Site icon SSL.com

The Trust Briefing June 2026

Issue 3 | June 2026

This month: A Chinese cyber threat group revs up its attacks on a global scale, AI defense takes a “fight fire with fire” approach, and discover what our team learned at the Trust Without Borders Summit 2026.

Plus: Is someone secretly hiding in your inbox? Learn how unknown attackers spent months quietly draining a stock exchange executive’s entire mailbox without triggering a single alert, and how your organization can protect high-value communications.

Recent News: The Latest from the Digital Trust Landscape

Company pays criminals after sensitive data was hacked – A ransomware group breached Canvas, the learning platform used by millions of students worldwide, stealing terabytes of sensitive data and holding institutions hostage during final exams. The company ultimately paid the attackers to delete it, a decision that runs counter to law enforcement advice. Full story 

China’s TA4922 expands cyber threat reach – A Chinese threat group that began targeting Japanese organizations with phishing campaigns has expanded its reach to Europe, Southeast Asia, and beyond, deploying an unusually broad and unpredictable mix of tactics that makes it one of the most distinctive and adaptable threat actors currently active. Full story

Fighting fire with fire: How AI protects critical infrastructure from AI attacks – Nation-state attackers are increasingly targeting hospitals, power grids, and utilities with AI-assisted tools. The World Economic Forum argues that only AI-driven network defense can match the speed and scale of emerging AI threats. Full story

Is your Board ready for cyber risk? – Despite years of high-profile breaches, most corporate boards still treat cybersecurity as a technical issue rather than a strategic one, and a persistent inability to quantify ROI means cyber investments remain underfunded and under-prioritized at the leadership level. Full story

SSL Now Offers Matter IoT Standard Certificates — SSL.com now offers Matter standard certificates for IoT devices. Learn how our PKI expertise helps manufacturers secure smart home products across ecosystems. Full story

Implementation Spotlight: Practical Solutions for Real-World Challenges

Five Months Inside a Stock Exchange Executive’s Inbox

A senior executive at a major global stock exchange had their Outlook mailbox systematically stolen over five months by unknown attackers, who exfiltrated the contents in small, incremental batches through Dropbox and OneDrive Personal to keep the traffic indistinguishable from legitimate activity. The operation was not a smash-and-grab. It was a slow, methodical intelligence harvest, the kind designed to build a near-complete picture of an organization’s internal deliberations, deal activity, and market-sensitive decisions without ever triggering an alert.

For an espionage actor, a senior executive’s mailbox is a high-value intelligence target. An Outlook profile may yield details of external negotiations, internal deliberations, the executive’s calendar, travel patterns, and their contacts. Organizations such as exchanges and regulators may hold non-public information about listings, enforcement actions, and market-moving events.

The business impact: The attackers maintained a dwell time of five months, a significant period for an attacker to maintain persistent access without anybody knowing. Over that window, the stolen data likely included deal discussions, regulatory correspondence, and personnel communications that no organization would want in an adversary’s hands. The financial and legal exposure from such a loss of intelligence is difficult to quantify, but for an institution whose value depends on the integrity of non-public information, the damage goes well beyond any single leaked document. The reputational consequences of a breach at this level, had it become public, could have been severe. 

What would have prevented it: The attackers used a variety of publicly available tools and cloud infrastructure, leaving few clues about their identities and keeping their traffic indistinguishable from legitimate activity. The entry point and persistence mechanisms, however, depended on compromised credentials and unchallenged endpoint access. SSL’s S/MIME certificates verify the originator of the signed email and encrypt the email so that only the recipient can view it. In cases such as this, its layer of cryptographic identity verification and confidentiality to executive email communications helps ensure that sensitive correspondence can only be read by its intended recipients. For organizations operating at this level of sensitivity, S/MIME provides a layer of security in which the attacker can’t extract the emails without the user’s private key. This defense makes silently harvesting an executive’s inbox a substantially harder proposition.

The broader lesson: The attackers’ focus throughout was on a single objective: long-term, incremental theft of the contents of a single Outlook mailbox, broken into archives small enough not to draw attention from security software. The sophistication here was not technical. It was patience. Attackers increasingly understand that slow, quiet, and targeted operations against high-value individuals are more rewarding and harder to detect than broad intrusions. Organizations in financial services, infrastructure, and regulated industries need to treat executive communications as a critical asset class, one that deserves the same protection as the systems and data those executives oversee.

Source: https://www.security.com/threat-intelligence/stock-exchange-espionage 

Past and Upcoming Events: Conferences, Standards Meetings, and more

Our key takeaway: Shift from detection to prevention

SSL attended the Online Trust & Safety (OTS) Forum 2026: Content Authenticity Summit, held in Singapore. Content creators, manufacturers, and other C2PA adopters have moved past asking what the standard is about and are progressing into the next phase.

Policymakers, platforms, media organizations, and implementers attended from around the world, focusing on the detection and prevention of online harms while building long-term resilience and practical approaches to content authenticity.

Read the full article about what else our team learned and why C2PA is more important than ever in the AI era.

The CSC Trust Without Borders Summit 2026: What the Summit built

Our team’s key learnings from the CSC Trust Without Borders Summit in Bogotá include: 

Discover additional key learnings and the latest insights focusing on digital trust across regions, jurisdictions, and regulatory frameworks. How do these vital findings impact the future of global interoperability? Read here.

Upcoming:

Wednesday, July 22, 2026 – Upcoming webinar, “Beyond the spec: Building real trust into C2PA,” hosted by Dominique Guinard, SSL Director of Product – Content Authenticity and IoT, and Tony Rodriguez, Digimarc Chief Technology Officer.  This webinar explores what production-grade trust requires and how reaching those standards will meaningfully impact the protection of your organization’s digital assets.

We’ll focus on how to make Content Credentials more trustworthy, durable, and interoperable in practice, drawing on SSL.com’s trust-anchor work (certificate roots, trusted timestamps, durable provenance chains) and the practitioner perspectives of teams shipping on C2PA today.

Register here

Quick Links: Guides, Articles, and Industry Resources

Have questions about any of these topics or want to discuss your digital trust solutions with our experts? Reach out to us below:

Exit mobile version