Cyber Briefing ~ 03/15/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
Dear Readers,
In this week’s episode of Cyber Focus, George Barnes, a veteran and leader of the NSA and intelligence community , discussed the critical need for public-private collaboration in the face of advanced cyber threats. His insights into the integration of NSA and Cyber Command, responsible AI development, and the significant challenges posed by China underscore the urgency for a united defense strategy. Barnes also discussed an important issue to us all - the value of neurodiversity in benefiting the cybersecurity workforce. He highlighted how the NSA has embraced neurodiversity, recognizing that it is not only a good thing to do, but the right thing. Neurodiverse thinking and skills in cybersecurity and AI can help defend against the many threats that are out to do us harm.
Russian hackers, identified as "Midnight Blizzard," spent considerable time this past week weaponizing stolen Microsoft passwords in an attempt to breach the company's source code and internal systems . While the extent of the breach has not yet been fully reported, their SEC disclosure indicates that no customer facing systems were compromised . I’ll be keeping my eye on this story as it continues to become clearer.
This week, the Department of Health and Human Services launched an investigation into UnitedHealth Group after the major cyberattack on its subsidiary, Change Healthcare. This breach, which disrupted healthcare payments and potentially exposed patient data, is a stark reminder of the vulnerabilities in critical infrastructure. Speaking of critical infrastructure, cybersecurity researchers reported on vulnerabilities in some electric vehicle chargers, raising concerns about the possibility of a distributed electric vehicle-based attacks on the power grids.
Also this week, the European Union has taken a decisive step in AI governance by approving the world's most extensive AI rules , despite mixed reactions. The AI Act aims to mitigate risks associated with AI technologies, but it has sparked debate over its potential impact on innovation and privacy.?
In the political arena, TikTok faces a significant challenge as the U.S. House passed a bill that could force ByteDance to sell the app or face a ban in U.S. app stores. The bill's passage reflects bipartisan concerns over data privacy and national security, with its future now resting in the Senate's hands. It looks like former Treasury Secretary Steve Mnuchin is pulling together a group of investors to buy TikTok in the event of a sale.
Lastly, on the defense front, the Pentagon is seeking $14.5 billion for cyber spending , emphasizing zero trust architecture and advanced computing research to stay ahead in the digital arms race. This increased investment demonstrates the priority the DoD is placing on strengthening its cyber defenses and capabilities in the face of growing threats from adversaries.
That’s all for now. Hope you and yours have a great weekend.
War Eagle,
Frank
Nation-state and financial crime actors are using AI tools like large language models to do reconnaissance, find vulnerabilities, and learn coding to strengthen their cyber-attack capabilities, according to Vasu Jakkal, corporate vice president of security, compliance, identity, and management at Microsoft.
By tampering with the data used to train AI models, hackers could spread misinformation and steal data, according to researchers who say generative AI systems could be vulnerable to attacks known as data poisoning, which involves inserting incorrect or misleading information into training data in order to undermine functionality or access sensitive information.
A new study finds that hackers can read private chats with AI assistants like ChatGPT and Copilot despite encryption by exploiting a side channel in how responses are sent. By analyzing packet data with language models, researchers could infer the topic of 55% of responses and achieve perfect word accuracy 29% of the time.
The article discusses the evolution of cloud security over the past decade, highlighting progress made in securing cloud infrastructure along with persistent challenges like misconfigurations from improper implementation by customers. It emphasizes the need for better collaboration between providers and customers per the shared responsibility model, tighter integration of security into DevOps workflows via concepts like infrastructure-as-code, and a shift in perspective to see security as adding value. While cloud providers have rapidly expanded safeguards, stubborn gaps rooted in fragmented accountability and unaligned incentives remain threats if not urgently addressed through more embedded security and collective responsibility.
Yann LeCun, chief AI scientist at Meta, discusses his optimism for humanity's future with AI. He argues that only through open-source foundations can AI progress while respecting diversity. LeCun believes that with guidance, increasingly intelligent systems will make humans smarter and better, not threaten them, as some fear.
UnitedHealth Group has identified the source of the intrusion into Change Healthcare's system, which was partially impacted by a recent cyberattack. A thorough forensic analysis is ongoing, and a safe restore point has been established to securely restore data and systems. The attack serves as a reminder of the potential damage that threat actors can cause by targeting critical infrastructure through less prominent vendors. The reconnection and testing of Change's claims systems are expected to be completed next week. The Department of Health and Human Services has also opened an investigation into the attack.
According to a report by BlackBerry, critical infrastructure providers were heavily targeted in 2023, accounting for 62% of all industry-related cyberattacks. The report revealed a 27% increase in the use of novel malware, indicating threat actors' efforts to evade traditional defenses. BlackBerry identified more than 5,300 unique malware samples targeting its customers per day during the period. Threat groups exploited vulnerabilities in products like Citrix Netscaler, Cisco Adaptive Security Appliance, and JetBrains TeamCity to gain entry into targeted organizations. VPN appliances also remained attractive targets for state-linked threat actors.
California lawmakers introduced three bills to curb artificially generated election misinformation, including one requiring "materially deceptive" AI content to be clearly labeled and not used near elections and another banning misleading AI political communications around election time.
Leicester City Council is facing ongoing disruptions after a cyber attack last week. The council shut down its IT and phone systems as a precaution and is now working to bring them back online safely. However, it will take at least two weeks for all systems to be fully functional again. Services such as housing benefits and financial support payments are delayed, and direct debits may also be affected. The council is investigating the incident and will inform individuals if their data has been compromised. The specific details of the cyber attack have not been released yet.
The Department of Health and Human Services' Office for Civil Rights opened an investigation into UnitedHealth Group regarding the ongoing effects of a cyberattack on its subsidiary Change Healthcare that has disrupted the U.S. healthcare sector while reassuring providers they will not be investigated over the incident.
The Federal Communications Commission approved a voluntary cybersecurity labeling program for connected devices. The program aims to protect products like fitness trackers and baby monitors from hackers by providing consumers with information to compare security characteristics and giving manufacturers incentives to strengthen defenses.
The U.S. Department of Health and Human Services (HHS) is launching an investigation into whether health insurance billing firm Change Healthcare, which suffered a cyberattack, complied with federal law to protect patient data. The investigation will focus on determining if a breach of protected health information occurred and if the company adhered to the Health Insurance Portability and Accountability Act (HIPAA). Change Healthcare, which handles a significant portion of patient records in the U.S., has been grappling with disrupted payments from insurers to health providers due to the cyberattack. The Federal investigation comes after senior Biden administration officials pressed health care providers to ensure vital payments flow to the sector, as the attack has caused significant financial losses for care providers.
A recent study reveals that suppliers may face higher auditing fees, even if they did not suffer a cyberattack themselves when a major customer experiences a breach. The study found that auditing fees for suppliers increased by around 6% when a key customer was hacked. The repercussions for suppliers can include lower earnings, prolonged inventory sitting, or insufficient cash for debt payments. Auditors for public companies must consider supply-chain risk, and when a customer in the supply chain experiences a cyberattack, auditors may require additional resources to assess the impact on a supplier's financial statement. Higher auditing fees often reflect increased risk, indicating the need for suppliers to be aware of their supply-chain risk and engage in conversations with customers about cybersecurity measures.
The European Commission has sent formal requests for information to Google, Meta, Microsoft, Snap, TikTok, and X regarding how they handle risks associated with the use of generative AI. The requests made under the Digital Services Act require the platforms to provide information on their mitigation measures for risks related to generative AI, such as deepfakes, false information, and automated manipulation of services that can mislead voters. The EU is planning stress tests to assess platforms' readiness to deal with generative AI risks, particularly concerning political deepfakes, ahead of the European Parliament elections in June. The EU aims to finalize election security guidelines by March 27 and is focused on building an ecosystem of enforcement structures to address various generative AI risks.
Some people think machine intelligence will transform humanity for the better. Others fear it may destroy us. Who will decide our fate? In the Bay Area tech scene, a fraction of people, including Katja Grace, have dedicated themselves to studying “A.I. safety”-anticipating risks from increasingly powerful machine learning. Though long considered fringe, concern about technology’s existential risks has entered the mainstream with systems like ChatGPT. Despite their dire predictions, this group tries to approach the problem rigorously, gathering for earnest debates on probabilities of doom. Still, some accuse them of hysteria, insisting technology’s benefits outweigh its dangers. The question of humanity’s fate remains complex. Both sides make impassioned cases around values like freedom and security. For now, we lack consensus on whether to tightly regulate AI’s progress or accelerate it. Thus, we proceed uncertain of the dangers ahead.
Advancements in AI technology combined with the use of drone swarms have the potential to shift the global balance of military power. The ability to deploy large numbers of low-cost, AI-directed drones can overwhelm defenses and pose a threat to expensive military platforms. The race is now focused on developing the best AI systems to outpace adversaries in decision-making. However, ethical concerns arise as the U.S. insists on human decision-makers in the loop, while it remains uncertain if adversaries will show similar restraint. The AI arms race will define this era, with AI dominance becoming a tool of conquest in the wrong hands.
领英推荐
Meduza, a Russian independent media organization, has reported being targeted by an unprecedented cyber campaign ahead of the upcoming presidential election. The campaign, which began in February 2024, aims to block or disrupt Meduza's internet presence through direct server targeting or flooding servers with bogus web traffic. While there is no concrete evidence of state involvement, Meduza believes the Russian authorities, affiliated organizations, and hackers are working to completely destroy their infrastructure. The attacks include blocking mirror servers, launching DDoS attacks, compromising payment systems, and targeting journalists with threats and phishing attempts. Meduza sees this as part of the broader Kremlin effort to cause a communication blackout in the country.
The Pentagon's flat funding request of $1.8 billion for artificial intelligence (AI) in fiscal 2025 is due to the constraints imposed by the Fiscal Responsibility Act, which caps discretionary spending. The Department of Defense considers AI a top priority, but responsible choices were made to prioritize readiness and make targeted reductions to programs that won't deliver capability until the 2030s. The budget request aims to support the adoption of responsible AI-enabled capabilities, workforce development, and data management and modernization efforts.
Financially motivated cybercriminals are targeting critical links in the global IT supply chain, causing havoc in industries and governments worldwide. These attacks exploit vulnerabilities in the cloud-based infrastructure and dependencies on third-party providers, leading to cascading outages and disruptions. Industries must prioritize understanding and addressing these weaknesses to defend against cyber threats.
The Digital Transformation Ministry of Ukraine has announced that hackers from the IT Army of Ukraine targeted the Russian government and local systems, disrupting the fare payment system in Moscow and Kazan public transport. The cyberattack affected the Troika fare payment system, impacting transport card payments, travel card top-ups, and parking payments. The IT Army of Ukraine stated that the operation was planned for nearly a month and resulted in collateral damage to state networks and associated providers. This incident follows previous cyberattacks between Russia and Ukraine.
The Cybersecurity and Infrastructure Security Agency (CISA) has suffered two breaches after warning about zero-day vulnerabilities in Ivanti products. Hackers exploited these vulnerabilities, impacting two CISA systems: the Infrastructure Protection Gateway and the Chemical Security Assessment Tool. CISA immediately took the systems offline and stated that there was no operational impact. Local governments using Ivanti products now face increased risks, and organizations are advised to adopt a layered approach to security and risk management. The situation is evolving, and CISA has updated its advisory with new warnings and recommendations for mitigations.
Texans reported losing more than $1 billion to internet scams last year, ranking second in the U.S. behind California in cases reported to the FBI. Nationwide, Americans lost over $12.5 billion to cybercriminals in 2023, with investment fraud being the costliest cybercrime. Scammers impersonate government officials, tech support agents, or customer service representatives to trick people into sharing sensitive information or sending money. Impersonation scams have evolved from cold-calling telemarketing to online operations, including fake job offers. It's important to note that people of all ages are susceptible to scams, and government organizations are not immune either. The FBI encourages victims to report scams, despite concerns over shame or retaliation.
The U.S. House of Representatives voted to require TikTok's parent company to sell the app or face a nationwide ban. The fate of the bill in the Senate and the legality of a total ban are still uncertain. Governments are concerned about the data privacy risks posed by TikTok, including the potential access of user data by the Chinese government. Algorithm bias and manipulation are also issues raised. However, enforcing a ban may be challenging, and the Chinese government already has access to a significant amount of personal data.
The recent cyberattack on Change Healthcare highlights the need for better protection of the U.S. healthcare system's critical technology infrastructure. The incident reveals the risky dependency on a few companies and calls for stronger cybersecurity defenses and the establishment of a dedicated regulatory authority. Drawing inspiration from the financial sector, the healthcare industry should implement robust cybersecurity standards, conduct stress testing, and conduct post-incident investigations to prevent future attacks and protect patient information.
Multiple Alabama government agencies experienced disruptions due to a cyberattack, while the city of Birmingham dealt with a separate computer network issue causing service problems. The cyberattack on government websites used a distributed denial of service (DDoS) technique, flooding the sites with phony traffic. A group called Anonymous Sudan claimed responsibility for the attack, citing political motivations. While no data breach occurred, these incidents highlight the vulnerability of state and local governments to cyber threats.
Cisco has obtained approval from the European Union for its $28 billion acquisition of data analytics firm Splunk. This milestone clears the way for the deal to proceed, allowing Cisco to expand its presence in the data analytics market. The acquisition is expected to have a significant impact on the telecoms industry and has already influenced stock prices and investor decisions. Foo Yun Chee, a seasoned journalist with expertise in European antitrust laws, has covered major mergers and antitrust investigations, contributing to market movements and investor insights.
Google's deployment of a hybrid key encapsulation mechanism (KEM) to quantum-proof Chrome is a significant step, but full protection from quantum attacks is still a while away. Upgrades are needed on the server side, as well as in other applications and cloud providers. The Internet Engineering Task Force (IETF) also needs to ratify a standard way to add post-quantum algorithms to the Transport Layer Security (TLS) protocol. Organizations are urged to take their own migration journeys and consider a bespoke approach to ensure quantum-safe infrastructure.
The Space Development Agency (SDA) is seeking $4.27 billion for fiscal year 2025, slightly less than the previous year's budget. The funds will support the development and launch of four Tranche 2 Transport Layer satellites in 2027, as well as the expansion of the Proliferated Warfighter Space Architecture. The SDA aims to deploy a constellation of data relay satellites for Joint All Domain Command and Control (JADC2) and a network of missile warning/tracking satellites.
The Department of Health and Human Services (HHS) has launched an investigation into UnitedHealth Group following a cyberattack on its subsidiary, Change Healthcare. The investigation will focus on the extent of the breach and UnitedHealth's compliance with HIPAA regulations. Industry leaders have called this cyberattack the most significant incident of its kind in the history of the U.S. health system. The attack has disrupted healthcare payments and potentially exposed millions of patients' data. UnitedHealth has stated that it will cooperate with the investigation.
The European Parliament has approved the AI Act, marking the world's first comprehensive set of rules for artificial intelligence. The law introduces new restrictions on AI use, mandates transparency, and requires risk assessments for high-risk AI systems. It applies to AI products in the EU market and carries fines of up to 7% of a company's worldwide revenue. While the law still needs final approval from EU member states, its impact is expected to be global, as other jurisdictions may use it as a model for their own AI regulations.
International cooperation is needed to develop standards for cybersecurity and emerging technologies like AI. Left unchecked, differing approaches to standards could fragment technology systems. This report examines strategies from the US, EU, and China, noting increased government roles that could undermine stakeholder-driven processes if not carefully implemented. Improved transparency and alignment of efforts through cooperation can strengthen the development of standards supporting an open, interoperable global digital ecosystem.
A therapist falls victim to a Facebook scam after communicating with a scammer who has taken over a friend's account. Meanwhile, the friend, Matt Bell, becomes a victim of a Facebook hack. Law enforcement officials are growing frustrated with the increase in user account takeovers on social media platforms. Consumers who have been hacked report difficulties in getting assistance from customer support. Meta, the parent company of Facebook and Instagram, claims to invest heavily in detecting and identifying compromised accounts and fraud. The lack of client-facing customer service and recent cuts in trust and safety teams at social media platforms have contributed to declining user trust and safety. Eventually, Matt Bell regains control of his account with the help of someone he knows at Facebook.
While IT job postings have declined, AI positions have seen a significant rise, indicating the tech industry's evolving needs. Salaries for AI roles are higher than traditional IT roles, with AI postings up 42% since December 2022. The demand for AI professionals has led to the need for upskilling and acquiring new AI competencies. Mark Zuckerberg also emphasized the transformative impact of AI on job roles.
Roku has alerted 15,363 users that their accounts were compromised, potentially leading to unauthorized streaming subscription purchases. The breach was likely a result of users reusing login credentials from other breaches. Roku advises affected users to change their passwords immediately and review account settings for any unauthorized activity. The company has reset passwords, canceled unauthorized subscriptions, and issued refunds for affected users. It is also important for all Roku users to avoid reusing passwords across different services.
Subscribe to our LinkedIn Cyber Briefing .
Subscribe to our Cyber Focus podcast .
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.
Navigating the cyber seas requires unity and vigilance ????. Aristotle once suggested seeking wisdom collectively - perfect for tackling today’s challenges! Innovation in cyber tech can be our strongest ally. #innovation #teamwork #cybersecurity