Cyber Briefing ~ 02/27/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The National Institute of Standards and Technology (NIST) has released version 2.0 of its Cybersecurity Framework (CSF), providing updated guidance for reducing cybersecurity risk. The new edition includes quick-start guides, success stories, and a catalog of informative references to assist organizations in implementing the framework. The CSF 2.0 has an expanded scope and emphasizes the importance of governance in cybersecurity strategy. NIST plans to continue enhancing the framework based on user feedback and expects translations of CSF 2.0 to be made available internationally.
The House Select Committee on the Chinese Communist Party has written a letter to SpaceX and Tesla CEO Elon Musk, demanding that U.S. troops stationed in Taiwan be granted access to SpaceX's Starshield satellite communication network. The committee claims that withholding the broadband internet service from U.S. military forces in Taiwan could potentially violate SpaceX's Pentagon contract, which requires "global access" to the technology. The letter requests a briefing on SpaceX's Taiwan operations from Musk by March 8.
Gen. Sir Jim Hockenhull, head of Britain's Strategic Command, warns that the current global landscape is the most dangerous he has witnessed in his career. As conflicts persist and threats to critical infrastructure increase, Hockenhull emphasizes the need for a change in how national security is approached, calling for collaboration with industry, academia, and international partners. He also highlights the shortage of cyber and electromagnetic skills and the importance of recruiting digital talent. Hockenhull cites Russia's significant deployment of electronic warfare equipment in Ukraine, which poses challenges to uncrewed systems and guided missiles. Integration and assurance in the cyber and electromagnetic domain are crucial for effective defense.
LockBit ransomware group has quickly reestablished operations and launched a new dark web leak site just days after a global law enforcement effort dismantled their infrastructure. While some experts believe the LockBit brand is dead, the group's comeback highlights the persistent challenges faced by authorities in the fight against ransomware. The relaunch of LockBit does not diminish the accomplishments of law enforcement, but it underscores the resilience of ransomware groups and the ongoing battle to permanently take them out of action.
Russian cyberattacks against Ukraine have intensified, with Moscow moving advanced hacking groups closer to the front lines to support the kinetic war. These efforts have included stationing a hacking team in Donetsk, Ukraine, for at least the last year and a half. Despite the onslaught of cyberattacks, Ukraine has strengthened its cyber defense capabilities with the help of allies and has demonstrated resilience in withstanding disruption. However, Ukraine still requires support from its partners to build solid cyber defenses and act as a cyber shield for the democratic world.
Homeland Security Secretary Alejandro Mayorkas believes that U.S. regulators should hold companies accountable for their poor cybersecurity practices, especially considering the vulnerabilities of critical infrastructure. The Biden administration is working to implement mandatory cyber requirements for sectors like schools, healthcare, and utilities. Mayorkas supports the concept of "secure by design," where tech manufacturers will be required to incorporate stronger cybersecurity practices into their products. While there has been initial pushback, U.S. tech companies are gradually embracing this regulatory shift. Mayorkas also addressed the need for closer cooperation between regulators and industries to enhance cybersecurity efforts.
Progress in reaching a deal to prevent a government shutdown has slowed due to House Republican policy demands on issues including LGBTQ rights, abortion, immigration, and competition from China. Lawmakers may resort to another temporary spending extension to avert a partial shutdown, as federal funding is set to expire in less than a week. The stakes are high, with vital services such as transportation, food stamp programs, and housing assistance at risk.
Researchers are exploring the concept of machine "unlearning" to enable AI models to remove specific data that should not be retained, such as private or outdated information. This is particularly important for compliance with data privacy regulations and to address biases or inaccuracies in training data. Machine unlearning involves efficiently removing the influence of the data without having to retrain the entire model. It has practical applications for companies like Facebook and Google, as well as in high-risk sectors like healthcare and finance. The vulnerability of generative AI models to privacy attacks and the increasing scale of models contribute to the need for machine unlearning.
The use of high-definition cameras and AI algorithms in digital air traffic control towers is revolutionizing the management of air traffic. These towers provide panoramic views of runways, overlay radar information on aircraft, and can be placed anywhere on the airfield. Machine learning algorithms analyze the camera feeds to improve turnaround times and enhance safety. While digital towers are already in use in some airports, their certification and widespread adoption in the US may take a few more years. However, they are seen as a way to optimize the use of air traffic controllers and address the global shortage in this field.
Jonathan Mayer has been appointed as the Department of Justice's inaugural chief science and technology advisor and chief artificial intelligence officer. Mayer will work with Attorney General Merrick Garland to enhance the agency's understanding of AI and cybersecurity. His role will also involve cultivating a tech-savvy workforce and collaborating on technological issues across departments. The new position was established as part of President Joe Biden's executive order on AI. Mayer joins the DOJ from Princeton University and has previous experience as a technology policy advisor to Vice President Kamala Harris and as chief technologist at the Federal Communications Commission.
Lily Zeleke, the Pentagon's deputy chief information officer for enterprise IT, has left her position and taken on new responsibilities within the Department of Defense Chief Information Officer organization. William Dunlap is now serving as the acting deputy CIO for information enterprise. The specifics of Zeleke's new role and the reason for the change have not been disclosed. This follows a recent change in the DOD's CIO shop involving Frederick Moorefield, who was charged with promoting animal fighting ventures while serving as the deputy CIO for command, control, and communications.
The Georgia state House has passed legislation aimed at combating deepfake AI videos ahead of elections. The bill makes it a felony to publish deepfakes within 90 days of an election with the intention of misleading voters. The attorney general would have jurisdiction over the crimes, and the state election board would be authorized to publish investigation findings. The bill now moves to the state Senate for consideration.
LockBit ransomware developers were in the process of building a new version of their malware, called LockBit-NG-Dev, when law enforcement took down their infrastructure. The latest sample of LockBit is written in .NET and compiled with CoreRT, indicating that it is in its final development stages. The malware includes a configuration file that outlines execution parameters and offers features such as encryption modes, file or directory exclusion, and randomization of file naming. While law enforcement's actions have disrupted the LockBit operators, the discovery of this new encryptor poses a challenge for their future operations.
Microsoft introduces Azure Operator Call Protection, a service that analyzes phone conversations in real time to identify suspicious callers. The AI-powered system can alert users if a call seems fraudulent, reinforcing best practices and helping combat spam calls. The service is opt-in, and data from calls is not saved or used for training AI models. Microsoft is currently piloting the technology with BT Group.
Lockbit, a notorious cybercrime gang known for using ransomware to extort victims, has announced that it has restored its servers and resumed operations following a recent international law enforcement operation that resulted in arrests and indictments. While law enforcement agencies have compromised Lockbit's operations, the group claims that its backup servers are unaffected and will continue leaking data stolen from targeted companies. The authorities remain vigilant and continue efforts to target and disrupt Lockbit and its affiliates.
The partnership between Republican election officials and federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA) is at risk due to a growing right-wing backlash. Some GOP leaders, fueled by conspiracy theories and election denialism, are criticizing CISA's efforts to combat misinformation and hacking threats. This could undermine the crucial work of securing elections and create partisan divisions in election security. With national Republicans increasingly turning against CISA, its partnerships with GOP leaders are more vulnerable than ever.
The FTC will order Avast to pay $16.5 million and prohibit the company from selling users' web browsing data or licensing it for advertising. Avast was found to have collected and sold browsing data without consent, misleading users about data protection. Avast will also have to obtain consent before selling or licensing browsing data and delete shared data. Avast spokesperson expressed disagreement but stated their commitment to protecting customers' digital lives.
Reddit has entered into a deal with Google that allows the search giant to use posts from the online discussion platform to train its AI models and enhance services like Google Search. The agreement, valued at approximately $60 million, also grants Reddit access to Google's AI models to improve its internal site search and other features. This partnership marks a significant step for Reddit, which relies on volunteer moderators, and comes alongside the company's announcement of its plans for an initial public offering (IPO) on the New York Stock Exchange.
Privacy violations have become the second top concern for cyber insurance claims costs, surpassing ransomware. The long-term impact of privacy claims can be just as catastrophic as ransomware attacks, with the legal process lasting several years. Underwriters are closely monitoring privacy trends, particularly as cases related to GDPR violations filed between 2017 and 2019 reach their resolution. Many organizations struggle with data classification, understanding privacy laws, and eliminating unnecessary data. Minor infractions, such as non-compliance with posted privacy policies, can result in multiple regulatory fines and denial of insurance claims. Companies are advised to seek assistance from cyber insurers to ensure compliance and maintain coverage.
Law enforcement officials involved in the takedown of ransomware gang LockBit discovered that the group was retaining data they had promised to delete after receiving ransom payments. LockBit, described as the most prolific and harmful ransomware group of the last four years, encrypted devices and stole data from victims' computer networks, demanding extortion payments for decryption keys and data deletion. The revelation serves as a reminder that paying ransoms does not guarantee the secure deletion of data, highlighting the untrustworthiness of criminals' promises. The National Crime Agency plans to release additional information about the takedown, including details about the gang's finances.
The Biden administration's executive order on port cybersecurity emphasizes the risks associated with the use of Chinese-made cranes in US ports. The order aims to strengthen the Department of Homeland Security's authority to address maritime cyber threats, including the ability to require vulnerability remediation, control ship movements, and inspect facilities. Mandatory reporting of cyber incidents and specific cybersecurity best practices are also introduced. The Coast Guard will issue a Maritime Security Directive focusing on cyber risk management for Chinese cranes and associated IT/OT systems.
Advocacy group Opioid Policy Institute reveals that 21 addiction recovery apps, including DynamiCare and Workit Health, have shared user information with third parties like Facebook and Google. The group's report aims to push for legislative measures to protect individuals seeking treatment. The disclosure raises concerns about the violation of federal health privacy laws, prompting calls for action from the Department of Health and Human Services and the Federal Trade Commission. HHS recently issued a rule requiring opioid use disorder apps to report unauthorized data sharing, while the FTC has penalized other health data privacy violators.
领英推荐
Nonprofits backed by tech billionaires are increasing their lobbying efforts in Washington to advocate for AI safety bills. Critics argue that these efforts are a diversion tactic to prevent regulation and competition, while redirecting attention from more immediate AI-related issues. The nonprofits, such as the Center for AI Policy and Center for AI Safety, have registered lobbyists and are pushing for legislation that holds AI developers accountable for potential harm and empowers regulators to intervene in emergencies. The lobbying activities could potentially benefit leading AI firms, sparking concerns about the influence of wealthy backers on policy priorities.
Two members and one staffer of the European Parliament's security and defense subcommittee have been targeted with spyware, raising concerns about the security of the EU institution's work. The crisis highlights the need for increased cybersecurity measures, with calls for a full-fledged counterintelligence and security service within the Parliament. The incident follows previous cases of EU politicians being targeted with spyware, emphasizing the ongoing threat of cyberattacks and foreign interference.
Miranda Bogen, the founding director of the Center of Democracy and Technology's AI Governance Lab, is working to develop solutions for regulating and governing AI systems. She emphasizes the need to address the societal implications of AI, including issues of bias and discrimination. Bogen encourages responsible AI development by considering the impact on marginalized communities and involving diverse perspectives in the design process. Additionally, she urges investors to prioritize responsible practices and avoid rushing underdeveloped technologies to market.
AI tools are already impacting the 2024 election through deepfakes, disinformation tactics, and political influence campaigns. Key examples include a fake Biden robocall in New Hampshire, attacks on political enemies with AI images, and the use of AI voices in campaign ads. Tech companies signed an agreement to help curb illicit uses but policy experts say it lacks teeth. States and Congress have also struggled to pass meaningful AI regulation so far. Enforcement of existing laws, like the FCC's AI voice ban on robocalls, remains a challenge. Overall, experts warn the AI era of elections is here but governance is not keeping pace.
According to CrowdStrike's Global Threat Report, cyberattacks are becoming more interactive and faster, with the average time to carry out an attack dropping to 62 minutes in 2023. Small businesses are particularly vulnerable, as they often assume they are not attractive targets. The report also predicts that generative artificial intelligence (AI) will make cybercriminals' work easier by helping them develop more realistic hacking tools and materials. Despite the growing threats, some buyers appear to be questioning the value of cybersecurity services, causing a slide in cybersecurity company stocks.
Google CEO Sundar Pichai believes AI tools can have positive cybersecurity benefits despite recent controversies. While Google's AI system Gemini faced backlash for generating culturally upsetting images, Pichai highlighted the potential advantages of using AI to combat cyberattacks. However, criticisms of OpenAI's Sora AI video tech and concerns about the limitations of AI technology emphasize the double-edged nature of AI.
The Royal Canadian Mounted Police (RCMP) announced that their systems were targeted by a significant cyberattack. However, there was no impact on operations and no known threat to the safety of Canadians. The RCMP has launched an investigation to determine the extent of the breach, and no impacts on intelligence services have been reported. The Canadian government recently experienced a data breach in its foreign affairs department, highlighting the increasing threat of cyberattacks on critical infrastructure and national security.
Change Healthcare, a subsidiary of UnitedHealth Group, remains offline for the fourth consecutive day after a suspected cyberattack. UnitedHealth identified a "suspected nation-state-associated" actor behind the attack and immediately isolated and disconnected the impacted systems. Change Healthcare reassured that Optum, UnitedHealthcare, and UnitedHealth systems have not been affected. CVS Health confirmed that the disruption is impacting some of its business operations, including the ability to process insurance claims. The American Hospital Association has advised healthcare organizations to disconnect from Optum until it is safe to reconnect.
The conflict between Russia and Ukraine has marked the world's first all-out cyberwar, highlighting the need for the West to study the lessons learned and support Ukraine's cyber capabilities. Without offensive support, Ukraine is limited in its ability to match and overwhelm Russian cyberattacks. Strengthening Ukraine's cyber defenses will not only address immediate threats but also strategically curb Russia's capabilities and help define cyber red lines for NATO. The West should provide intelligence on vulnerabilities to Ukraine, improve its own cyber defenses, and deter other nation-states from launching devastating cyberattacks in the future.
Leaked files from Shanghai-based data collection firm iSoon have shed light on China's extensive cyber warfare operations. The leaked documents reveal China's use of for-hire hackers to expand its digital reach globally, surveil dissidents, hack other nations, and promote pro-Beijing narratives on social media. The leaked files also expose China's eight-year-long data gathering operation across Asia and highlight the maturing nature of its cyber espionage ecosystem. The fallout from the leak comes amidst heightened tensions between the US and China, with the FBI director calling Chinese cyber operations the "biggest hacking program in the world." Chinese officials are actively investigating the source of the leak.
Journalist Tim Burke is facing charges under the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute, for accessing video clips from LiveU, a streaming service used by media companies. The CFAA's vague language around "unauthorized access" has led to a range of questionable prosecutions, including those of Aaron Swartz and Andrew Auernheimer. The case against Burke highlights the need for reform of the CFAA, as its broad interpretation poses a risk to journalists and their use of computers in the modern era.
Rotech Healthcare is reviewing a list of potentially impacted patients following a cybersecurity breach at its partner Philips' Respironics unit. An unauthorized third-party accessed information stored on Respironics' server, potentially compromising personal details of patients. Philips confirmed the incident, stating that it notified customers about a cyber-security incident involving a third-party software application. Rotech, a US-based medical devices provider, offers a range of healthcare products including ventilators and home medical equipment.
Gartner predicts that in 2024, generative AI-driven security products will emerge, delivering risk-management outcomes. Cybersecurity leaders are also adopting security behavior and culture programs (SBCPs) and using outcome-driven metrics to bridge communication gaps with boards. Additionally, organizations are focusing on third-party risk management and reskilling their cybersecurity workforce. IAM is evolving, and continuous threat exposure management (CTEM) is gaining momentum to address expanding attack surfaces.
In 2023, there were 3,205 data breaches reported in the U.S., impacting a total of 353 million victims, surpassing the previous record by 2,365 breaches. T-Mobile had the highest number of affected individuals with 37 million. The health care industry experienced the most compromises, followed by financial services and professional services. The report highlights an increase in supply chain attacks, zero-day exploits, and the effectiveness of phishing attacks aided by generative artificial intelligence. The Identity Theft Resource Center advocates for stronger federal regulations to improve breach notification processes.
Sensitive documents belonging to Chinese hacking-for-hire firm i-Soon were leaked online, providing insights into China's state-backed hacking operations. The leaked files reveal details of hacking operations, lists of victims, and the day-to-day activities of i-Soon staff. The documents confirm the close relationship between i-Soon and Chengdu 404, a company linked to China's state-backed hackers. While the documents have been removed from GitHub, their authenticity has been confirmed by i-Soon employees. The leaked files also expose i-Soon's involvement in developing the ShadowPad malware and its work for China's Ministry of State Security and the People's Liberation Army.
A recent data leak from Chinese cybersecurity firm I-Soon has provided valuable insights into China's hacking program. The leaked data reveals the day-to-day operations, targets, and clients of China's hacking activities. The leaked information shows that government agencies of neighboring countries, foreign governments, telecom service providers, and educational institutions were among the targets. Most of I-Soon's customers were provincial or local police departments, and the firm offered services such as hacking tools, malware creation, data extraction, and bypassing security measures. The leaks also shed light on the internal issues within the company, including complaints about office politics, poor management, and low pay.
The Biden administration has issued an executive order to enhance cybersecurity measures at US ports, recognizing the vulnerability of critical infrastructure to cyberattacks. The order empowers the Coast Guard to establish cybersecurity requirements for vessels and waterfront facilities, and includes an investment of over $20 billion in port infrastructure. The move comes after a warning from the Cybersecurity and Infrastructure Security Agency about state-sponsored cyber-actors from China targeting critical infrastructure. The order also imposes security requirements on PRC-manufactured cranes, which make up a significant portion of cranes at US ports.
Since the implementation of the SEC's Form 8-K cybersecurity reporting rules, six companies have made filings under Item 1.05. Most of the filings provide high-level descriptions of the cybersecurity incidents without much elaboration. It is interesting to note that the filings are primarily from technology and financial services companies, with two being bank holding companies. Some companies have included forward-looking statement disclaimers in their filings, although not required. Additionally, a few companies have filed under Item 8.01 instead of Item 1.05, indicating that they deemed the events immaterial at the time of filing. The SEC has not yet released any comment letters critiquing the filings, but it is expected that they will provide guidance and commentary on cybersecurity disclosures in the future.
The National Institute of Standards and Technology (NIST) has released its final guidance, the "Cybersecurity Resource Guide," to help HIPAA-regulated entities understand and comply with the HIPAA Security Rule. The guide provides detailed descriptions, sample questions, and considerations for implementing each standard, as well as guidelines for conducting risk assessments and risk management. NIST's resource aims to assist organizations in enhancing their cybersecurity posture and protecting electronic protected health information (ePHI).
The LockBit ransomware operation has reappeared only 5 days after international law enforcement seized its sites. A new Tor site looks identical and re-lists victims, indicating data will still be leaked if ransom isn't paid. LockBit's statement suggests the law enforcement action aimed to prevent leaked documents that could impact US elections. LockBit admits negligence in not patching and claims the FBI obtained little of value. It states partners were wrongly accused and vows to improve security while continuing extortion.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to our Cyber Focus podcast.
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.