Cyber Briefing ~ 02/29/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The American tech industry plays a crucial role in national security, with emerging technologies serving as an equalizer in conflicts. Companies like Maxar Technologies, Space-X, and major cloud computing providers have been instrumental in providing capabilities to support defense efforts. To fully harness the potential of tech innovation, Congress and the government must avoid overregulation, while the tech industry must prioritize collaboration with the U.S. government. A strong public-private relationship, with a shared understanding of aligned interests, is essential for outcompeting foreign adversaries and ensuring national security.
Senator Mark Warner, chair of the Senate Select Committee on Intelligence, expressed concerns about the US being less prepared to handle misinformation in the upcoming 2024 election compared to the 2020 cycle. He cited the expected increase in misinformation fueled by artificial intelligence and criticized the cautious approach taken by lawyers in the Biden administration regarding social media misinformation. Warner emphasized the need to address foreign intervention and the impact of AI on election interference, warning that the 2024 election could face more threats than the previous one.
President Joe Biden will issue an executive order aimed at preventing the sale of certain types of large sensitive datasets to six countries, including China, Russia, and North Korea. The order directs the Justice Department to develop regulations that would prohibit U.S. companies from selling genomic, biometric, personal health, geolocation, and financial data, as well as certain types of personally identifiable information, to these countries. The move is an attempt to address concerns about U.S. adversaries purchasing American's sensitive personal data from data brokers, which could be used for blackmail or surveillance. The order will go through a public comment period before being implemented.
The McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, under the leadership of Director Frank J. Cilluffo, is playing a crucial role in shaping cybersecurity policies at national and international levels. The institute focuses on translating theoretical frameworks into actionable strategies, fostering collaboration among various entities, and addressing the interconnectedness of critical infrastructures. With a commitment to anticipating future challenges, the institute's work is vital in the ever-evolving cyber domain. Notably, the institute has appointed a prestigious roster of 2024 senior fellows from diverse backgrounds, further enhancing its expertise and influence.
Senator Mark Warner expressed concern that the US is not adequately prepared to counter foreign interference in the upcoming 2024 elections. He cited a lack of threat sharing by social media platforms and highlighted the ongoing threat from Russia. Warner emphasized the need for bipartisan action to address the issue and urged the American public to take the threat seriously.
The cybercrime gang known as ALPHV or BlackCat has claimed responsibility for the cyberattack on medical clearinghouse Change Healthcare. The group stated that it stole sensitive health data, including Social Security numbers and health records, totaling 6 terabytes. This revelation confirms suspicions about the group's involvement and raises concerns about the effectiveness of recent law enforcement operations. Change Healthcare is still dealing with the aftermath of the breach, which has consequences for patients, hospitals, and pharmacies. Regulatory consequences may also be imminent due to the theft of federally protected data.
The U.S. and several international partners, including Australia, Canada, France, Japan, and the U.K., have endorsed shared principles for developing 6G wireless communication systems. This comes as Western countries and their allies express concerns about authoritarian regimes gaining control over internet infrastructure. The joint statement emphasizes the importance of open, free, secure, and accessible connectivity while prioritizing cybersecurity and privacy. China is seen as aiming to dominate the development of 6G infrastructure, much like its position in 5G.
A cyberattack targeting healthcare providers has caused delays in accessing medications for thousands of people. The attack has affected health insurance data, leading to rejected claims and the inability to confirm coverage at pharmacies. The disruptions have particularly impacted elderly patients and those with fixed incomes who rely on daily medications. Efforts are underway to mitigate the obstacles caused by the attack.
New research examined Russian troll farm activities during the 2016 US election. It uncovered Russia's use of click-fraud malware to boost visibility of its social media content. This cyber-enabled influence operation tactic likely continues today. Malware overcomes constraints faced by foreign actors trying to reach broad audiences. Experts previously overlooked malware's role in amplifying disinformation campaigns. Now it is seen as a critical influence-enabling attack. The discovery should refocus assessments of cyber risks to elections. Beyond infrastructure, workforces face heightened vulnerability to malware infection that aids foreign propaganda. As elections proceed worldwide, security teams must monitor personnel practices that could introduce new influence operation risks.
The FBI and international law enforcement agencies have issued a warning about Russian state-sponsored hackers, known as APT28, who are exploiting "compromised" Ubiquiti EdgeRouters. The hackers are using default credentials to gain access to the routers, which are popular among consumers and cyber criminals alike. The affected industries include aerospace and defense, education, energy and utilities, governments, and more. The FBI advises consumers to update their devices to prevent compromise.
A law firm explains why it prohibits the use of generative AI for legal products such as briefs and motion arguments. The firm argues that generative AI lacks thought, analysis, and understanding, relying on algorithms to generate content instead of human judgment. It highlights concerns about accuracy, fabrication of cases, and the inability to provide insightful analysis.
The updated cybersecurity framework released by the US Commerce Department's National Institute of Standards and Technology (NIST) could serve as a comprehensive guide for regulators and a compliance blueprint for entities with questionable network security practices. The new framework expands its focus beyond critical infrastructure to include corporate governance responsibilities and supply chain risks. It provides best practices and implementation tools for organizations of various sizes and sectors. Financial regulators may use the framework as a starting point for cohesive regulation, while companies that adopt it may benefit from improved regulatory compliance and litigation protection. The framework also addresses managing supply chain threats and includes guidance tailored for small businesses.
During Apple's annual shareholder meeting, CEO Tim Cook announced that the company will provide more information about its plans to utilize generative artificial intelligence (AI) later this year. Cook emphasized the potential for transformative opportunities in productivity and problem-solving through generative AI. While Apple has been slower in implementing generative AI compared to rivals like Microsoft and Google, Cook stated that AI is already at work behind the scenes in Apple's products and that explicit AI features will be revealed in the near future. Apple shareholders rejected a proposal to disclose more information about the company's use of AI and its ethical guidelines.
As the U.S. transitions to a greener energy system, officials are considering the cybersecurity challenges that come with it. The shift to renewable energy means a more distributed energy grid, requiring a change in risk management and resiliency approaches. Cybersecurity threats to the energy sector, including state-sponsored hacking groups and potential manipulations of energy storage systems, highlight the need for robust cybersecurity measures. Organizations in the energy space must recognize their role in securing the grid and educate themselves on cyber risks. They should also prepare for resilience by developing playbooks for disaster scenarios and adapting their cyber postures to new technologies such as smart grids and distributed energy resource management systems.
领英推荐
China's struggling economy is expected to drive increased cyber espionage campaigns aimed at stealing foreign intellectual property, according to a report by Cyjax. The report predicts that China will intensify its practice of stealing technology from Western companies and creating a protected domestic market to gain a global advantage. Threat groups such as Gallium, Sandman, MustangPanda, and VoltTyphoon are highlighted as entities likely to increase their cyber activities in the coming year. Understanding China's internal forces is crucial for developing better defenses against Chinese cyber espionage.
A hacking group known as LockBit 3.0 is demanding a ransom and threatening to release documents related to the criminal case against Donald Trump in Georgia. The group initially set a payment deadline for Saturday, but it has since moved the deadline up to Thursday. The group claims to have backup copies of documents taken from the Fulton County government's website and has demanded an undisclosed amount of money. LockBit 3.0 is known for targeting various companies and government agencies, and it operates on a service model where it develops ransomware hacking tools and leases them out to other hackers.
Hackers are using AI chatbots, similar to ChatGPT, to enhance their phishing emails and create deepfakes. The rise of AI-generated email fraud and deepfakes has businesses on high alert for more sophisticated cyberattacks. Dark web services are offering AI hacking tools, including BadGPT, which utilize models like OpenAI's GPT to generate effective malware and exploit vulnerabilities. The challenge lies in detecting these AI-enabled cybercrimes, as they are crafted to evade detection and can have a significant impact on businesses.
Law enforcement's efforts to disrupt ransomware groups are proving to be short-lived as the hackers quickly rebuild and continue their attacks. Recent busts of the BlackCat and Lockbit ransomware groups have not had a lasting impact, as the groups have resumed their operations with new tactics. The inability to arrest the core operators located in uncooperative areas allows the threat actors to regroup and continue their attacks. While disruption campaigns serve a purpose, they are not a comprehensive solution to the ransomware problem. Tighter regulations, improved security measures, and sanctions on ransomware actors are necessary components of a multi-pronged strategy.
Chinese employers are aggressively seeking talent with skills in generative artificial intelligence (GenAI) as they try to catch up with advancements in the field. Computer vision engineers with GenAI expertise are being offered salaries that are two-thirds higher than their peers without such knowledge. The demand extends to other tech roles as well. However, there is a shortage of qualified candidates, with only two qualified workers available for every five new AI jobs in China. Some top Chinese AI talent has chosen to work overseas, highlighting the global competition for skilled professionals.
CISA, FBI, and HHS have released an update to the joint advisory #StopRansomware: ALPHV Blackcat, providing new indicators of compromise and tactics associated with the ransomware. The healthcare sector is the primary target. Network defenders are urged to review the advisory and report any incidents or anomalous activity.
The U.S. Department of Energy has announced the selected projects for its Cyber Research, Development, and Demonstration funding opportunity. The projects cover various areas including automated cyberattack prevention, security and resiliency, authentication mechanisms, vulnerability discovery and mitigation, cybersecurity through software solutions, and integration of new concepts and technologies. Organizations such as General Electric, Electric Power Research Institute, and universities like Georgia Tech and Kansas State University are among the recipients of the funding.
Russian threat group "Midnight Blizzard" is shifting tactics to target cloud environments, using automated cloud service accounts and dormant accounts to gain initial access. Organizations are advised to implement mitigations such as multifactor authentication and strong passwords for service accounts to defend against the threat actor.
The US, along with nearly a dozen other countries including Australia, Canada, Japan, and the United Kingdom, has released a joint statement outlining six shared principles for 6G wireless communication networks. These principles include protecting national security, using spectrum efficiently, and ensuring security, resilience, and privacy. The countries call for global cooperation and collaboration to advance the development of 6G networks and encourage other governments and stakeholders to support and uphold these principles.
The Biden administration is urging major technology companies and the research community to adopt memory safe programming languages to reduce vulnerabilities exploited by hackers. The White House Office of the National Cyber Director emphasizes the need to address memory safety at the programming language level to strengthen cybersecurity.
The Cactus ransomware group claims to have stolen 1.5 terabytes of data from Schneider Electric, including sensitive documents such as non-disclosure agreements and copies of passports. Schneider Electric has mobilized its incident response team to contain the attack and reinforce security measures.
The Biden administration is urging the tech industry to prioritize secure products by using memory-safe programming languages. The Office of the National Cyber Director (ONCD) has released a report advocating for the elimination of coding errors that leave vulnerabilities in software. The report recommends the use of languages like Rust, Python, and Java, and emphasizes the need for executives to prioritize memory safety. This initiative follows President Biden's executive order on cybersecurity and aims to shift responsibility to large organizations for managing evolving threats.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to our Cyber Focus podcast.
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.