Cyber Briefing ~ 03/04/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The ongoing hack that has caused the medical clearinghouse Change Healthcare to go offline is causing significant financial damage to hospitals across the US. Hospitals relying exclusively on Change for insurance claims processing have reported receiving no revenue, while even those using other clearinghouses are experiencing disruption. UnitedHealth, Change's parent company, has downplayed the impact on hospitals, but executives from the American Hospital Association are calling for urgent action to mitigate the damage.
Israel's deployment of AI technology in its offensive in Gaza raises concerns about accountability and potential civilian casualties. Human rights groups are calling for transparency and questioning the ethics of Israel's AI targeting system, the Gospel. The US may face difficult questions about its role in enabling AI-powered warfare.
China is rapidly expanding its military capabilities in space to counter American satellites and enhance its ability to monitor and target forces on Earth, according to General Stephen Whiting, head of the US Space Command. China has significantly increased its satellite fleet, with some of its satellites possibly functioning as weapons to disrupt US assets. China is also developing advanced space weaponry, including hypersonic glide vehicles, to overcome missile warning and defense systems. Whiting expressed concern over China's thorough study of US space dependency and its rapid development of programs to threaten US satellite architecture.
Senate Majority Leader Charles E. Schumer has requested federal health officials to provide financial aid to New York hospitals and healthcare providers affected by a massive cyberattack. The attack on Change Healthcare, attributed to the ALPHV or Blackcat ransomware group, has disrupted operations and caused cash flow problems. Schumer is urging for emergency funding to support healthcare providers facing financial and operational challenges due to the ongoing cyberattack.
A US district court has ordered Israeli cyber intelligence company NSO Group to provide messaging app WhatsApp with the code for its Pegasus spyware and other spyware products. WhatsApp has been engaged in a legal battle with NSO Group since 2019, alleging that its spyware was used against 1,400 users. The court order requires NSO Group to produce all relevant spyware and provide information on its functionality, but does not require the disclosure of client names. Pegasus spyware has previously been linked to unauthorized surveillance of journalists, activists, and politicians worldwide.
Researchers have developed one of the first generative AI worms, named Morris II, that can spread between AI systems, potentially stealing data and sending spam emails. By exploiting self-replicating prompts, the worm can attack generative AI email assistants, compromising security protections. While the research was conducted in controlled environments, experts warn that the risk of generative AI worms is a serious concern for developers, especially when AI applications are given permission to take actions on behalf of users. The researchers anticipate the emergence of generative AI worms in the wild within the next few years.
The book "No Shortcuts" examines challenges in building military cyber forces. Yet over a dozen nations have capable cyber units, if uneven doctrine. Offensive cyber actions by states fall into four categories - intelligence gathering, destructive attacks, influence operations, and cybercrime. Still, most cyber activities have little strategic impact. So while states are organized for some cyber tasks, developing coherent doctrine to achieve strategic goals with new tools remains difficult. Overall cyber capabilities shape but do not define modern conflict.
The US should create a new coalition in the Indo-Pacific, involving Five Eyes alliance members, US Indo-Pacific partners, and European states, to combat Chinese cyber threats. This coalition would enhance cybersecurity cooperation, disrupt cyber threats, protect critical infrastructure, and send a strong message of commitment to securing the global digital ecosystem.
China has tightened its state secrets law by adopting amendments to include a new category of "work secrets," broadening the scope of data and information sharing considered a national security risk. Analysts believe this will further dampen the business climate in China, damaging Xi's goal of attracting foreign investment. The vague definition of "work secrets" and China's increasing focus on national security raise concerns among business leaders about the lack of clarity and potential for arbitrary determinations. These changes come at a time when China is facing economic challenges and a decline in foreign direct investment.
FBI Director Christopher Wray warned that the 2024 US election is likely to face more threats than previous cycles, as adversaries leverage new technology to enhance the speed and sophistication of attacks. Advances in generative artificial intelligence have lowered the barrier to entry for foreign adversaries to engage in malign influence, making it more difficult to detect their efforts. Wray emphasized the importance of collaboration with partner agencies, state and local policymakers, election authorities, and the private sector to identify and disrupt threats to the country's election.
Officials in the US and UK have held discussions regarding security risks that may arise if both countries hold elections around the same time this year. There are concerns that Russia or other adversaries could take advantage of the situation to engage in hostile actions elsewhere. Both countries are also wary of potential interference in their elections by foreign countries, with Russia being the primary focus. Measures are being considered to manage the security relationship between the allies during the transition between governments. Additionally, both countries are concerned about hybrid threats from Russia, including disinformation and intimidation. Efforts to combat misinformation in the UK election have been intensified, particularly regarding deep fakes and the use of artificial intelligence.
领英推荐
North Korean hackers utilized a zero-day vulnerability in the AppLocker security feature of Windows, granting them kernel-level access to targeted systems. The hackers, believed to be part of the Lazarus group, used the FudModule rootkit to carry out malicious activities while evading detection. Lazarus remains a highly sophisticated and prolific hacking group, recently targeting software developers and the global defense sector. They have also been involved in cyber-espionage operations and cryptocurrency theft.
Proposals to use hidden digital watermarks for authenticating AI content have issues, per cybersecurity principles. Watermarks must be undetectable yet verifiable. But text is malleable, and insertion methods are observable. Trust depends on secret algorithms vulnerable to compromise. Effectiveness declines for short texts. Detection aids subversion. Agility to swap algorithms is costly. A clear threat model is needed first. Overall, watermarking seems insufficient for irrefutable AI authorship attribution, though it may have narrow utility if limitations are considered. Alternatives like probabilistic classifiers require more research.
The LockBit ransomware gang threatened to leak documents related to the criminal prosecution of Donald Trump, but the leak never materialized. It remains unclear why the threat disappeared and whether LockBit still holds any of the court's documents. The timing of the threat coincided with a law enforcement takedown operation against LockBit, which may have disrupted their operations. If the documents are still in the hands of hackers, it could further complicate Trump's trial and the upcoming US presidential election.
Fulton County, the largest county in Georgia, is still repairing damage caused by a cyberattack that occurred a month ago. Hackers shut down office phone lines, disrupted government services, and threatened to release stolen data unless a ransom was paid. The ransomware group LockBit claimed responsibility for the attack but failed to release any data after their deadline passed. County officials are working to restore phone service and online systems, while all county offices have reopened. The cyberattack did not affect the ongoing criminal case against former President Donald Trump.
The NSA has confirmed that hackers exploiting vulnerabilities in Ivanti's enterprise VPN appliance have targeted organizations in the US defense sector. The NSA's Cybersecurity Collaboration Center is working to detect and mitigate the impact of these cyberattacks, which are believed to be orchestrated by Chinese-backed threat group UNC5325. The hackers have demonstrated significant knowledge of the Ivanti Connect Secure appliance and have used living-off-the-land techniques to evade detection. The exact number of affected Ivanti customers is currently unknown, but approximately 250,000 exploitation attempts are being launched each day.
Senator Ron Wyden has written a letter to President Biden and his Cabinet, urging them to regulate the cybersecurity standards of wireless carriers to prevent the exploitation of "lax security" in US phone networks. Wyden argued that authoritarian governments have used this lax security to track Americans, journalists, and dissidents, posing a threat to national security, freedom of the press, and international human rights. He highlighted the abuse of two technologies, Diameter and Signaling System No. 7 (SS7), by surveillance technology companies to trick wireless carriers' servers and gain access to phone tracking services. Wyden called on the Biden administration to address this issue and provide regular updates to Congress until it is effectively resolved.
President Biden has issued an executive order aimed at protecting Americans' personal data from foreign threats. The order directs various departments and organizations to regulate personal data better and establish clear standards to prevent foreign access. The move comes in response to concerns regarding the collection, sale, and potential misuse of personal data by companies and data brokers, as well as the national security risks associated with foreign countries accessing sensitive information. The order also addresses the need for privacy protection in light of the upcoming 2024 presidential election and potential cyber warfare interference.
The Cybersecurity and Infrastructure Security Agency (CISA) warns that cyber threat actors are actively exploiting vulnerabilities in Ivanti Connect Secure and Policy Secure gateways. These vulnerabilities, including CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, allow attackers to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. Ivanti's internal Integrity Checker Tool (ICT) has failed to detect compromise, and the company's factory resets do not prevent root-level persistence. Network defenders are advised to assume compromised credentials, hunt for malicious activity, run the latest ICT, apply patches, and consider the risk of persistent access when using Ivanti gateways.
China's rapid advancements in space technology and nuclear capabilities pose a significant threat, while Russia remains unpredictable. U.S. Strategic Command and Space Command officials highlight the need for protecting space assets and modernizing the U.S. nuclear triad to counter these growing dangers. Concerns also arise regarding the cost overruns in the Sentinel program, triggering a review of the program's funding.
The Biden administration has launched an investigation into the national security risks posed by Chinese-made "smart cars," citing concerns about foreign governments accessing the vehicles' systems and data. The Commerce Department will assess the risks associated with connected cars incorporating technology from China and other countries of concern, potentially leading to the implementation of regulations. The administration highlights the potential threats to national security and personal privacy arising from connected vehicles that collect sensitive data, interact with critical infrastructure, and can be manipulated remotely. President Biden emphasizes the need for safeguards against China's attempts to dominate the auto market and protect national security.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to our Cyber Focus podcast.
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.