Cyber Briefing ~ 04/10/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
On this week's episode of Cyber Focus we have Mark Montgomery, former executive director of the Cyberspace Solarium Commission. Frank and Mark discuss the commission's major achievements in legislating protections for critical infrastructure, as well as unfinished business like reorganizing Congressional oversight. Montgomery provides a candid assessment of the preparedness levels across different sectors, highlighting water and healthcare systems concerns. He also analyzes the evolving cyber threat landscape dominated by nation-state actors like China, Russia, Iran, and North Korea. Looking ahead, Montgomery advocates for establishing an independent cyber force within the military to improve cyber workforce recruiting and training. It's a wide-ranging conversation that covers policy, threats, budgets, and the need for new models to enhance national cybersecurity.
Rising incidents of domestic terrorism and state-sponsored cyber attacks on critical infrastructure are increasing the risk to the U.S. power system, warns the North American Electric Reliability Corp. Geopolitical turmoil and the upcoming U.S. election season are contributing to a surge in malicious cyber activity and physical threats against the power infrastructure. The situation has significant ramifications for the North American grid.
French officials are preparing for a range of cyberattacks during the upcoming Summer Olympics in Paris, including state-sponsored hacking, ransomware attacks, and hacktivism. The head of France's cybersecurity agency, ANSSI, stated that the geopolitical landscape, particularly the war in Ukraine, will be a factor in the threat assessment. France is working to enhance security measures and provide timely information to counteract panic and misinformation.
Microsoft, Google, IBM, Intel, SAP, and Cisco, among others, have joined a consortium led by Cisco to collectively train nearly 100 million technology workers over the next decade to address AI's impact on the workforce. The consortium will assess AI's impact on various job roles, provide training recommendations, and release a report with practical insights for employers. The initiative aims to identify skills development pathways and train workers to prepare for the challenges and opportunities brought by AI.
The article discusses how Iran has become a major global proliferator of increasingly sophisticated drone technology and know-how. Countries from Central Asia to South America are now making their own drones based on Iranian designs, often still incorporating US components. Iran's domestic industry emerged from wartime necessity and sanctions evasion. The drones pose urgent risks as Iran supplies proxies and allies with models able to strike deep into enemy territory. Kamikaze drones recently killed US troops in Jordan. The evasion of export controls to obtain US parts frustrates lawmakers. Verifying an arms embargo on Iran is difficult.
Taiwan Semiconductor Manufacturing Co. (TSMC) will receive $6.6 billion in grants and up to $5 billion in loans from the US government to build chip factories in Arizona. The funding is part of President Joe Biden's efforts to boost domestic chip production. TSMC will construct a third factory in Phoenix, which will use 2-nanometer process technology and is expected to be operational by the end of the decade. The total investment at the three plants is estimated to be over $65 billion. The funding is subject to due diligence and will be disbursed based on construction and production milestones.
A report from Moody's Ratings reveals that CISOs and other senior-level cybersecurity executives are playing a more significant role in the C-suite as companies recognize the need for strong cyber governance. The report shows that about 90% of cybersecurity managers now report to a top-level company executive, compared to 62% in 2021, with a higher percentage reporting directly to CEOs. This increased proximity to executives leads to greater awareness of cyber risk, increased support for budgets and resources, and more frequent cyber briefings to CEOs. The evolving role of CISOs is driven by high-profile cyberattacks and increased regulatory scrutiny.
Incident response firm Mandiant has identified multiple threat groups targeting Ivanti Connect Secure devices and conducting post-exploitation activities. Mandiant observed eight distinct clusters involved in exploiting vulnerabilities in Ivanti's remote access VPNs, including five China-linked espionage groups and three financially motivated attackers. The post-exploitation activities involved lateral movement using open-source tools and custom malware families. Mandiant advises Ivanti customers to install the latest patch and run the integrity checker tool released by the company to protect against these exploits.
According to a report by the Department for Science, Innovation, and Technology, UK businesses have astounded experts with their lack of preparedness and response to security breaches. Only 22% of businesses have a formal incident response plan, and reporting rates to authorities and organizations are low. Furthermore, 39% of businesses took no action following their most disruptive breach in the past year. The decline in awareness of security initiatives and willingness to seek support is also a cause for concern.
Lawmakers have unveiled the American Privacy Rights Act, a bipartisan and bicameral bill aimed at passing a comprehensive data privacy law. Key provisions include allowing consumers to sue for privacy violations, establishing a privacy office at the FTC, preemption of state laws with some exceptions, targeting data brokers, and addressing AI issues. The bill is seen as significant due to its bicameral, bipartisan nature and growing concerns about AI and kids' privacy.
Google introduces new cloud-based security products and services, leveraging its flagship generative AI model, Gemini. These tools include Gemini in Threat Intelligence, which assists in threat analysis and natural language searches; Gemini in Chronicle, which guides security analysts through investigations; and a Gemini-driven feature in Security Command Center for threat searching. Google also unveils privileged access manager, principal access boundary, Autokey, and Audit Manager as part of its security updates.
A report by Bitdefender reveals vulnerabilities in LG TVs running webOS versions 4 through 7, which could allow attackers to gain root access and spy on user activity. While this vulnerability was only found in TVs connected via Ethernet, over 91,000 exposed TVs were identified globally. Users are advised to keep their TVs updated, use strong passwords, and ensure their routers are updated as well.
A hacker claiming to represent the ransomware gang DragonForce attempted to extort a company by calling their front desk and pressuring employees to pay a ransom. The recorded phone call, posted on the dark web, shows the failed attempt to intimidate the company. Ransomware gangs are increasingly using telephone contact as a tactic, and organizations should consider this in their response plans. The company involved has not commented on the incident.
The G7 countries, along with other like-minded nations, are planning to create a list of trustworthiness criteria for critical clean technologies, such as chips and batteries, in order to counter Chinese influence. European Commission Vice-President Margarethe Vestager stated that the criteria could include environmental footprint, labor rights, cybersecurity, and data security and should be objective and independent. The aim is to establish a global standard that applies to all trustworthy producers, aligning competitiveness with shared values. Vestager also highlighted the EU's dependence on third countries, particularly China, in critical technologies and supply chains, emphasizing the need to address the risks associated with one-sided dependencies.
Israel National Cyber Directorate Chief Gaby Portnoy warns of intensified cyberattacks from Iran and Hezbollah, with attacks in every Israeli sector. Iran's Intelligence Ministry led the recent cyberattack on Safed's Ziv Medical Center, aiming to disrupt hospital operations and damage Israel's resilience. The Predatory Sparrow hacktivist group claims to have disabled gas stations across Iran in retaliation. Israel has accused Iran of cyberattacks, including on the Israeli Justice Ministry.
Although Russia has banned Starlink, middlemen are proliferating to buy the devices and ship them to Russian forces in Ukraine, eroding the battlefield advantage once held by Ukrainian troops who also use them. Starlink is also being used in Sudan by the Rapid Support Forces, a paramilitary group accused of war crimes that the U.S. has sanctioned. The RSF uses dealers in Dubai to buy and activate the devices and then smuggles them into Sudan. Sudanese authorities unsuccessfully asked SpaceX to help regulate Starlink's use. The spread of the hardware has put SpaceX in complex geopolitics, as it can limit access by location. But a shadowy global supply chain is delivering the devices to some U.S. adversaries.
The increasing frequency of ransomware attacks, such as the recent ones on MGM and Change Healthcare, should serve as a wake-up call for businesses and governments. The vulnerability of data transmission pipelines and the availability of cheap cyber technologies are allowing hackers to exploit and extort money. Old-world solutions like ransomware insurance are inadequate, and policymakers need to reconfigure the internet and regulate cryptocurrencies to combat online crimes effectively. Reconfiguring digital pipelines, implementing authentication and governance, and creating a dedicated police force are necessary steps.
Military pharmacies have returned to full operations after a cyberattack on Change Healthcare, the nation's largest commercial prescription processor, disrupted business for several weeks. The attack prompted Change Healthcare to disconnect its system from the medical ecosystem, causing longer wait times for customers. Retail pharmacies resumed normal operations by March 8, while on-base pharmacies took longer to recover. The connection between Change Healthcare and the Defense Health Agency's network was restored the week of April 1. Customers who were asked to pay full price for prescriptions during the outage can file a claim for reimbursement with Tricare.
A report spearheaded by the Pentagon's Defense Innovation Unit (DIU) suggests that it may be time for the US government to establish a cabinet-level organization or a "Department of Space" to streamline bureaucratic processes and better integrate civil, military, and commercial regulatory activities in outer space. The report recommends modeling the department on the Department of Energy for decisive action and cost control, rather than the Department of Homeland Security, which faces bureaucratic challenges. In the meantime, efforts should be made to streamline the bureaucracy under the Vice President or an appointed Director of Space to preserve the space industrial base and drive economic growth in the sector.
The Army plans to terminate the Cyber Situational Understanding (Cyber SU) program, which aims to provide ground commanders with better insight into the cyber and electromagnetic landscape. The program's requirements and mission will be integrated into other Army initiatives, with funding realigned to different priorities. The Army emphasizes that it is not divesting from situational understanding or cyberspace missions but rather adjusting its approach to meet future needs. The product manager for Mission Command-Cyber has been reflagged as the product manager for Signals Infrastructure to reflect the expanded portfolio.
The Biden administration is investing $6.6 billion to expand a semiconductor manufacturing facility in Arizona, aiming to bolster U.S.-based technological manufacturing. Taiwan Semiconductor Manufacturing Co. (TSMC) will receive the funds and increase its investment in the Phoenix area to $65 billion. The expansion is funded by the Chips and Science Act, addressing concerns over the U.S. reliance on semiconductor manufacturing in Asia. The move is seen as crucial for national security and competition in the industry, with estimated job creation of 20,000 construction jobs and 6,000 high-tech jobs.
Senate Republican Leader Mitch McConnell called for action to restrict TikTok, citing concerns over national security and the app's ties to China. Momentum in the Senate has stalled for a bill that would ban TikTok in the U.S. unless its Chinese parent company, Bytedance, sells its stake. McConnell's involvement could reignite efforts to pass legislation against TikTok, with Senate Majority Leader Chuck Schumer also prioritizing TikTok legislation. McConnell emphasized the need for bipartisan steps to counter Beijing's influence and espionage. Skeptics have raised constitutional concerns regarding the naming of TikTok in the bill.
OpenAI is facing a barrage of lawsuits and government investigations, including allegations of copyright violations and diverging from its nonprofit mission. The company has hired a team of in-house lawyers and top U.S. law firms to handle the legal challenges. OpenAI is also in talks to hire Chris Lehane, a former press secretary for Al Gore, to bolster its political strategy. The company is playing defense as it grapples with lawsuits, investigations, and potential legislation that threaten its goal of building powerful AI.
领英推荐
The Maryland legislature has passed two privacy bills aimed at restricting the collection and use of personal data by tech platforms. One bill focuses on the online data privacy of consumers, while the other aims to protect young people from tracking and manipulative techniques used by social media and gaming platforms. The bills have faced opposition from industry trade groups representing companies like Amazon, Google, and Meta. Maryland joins a few other states that have enacted comprehensive privacy legislation and children's online privacy safeguards. The bills now await the approval of Governor Wes Moore.
According to leaked Kremlin documents, Russia has ramped up propaganda operations to undermine U.S. support for Ukraine, which is seen as a top priority. Strategists instruct trolls to pose as Americans and spread isolationist and anti-Ukraine messages on social media to stir opposition to military aid packages. The propaganda pushes far-right views and sows racial tensions. It has gained traction, with some GOP lawmakers echoing Russian talking points. The sophisticated disinformation campaign builds on a decade of Kremlin efforts to boost anti-establishment populists in the West.
Researchers and start-ups are developing methods to identify and track deepfake images in order to combat their proliferation across the internet. Techniques include digital watermarks, metadata labeling on real images, AI algorithms trained to detect deepfakes, and promoting critical thinking among users. However, experts warn that the problem will only become more challenging as AI image generation technology advances.
China-based hyper-scaler Alibaba has announced a reduction in pricing for several core public cloud services globally, with cuts of up to 59%. The company aims to compete for global cloud market share, where it currently holds a relatively minor position. By reducing prices on compute, storage, network, and database services, as well as analytics products, Alibaba hopes to attract international businesses. Despite its dominant presence in mainland China's public cloud market, Alibaba has struggled to gain traction in other regions, including the US. The company's cloud revenue comes mainly from China and the Asia-Pacific region.
Despite the popularity of tools like ChatGPT, many companies are proceeding cautiously or not using generative AI at all. Reynolds American, for example, is testing gen AI in limited capacities for data analysis but not in high-risk finance or customer-facing roles. Concerns about risks, uncertainty about usefulness, and the lack of clear use cases contribute to the cautious approach. Large businesses are more likely to adopt generative AI but also acknowledge the potential security risks. Time will be a determining factor in the widespread adoption of generative AI.
The SEC's new cyber disclosure rule requires public companies to quickly report material incidents, aiming to improve transparency. The Biden administration is leveraging emergency economic powers to restrict sensitive personal data transfers to adversaries like China. The DOJ is pursuing creative legal strategies to disrupt cybercriminal operations, seizing encryption keys, recovering ransom, and taking over command-and-control infrastructure. High-profile takedowns like LockBit and Volt Typhoon demonstrate the government's growing ability to impose costs on sophisticated cyber threats. Across sectors, regulators are grappling with how to improve cybersecurity, though challenges remain in harmonizing competing priorities and authorities.
Home Depot has confirmed that its employee data was compromised in a supply chain data breach through a third-party software vendor. The breach exposed the names, corporate IDs, and email addresses of a small sample of employees, which could be used for targeted phishing attacks. Selecting SaaS vendors with strong cybersecurity protections and conducting regular audits are crucial for enterprise security. Home Depot experienced a larger data breach a decade ago involving customer credit card data.
Software-defined vehicles, particularly electric vehicles (EVs), pose challenges for managing cybersecurity in vehicle fleets. While the "right to repair" allows consumers and third parties to maintain and repair their vehicles, remote diagnostic and update networks remain closed. Automakers need to balance accessibility with cybersecurity risks as vehicles become more connected and susceptible to attacks. Properly designed platforms and secure channels for sharing diagnostic information can help mitigate the risk of cyberattacks, which often focus on availability rather than safety.
Investing in cybersecurity skills and spreading awareness is crucial in mitigating threats that target individuals. Interactive, person-led training that adapts to individual learning styles is effective in promoting a deep understanding of security practices. Creating a cybersecurity culture involves encouraging employees to share their personal experiences with security issues openly and implementing tests to gauge the effectiveness of security programs. By equipping employees with knowledge and empowering them, we contribute to a safer digital world for everyone.
Dark Reading's latest Tech Insights report shares expert advice on implementing comprehensive security strategies to secure the software supply chain. The report covers vendor risk management, security frameworks, software composition analysis, and DevSecOps practices to defend against supply chain attacks. Due to the insidious nature and potential impact of these attacks, enterprises must be cautious and not blindly trust their technology environments.
China expresses deep concern over reports of Japan joining the AUKUS security pact, stating that it disregards the risk of nuclear proliferation and would intensify the arms race in the region. China opposes the formation of exclusive circles and bloc confrontation.
Australia dismisses reports of Japan joining the AUKUS security pact, stating that any cooperation would be project-specific. Australian Prime Minister Anthony Albanese emphasizes that there are no plans to expand AUKUS's membership.
Taiwan Semiconductor Manufacturing Co (TSMC) will receive up to $6.6 billion from the US government for its factory complex in Phoenix, Arizona. The funding aims to support the growth of the domestic semiconductor industry, with TSMC set to produce cutting-edge chips in the US. The grant is part of the Chips Act, which seeks to bring chip-making back to the US and reverse the industry's overseas flight. TSMC's project is expected to create thousands of jobs and is the largest foreign direct investment in a new project in US history.
Taiwan Semiconductor Manufacturing Co (TSMC) has agreed to produce its most advanced chips in Arizona from 2028, in line with the Biden administration's efforts to boost domestic semiconductor production. TSMC will build a fabrication plant in Phoenix to manufacture cutting-edge 2-nanometer chips, and a third facility with even more advanced technology will be operational by 2030. The US will provide TSMC with support worth $6.6 billion in grants and up to $5 billion in loans. The move aims to bring 20% of the world's advanced semiconductor manufacturing to the US by 2030 and reduce reliance on Asian production.
The United States is providing up to $6.6 billion in funding to TSMC to expand chip production in Arizona, with a third facility planned. This is part of a larger $65 billion investment in the US by the Taiwanese chip giant. The move aims to boost domestic semiconductor production and reduce dependence on Asian suppliers. Next week, the Biden administration is expected to announce over $6 billion in funding for South Korea's Samsung to expand chip output in Texas.
Attackers have allegedly stolen and posted the US Environmental Protection Agency's (EPA) global contact list of critical infrastructure contacts on a data leak forum. The dataset contains names, email addresses, phone numbers, and more for 8.5 million individuals. While the data is from 2016, attackers could still use it for targeted phishing attacks, potentially gaining access to critical infrastructure facilities. The attacker, known as "USDoD," has claimed responsibility for previous high-profile hacks. The EPA has not yet commented on the incident.
Key House and Senate committee leaders have introduced a new bipartisan proposal called the American Privacy Rights Act (APRA). The proposal aims to establish a comprehensive data privacy framework at the federal level, limiting the types of consumer data that companies can collect and giving users control over their data. It also includes provisions for opting out of targeted advertising and creating a national registry of data brokers. While the proposal is still in draft form, it represents a potential breakthrough in passing federal data privacy legislation.
Microsoft has announced plans to establish an artificial intelligence (AI) hub in London, focusing on product development and research. Led by Mustafa Suleyman, co-founder of Google DeepMind, the move reinforces Microsoft's position as a leader in AI technology. The hub may attract talent from other AI-focused companies and align with Britain's efforts to position itself as a technology superpower. Microsoft's recent commitment to investing in data center infrastructure and improving AI skills in Britain further supports this initiative.
House Republicans are embroiled in a divisive debate over government surveillance powers, revealing deep-seated uncertainty within the party. The battle centers around the reapproval of Section 702 of the Foreign Intelligence Surveillance Act, with some Republicans skeptical due to the FBI's investigation into Donald Trump's 2016 campaign. Speaker Mike Johnson is attempting to mediate between factions that differ on how much to rein in Section 702, risking alienating conservatives as he faces a vote of no confidence. The outcome of the debate could have significant implications for national security and privacy.
SecurityScorecard's groundbreaking Cyber Resilience Scorecard provides data-driven insights linking a country's economic prosperity to its cybersecurity resilience. The report identifies key threat actors, geopolitical hotspots, high-risk sectors, and the interconnected nature of supply chain risk, underscoring the critical need for global leaders to prioritize cybersecurity transparency and collaborative risk management. According to Rob Knake, former Deputy National Cyber Director and current McCrary Institute senior fellow, "Policymakers globally need to find new methods to assess national resilience and evaluate if policies and programmes enhance cyber resilience."
Andesite AI, co-developed by Red Cell Partners and General Catalyst, is a cybersecurity company that uses AI to analyze data sets. This empowers cyber defenders and analysts to quickly identify threats, allocate resources, and improve security posture. The company has received $15.25 million in initial funding and aims to enhance the capabilities of cybersecurity teams.
Subscribe to our LinkedIn Cyber Briefing .
Subscribe to the daily Cyber Briefing email .
Subscribe to our Cyber Focus podcast .
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.