after cyberattack

On Monday, the University of Michigan’s CIO issued an announcement to the school’s 51,000 students that it cut off access to the internet and access to some systems after experiencing a cyberattack that began on Sunday. The message stated, “We recognize that cutting off online services to our campus community on the eve of a new academic year is stressful and a major inconvenience. We sincerely apologize for the disruption this has caused.” The university said it will waive late registration or disenrollment fees and added that financial aid funds may be delayed due to the outage. The university clarified that patient care at Michigan Medicine was not disrupted by the cyberattack and the university plans to continue with classes as scheduled.

(The Record)

Microsoft joins growing list of organizations criticizing UN cybercrime treaty

On Tuesday, Microsoft joined human rights and civil liberties groups in raising concerns about the United Nations (UN) draft international cybercrime treaty which aims to create a legal framework for cooperation on preventing digital crimes. Microsoft criticized the treaty for its overly broad definitions that could allow the government access to personal data for “real-time surveillance” of anything they deem a crime. Further, the treaty does not provide safeguards for companies to notify targets of surveillance. Microsoft also noted that the draft lacks protections for “ethical hackers.” The treaty has been strongly backed by China and Russia who are pushing to curb the “use of information and communications technologies for criminal purposes.” Despite ongoing criticisms of the treaty the US State Department expressed optimism that negotiations will lead to consensus. Current negotiations will run through the end of this week with a final vote not expected until January 2024.


Cybercriminals tell targets to pay the ransom instead of a GDPR fine

Researchers at Flashpoint have identified a new cybercrime group using a never-seen-before extortion tactic. The gang launched a blog called ‘Ransomed’ on August 15 and tells victims that if they don’t pay to protect stolen files, they will face fines under data protection laws like the EU’s General Data Protection Regulation (GDPR). The group refers to its ransom demands as a “Digital Peace Tax,” which have ranged from 50,000 to 200,000 euros ($54,000 to $218,000). So far, Ransomed has listed several companies on its blog including the Metropolitan Club (a private club in Washington), TransUnion, and State Farm. However those companies have not yet reported any breaches bringing the threat actors’ credibility into question.

(The Record)

Thanks to our sponsor, AppOmni

Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate.

With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at

UK cyber agency warns of risk of chatbot attacks

The UK’s National Cyber Security Centre (NCSC) has warned of the growing risk of chatbot prompt injection attacks which can allow hackers to manipulate the model to perform unintended actions such as generating offensive content or revealing confidential information. For example, earlier this year a Stanford University student created a prompt injection for Microsoft’s new Bing search engine causing the chatbot to produce a list of user interaction statements, which is designed to be hidden from users. Another security researcher was able to use prompt injection to force ChatGPT to access YouTube transcripts, potentially leading to exploiting of additional prompt injection vulnerabilities. According to the NCSC, unsecured chatbots provide an easy target for attacks, scams and data theft. They added that, “prompt injection and data poisoning attacks can be extremely difficult to detect and mitigate.”

(The Guardian)

Researchers reveal cyber insurance gap

On Tuesday, Delinea published its 2023 State of Cyber Insurance report which surveyed over 300 US organizations. The report found that, this year, 47% of companies used their cyber insurance more than once and 67% of respondents noted that their insurance rates increased 50-100% upon application or renewal. The survey also identified a growing list of exclusions that could void cyber insurance coverage, including lacking security protocols (43%), human error (38%), acts of war (33%), and not following proper compliance procedures (33%). Delinea said that companies are simply looking to get covered when renewing their policy and not checking whether the policy meets their current needs. They concluded that this ‘cyber insurance gap’ could put organizations in a tough position when a cybersecurity incident occurs. 

(Dark Reading)

US government email services hacked in Barracuda zero-day attacks

On Tuesday, Mandiant researchers linked recent attacks that exploited the Barracuda Email Security Gateway (ESG) zero-day vulnerability (tracked as CVE-2023-2868) to Chinese threat actor UNC4841. Attackers deployed previously unknown malware, including SeaSpy, Saltwater, and SeaSide, to gain remote access to compromised systems via reverse shells. Nearly a third of appliances hacked in this campaign belonged to government agencies with the researchers citing espionage as the motivation for the attacks. In late May, Barracuda issued a fix for the vulnerability and warned customers that the bug had been abused in attacks for at least seven months. Just a week later, Barracuda advised customers that they must replace hacked appliances immediately, even those that had already been patched.  

(Bleeping Computer)

Regulator raises more concerns about Tesla’s Autopilot safety

Once again, the National Highway Traffic Safety Administration (NHTSA) is questioning the safety of Tesla’s Autopilot feature. On July 26, the regulator issued a special order expressing concerns about a change to Tesla’s advanced driver assistance system that allows drivers to go for extended periods of time without prompting them to place their hands on the steering wheel. The special order is part of an ongoing investigation into Autopilot after identifying more than a dozen instances of Teslas crashing into parked emergency vehicles. The agency is also investigating whether Teslas can ensure drivers are paying attention when using Autopilot. Tesla was given until August 25 to provide the requested info but it has yet to be confirmed whether the company met the deadline.


Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.