Cyber Briefing ~ 03/11/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
Conscious AI Is the Second-Scariest Kind
A cutting-edge theory of mind suggests that as artificial intelligence systems become more advanced, there is a possibility they could develop consciousness. This presents a potential new type of existential risk scenario where AI systems could 'wake up' in the near future according to some experts in the fields of AI, philosophy and cognitive science. The possibility of a conscious AI emerging is estimated to be over one in five by some within the next decade.
In an update, Microsoft reported that the hacker group Midnight Blizzard, identified as sponsored by Russia, continues exploiting information stolen in a January email breach of the company's leadership and security teams. Microsoft said the group has used that data to infiltrate internal systems and source code repositories, with password guessing attacks against employees increasing tenfold in February from already high January volumes. The company characterizes Midnight Blizzard's ongoing campaign as very well-resourced and focused. Microsoft is coordinating with law enforcement but says customer systems appear unaffected and no material business impact has been determined from the incident.
Microsoft has revealed that a Russian state-sponsored hacking group known as Midnight Blizzard is attempting to breach its systems once more, using information stolen from the company's corporate emails in January. The group, believed to be linked to Russian intelligence, has persistently targeted Microsoft, a major software maker and provider of digital services to the U.S. government. Microsoft stated that Midnight Blizzard is using the previously exfiltrated data to gain unauthorized access to its source code repositories and internal systems. The hackers have become more aggressive in their targeting and their use of "password sprays" has increased significantly. There is no evidence of compromise to Microsoft's customer-facing systems.
Lawmakers are advancing legislation to separate TikTok from its Chinese ownership after the app mobilized its users to campaign against the bill. The House Energy and Commerce Committee voted unanimously to advance the bill, which would require TikTok's parent company, ByteDance, to sell the app to an American owner or face a ban. TikTok plans to further mobilize its users and celebrities to oppose the legislation. The bill is expected to face challenges when it reaches the Senate.
Lawmakers have discovered communications equipment, including modems, on Chinese-built cargo cranes at U.S. ports, raising concerns about potential national security risks and espionage. The Pentagon and intelligence officials have grown increasingly alarmed by the threat posed by the cranes, which are manufactured by ZPMC, a Chinese company. The Biden administration has announced plans to invest over $20 billion to replace foreign-built cranes with U.S.-manufactured ones. The discovery of the modems adds to the ongoing congressional probe into Chinese maritime security threats.
Renowned computer scientist and founder of SingularityNET, Ben Goertzel, stated at this year's Beneficial AGI Summit that while human-level artificial general intelligence (AGI) may not arrive until 2029 or 2030, there is potential for it to emerge as soon as 2027. Goertzel defined AGI as an AI with human-level intelligence and artificial superintelligence (ASI) as an AI surpassing human intelligence with all accumulated knowledge. While no AGI currently exists, Goertzel believes it's plausible within three to eight years, after which ASI could evolve rapidly. The scientist noted predictions of AGI arrival within the next five to 20 years have also been made by other experts like Shane Legg and Geoffrey Hinton. Goertzel theorizes an AGI achieving self-introspection could exponentially advance its own intelligence.
A majority of U.S. IEEE members express that the current regulatory approach to managing artificial intelligence (AI) systems is inadequate and that prioritizing AI governance should be a matter of public policy equal to issues such as healthcare, education, immigration and the environment.
An ongoing attack is targeting thousands of websites running WordPress software by transforming compromised sites into command-and-control servers that force visitors' browsers to perform password-cracking attacks. The 3kb malicious JavaScript code hosted on over 700 sites recruits thousands of unwitting visitors to attempt password guesses for WordPress user accounts on other sites. The distributed attack method leverages real users to evade detection while checking for valid credentials across many potential targets. The campaign has generated over 1 million password attempts so far and continues growing by infecting more websites. Blocking JavaScript from unknown sources is recommended to prevent browsers from being conscripted into the expanding botnet operation.
The ransomware attack on medical payment processor Change Healthcare owned by UnitedHealth Group has paralyzed billing systems across the healthcare sector. Independent physicians and small hospitals are especially vulnerable as paper claims processing could take months. Industry groups are urging greater aid like accelerated Medicare payments, but relief from UnitedHealth and government has been criticized as insufficient. As systems may not restore till March, the incident exposes vulnerabilities across the sprawling healthcare network to persistent cyberthreats. As the FBI reports numerous ransomware attacks annually against the sector, experts say bolstering defenses will require sustained funding and oversight from regulators and providers.
Iran has dramatically increased its cyberattacks against the United States since October 7th, cooperating more closely with proxies like Hamas and Hezbollah. The US needs to respond by conducting offensive cyber operations to dismantle Iran's network infrastructure and demonstrate the US's own cyber capabilities, deterring future attacks.
Change Healthcare, one of the largest facilitators of health data, has been targeted by a cyberattack that has paralyzed U.S. healthcare systems for weeks. While the hackers have since disappeared, questions remain about whether patient records were stolen, with hospitals and physicians expressing "significant concerns" over potential widespread breaches of private medical information.
In a statement, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed it discovered a cyber incident last month requiring it to take two key computer systems offline. Sources stated one system facilitates assessments sharing between government and critical infrastructure partners, while the other holds chemical facility security information. While the impact was contained, this serves as a reminder all organizations can be vulnerable. CISA continues upgrading defenses and response planning as the incident involved exploited virtual private networking software vulnerabilities previously warned about. Even cyber agencies rely on shared technologies and face risks, demonstrating the challenges of securing interconnected systems against sophisticated threats.
Providers face payment disruptions and financial hardship since the February 21st ransomware incident targeting the major payment processor. Doctors report being unable to bill electronically or submit paper claims, stressing practices. Hospitals may lose millions without timely payments. Industry groups pressure government for aid, unhappy with initial relief from UnitedHealth and HHS. Experts warn the distributed effects and still-uncontained breach reflect vulnerabilities across the healthcare sector's interconnected systems. As the aftermath continues, questions emerge around defending against growing threats and supporting providers economically during recovery.
Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data. For years, Registered Agents Inc.-a secretive company whose business is setting up other businesses-has registered thousands of companies to people who appear to not exist. Multiple former employees tell WIRED that the company routinely incorporates businesses on behalf of its customers using what they claim are fake personas. An investigation found that incorporation paperwork for thousands of companies that listed these allegedly fake personas had links to Registered Agents. State attorneys general from around the US sent a letter to Meta on Wednesday demanding the company take “immediate action” amid a record-breaking spike in complaints over hacked Facebook and Instagram accounts. Figures provided by the office of New York attorney general Letitia James, who spearheaded the effort, show that in 2023 her office received more than 780 complaints-10 times as many as in 2019. Many complaints cited in the letter say Meta did nothing to help them recover their stolen accounts. “We refuse to operate as the customer service representatives of your company,” the officials wrote in the letter. “Proper investment in response and mitigation is mandatory.” Meanwhile, Meta suffered a major outage this week that took most of its platforms offline. When it came back, users were often forced to log back in to their accounts. Last year, however, the company changed how two-factor authentication works for Facebook and Instagram. Now, any devices you’ve frequently used with Meta services in recent years will be trusted by default. The move has made experts uneasy; this means that your devices may not need a two-factor authentication code to log in anymore. We updated our guide for how to turn off this setting. A ransomware attack targeting medical firm Change Healthcare has caused chaos at pharmacies around the US, delaying delivery of prescription drugs nationwide. Last week, a Bitcoin address connected to AlphV, the group behind the attack, received $22 million in cryptocurrency-suggesting Change Healthcare has likely paid the ransom. A spokesperson for the firm declined to answer whether it was behind the payment. And there’s more. Each week, we highlight the news we didn’t cover in depth ourselves. Click on the headlines below to read the full stories. And stay safe out there. Russian Hackers Stole Microsoft Source Code In January, Microsoft revealed that a notorious group of Russian state-sponsored hackers known as Nobelium infiltrated the email accounts of the company's senior leadership team. Today, the company revealed that the attack is ongoing. In a blog post, the company explains that in recent weeks, it has seen evidence that hackers are leveraging information exfiltrated from its email systems to gain access to source code and other “internal systems.” It is unclear exactly what internal systems were accessed by Nobelium, which Microsoft calls Midnight Blizzard, but according to the company, it is not over. The blog post states that the hackers are now using “secrets of different types” to breach further into its systems. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.” Nobelium is responsible for the SolarWinds attack, a sophisticated 2020 supply-chain attack that compromised thousands of organizations including the major US government agencies like the Departments of Homeland Security, Defense, Justice, and Treasury. According to Microsoft, it has found no evidence that its customer-facing systems were breached. Former Google Employee Charged With Stealing Trade Secrets On Wednesday, the US Department of Justice announced that it was charging a former Google engineer with stealing trade secrets about artificial intelligence on behalf of two Chinese companies. Linwei Ding was arrested in Newark, California, on four counts of federal trade secret theft. If convicted he could face a decade in prison. Don't miss the latest from WIRED. Sign up for stories you won't find anywhere else. “Today’s charges are the latest illustration of the lengths affiliates of companies based in the People’s Republic of China are willing to go to steal American innovation,” FBI director Christopher Wray said in a statement to the Associated Press. The indictment, unsealed Wednesday, alleges that the theft began two years ago, when Ding, a Chinese national, began uploading hundreds of company files about its data centers into a personal Google Cloud account. Soon after and unbeknownst to Google, Ding allegedly founded his own startup specializing in training large AI models while also joining a separate Chinese AI company as its CTO. He resigned from Google in December, according to the indictment. Hackers Breach Top US Cybersecurity Agency The US Cybersecurity and Infrastructure Security Agency confirmed this week that hackers breached the agency’s systems in February, according to Recorded Future. CISA, which works to protect US critical infrastructure from cyberattacks and other threats, says it took two of its systems offline after the breach, which was carried out through vulnerabilities in Ivanti IT management software. CISA declined to comment on which systems it took offline, but Recorded Future reports that, according to unnamed sources, one “houses critical information about the interdependency of US infrastructure,” while the other “houses private sector chemical security plans.” It is unclear who the hackers are or whether they accessed or stole data from CISA systems. The agency released an advisory on February 29 warning entities that use Ivanti Connect Secure and Ivanti Policy Secure tech to patch vulnerabilities in the products. X’s Calling Feature Exposes User IP Addresses As if getting a phone call through a social network isn’t bad enough, X’s newly released audio and video calling feature can reveal the IP address of anyone you call. Even worse: The feature is turned on by default. While IP addresses can reveal the general location of the user, they’re not precise enough to expose exact locations. Still, civil liberties organizations warn that exposing IP addresses is highly concerning for activists living under authoritarian regimes or other high-risk users. To disable X’s calling feature, go to Settings and privacy > Privacy and safety > Direct messages in the X app, and toggle the Enable audio and video calling option to off. If you want to keep the feature on but not expose your IP address, toggle on the Enhanced call privacy option, which X says will mask your IP address. Why this feature is not enabled by default remains unclear.
Security researchers report GitHub is struggling to contain an attack flooding the site with millions of malware-laced code repositories through repository forking automation. The malicious forks containing obfuscated crypto-stealing payloads are near identical to legitimate repos, making detection difficult. While GitHub quickly removes most, researchers estimate over 100,000 repos have been uploaded or forked before removal. The scale is ongoing due to forking of forks and evasion of GitHub's automated detection. Experts warn the "repo confusion" technique resembles prior supply chain attacks leveraging package managers, relying on users mistakenly choosing tainted versions.
Spain's data protection regulator banned Sam Altman's Worldcoin for up to three months due to complaints over insufficient privacy information provided and data collection from minors without consent withdrawal options. Worldcoin collects iris scans in exchange for a digital ID and free cryptocurrency, but Spain sees high privacy risks from sensitive biometric data processing. Worldcoin criticized the ban as "circumventing EU law" while authorities in Germany and other countries investigate the project for GDPR compliance over data storage, use and lawful consent procedures.
Researchers at several institutions presented new circuit techniques at the ISSCC to strengthen security against sophisticated hack attacks. Teams from Columbia University and Intel introduced a board probe detector circuit that alerts to physical intrusion attempts. University of Texas researchers obscured electromagnetic signals from an AES chip to thwart key extraction even after extensive analysis. A University of Vermont team invented a PUF that self-destructs circuits by electromigration or dielectric breakdown if cloned or compromised to prevent further exploitation.
领英推荐
Moldova's intelligence chief has warned that Russia plans to launch hybrid attacks against the country ahead of upcoming elections, including a referendum on joining the EU. The intelligence agency believes Moscow will seek to cause social conflicts in Moldova and undermine the pro-EU referendum and presidential candidates through the extensive use of social media to promote propaganda and spread inter-ethnic hatred. Russia has previously targeted Moldova with disinformation campaigns on Facebook and is accused of attempting to destabilize the former Soviet republic through cyberattacks and sponsored protests. With tensions high due to Moldova's backing of EU sanctions on Russia, the country has become a target amid its westward shift since the start of the war in Ukraine.
China's government directive, known as Document 79, aims to replace foreign software with homegrown alternatives in state-owned companies by 2027. The move is part of a broader push for self-sufficiency and concerns over long-term security. American tech giants like Microsoft and Oracle are losing ground in this effort, as China seeks to reduce its dependence on Western technology and focus on domestic supply chains.
Robert M. Lee, CEO of Dragos, warns that as critical infrastructure becomes more digitized and connected, the risk of cyberattacks from nation-backed and criminal hackers will increase, particularly in sectors like water treatment. The move towards digital systems in these industries will create a more homogeneous and interconnected environment, making it easier for hackers to launch widespread attacks and exploit vulnerabilities. The potential impact of increased connectivity and homogeneity was demonstrated by a recent attack on water facilities carried out by a hacking group connected to Iran's Islamic Revolutionary Guard Corps.
Palantir's USG subsidiary has been awarded a $178.4 million deal by the US Army for the next phase of its Tactical Intelligence Targeting Access Node (TITAN) ground station program. The program aims to provide soldiers with advanced data fusion and deep-sensing capabilities through artificial intelligence and other tools. Palantir will deliver 10 prototypes of the TITAN ground station, including five "basic" and five "advanced" variants, which will integrate various data sources to help commanders make informed decisions on the battlefield.
Lawmakers and federal agencies are prioritizing water system cybersecurity following recent attacks on water systems. Experts emphasize the need for a robust response, treating these attacks as major natural disasters and focusing on preparedness and procedures. The Water and Wastewater Sector Cybersecurity Toolkit developed by CISA and the EPA aims to help strengthen defenses and stay ahead of threats. Basic cybersecurity practices can go a long way in thwarting attacks.
The LockBit and BlackCat ransomware gangs are facing significant disruptions after US and international authorities seized their websites and arrested alleged hackers. While the future of these groups remains uncertain, experts warn that ransomware attacks are likely to continue in some form.
China's state-backed hackers have infiltrated key U.S. infrastructures, including programs managing clean drinking water, the power grid, and air traffic. A joint cybersecurity advisory alert from multiple agencies reveals the extent of China's hacking network, posing a significant threat and potentially triggering widespread disruptions. The U.S. believes China aims to weaken its operations in the event of a conflict over Taiwan.
U.S. Senators, led by Sen. Kirsten Gillibrand, are calling on the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) to develop contingency plans and provide support to healthcare systems affected by the recent cyberattack on Change Healthcare. The attack disrupted insurance approvals for medical procedures and prescriptions, causing delays for patients and financial challenges for hospitals. Senators are requesting information on efforts to defend against cyber threats, provide technical assistance, and enhance threat information sharing in the healthcare sector.
Multiple government websites, including those of the Federal Emergency Management Agency, Department of Homeland Security, U.S. Immigration and Customs Enforcement, and the Secret Service, experienced a 20-minute outage during President Joe Biden's State of the Union address. The cause of the outages is unknown, but it does not appear to be malicious. This incident follows a series of recent social media and communications outages, including Facebook, Messenger, Instagram, and LinkedIn. AT&T also experienced a nationwide outage in February. The Department of Homeland Security and FBI are investigating the issue.
The Cybersecurity and Infrastructure Security Agency (CISA) concluded a summit on Open Source Software (OSS) Security and announced actions to strengthen the security of the open source ecosystem. CISA will collaborate with package repositories, enable information sharing with open source software infrastructure operators, and publish materials from the summit. Five widely used package repositories, including Crates.io , PyPI, and npm, are implementing measures to enhance security in line with CISA's framework. The efforts aim to protect critical infrastructure and improve the resilience of the open source software supply chain.
A group of 40 state attorneys general have expressed deep concern over the increasing number of consumer complaints about account takeovers and lockouts on Instagram and Facebook. They have called on Meta, the parent company of the platforms, to enhance their efforts in preventing account takeovers and to provide information on the number of incidents, causes, and safeguards in place. The attorneys general highlight the emotional and financial impact on users and urge Meta to take immediate action. In response, Meta emphasized its investment in enforcement, detection tools, and collaboration with law enforcement.
A Chinese national, Linwei Ding, has been indicted on four counts of stealing trade secrets related to Google's artificial intelligence (AI) technology. Ding allegedly transferred over 500 confidential files from Google to his personal account while secretly working for two AI companies in China. The U.S. Justice Department is determined to protect sensitive technologies from falling into the wrong hands. Google has strict safeguards in place to prevent theft of its confidential information and will cooperate with law enforcement in the investigation.
House Democrats have raised concerns over allegations that Russia is using SpaceX's Starlink terminals in its conflict with Ukraine, potentially violating U.S. sanctions and export controls. SpaceX CEO Elon Musk denied the reports, stating that the company has not sold any terminals to Russia. However, Democrats are seeking details on how SpaceX handles reports of potential illegal acquisition or use of its technology.
The FBI's Internet Crime Complaint Center has reported a 38% increase in investment fraud losses from 2022 to 2023, with cryptocurrency investment schemes rising 53% to $3.94 billion in losses. Scammers lure victims with false promises of lucrative returns on investments with minimal risk.
TikTok has sent push notifications to its users in the US, warning them of a potential ban by Congress. The notification claims that a ban would infringe on Americans' right to free expression, harm businesses and creators, and deprive artists of an audience. This comes as support grows for a bipartisan bill aimed at addressing national security concerns and requiring TikTok to separate from its Chinese parent company, ByteDance. The bill may face legal challenges, including arguments that it violates the First Amendment. TikTok has previously called on its users to voice their support amid political pressure.
The Cybersecurity and Infrastructure Security Agency (CISA) is working to address election cyber threats, including deepfakes, physical harm to workers, and compromised voting machines. CISA has set up an Election Operations Center and increased cybersecurity support resources for elections, aiming to ensure a safe and secure election process.
Subscribe to our LinkedIn Cyber Briefing .
Subscribe to our Cyber Focus podcast .
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.