Cyber Briefing ~ 02/09/2024

-McCrary Institute-

U.S. Defense Requires Greater Civil Support to Counter China’s Cyber Aggression

This op-ed by McCrary Institute Senior Fellow Bob Kolasky examines the urgent cyber threat posed by intensifying Chinese government actions against U.S. critical infrastructure. Kolasky argues the national security community must prioritize defenses for the most important systems supporting National Critical Functions like defense. Achieving the needed resilience requires breaking down barriers between government and private sector partners through coordinated planning, information sharing, and investments in cyber capabilities. Sustained focus and collaboration are key to addressing the strategic challenges in the evolving security environment. (DEFENSEOPINION.COM)

McCrary Institute Announces New Senior Fellows

The McCrary Institute at Auburn University has expanded its renowned group of senior fellows with the addition of 27 new cybersecurity experts. The new cohort brings unparalleled knowledge across vital domains, including ransomware, AI, cloud security, critical infrastructure resiliency, and global cyberspace issues to support the Institute's important work. Former leaders from top agencies, the military, and industry will provide strategic guidance and real-world experience over the next three years. Their assistance strengthens the Institute's impact in developing solutions and staying ahead of evolving threats benefitting government, private sector, and academic stakeholders. (AUBURN.EDU)

Microsoft Finds Evidence of Iran 'Surging' Cyber Support for Hamas in War with Israel

According to a report by Microsoft, Iranian government-linked hackers have increased their cyber support for militant group Hamas in its conflict with Israel. The report reveals that Iranian hackers have shifted to a more aggressive approach, targeting Israel with cyberattacks and influence operations. The attacks have focused on destruction, with coordination between multiple Iranian hacking groups. Microsoft also warns of potential Iranian interference in the upcoming U.S. presidential election, citing the increased brazenness of Iranian actors. Previously, Iranian nationals were indicted for attempting to interfere in the 2020 election. (POLITICOPRO.COM)

'An Arms Race Forever' as AI Outpaces Election Law

The use of AI in elections poses significant challenges for regulation and oversight. AI-generated content, such as deepfakes and conversational bots, can be used to spread disinformation and disrupt campaigns. While some states have passed laws regulating AI in campaign materials, there is a lack of comprehensive federal legislation. The tech industry has made efforts to address the issue, with companies like Meta, Microsoft, and Google implementing measures to detect and label AI-generated content. However, the rapid advancement of AI technology means that it will be an ongoing "arms race" to keep up with the development and detection of AI-based election interference. (POLITICO.COM)

Chinese Hackers in US Infrastructure for ‘at Least Five Years,’ Global Agencies Warn

A coalition of US agencies and international partners, including the National Security Agency and the Cybersecurity and Infrastructure Security Agency, have issued a report warning that Chinese government-linked hackers have been present in US critical infrastructure for "at least" the past five years. The report also highlights the vulnerability of infrastructure in allied nations. The disclosure underscores the ongoing threat from China to critical US networks and the potential consequences of a future conflict with Beijing. China's Embassy in Washington, D.C., dismissed the findings as "groundless smears and accusations against China," stating that China is a victim of cyberattacks and does not support or condone hacking activities. (POLITICOPRO.COM)

US and Allies Warn Chinese Cyberattackers Preparing for War

Chinese state-sponsored hackers are pre-positioning themselves for destructive cyberattacks on critical infrastructure in the United States, according to warnings issued by US security agencies and its allies. The group behind the attacks, known as Volt Typhoon, has compromised the IT environments of communications, transportation, and power organizations. Concerns have been raised about China's growing military and cyber capabilities, as tensions between the US and China escalate. The US has recently conducted a counter-hacking operation to disrupt a malicious botnet. (NEWSWEEK.COM)

Cyber-Attacks by North Korea Raked in $3bn to Build Nuclear Weapons, UN Monitors Suspect

UN sanctions monitors are investigating 58 suspected cyber-attacks by North Korea that allegedly generated $3 billion to support the country's nuclear weapons program. The attacks targeted cryptocurrency-related companies between 2017 and 2023. North Korea has been accused of flouting Security Council sanctions and continuing with cyber-attacks, including on defense companies and supply chains. The country has also reportedly further developed nuclear weapons and produced nuclear fissile materials. The UN report is due to be released publicly soon. (THEGUARDIAN.COM)

Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline

A report by Chainalysis found that after a brief decline in 2022, ransomware attacks surged in frequency and severity in 2023, with payments exceeding $1 billion for the first time. Factors driving growth include an increase in ransomware-as-a-service, wider use of hacking tools and initial access brokers, and high-impact campaigns exploiting supply chain vulnerabilities. One major case study was the Cl0p ransomware strain, which extorted over $100 million by stealing data using a MOVEit software zero-day exploit. The report notes some victories disrupting strains like Hive, but overall, ransomware continues to pose severe threats as actors innovate laundering techniques and shift operations to new fronts. (CHAINALYSIS.COM)

China Had "Persistent" Access to U.S. Critical Infrastructure

According to an intelligence advisory, China-backed hackers have had access to major U.S. critical infrastructure for at least five years, marking an escalation in their efforts beyond stealing state secrets. The hacking group, known as Volt Typhoon, has targeted water, transportation, energy, and communications systems by exploiting vulnerabilities in routers, firewalls, and VPNs. They have maintained access through stolen administrator credentials, posing a significant risk to energy and water controls. U.S. officials are concerned that China may launch destructive cyberattacks, particularly in relation to a possible Chinese invasion of Taiwan. (AXIOS.COM)

Microsoft Says Will Help 2 Million Indians in Small Cities Learn AI Skills

Microsoft CEO Satya Nadella announced that the company plans to provide AI skilling opportunities to 2 million people in India by 2025. The focus will be on training individuals in tier-2 and tier-3 cities, as well as rural areas, to promote inclusive socio-economic progress. Nadella emphasized the need for cooperation between India and the United States on AI norms and regulations to ensure equal distribution of economic growth. (REUTERS.COM)

UN Experts Investigate 58 Cyberattacks Worth $3 Billion by North Korea

UN sanctions monitors are investigating 58 suspected cyberattacks by North Korea on cryptocurrency-related companies between 2017 and 2023. These attacks, valued at approximately $3 billion, are believed to have helped fund North Korea's weapons of mass destruction (WMD) development. The report, yet to be released publicly, also highlights North Korea's continued development of nuclear weapons and ballistic missile launches, in violation of UN Security Council sanctions. (REUTERS.COM)

Chinese Hackers Spent 5 Years Waiting in U.S. Infrastructure, Ready to Attack, Agencies Say

Chinese state-sponsored hackers have secretly infiltrated U.S. infrastructure for up to five years, with the potential to launch destructive cyberattacks in the event of a major conflict. The hackers, referred to as "PRC state-sponsored," have primarily targeted key sectors such as communications, energy, transportation systems, and waste and wastewater systems. Their stealthy tactics make it challenging for infrastructure owners to detect the breaches. The report signals the first public acknowledgment of China's long-term hacking activities and their potential to cause disruption during geopolitical tensions or military conflicts. China denies supporting or condoning such attacks. (NBCNEWS.COM)

Crypto Ransom Attack Payments Hit Record $1 Billion in 2023 - Chainalysis

Payments from crypto-related ransom attacks reached a record high of $1 billion in 2023, doubling from the previous year, according to blockchain analytics firm Chainalysis. Scammers targeting institutions like hospitals and government offices accounted for $1.1 billion in ransom payments. However, losses from other crypto-related crimes, such as hacking and scamming, decreased. The rise in ransom payments can be attributed to the increasing number of new players attracted to the potential profits and lower barriers to entry. "Big game hunting" has become the dominant strategy, with a significant portion of ransom revenue coming from payments of $1 million or more. (REUTERS.COM)

Chinese Hackers Embedded in US Networks for at Least Five Years

Chinese hackers have been discovered embedded in US networks for a minimum of five years, according to an investigation. The hackers, believed to be state-sponsored, have been targeting a range of industries, including defense, technology, and healthcare. The extent of the breach and the potential damage caused by the hackers is still being assessed. This highlights the ongoing threat posed by nation-state cyber actors and the need for robust cybersecurity measures. (BLOOMBERG.COM)

Protecting Good Faith Security Research Globally in Proposed UN Cybercrime Treaty

Security researchers express concerns that provisions in drafts of the UN Cybercrime Treaty risk criminalizing legitimate security research activities aimed at discovering vulnerabilities. They argue that language around concepts like unauthorized access, interception of data, and interference with systems should require criminal intent to harm and exempt good faith security research, or risks deterring work that enhances cybersecurity.(EFF.ORG)

Feds Offer Up to $10 Million Reward for Info on Hive Ransomware Hackers

The U.S. Department of State is offering a reward of up to $10 million for information on the leaders of the Hive ransomware gang, as well as up to $5 million for information leading to the arrest or conviction of any individual involved in Hive ransomware activity. The FBI had previously penetrated Hive's computer networks and obtained decryption keys, preventing victims from paying up to $130 million in ransoms. Hive and its affiliates have targeted over 1,500 institutions in more than 80 countries, resulting in the theft of over $100 million. The reward comes after the FBI recently dismantled the international ring behind Hive ransomware. (CBSNEWS.COM)

US State Department Offers $10 Million for Information on Ransomware Gang That Has Attacked US Hospitals

The US State Department has announced a $10 million reward for information leading to the identification of the leaders of a notorious ransomware group known as Hive. The group is accused of extorting over $100 million from hospitals, schools, and other victims globally. The FBI had infiltrated Hive's computer systems and prevented $130 million in ransom payments. The announcement comes as part of the State Department's bounty program, which aims to target dangerous cybercriminals. The ransomware epidemic has become a pressing issue for US officials following high-profile attacks, such as the Colonial Pipeline shutdown in May 2021. (CNN.COM)

How to Prepare for Elevated Cybersecurity Risk at the Super Bowl

As the Super Bowl attracts a large audience and valuable data, businesses must be prepared to minimize cybersecurity risks. Threat actors, including cybercriminals, hacktivists, deliberate disruptors, and nation-state actors, target major sporting events for financial gain, ideological messaging, disruption, and intelligence collection. It is important to address threats from both external and internal sources, such as employees and vendors. Measures to strengthen cybersecurity include employee education on social engineering tactics, incident response planning, careful evaluation of third-party vendors, and maintaining strong cybersecurity practices and discipline within the organization. (DARKREADING.COM)

Police to Launch Phishing Investigation Division to Fight Growing Crimes

The National Police Agency in South Korea plans to establish a new investigation division dedicated to phishing crimes. The division aims to combat increasingly sophisticated phishing attacks, which have seen a rise in volume and variety in the country. The division will be responsible for voice phishing investigations and will operate a phishing crime warning system to alert individuals of potential voice phishing crimes. The annual budget for the division has been increased to 1.74 billion won this year. (CO.KR)

EU Turns to Big Tech to Help Deepfake-Proof Election

Large tech platforms, including Facebook, X, and TikTok, will be required to identify AI-generated content in order to protect the upcoming European election from disinformation. The EU's content moderation law, the Digital Services Act (DSA), will compel companies to label manipulated content, although a specific timeline has not been provided. Some companies, such as OpenAI and Meta, have already committed to marking fake images, and the DSA aims to hold major social media companies more accountable for protecting elections from disinformation. The Commission will issue guidelines by March for platforms on measures to counter electoral disinformation. (POLITICO.EU)

Pa. Senators Seek Answers on State Government Data Loss

Pennsylvania senators expressed dissatisfaction with the lack of transparency from Governor Josh Shapiro's administration regarding last month's data loss on state government computer servers. Officials cited the need to protect confidentiality and prevent cyber attacks as reasons for withholding details. An internal investigation is underway, and a company specializing in IT incident response has been hired to assist. The incident, caused by human error, affected 77 out of over 6,300 servers managed by the state. Restoration efforts have been successful, but lawmakers are calling for additional hearings and legislation to address cybersecurity issues. (PENNLIVE.COM)

New Google Report Warns of 'Real and Significant Threat' to User Privacy

Google's report, titled 'Buying Spying: Insights Into Commercial Surveillance Vendors,' reveals the dangers posed by commercial spyware vendors. The report highlights how these vendors, who develop and sell spyware, pose a threat to user privacy and are often used to target journalists, human rights defenders, and opposition politicians. Google calls for action to change the incentive structure that has allowed these technologies to spread. The company also shares intelligence and offers the Advanced Protection Program to protect high-risk users. (FORBES.COM)

China's Spies Hacked NATO Ally's Defenses, Official Says

The Dutch Military Intelligence agency has exposed Chinese cyber espionage activities in the Netherlands. Chinese state-sponsored hackers were found to have infiltrated a network used for unclassified research by the Dutch armed forces. The hackers planted malicious software that created a backdoor into the network by exploiting vulnerabilities in FortiGate network security devices. While there was no damage done since it was a self-contained system, the Dutch government sees this as part of a broader trend of Chinese espionage targeting the networks of partner countries. China denies conducting or allowing any illegal cyber activities. The Dutch government says that publicly attributing these activities to China is important for increasing international resilience against this type of cyber espionage. (NEWSWEEK.COM)

I Stopped Using Passwords. It’s Great-and a Total Mess

The article explores the author's recent experience switching some accounts to use passkeys instead of passwords. When set up properly, passkeys provide a seamless 20-second login using biometrics or a PIN. However, the author encountered frustrations with compatibility across devices, operating systems, and apps. Passkeys require a shift in mindset and deciding where to store them. Though the vision for passkeys is compelling, the technology is still nascent. It will likely be a gradual transition taking time for universal adoption. The author recommends starting to use passkeys when available, but keeping old passwords as a backup during the long goodbye to traditional passwords. (WIRED.COM)

IT Suppliers Hacked Off with Uncle Sam's Demands in Aftermath of Cyberattacks

IT service providers selling to the US government are unhappy with proposed changes to procurement rules that would require them to grant full access to their systems in the event of a security incident. The draft update to the Federal Acquisition Regulation (FAR) aims to align security reporting standards with President Biden's executive order. Industry respondents have criticized the proposed changes, stating that they are burdensome and inconsistent with existing reporting rules. Concerns have been raised about the software bill of materials (SBOM) requirements and the potential exposure of non-federal customer data to federal law enforcement agencies. (THEREGISTER.COM)

Large Cryptocurrency Miners in US Now Have to Report Energy Use to Government

The Biden administration is requiring over 130 identified commercial cryptocurrency miners in the US to report their energy usage amid concerns about the industry's impact on electricity grids and climate change. The Energy Information Administration will collect data to understand the evolving energy demand and geographical distribution of cryptocurrency operations. The report highlights that crypto mining globally consumed as much electricity as Australia in 2023 and accounted for up to 2.3% of the US's total electricity demand. The industry's reliance on fossil fuels raises concerns about carbon emissions. (ARSTECHNICA.COM)

Microsoft Warns of Iran’s Advanced Cyber Operations Targeting US Elections

Microsoft's Threat Analysis Center (MTAC) has issued a warning about Iran's evolving cyber operations, indicating a potential threat to the upcoming 2024 U.S. presidential elections. The analysis highlights Iran's use of sophisticated techniques and influence operations, which were observed during the 2020 elections. Microsoft urges heightened vigilance and robust cybersecurity measures to safeguard the integrity of U.S. elections. (READWRITE.COM)

Feds Issue Warning Over Ivanti Cybersecurity Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns about zero-day vulnerabilities in Ivanti gateways, urging federal executive branch agencies to disconnect affected solutions from their networks. Hackers can exploit these flaws to gain control of systems, steal credentials, or initiate further compromises. Ivanti is working on releasing patches, but in the meantime, organizations are advised to review CISA's guidance, conduct threat hunting, and monitor account usage. The cybersecurity company Volexity reported signs of suspicious activity related to these vulnerabilities and suspects the attackers may be based in China. (GOVTECH.COM)

Microsoft BitLocker Encryption Hacked by Raspberry Pi Pico

A security researcher demonstrated how a $4 Raspberry Pi Pico can be used to retrieve the BitLocker encryption key from Windows PCs in just 43 seconds. By exploiting a design flaw in the Trusted Platform Module (TPM), the researcher was able to intercept unencrypted communication between the external TPM and the CPU. While this attack requires physical access to the device and knowledge of the specific setup, it highlights the potential vulnerabilities of BitLocker's reliance on external TPMs for security. CPUs with built-in TPMs are not affected by this flaw. (READWRITE.COM)

4 Common Financial Cyberthreats and How to Avoid Them

Learn about the most common financial cyber threats, including phishing attacks, identity theft, ransomware attacks, and online fraud. Take action to protect yourself by using strong passwords, practicing secure online behavior, implementing two-factor authentication, and staying informed about the latest threats. (FORBES.COM)

Ransomware Hackers Stole More Than $1 Billion in 2023

Ransomware hackers exploited known software vulnerabilities to extort companies, resulting in over $1 billion in stolen funds. The tactic of "big game hunting" targeting global victims led to higher payouts. Tesla, facing potential layoffs, is asking managers to assess the criticality of each job amid cost-cutting efforts. (BLOOMBERG.COM)

Subscribe to our LinkedIn Cyber Briefing.

Subscribe to our Cyber Focus podcast.

Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.

Follow the McCrary Institute on: LinkedIn, Twitter, Threads, Instagram, Facebook, and YouTube.#china #northkorea #cryptocrime