Cyber Briefing ~ 02/22/2024

Cyber Threats Against Heavy Industry Intensify

Ransomware attacks against manufacturers, utilities and other industrial companies increased by 50% last year as hacking groups that specifically target critical infrastructure control systems grew by 28%. Nation-states such as China are heavily targeting US infrastructure and developing advanced tools like Pipedream to infiltrate industrial networks across various sectors. While ransomware traditionally focuses on corporate IT, the attacks often disrupt factory operations, and officials warn the emerging threats could seriously impact revenue and production for targeted heavy industries. (WSJ.COM)

Biden Seeks to Bolster Port Cybersecurity With Executive Order

The White House has issued an executive order to enhance maritime port security, requiring stronger cyber defenses and expanding the authorities of the U.S. Coast Guard to respond to cybersecurity incidents. The order aims to improve cybersecurity policies in the sector and allow the Coast Guard to take action against ports that fail to comply. Over $20 billion will also be invested in port infrastructure, with a focus on phasing out Chinese-built infrastructure, such as ship-to-shore cranes, due to concerns about vulnerability and remote operation capabilities. (BLOOMBERG.COM)

Apple Rolls Out iMessage Upgrade to Withstand Decryption by Quantum Computers

Apple is introducing an upgrade to its iMessage platform called PQ3, aiming to protect against future encryption-breaking technologies, particularly quantum computing. The new protocol rebuilds the iMessage cryptographic protocol from scratch and will replace the existing one in all supported conversations this year. While Apple's encryption algorithms are considered state-of-the-art, the company is proactively preparing for the potential vulnerability that quantum computers could pose to current encryption methods. The move is seen as a "vote of confidence" in acknowledging the realistic threat that advanced computers could pose to existing security measures. (REUTERS.COM)

Pentagon Sees Giant Cargo Cranes as Possible Chinese Spying Tools

Some U.S. officials are concerned that ship-to-shore cranes manufactured by China's ZPMC could be used for surveillance or sabotage. The cranes contain sophisticated sensors that can track containers, raising fears that China could gather information about U.S. military operations. The Chinese Embassy called the concerns "paranoia-driven." The Defense Intelligence Agency conducted a classified assessment in 2021, finding that Beijing could potentially disrupt port traffic or gather intelligence. The U.S. has not provided specific instances of cranes being used for espionage. (WSJ.COM)

U.S. to Provide $1.5 Billion for Computer-Chip Plant to Boost Domestic Supply

The Biden administration plans to grant $1.5 billion to GlobalFoundries, a semiconductor giant, to support the construction of a new computer chip factory in New York. This initiative aims to enhance the United States' capability to produce semiconductors on a large scale and reduce dependence on foreign manufacturing. The funding will address the decline in U.S. chip manufacturing and establish a domestic supply chain for critical chips used in consumer electronics and defense. Additionally, the grant will facilitate the expansion of other GlobalFoundries plants and generate job opportunities in the manufacturing and construction sectors. (WASHINGTONPOST.COM)

11-Nation Operation Takes Down World's 'Most Harmful' Cybercriminal Group

An international coalition of law enforcement agencies, led by the UK's National Crime Agency and including the FBI, has seized control of the infrastructure of LockBit, the world's most prolific ransomware group. The operation resulted in the recovery of stolen data, including electronic keys, and the shutdown of LockBit's site on the dark web. The group's malware has been responsible for over 2,000 ransomware attacks, extorting more than $120 million in ransom payments. (WASHINGTONPOST.COM)

Russia’s LockBit Disrupted But Not Dead, Hacking Experts Warn

Law enforcement agencies in the UK, US, and Europe have dealt a heavy blow to the Russia-linked hacking gang LockBit, arresting two alleged members, seizing servers and cryptocurrency accounts, and recovering decryption keys. While the takedown is significant, cybersecurity experts caution that hackers like LockBit often regroup and continue their attacks. The profitability of ransomware and the slim chances of arrest contribute to hackers returning to cybercrime. LockBit's franchise business model, which involves licensing hacking tools to affiliates, further complicates efforts to fully disrupt the group. (BLOOMBERG.COM)

NSA Cyber Director Rob Joyce to Retire

Rob Joyce, the director of cybersecurity at the National Security Agency (NSA), has announced his retirement at the end of March after 34 years of service. Joyce served as the director of the Cybersecurity Directorate and held multiple positions on the National Security Council. David Luber, the deputy director of the Cybersecurity Directorate, will succeed Joyce in his role. Joyce's departure comes shortly after the successful takedown of the LockBit ransomware group's infrastructure by a global coalition of law enforcement partners. The retirement of Joyce is the latest change in the Biden administration's cybersecurity team. (CYBERSECURITYDIVE.COM)

House Launching Bipartisan AI Task Force

The House of Representatives is launching a bipartisan task force focused on artificial intelligence (AI). The task force, chaired by Reps. Jay Obernolte (R-Calif.) and Ted Lieu (D-Calif.) will produce a report with recommendations and bipartisan policy proposals related to AI. The mission of the task force is to ensure that the United States leads in AI innovation while considering appropriate guardrails to address potential security concerns. This initiative follows the establishment of a separate working group that examines the impact of AI on various sectors. (THEHILL.COM)

A Top White House Cyber Official Sees the ‘Promise and Peril’ in AI

Anne Neuberger, the deputy national security adviser for cyber, spoke with WIRED about emerging technology issues, such as identifying new national security threats from traffic cameras and security concerns regarding software patches for autonomous vehicles. She also discussed advancements in threats from AI and the next steps in the fight against ransomware. (WIRED.COM)

FBI, Other Agencies Disrupt Ransomware Syndicate Behind Attacks Worldwide

Law enforcement agencies, including the FBI and the UK's National Crime Agency (NCA), have disrupted the LockBit ransomware syndicate responsible for global cyberattacks and extracting over $120 million in ransom payments. The NCA has taken control of LockBit's services, compromising their entire criminal enterprise and leading to the arrest of two individuals. The syndicate provided ransomware tools and infrastructure to a network of hackers, demanding cryptocurrency ransoms for decrypting files and preventing data publication. The operation marks a significant disruption to one of the most harmful cybercrime groups, enabling victims to decrypt their systems and regain access to their data. (THEHILL.COM)

Fulton County Did Not Pay Ransom To Retrieve Hacked Data

Fulton County Chairman Robb Pitts confirmed the county did not pay the LockBit ransomware group to retrieve hacked data, and the U.S. Justice Department announced the LockBit Ransomware Group's services were disrupted by international law enforcement. (ROUGHDRAFTATLANTA.COM)

NHS Hospitals ‘Easy Targets’ for Russian Hackers

A report by the Henry Jackson Society warns that British hospitals are vulnerable to Russian cyberattacks due to outdated medical technology and that the UK should brace for a catastrophic attack on critical infrastructure as Russia views the country as a top target behind only Ukraine and the US for its support of Ukraine in the war. (CO.UK)

The Five Most Alarming Cyber Threats from CrowdStrike’s 2024 Global Threat Report

The top five most alarming cyber threats identified in CrowdStrike's 2024 Global Threat Report are 1) Identity-based and social engineering attacks reaching a new level of intensity, 2) A 75% year-over-year increase in cloud intrusions, 3) Cybercriminals like Graceful Spyder shifting from ransomware to data theft and extortion, 4) Nation-state attackers increasing exploitation of third-party relationships, and 5) Nation-state attackers accelerating their adoption of generative AI techniques. (VENTUREBEAT.COM)

Hyundai’s European Division Hit by Ransomware Attack

Hyundai's European division fell victim to a ransomware attack in early January, with a Russian-speaking cyber extortion group claiming to have stolen 3 terabytes of data. The company is working with cybersecurity and legal experts to investigate the incident and has notified relevant local authorities. The group behind the attack, known as Black Basta, has gained attention for its double extortion tactics and operating a cybercrime marketplace. Ransomware attacks have been on the rise, with car companies like Toyota also being targeted. The automotive industry faces increasing scrutiny for privacy failures and car theft hacks. (ITBREW.COM)

House Launches New AI Task Force

The House of Representatives has announced a bipartisan 24-member AI task force, led by Rep. Jay Obernolte and Rep. Ted Lieu, to deliver a report on setting regulatory standards for AI and promoting investment in the technology. This marks the first clear AI strategy from the House and signals a more active role in regulating AI. The task force aims to advance several major AI bills, including the CREATE AI Act, which would make the National AI Research Resource program permanent. (POLITICOPRO.COM)

US, UK Target World's Top Ransomware Gang

The US and UK, along with Europol and law enforcement in eight other countries, have launched a major law enforcement operation targeting LockBit, one of the most prolific ransomware gangs. While the operation won't eliminate LockBit entirely, it represents a significant blow to the group. Authorities seized control of LockBit's web infrastructure, arrested two participants, froze over 200 cryptocurrency accounts, and obtained decryption keys. The group is expected to attempt reorganization, but the US and UK have vowed to continue targeting LockBit and similar groups. (POLITICOPRO.COM)

Coast Guard to Strengthen Port Cybersecurity Over Chinese Hacking Fears

The Biden administration is taking measures to enhance cybersecurity at U.S. ports due to concerns about potential threats from Beijing. The Coast Guard will issue a maritime security directive that imposes cybersecurity requirements on port owners and operators using cranes made in China. The move comes as Chinese-made cranes, which make up around 80 percent of cranes at U.S. ports, are considered vulnerable to cyberattacks due to features that allow remote access and control. Lawmakers have been increasingly concerned about cyber threats to U.S. ports and have called for improvements in port cybersecurity. (POLITICOPRO.COM)

Brussels Spyware Bombshell: Surveillance Software Found on Officials' Phones

The European Parliament has discovered traces of hacking on two devices belonging to members of its defense subcommittee, prompting the institution to ask all subcommittee lawmakers to have their phones checked for spyware. The parliament has been on high alert for cyberattacks and foreign interference ahead of the EU election in June. The institution's cybersecurity has previously been found to fall short of industry standards. Similar incidents of spyware targeting European Parliament members have been reported in the past, leading to the establishment of a special inquiry committee to investigate the issue. (POLITICOPRO.COM)

GitHub Leak Exposes Chinese Offensive Cyber Operations

Leaked Chinese government documents on GitHub reveal offensive cyber operations conducted by China using spyware developed by I-Soon, a Chinese infosec company. The documents provide insight into the inner workings of China's state-sponsored cyber activities, including targeting social media platforms and telecommunications companies. The leaked information also includes sensitive details from telecommunications providers and a victim list that includes institutions in France, India, and neighboring countries. The veracity of the leaked documents has not been officially confirmed. (CYBERNEWS.COM)

Russian Hackers Target Ukrainian Media Outlets with Fake News

Russian hackers targeted popular Ukrainian media outlets, including Ukrainska Pravda, Liga.net, Apostrophe, and Telegraf, spreading fake news about the war in Ukraine. The fake news claimed that Russia had destroyed a unit of Ukrainian special forces in Avdiivka, which was captured by the Russian military in February. The Ukrainian state cybersecurity agency attributed the attack to a Russian threat actor and called it part of Russia's "information warfare" against Ukraine. Ukrainian media has frequently been targeted by Russian hackers for spreading disinformation. (THERECORD.MEDIA)

China Launches Nationwide Survey on Data Resources, from AI Firms to Police

China has initiated the first nationwide survey of data resources, requiring all related entities, including companies and police departments, to provide information about their data assets. The survey, conducted by the National Data Administration (NDA), aims to gather data on data production, storage, circulation, trade, development, use, and security. The inclusion of police data in the survey suggests that it has the support of the top leadership, aligning with China's digitalization efforts for economic growth and technology development. The survey will support future policymaking and the establishment of data application demonstration zones. (SCMP.COM)

Microsoft to Expand Its AI Infrastructure in Spain with $2.1 Billion Investment

Microsoft plans to invest $2.1 billion in the next two years to expand its artificial intelligence (AI) and cloud infrastructure in Spain. This investment demonstrates Microsoft's commitment to Spain's digital transformation and development across government, businesses, and individuals. The expansion follows a recent announcement of a €3.2 billion AI-focused investment in Germany. (REUTERS.COM)

Congress Must Pass Measure Extending Vital Central Pacific Agreements

Congress is urged to pass the Compact of Free Association Amendments Act to fund agreements between the US and Palau, the Marshall Islands, and Micronesia for another 20 years. Failure to do so may result in these states turning to China for economic support and political patronage, jeopardizing US interests in the Indo-Pacific. The agreements provide military access and basing rights, crucial for defending the region and preventing CCP domination. (THEHILL.COM)

Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines

This publication outlines strategies for integrating fundamental software supply chain security assurance measures into continuous integration and continuous delivery (CI/CD) pipeline workflows to enhance security when developing cloud-native applications using DevSecOps. It focuses on task outcomes rather than tools/techniques and provides a starting point for discussion on applying security practices in this context. (GOOGLEUSERCONTENT.COM)

At Signal, a Revolution in Messaging

Signal, the encrypted messaging app, has introduced a major privacy update by changing the default privacy settings for phone numbers. Users can now hide their phone numbers from contacts and instead share a username, enhancing security and protecting against surveillance. This move marks a significant turning point in the history of direct messaging and will make it harder for malicious actors to trace and target individuals. The update comes at a time when concerns about authoritarianism and privacy violations are on the rise. (LAWFAREMEDIA.ORG)

FBI Director Warns of 'Fever Pitch' of Threats to Critical US Infrastructure Systems

FBI Director Christopher Wray warns that China's attempts to disrupt critical US infrastructure are escalating, with offensive weapons built into the infrastructure. The threat includes potential disruptions to traffic lights, clean water access, communications services, and satellite control. China's cyber efforts, including the recently discovered hacking operation Volt Typhoon, pose a significant risk to national security. Wray emphasizes the need to address the constant probing of US systems and the growing cyber threat posed by the Chinese government. (THENATIONALDESK.COM)

Subscribe to our LinkedIn Cyber Briefing.

Subscribe to our Cyber Focus podcast.

Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.

Follow the McCrary Institute on: LinkedIn, Twitter, Threads, Instagram, Facebook, and YouTube.