Cyber Briefing ~ 02/12/2024

National Cyber Director Urges Private Sector Collaboration to Counter Nation-State Cyber Threat

National Cyber Director Harry Coker warns that hackers affiliated with China are actively attempting to gain access to critical infrastructure in the U.S. to launch malicious attacks. Coker emphasizes the need for collaboration between the private sector and the government to protect these systems. The Biden administration is exploring plans to hold manufacturers accountable for poor security, harmonize regulations, and develop a more diverse cybersecurity workforce. Additionally, efforts are underway to promote the use of memory-safe languages and improve software measurability to address vulnerabilities. (CYBERSECURITYDIVE.COM)

Federal IT Officials Call on CISA for Tougher Standards, More Coordination

Federal IT officials from the Treasury Department and the Department of Veterans Affairs are urging the Cybersecurity and Infrastructure Security Agency (CISA) to improve governmentwide coordination and implement stricter security standards. While they acknowledge CISA's helpfulness, they emphasize the need for common operating standards and expanded information-sharing on critical patches and threat indicators. The officials also call for stronger collaboration within the Joint Cyber Defense Collaborative (JCDC) to share information and respond quickly to cyber threats. Private sector assessments align with these sentiments, noting the growing pains of the JCDC and the need for a more defined and risk-based approach to security. (FEDSCOOP.COM)

Iran-Israel Cyber War Goes Global

Iran's cyber conflict with Israel has expanded globally, with cyberattacks targeting businesses and government agencies in various countries. Iran's cyber offensive, termed "Phase 3" by Microsoft, aims to pressure governments and influence business communities to support a cessation of Israeli military activities. Recent victims include an Albanian government organization and Iran's military guard itself. The attacks have become more advanced, targeting critical infrastructure and employing effective messaging to undermine Israeli morale and pressure its allies. As the US election season approaches, concerns about Iranian interference in past votes are increasing. (DARKREADING.COM)

US State Department Offers $10 Million for Information on Ransomware Gang that has Attacked US Hospitals

The US State Department is offering a $10 million reward for information on the leaders of the ransomware group known as Hive. The group is accused of extorting over $100 million from hospitals, schools, and other victims globally. The FBI infiltrated Hive last year and prevented $130 million in ransom payments. The announcement comes as ransomware attacks continue to pose a significant threat, with cybercriminals extorting a record $1.1 billion in ransom payments. (CNN.COM)

What to Know About the 200-Member AI Safety Alliance

The newly formed U.S. AI Safety Institute Consortium (AISIC) has over 200 members, including big tech companies like Google, Microsoft, NVIDIA, and OpenAI. The consortium, housed under the National Institutes of Standards and Technology's U.S. AI Safety Institute, aims to shape guidelines and evaluations around AI features, risk management, safety, security, and other AI guardrails. This initiative aligns with the Biden administration's executive order on AI, which emphasizes the need for responsible AI practices and sharing safety results with the government. (CIODIVE.COM)

Reward Offers for Information on Hive Ransomware Co-Conspirators

The US Department of State is offering rewards of up to $10 million for information leading to the identification of key leaders in the Hive ransomware variant group. Additionally, a reward of up to $5 million is offered for information leading to the arrest and conviction of any individual involved in Hive ransomware activity. The FBI's penetration of Hive's networks and seizure of their servers has already prevented millions of dollars in ransom payments. This announcement is part of ongoing efforts to disrupt and deter ransomware actors globally. (STATE.GOV)

'Ov3r_Stealer' Malware Spreads Through Facebook to Steal Crates of Info

A new malware named "Ov3r_Stealer" is being propagated on Facebook through job ads and accounts, using various execution methods to steal sensitive data. The malware exfiltrates data to a Telegram channel monitored by the threat actors, and it can steal information such as geolocation, passwords, credit card details, and more. Researchers believe that Ov3r_Stealer is still under development and poses an ongoing threat, urging organizations to implement security awareness programs and maintain up-to-date application patching to mitigate the risk. (DARKREADING.COM)

Why Bloat Is Still Software’s Biggest Vulnerability

Bert Hubert reflects on the late Niklaus Wirth's 1995 plea for lean software and argues that software security issues arise less from code density and more from attack surface area. He points to an overreliance on external dependencies and code containers as key contributors to bloat. As proof that minimal, secure software is still achievable, Hubert offers Trifecta, his own 1,600-line image hosting solution. (IEEE.ORG)

World's Cruelest Hackers Went After, Yes, a Children's Hospital

Hackers targeted a children's hospital in Chicago, causing significant disruptions by taking down its computer systems. Accessing medical records and prescriptions became extremely difficult, and staff are working to restore the system. This attack is part of a concerning trend of cyberattacks on healthcare entities, highlighting the need for improved cybersecurity measures to protect patient safety. (FUTURISM.COM)

Governor Creates Task Force to Promote Responsible Use of AI in Alabama

Governor Kay Ivey of Alabama has signed Executive Order 738 to establish a task force that will recommend policies for the responsible and effective use of Generative Artificial Intelligence (GenAI) in state executive-branch agencies. The task force, consisting of cabinet members, representatives from Alabama higher education, and legislators, will investigate the current use of GenAI and provide recommendations for its responsible deployment in state government. The task force is expected to submit a report to the governor by November 30, 2024. The executive order also includes provisions to facilitate safe and efficient development and use of GenAI applications in state agencies. (ALREPORTER.COM)

A Nebraska Bill Would Hire a Hacker to Probe the State's Computer, Election Systems

Nebraska State Senator Loren Lippincott has proposed a bill to hire an "ethical hacker" to probe the state's computer network, election equipment, and software for vulnerabilities. Lippincott hopes that by hiring a hacker, the state can identify weaknesses before they are exploited by malicious actors. The bill also allows for the hiring of a security company to assess the state's systems. The proposal comes amid growing concerns about cyberattacks on critical infrastructure and election security. (CO.UK)

That Electric Toothbrush Botnet Story Is Totally Fake

A story claiming that cybercriminals created a botnet out of 3 million electric toothbrushes has been debunked. The Swiss newspaper that initially reported the story blamed Fortinet, a security company, for falsely claiming the incident was real. Fortinet clarified that the toothbrush incident was only mentioned as an illustration during an interview and not based on their research. The story highlights the challenge of covering cybersecurity as exaggerated research findings can be used to gain attention. (GIZMODO.COM)

Over 100 China-Run Fake News Websites Pushing Propaganda in 30 Countries

Chinese websites, posing as local news outlets, are spreading pro-Beijing content globally, according to a report by Citizen Lab. The campaign, known as "Paperwall," involves a network of 123 websites operating from China, masquerading as local news organizations in thirty countries. The operation is attributed to Shenzhen Haimaiyunxiang Media Co., Ltd., a PR firm in China. This campaign reflects China's use of influence operations to serve financial and political interests aligned with Beijing's agenda. Social media giants like Facebook have previously shut down accounts involved in influence operations originating from China. (NEWSWEEK.COM)

Attackers Mass-Exploiting New Ivanti VPN Flaw

Hackers are actively exploiting a third vulnerability in Ivanti's enterprise VPN appliance, affecting its Connect Secure remote access VPN solution. One of the newly discovered flaws, CVE-2024-21893, a server-side request forgery flaw, is being mass-exploited. Despite Ivanti patching the vulnerabilities, security researchers anticipate more impact as hacking groups continue to exploit the flaw. Over 630 unique IPs have been attempting to exploit the server-side flaw, indicating a sharp increase compared to last week. It is uncertain who is behind the mass exploitation, but the first two vulnerabilities were attributed to a China government-backed hacking group. (TECHCRUNCH.COM)

Google Pushes Deeper into AI with Chatbot Subscription Plan

Google is launching Gemini Advanced, its most powerful chatbot, as part of a subscription plan priced at $19.99 per month. Gemini Advanced aims to profit from the growing consumer interest in AI services that generate novel text and images. The offering will provide enhanced capabilities in reasoning, following instructions, coding, and creative collaboration. Google's parent company, Alphabet, has been diversifying its revenue streams beyond advertising, and CEO Sundar Pichai stated that the company's annual subscription revenue reached $15 billion. The price of Google's chatbot subscription matches offerings from Microsoft and OpenAI, with smaller startups also charging subscription fees for powerful chatbot products. (WSJ.COM)

Subscribe to our LinkedIn Cyber Briefing.

Subscribe to our Cyber Focus podcast.

Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.

Follow the McCrary Institute on: LinkedIn, Twitter, Threads, Instagram, Facebook, and YouTube.