Cyber Briefing ~ 04/02/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
On this week's Cyber focus, Frank Cilluffo interviews Yigal Unna, who previously served as Israel's National Cyber Director from 2018 to 2022. Unna discusses the cyber threats facing Israel, highlighting Iran, Russia, and terrorist groups. He emphasizes the need for democracies to be bold and innovative in cyber defense. Unna also stresses the importance of building a coordinated response through a single point of accountability within government. His expertise offers insight into strengthening cybersecurity and protecting democratic values from online attacks.
Anti-Kremlin hackers breached Russia's prison system, stealing a database containing information on hundreds of thousands of Russian prisoners and their contacts. The hackers, including Russian expatriates and Ukrainians, shared the data to seek help in understanding what happened to Alexey Navalny. They also manipulated prices on the Russian prison system's online commissary. The leaked data appears authentic and originated from the hacked prison shop, according to cybersecurity experts. This incident highlights the rise of hacktivism as a tool for expressing perspectives and influencing the trajectory of conflicts.
Companies from critical infrastructure sectors, such as telecommunications, financial services, and power, joined forces with government agencies in a joint cybersecurity exercise. The drill aimed to test the effectiveness of their defenses against real attacks. The exercise comes at a time of increased cyber tensions between the U.S. and China, with warnings of China's campaign to infiltrate critical infrastructure systems. The Tri-Sector Cyber Defense Exercise involved combined teams from participating companies, simulating attacks from fictitious entities in their respective sectors. The exercise emphasized the importance of coordination and collaboration among different sectors to counter real-world cyber threats.
The U.S. House of Representatives has implemented a strict ban on congressional staffers using Microsoft Copilot, the AI-based chatbot, due to concerns over the risk of leaking House data to unauthorized cloud services. Microsoft plans to release government-oriented tools this summer to address Congress' security requirements. The ban mirrors the concerns of companies blocking access to consumer chatbots to prevent data leakage.
President Joe Biden and Chinese President Xi Jinping held their sixth call, focusing on issues such as election meddling and cyberattacks. The call is part of a broader effort to stabilize bilateral ties, with upcoming visits from Treasury Secretary Janet Yellen, Secretary of State Antony Blinken, and Defense Secretary Lloyd Austin. The two countries are also planning a dialogue on managing the risks posed by advanced forms of AI. The Biden administration sees these calls as critical in maintaining closer contact at the leader level. Cyberattacks by China-linked hackers were also highlighted, with the U.S. prepared to take action against malicious cyber activity.
The New York City payroll system has been offline for a week following a phishing attack that targeted users of the NYCAPS platform. City workers have not received an explanation for the outage, which comes as Tax Day approaches. The city's cybersecurity team discovered the phishing campaign and has been working with the payroll office and the Department of Citywide Administrative Services to enhance security measures. City employees have been advised to remain vigilant and verify the legitimacy of any NYCAPS and payroll-related communications. The site is still accessible on the city's intranet.
The U.S. Department of Defense has created a dedicated cyber policy office, emphasizing the importance of digital warfare. The Office of the Assistant Secretary of Defense for Cyber Policy was established in accordance with the fiscal 2023 National Defense Authorization Act. Michael Sulmeyer has been nominated as the inaugural assistant secretary of defense for cyber policy, pending confirmation by the Senate. The office will be led by Ashley Manning until Sulmeyer's confirmation. Its responsibilities include developing and implementing cyber policy and strategy, coordinating with Cyber Command, and guiding private-sector outreach. The Defense Department has requested $14.5 billion in cyber spending for FY25.
An upcoming report from the independent Cyber Safety Review Board, mandated by President Biden, criticizes Microsoft for its cybersecurity practices and corporate culture in relation to a Chinese hack that targeted top U.S. government officials' emails. The report highlights lapses in Microsoft's security measures and a lack of transparency regarding the breach's origins. This assessment poses a significant challenge for the tech giant, whose cloud infrastructure is extensively utilized globally.
Small business owners are increasingly concerned about cyberattacks and are investing in cybersecurity tools and consultants. Historically, small businesses have been prime targets for ransomware, phishing attacks, and business email compromises. The heightened concern about cybersecurity is driven by increased awareness of the issue and stories of small-business owners facing scams and ransomware. Professional services organizations and organizations with 20 to 500 employees showed the highest level of concern. While small-business owners are confident in responding to a cyberattack, they also express concerns about supply chain disruptions.
The University of South Florida is launching a new college focused on artificial intelligence, cybersecurity, and computing to prepare students for high-demand careers. The college, set to launch in 2025 pending approval, will utilize the university's existing strengths and partnerships in AI and cybersecurity.
AT&T is facing a class action lawsuit over a recent data breach that affected approximately 73 million current and former customers. The suit alleges that AT&T failed to implement adequate cybersecurity procedures, resulting in the breach and exposing customers to the risk of fraud and identity theft. The breach, which occurred in 2019 or earlier, did not involve unauthorized access to AT&T's systems or exfiltration of the data. AT&T has stated that it will offer credit monitoring services to affected customers. The lawsuit seeks damages and other forms of relief for the affected individuals.
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed that a recent cyberattack on the agency did not result in any data theft. The attack, linked to vulnerabilities in Ivanti remote access VPNs, targeted two CISA systems but did not exfiltrate any data. The agency took proactive measures to isolate the systems and decommission the Ivanti devices. However, one of the breaches may have compromised the personal information of over 100,000 people. CISA is working to notify potentially impacted individuals and organizations to take necessary steps to protect their systems.
A report from the Office of the Privacy Commissioner for Personal Data revealed deficiencies in cybersecurity measures at Hong Kong technology park Cyberport, which led to a ransomware attack and data leak last August. The park lacked effective detection measures and did not enable multi-factor authentication, allowing the hacker to access the network remotely. The investigation also found that Cyberport had unnecessary retention of personal data beyond the stated retention periods, increasing the number of individuals affected by the breach. The watchdog called for the establishment of a personal data privacy management program and timely risk assessments and security audits.
Birmingham city workers have resorted to using paper time sheets due to an ongoing computer outage caused by a suspected ransomware attack. The city's computer systems were compromised, and hackers are demanding payment in order to release the data. The outage has led to manual processes and concerns about correct compensation for employees. While city officials have not confirmed the ransomware attack, they have assured that emergency operations, including the 911 system, have not been affected.
Microsoft and OpenAI are collaborating on a data center project estimated to cost up to $100 billion, featuring an AI supercomputer named "Stargate" set to launch in 2028. The project aims to meet the increasing demand for AI data centers capable of handling advanced tasks. Microsoft is expected to finance the project, which would be significantly more expensive than existing data centers. The proposed supercomputer would be the largest in a series of supercomputers planned over the next six years.
Red Hat and the Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings about malicious code found in XZ Utils, a widely used Linux tool for file compression. The code, present in versions 5.6.0 and 5.6.1, could potentially allow unauthorized access to affected systems. Both Red Hat and CISA recommend downgrading to a secure version, such as XZ Utils 5.4.6 Stable, and monitoring for any suspicious activity. The source and extent of the campaign are still being investigated.
Germany's Federal Foreign Office has raised concerns over the significant growth of Russian disinformation campaigns targeting Ukraine in Europe. The campaigns have become more sophisticated, combining subtlety, plausibility, and automation to enhance their impact and make them harder to combat. Private channels on platforms like Telegram and WhatsApp have made it challenging to understand the full extent of these campaigns. Germany has been a particular target, with one recent attempt involving a network of fake accounts spreading anti-Ukrainian views. Countering these efforts is difficult, as they aim to skew opinions and manipulate the balance of debate. The use of artificial intelligence tools further exacerbates concerns about creating alternative information ecosystems.
During the holy month of Ramadan, cybersecurity threats in the Middle East increase, with cyberattacks and scams estimated to have already caused up to $100 million in financial impact this year. Cybercriminals are impersonating local shipping companies and targeting victims through SMS, iMessage, and WhatsApp with fake parcel delivery messages. Security teams in the region fortify their defenses by enhancing outsourced contracts, prioritizing critical infrastructure, and promoting cross-training within cybersecurity teams. Maintaining vigilance and strengthening cybersecurity measures year-round is crucial to safeguard against cyberattacks.
Cyber defenders from major American infrastructure operators participated in a cross-sector cybersecurity exercise, practicing for potential network shutdowns caused by hackers. This event marked the first known exercise involving utility companies, the financial sector, telecommunications firms, and the U.S. government together.
Subscribe to our LinkedIn Cyber Briefing .
Subscribe to our Cyber Focus podcast .
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.