France bans ‘recreational’ use of TikTok, Twitter, Instagram

France joins a growing list of states that say TikTok lacks sufficient levels of cybersecurity and data protection.

France has banned the “recreational” use of TikTok, Twitter, Instagram and other apps on government employees’ phones because of concerns about insufficient data security measures.

The ban is to come into force immediately, the Ministry of Public Sector Transformation and the Civil Service wrote on Twitter on Friday.

“In order to guarantee the cybersecurity of our administrations and civil servants, the government has decided to ban recreational applications such as TikTok on the professional phones of civil servants,” Stanislas Guerini said on Friday.

He added that for several weeks, several of France’s European and international partners have adopted measures to restrict or ban the downloading and installation of or the use of the Chinese-owned video-sharing app TikTok by their administrations.

Guerini said recreational applications do not have sufficient levels of cybersecurity and data protection in order to be deployed on administrations’ equipment, adding that exemptions can be given for professional reasons, such as institutional communication of an administration.

Widening ban

A string of governments and institutions have banned TikTok in recent weeks, including the White House, the UK parliament, the Dutch and Belgian administrations, the New Zealand parliament, and the governments of Canada, India, Pakistan, Taiwan and Jordan.

Concerns regarding alleged security risks posed by TikTok have most prominently been raised by US lawmakers and national security officials who say that user data gathered by the app could be accessed by the Chinese government.

Calls to ban TikTok from government devices gained momentum after FBI Director Christopher Wray said in November it poses national security risks.

Late last month, the European Union’s two biggest policy-making institutions – the Commission and the Council – banned TikTok from staff phones for cybersecurity reasons.

Concerns have mounted globally about the potential for the Chinese government to access users’ location and contact data through ByteDance, TikTok’s Chinese parent company.

The company’s CEO, Shou Zi Chew, pushed back on assertions that TikTok or ByteDance are tools of the Chinese government during questioning by US lawmakers on Thursday. The company has been reiterating that 60 percent of ByteDance is owned by global institutional investors.

A law China implemented in 2017 requires companies to give the government any personal data relevant to the country’s national security. There’s no evidence that TikTok has turned over such data, but fears abound due to the vast amount of user data it collects.

Beijing has accused Washington of spreading disinformation and suppressing TikTok.

Earlier this month, China’s foreign ministry spokesperson Wang Wenbin said the US has yet to present evidence that TikTok threatens its national security and was using the excuse of data security to abuse its power to suppress foreign companies.

Ransomware attacks up 45% in February, LockBit responsible

After a month-on-month decline during the first few weeks of 2023, the number of ransomware attacks tracked in the wild soared by 45% in February, largely driven by an increase in LockBit activity, according to proprietary data published today by NCC Group.

NCC’s Global Threat Intelligence Team recorded 240 ransomware attacks in February, the biggest volume its researchers have ever recorded during this period.

Of these, LockBit accounted for 129 (54%), NCC said, up from 50 attacks – including the hit on Royal Mail – in January. LockBit was a “driving force” behind attacks on the consumer non-cyclicals, industrials and consumer cyclicals sectors.

“In February, we observed a surge in ransomware activity, as expected when coming out of the typically quieter January period,” said NCC global head of threat intelligence Matt Hull.

“However, the volume of ransomware attacks in January and February is the highest we have ever monitored for this period of the year. It is an indication of how the threat landscape is evolving and threat actors show no signs of reducing ransomware activities.

“Looking at the most prevalent threat actors, Lockbit 3.0 looks set to carry on where it left off in 2022, and is already leading the way as 2023’s most prevalent threat actor by some margin,” he said. “BlackCat also remains consistent, whilst the ever-sporadic BianLian returned to the top three.”

The NCC team attributed 31 attacks (13% of the total) to BlackCat, and 20 (8%) to BianLian, a relatively new ransomware operation – first emerging in July of 2022 – that is proving highly effective.

The actors behind it are highly skilled and demonstrate exceptional operational security, and as such have really hit their stride in the past few months.

Following the release of a decryption tool for BianLian the gang has more recently shifted focus to concentrate less on encryption with ransomware, and more on straight-up data theft and extortion.

NCC additionally found North America remains the target of approximately 50% of global ransomware activity, with Europe accounting for 23% of victims and Asia 15%. The most targeted sectors remain industrials and consumer cyclicals, accounting for 33% and 15% of victims respectively, while consumer non-cyclicals (utilities, healthcare and other consumer staples) accounted for 8% of victims in February, largely as a result of LockBit activity.

Meanwhile, the takedown of the Hive ransomware operation at the end of January in a coordinated international operation led by the FBI, which hacked into Hive’s infrastructure in July 2022, stole its decryption keys, and handed them over to victims. Gang members were also sanctioned by US and UK authorities.

Although the operation against Hive was clearly successful to the extent that its operational capabilities were disrupted, NCC’s threat team assesses that as they are likely protected by the Russian state, its members will almost certainly continue operating under a different guise.

“It will be interesting to see how the takedown of Hive by the US Department of Justice plays out,” said Hull. “While this means their digital operations have been taken down, it’s unlikely Hive’s members will disappear completely. Our threat intelligence team will continue to keep a close eye on how this impacts the threat landscape.”

Ferrari data breach: Client data exposed

Ferrari data breach: Client data exposed

Italian luxury sports car maker Ferrari has suffered a data breach and has confirmed on Monday that it “was recently contacted by a threat actor with a ransom demand related to certain client contact details,” but that it won’t be paying up.

Ferrari data breach

“Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident,” the company shared.

What is known about this Ferrari data breach?

There is a ransom demand, but there is no mention of ransomware having been deployed on company systems.

“We can also confirm the breach has had no impact on the operational functions of our company,” claims the client communication sent to potentially affected customers and signed by Ferrari CEO Benedetto Vigna.

Unnamed attackers have managed to access a limited number of systems in the company’s IT environment, and certain client data – including names, addresses, email addresses and telephone numbers – was exposed, Vigna shared. Apparently, Ferrari became aware of the breach only after receiving the ransom demand.

Outside experts have been hired to help with the investigation and reinforcement of the company’s systems.

Vigna noted that Ferrari “will not be held to ransom as paying such demands continues to fund criminal activity and enables threat actors to perpetuate their attacks.” Also, he pointed out, paying up would “not fundamentally change the data exposure.”

It is unknown whether this “cyber incident” is related to a previous alleged attack by the RansomEXX ransomware gang, which resulted in 7GB of data – including internal Ferrari documents, datasheets, repair manuals, and more – being leaked online.

At the time, Ferrari told Red Hot Cyber that there was no indication that its systems had been breached, and no evidence of ransomware having been deployed.

What should affected clients do?

“Based on our investigation, no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen,” Vigna pointed out.

But the exposed personal and direct contact information could be used by these or other attackers to mount spear-phishing attacks, so Ferrari customers should be extra careful when reviewing emails and answering the phone from now on.

Microsoft Security Copilot is a new GPT-4 AI assistant for cybersecurity

Microsoft Security Copilot is a new GPT-4 AI assistant for cybersecurity


Microsoft is gradually building AI copilots for everything. The latest one is for security professionals.

After announcing an AI-powered Copilot assistant for Office apps, Microsoft is now turning its attention to cybersecurity. Microsoft Security Copilot is a new assistant for cybersecurity professionals, designed to help defenders identify breaches and better understand the huge amounts of signals and data available to them daily.

Powered by OpenAI’s GPT-4 generative AI and Microsoft’s own security-specific model, Security Copilot looks like a simple prompt box like any other chatbot. You can ask “what are all the security incidents in my enterprise?” and it will summarize them. But behind the scenes, it’s making use of the 65 trillion daily signals Microsoft collects in its threat intelligence gathering and security-specific skills to let security professionals hunt down threats.

Security Copilot can even create a PowerPoint slide.

Security Copilot can even create a PowerPoint slide.
Image: Microsoft

“I don’t think anyone can guarantee zero hallucinations, but what we are trying to do through things like exposing sources, providing feedback, and grounding this in the data from your own context is ensuring that it’s possible for folks to understand and validate the data they’re seeing,” says Kawaguchi. “In some of these examples there’s no correct answer, so having a probabilistic answer is significantly better for the organization and the individual doing the investigation.”

While Microsoft’s Security Copilot looks like a prompt and chatbot interface like Bing, the company has limited it to just security-related queries. You won’t be able to grab the latest weather information here or ask the Security Copilot what its favorite color is. “This is very intentionally not Bing,” says Kawaguchi. “We don’t think of this as a chat experience. We really think of it as more of a notebook experience than a freeform chat or general purpose chatbot.”

Security Copilot is the latest example of Microsoft’s big push with AI. The Microsoft 365 Copilot feels like it will forever change Office documents, and Microsoft-owned GitHub is supercharging its own Copilot into more of a chatty assistant to help developers create code. Microsoft doesn’t appear to be slowing down with its Copilot ambitions, so we’re likely to see this AI assistant technology appear throughout the company’s software and services.

Microsoft is starting to preview this new Security Copilot with “a few customers” today, and the company doesn’t have a date in mind for rolling this out more broadly. “We’re not yet talking about timeline for general availability,” says Kawaguchi. “So much of this is about learning and learning responsibly, so we think it’s important to get it to a small group of folks and start that process of learning and to make this the best possible product and make sure we’re delivering it responsibly.”