The Royal Mail hack and more: first officer's blog - week 39

The Royal Mail hack, GPT-3, and more. Here are the latest stories from the world of cyber risk over the past week.

Mike Parkin | February 20, 2023

As the ship maintained standard cruise warp speed to our next destination, the consultant went about the business of doing whatever it was Starfleet had assigned them to do. From our perspective, it meant watching them wander around the ship, striking up random conversations with crew members in the corridors. At least when they weren’t trying to schedule interviews with team leaders during the most inconvenient time possible, or just sitting in the background of some operational space “observing” the crew at work. 

The phrase “Don’t mind me, I’m just observing. Please, just pretend I’m not here.” was heard surprisingly often. Naturally, no one could ignore them because it seemed no matter what compartment they were in and which team they were observing, they were somehow always in the way.  

There was a moment of concern when the consultant got underfoot while one of our maintenance ratings was trying to get something done and the consultant got in their way, repeatedly, to the point where the technician’s crew chief had to intercede. The tech, a [REDACTED], typical for her species at a bit over 2 meters and 140 kilos, with a reputation for extreme loyalty and a quick temper, was about to put the consultant bodily in a storage locker to “get him out of her way” when her Lieutenant stepped in. 

“Mister [REDACTED], why is the consultant cowering in the corner?” 

“He was in my way, Sir.” 

“I see that, but it looks like you were about to fold him into the storage locker.” 

“Because I was going to put him in the storage locker, Sir.” 


“He was in my way, Sir, and wouldn’t get out of my way.” 

To which, apparently, the Lieutenant nodded knowingly, motioned the consultant out of the maintenance area, and suggested that maybe next time she should just ignore the consultant and focus on another duty until he wasn’t in the way anymore – thus showing an astute grasp of how best to deal with the wildly diverse cultural norms found across the multi-species crew of a Starfleet vessel. 

While news of the incident did elicit more than a little amusement amongst the crew and many of the officers, there was some worry that it would reflect poorly on the Tech and her department. Though her Lieutenant’s official report on the matter included, to paraphrase, “the consultant showed a near-fatal lack of understanding of [REDACTED} culture while interacting with our crewmember, nearly resulting in an unfortunate end to said consultant’s assignment.” 

Not good. But most of the officers doubted it would make the consultant’s ultimate recommendations any less palatable when we reached our destination and he filed his report.  

Still in the news, but still a little hazy 

What happened 

Recent studies have shown that a majority of cybersecurity leaders are concerned about the threats posed by Artificial Intelligence technology, but also plan to invest in it themselves. While the conversational AI exemplified by ChatGPT is getting a lion’s share of the press, it’s not the only aspect of AI that concerns cybersecurity professionals. There is also evidence that threat actors are actively exploring other avenues of adversarial AI, developing malware that’s specifically designed to evade detection by existing anti-malware solutions.  

Why it matters 

We have written about ChatGPT ourselves, though focusing on the social engineering risk implies more than the code development aspects. The state of the art is advancing rapidly and there are a lot of questions about where it’ll end up. While ChatGPT itself is fascinating, it is not where the problem lies.  

Threat actors who opt for a subscription to the OpenAI GPT-3 engine and use it to develop their own specialized social engineering campaigns are a more substantial threat. 

The AI threat that’s not ChatGPT is in using machine learning to iterate malware against existing Anti-Malware engines to help threat actors find ways to better evade detection. We know they’re doing it in some cases now, but that’s a different aspect of artificial intelligence than conversational AI. 

What they said 

There’s plenty of (human-generated) coverage of this story.

War never changes – even when it moves to cyberspace 

What happened 

The Russian invasion of Ukraine in February 2022 is the first real instance of a conflict where the cyber realm is part of the battlespace. Here, the battlespace extends well beyond combatants’ direct efforts to interfere with each other’s command and control, computing, power, and communications infrastructures.  There are extensive propaganda and misinformation campaigns on the internet directly related to the conflict, intended to influence people on both sides to rally support or sow dissent. And many of the activities in cyberspace extend far beyond the borders of Ukraine and Russia. 

Why it matters 

Russia’s invasion of Ukraine has had consequences far beyond the borders of the conflict, with Russian threat actors and associated cybercriminal groups targeting NATO countries both with conventional cybercriminal, cyber warfare, and cyberespionage tactics, but with a range of influence campaigns on social media as well. Given Russia’s activities in this area during the 2016 and 2020 US Presidential campaigns, it is not surprising to see them trying to sway public opinion in their favor now as well. This is in addition to their expected attacks against targets in Ukraine. 

Given the sentiments expressed by some celebrities, business leaders, and lawmakers, these campaigns are not ineffective. At least it seems that way. Some of the cyberattacks may simply be fallout from the main conflict, but there are a lot of indications that many of them are deliberate to either put pressure on Ukraine’s allies or simply to take advantage of a chaotic situation. 

What they said 

This one’s got plenty of attention

The Royal Mail hack 

What happened 

Logs detailing negotiations between the Royal Mail Service in the UK and the LockBit ransomware gang have been published which go into extensive detail on the process. While it is not uncommon for the perpetrators to release logs as an intimidation tactic for future victims, the details, in this case, are fascinating. 

The Royal Mail service suffered delays because of the attack for several days, but did not ultimately pay the ransom. 

Why it matters 

Ransomware attacks are here to stay. At least until some technical miracle makes them permanently a thing of the past, or the international law enforcement community manages to take sufficient action to make the business model unsustainable. Neither of these are likely. Especially given the ever-changing state of the art in the malware vs anti-malware game, and the fact that some cybercriminal gangs have the tacit backing of their home countries. 

What they said 

royal mail hack

It’s a good thing we don’t depend on the postman to deliver news anymore (for the most part). Here’s what people are saying.

(Note that I was slightly misquoted in the article. While cooperating with Law Enforcement is a Good Thing™, I’d actually been pointing out that while Cybersecurity professionals can do their part to reduce the risk, the international law enforcement community will need to cooperate with each other to stop cybercrime.) 

These are the Voyages, I mean Voyager – Voyager 18 

What happened 

Vulcan Cyber has officially launched our Voyager 18 research team, along with VulnRX and MITRE Mapper. These are all provided to help the cybersecurity community be effective at managing risk for their organizations and to help remediate and mitigate vulnerabilities in their environment. 

Why it matters 

It’s what we do. And our research team is really, really, good at what they do. 

What they said 

Don’t just take our word for it. Read more.


Want to get ahead of the stories?

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy