Cyber Briefing ~ 02/20/2024

McCrary Institute's Frank Cilluffo Explores Growing Cyber Dangers in Chat with Politico's Maggie Miller

Top Politico cyberscribe Maggie Miller lifts the lid on escalating digital dangers in a must-hear chat with Frank Cilluffo. From insidious infiltration of key infrastructure to ingenious defenses keeping State Department emails safe, Miller shares surprising intel gathered on her cyber beats. Tensions intensify as adversaries hone unconventional tactics, yet critical threats remain underreported. Tune in as these experts unpack urgent national security issues and grapple with an evolving threat landscape never far from the next headline. (BIT.LY )

Ransomware Attack Believed to Be Behind Fulton County Cybersecurity Incident, Officials Say

Officials in Fulton County, Georgia, have stated that a ransomware attack is likely responsible for a recent "cybersecurity incident" that has affected various government services for several weeks. The attack, which occurred on January 28, has impacted services such as county courts and the jail. County officials have evidence suggesting that financially motivated actors carried out the ransomware attack, although the investigation is ongoing. Workarounds are being implemented to keep the court system functioning, and the Fulton County Jail has switched to backup systems. The county is working to restore the affected systems and has assured residents that early voting for the upcoming primary election will proceed as scheduled. (ATLANTANEWSFIRST.COM )

US Conducts Cyberattack Against Iranian Military Ship

The Biden administration recently carried out a clandestine cyberattack against an Iranian military vessel that had been gathering intelligence on merchant ships in the Red Sea region, according to a US military official. The official said the operation targeted the MV Behshad ship, which US analysts suspected was relaying information to Iran-backed Houthi rebels in Yemen about nearby commercial vessels. The cyberattack aimed to disrupt the flow of such intelligence and was part of broader US retaliation for a deadly drone attack in January by Iranian-backed militias in Iraq that killed three American soldiers. While details are limited to protect operational security, it demonstrates the US military's capabilities in the cyber domain to defend American interests and personnel in the region. (NYTIMES.COM )

U.S. Disrupts Hacking Operation Led By Russian Intelligence

The FBI announced disrupting a Russian intelligence-linked botnet controlling over 1,000 home and small business routers to spy on targets worldwide by deleting stolen data and modifying firewalls, as part of countering Russia and other countries' escalating cyber threats. (NYTIMES.COM )

Dragos Outlines Voltzite's Attacks Against Critical Infrastructure

Dragos released a report detailing the activities of the Voltzite group, sponsored by the People's Republic of China (PRC), targeting critical infrastructure in the United States. The group has been observed infiltrating electric companies, emergency management services, telecommunications, and defense industrial bases. Dragos emphasizes the difficulty of detecting Voltzite's activities and provides guidance on mitigating the threat. (NATLAWREVIEW.COM )

Congress Should Enable Private Sector Collaboration To Reverse The Defender's Dilemma

A new bill proposes removing barriers to cooperation between companies and allowing them to share cyber threat information. This would help leverage AI capabilities across platforms to identify vulnerabilities and strengthen defenses for organizations of all sizes against continuously evolving attacks. (GOOGLE.COM )

‘Corporate Amnesia’: Class-Action Lawsuit Criticizes Integris Health Cyberattack Response

The lawsuit filed against INTEGRIS Health accuses the organization of failing to properly notify over 2 million patients whose personal information was breached for over a month in late 2023, alleging a "corporate amnesia" and lack of transparency in addressing the incident and its aftermath. (NONDOC.COM )

Threat Actor Leverages Compromised Account of Former Employee To Access State Government Organization

CISA and MS-ISAC conducted an incident response assessment after documents with network information were posted online and found an unidentified threat actor compromised the account of a former employee still enabled in Active Directory to authenticate to a state government organization's virtual private network and query data. (CISA.GOV )

Using AI to Strengthen Digital Security

Google's New AI Cyber Defense Initiative aims to use AI technology to shift the balance in cybersecurity away from attackers and toward defenders. The five-minute read outlines how the company is committing $2 million in grants and strategic research partnerships focused on advancing AI's potential to solve security challenges. It details three ways Google is applying AI to security - securing infrastructure and data, empowering organizations through tools and training, and advancing research in areas like code verification and understanding how AI can help counter cyber threats. The initiative includes expansions to their cybersecurity education program in Europe and open-sourcing a new file identification tool to help protect against malware. (BLOG.GOOGLE )

Reward for Information: ALPHV/Blackcat Ransomware as a Service

The U.S. Department of State is offering rewards of up to $15 million for information on the ALPHV/Blackcat ransomware group, which has compromised over 1,000 entities worldwide and demanded approximately $99 million in ransom payments. The FBI has worked with victims to provide decryption tools and prevent ransom demands. (STATE.GOV )

Foreign National Pleads Guilty to Role in Cybercrime Schemes Involving Tens of Millions of Dollars in Losses

A Ukrainian national pleaded guilty to leading malware groups that infected thousands of computers, stole millions from victims, including a hospital, and caused over $30 million in losses through ransomware attacks. The FBI worked with global partners to arrest and extradite the defendant to the United States. (JUSTICE.GOV )

Multiple Lawsuits Target Johnson Controls' Commission Structure

The class-action lawsuit alleges that Johnson Controls is refusing to fully pay out sales representatives' backlogs of accrued commissions totaling hundreds of thousands of dollars each. At least 28 representatives across several US states have separately filed lawsuits against the building controls firm since mid-January 2024, taking issue with changes to its incentive and pay practices. (LEGALDIVE.COM )

New York Governor Proposes Ban on Political Deepfakes

Governor Kathy Hochul is pushing legislation that would expand protections against AI-generated deepfakes in New York. The proposal includes making it illegal to publish false digital content and use someone's voice without consent, in addition to giving individuals the right to sue for defamatory deepfakes. It aims to curb deepfakes in elections, pornography and other harmful materials if passed as part of the state budget by April 1st. As deepfake threats grow nationwide, New York's leadership on this issue could significantly reduce political misinformation in the upcoming major elections. (BLOOMBERGLAW.COM )

CISA Establishing New Office Focused On Zero Trust

CISA is opening a Zero Trust Initiative Office to provide expanded training, resources, and guidance to help federal agencies implement zero trust security principles through community building, assessments of maturity progress, and building on existing CISA models and frameworks. (FEDSCOOP.COM )

Meta Takes Down Chinese Facebook Accounts Posing As US Military Families

Meta removed a network of 33 Facebook accounts, four Instagram profiles, and other pages posing as US military families that originated in China and criticized US policies toward Taiwan and Israel while supporting Ukraine, with low followings showing limited success in spreading influence. (ENGADGET.COM )

Naval Information Forces Taking Rapid Lessons From Red Sea Attacks

The Navy's NAVIFOR is learning swiftly from ongoing Houthi attacks in the Red Sea handled by USS Carney and updating tactics through the Naval Information Warfighting Development Center, seeing the threat as enduring and aiming to constantly improve non-kinetic capabilities for integrated fires. (DEFENSESCOOP.COM )

US Offers Up To $15 Million For Tips On ALPHV Ransomware Gang

The US State Department is offering rewards up to $10 million for information leading to ALPHV/BlackCat ransomware leaders and an additional $5 million for those attempting to join the prolific ransomware group responsible for over $300 million in ransoms and targeting over 1,000 victims. (BLEEPINGCOMPUTER.COM )

Decoding Kim Jong Un: Has the North Korean Leader Chosen War?

Many experts agree that Kim Jong Un's recent provocative rhetoric and actions have dangerously escalated tensions, though opinions differ on his intentions. While some see signs Kim may be preparing for war, most analysts argue he more likely aims to increase pressure for concessions through coercive intimidation short of full conflict. Continued shows of U.S. strength combined with diplomatic off-ramps could deter further aggression while lowering the chances of miscalculation. Developing. (THECIPHERBRIEF.COM )

HP Wolf Security Threat Insights Report Q4 2023

The report analyzes malware trends identified in the last quarter of 2023 by HP Wolf Security. Key findings include an increase in PDF-based attacks spreading threats like DarkGate and PurpleFox using steganography. Threat actors also continued leveraging cloud services and advertising networks for command and control while targeting software vulnerabilities over macros. (HP.COM )

US and Partners Kicked Russian GRU Hackers Out of Routers, FBI Says

The FBI Director announced that the US and partners ousted Russian government hackers from over 1000 home and small business routers in an operation called Operation Dying Ember. The action has not been previously announced. The law enforcement agencies modified the router firewall rules to block remote access and "locked the door" behind the Russian GRU hackers. (THERECORD.MEDIA )

Neuberger: Defining Espionage vs. Pre-Positioning for Attacks is Key to Battling State Actors

The White House's top cyber official said there needs to be more clarity defining cyber espionage versus cyberattack pre-positioning, noting that recent hacking of sectors like water and aviation have little intelligence value but appear aimed at positioning for disruption. The US is adopting European regulations for critical infrastructure and deepening information sharing with partners to distinguish the threats. (THERECORD.MEDIA )

White House’s Neuberger: Pace of Ransomware Takedown Operations isn’t Enough

The White House's deputy national security advisor for cyber said while ransomware takedown operations have made it harder for attackers, they have not done enough to raise costs and risks. Neuberger noted that operations currently occur every 8-12 months but need to be more frequent, and sanctions on cryptocurrency mixers typically last only 4-6 months which is not sufficient. More layered efforts are needed to battle ransomware actors. (THERECORD.MEDIA )

Aim Policies at 'Hardware' to Ensure AI Safety, Say Experts

Experts argue that regulating AI 'compute' - the hardware underlying AI like chips and data centers - provides a stronger basis for governance than data and algorithms alone. Suggestions include a registry tracking chip flows, 'compute caps' limiting networked chips, and requiring multiple parties' consent for riskier AI training using distributed computing power. Monitoring hardware supply chains could help curb concentration in cloud companies as well. (AC.UK )

Washington County PA Pays $350,000 Ransom After Cyberattack

Washington County officials formally voted to use up to $400,000 from American Rescue Plan funds to pay a $350,000 ransom and $20,000 in fees demanded by alleged Russian cybercriminals following a January cyberattack that paralyzed county operations. The 2-1 vote followed secret emergency meetings due to hackers threatening a deadline. While one commissioner objected to negotiating with criminals, officials said they acted to prevent sensitive child welfare data from being leaked. Approximately 80% of the county system has been restored. (CBSNEWS.COM )

U.S. Internet Leaked Years of Internal, Customer Emails

Internet provider U.S. Internet Corp had a public link exposing over 6,500 customer domains and their email inboxes from 2008 through the present day, including state and local governments. Its Securence division provides email filtering, but the link gave full access to internal and customer emails in plain text. Hacked links were also created through Securence’s URL scrubbing. U.S. Internet took the inboxes offline after being notified but has not disclosed how long they were exposed or the timing of configuration errors. Regulators may need to intervene, given secrecy and security oversight concerns after such a massive mistake. (KREBSONSECURITY.COM )

AI Can Strengthen Cyber Defences, Not Just Break Them Down

Google CEO Sundar Pichai argues that harnessing artificial intelligence (AI) can reverse the defender's dilemma in cybersecurity, empowering defenders and strengthening global cyber defenses. AI tools have already shown significant improvements in detecting malicious scripts and identifying vulnerabilities, and Pichai emphasizes the need for collaboration between private and public institutions to regulate AI, provide skills training, and foster deeper partnerships in order to maximize the potential of AI-powered security. (FT.COM )

'Cybersecurity Accident' in Cuba Halts Money Transfers from Family, Friends Abroad

Western Union remittance services to Cuba have been halted since Jan. 28 due to a "cybersecurity incident" affecting the country's electronic payment systems. The incident has disrupted the ability of many Miamians to send money to relatives on the island. The Cuban government initially attributed the incident to a virus from abroad impacting electronic systems used to sell gasoline, but the suspension of remittances suggests a broader impact. Other agencies, such as VaCuba, have also experienced problems with money transfers to Cuba. Western Union is working to resume services as quickly as possible. (MIAMIHERALD.COM )

One of FBI's Most Wanted Cyber Criminals Pleads Guilty in Lincoln

Vyacheslav Penchukov, a cybercriminal wanted by the FBI for nearly a decade, has pleaded guilty to charges related to two racketeering and conspiracy schemes. The schemes involved the use of malware, including Zeus and ICEID/Bokbot, to steal banking and personal information and conduct wire fraud. Penchukov faces up to 20 years in prison for each count and will be sentenced on May 9. (KETV.COM )

'High Impact' Cyber Attacks at Canadian Banks Nearly Tripled in One Year: Regulator

Canada's banking watchdog, the Office of the Superintendent of Financial Institutions (OSFI), expressed concern over the significant increase in "high impact" cyber attacks against banks, which have almost tripled in the past year. In 2023, banks reported 28 "priority one" cyber incidents to the OSFI, compared to 10 incidents in 2022. These incidents cause service disruptions or data leaks. OSFI emphasized the need for stronger cybersecurity measures in the financial sector and updated guidelines for banks to manage technological and cyber risks effectively. (NATIONALPOST.COM )

Top National Security Council Cybersecurity Official on Institutions Vulnerable to Ransomware Attacks - "The Takeout"

According to Ann Neuberger, the deputy national security adviser for cyber and emerging technology, hospitals and schools are particularly vulnerable to ransomware attacks, often carried out by Russian cybercriminals. The US government is working to enhance cyber defenses in these institutions, utilizing artificial intelligence tools for quicker detection and source identification. The Biden administration is taking action by equipping companies with cybersecurity practices, dismantling cyberinfrastructure used by criminals, and collaborating with international partners to address cryptocurrency movement and money laundering. Neuberger emphasizes the importance of AI-driven defense to stay ahead or closely behind AI-driven offense, highlighting the need for speed in cybersecurity. Neuberger's comments were made prior to the public reference to a non-specific "serious national security threat" related to Russian capabilities in space. (CBSNEWS.COM )

Subscribe to our LinkedIn Cyber Briefing .

Subscribe to our Cyber Focus podcast .

Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.

Follow the McCrary Institute on: LinkedIn , Twitter , Threads , Instagram , Facebook , and YouTube .