Cyber Briefing ~ 05/09/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The White House has released the second version of the National Cybersecurity Strategy Implementation Plan, outlining over 100 high-impact initiatives to defend critical infrastructure, disrupt threat actors, shape market forces, invest in a resilient future, and forge international partnerships. Key focus areas include establishing cybersecurity requirements, scaling public-private collaboration, integrating federal cybersecurity centers, updating incident response plans, modernizing federal defenses, disrupting adversaries, securing the internet's technical foundation, and developing a national cyber workforce strategy.
Law enforcement agencies have identified the leader of the ransomware gang LockBit, known as LockBitSupp, and mocked him on his own website. The coalition claims to know his location and wealth, signaling a potential breakthrough in dismantling the group's operations.
The Biden administration is pursuing a new diplomatic strategy focused on managing cyber threats and technology competition. This includes arms control talks with China over the use of artificial intelligence and efforts to assure control over physical technologies like undersea cables. Secretary of State Antony Blinken emphasized the need for digital solidarity with allies and trusted vendors, signaling a zero-sum competition between Western-dominated and Chinese-dominated technologies. The strategy also acknowledges the role of cyber weaponry in conflicts, such as Russia's attack on Ukraine and China's penetration of American infrastructure networks.
Law enforcement agencies have identified and charged Russian national Dmitry Yuryevich Khoroshev, also known as LockBitSupp, as the leader and developer of the LockBit ransomware group. Khoroshev is accused of computer crimes, fraud, and extortion. LockBit is one of the most prolific ransomware variants globally, targeting over 2,000 victims and stealing more than $100 million in ransom payments. The US government has announced sanctions against Khoroshev, preventing transactions with him and offering a $10 million reward for information leading to his arrest and conviction.
Microsoft has deployed the GPT-4 large language model in an isolated, air-gapped Azure Government Top Secret cloud for use by the Department of Defense. Once accredited, Pentagon officials will have access to the technology to deal with vast amounts of data and tailor it to meet their unique needs. The deployment is part of Microsoft's collaboration with OpenAI.
The report from the Office of the National Cyber Director, led by former McCrary Institute Senior Fellow Harry Coker, highlights the rapidly evolving cyber threat landscape in 2023. Malicious actors are exploiting emerging technologies that connect people and systems, posing advanced risks as the digital and physical worlds become increasingly intertwined. The report identifies the top trends as evolving critical infrastructure risks, ransomware, supply chain exploitation, commercial spyware, and the growing use of artificial intelligence by threat actors. The report details progress on implementing the Biden administration's national cybersecurity strategy while also noting the daunting challenges that remain in realizing a safe and secure digital future.
The personal information of British army, navy, and air force members has been exposed in a significant data breach targeting a third-party payroll system used by the Ministry of Defense. While the government did not publicly blame anyone for the attack, some lawmakers pointed fingers at China. Defense Secretary Grant Shapps referred to it as the work of a malign actor and did not rule out state involvement. This incident highlights the increasing and evolving threats faced by the U.K.
Officials expressed concerns that the combination of generative artificial intelligence (AI) and social media platforms could amplify the spread of misinformation during key U.S. elections. While AI-powered attacks on voting technology are a concern, experts emphasize that the rapid dissemination of AI-generated disinformation by individuals poses a greater threat to election security.
The U.S. Office of the Director of National Intelligence (ODNI) has published its policy framework for how intelligence agencies collect and use information from data brokers. The framework addresses definitions, principles, and privacy considerations but does not clearly specify what kind of commercially available information can or cannot be purchased by the intelligence community. Senator Ron Wyden, a critic of intelligence agency use of data brokers, praised the framework as a step forward but emphasized the need for Congress to pass legislation to protect the rights of Americans. Privacy advocates also expressed mixed opinions on the framework, calling for stronger safeguards and a ban on law enforcement purchasing Americans' data from data brokers.
The Biden administration's planned $13 billion investment in cybersecurity for federal civilian agencies neglects essential programs such as foundational research and standards setting. The National Institute of Standards and Technology (NIST), responsible for developing cybersecurity standards and guidelines, is not adequately funded despite being assigned critical roles in cybersecurity priorities. Without increased funding, NIST will struggle to fulfill its assigned work, jeopardizing the success of the administration's cybersecurity initiatives. Insufficient funding for NIST hinders its ability to conduct research, develop frameworks, and support the government's ambitious cybersecurity goals, ultimately compromising national security.
The Biden administration is set to launch aggressive actions to bolster cyber resilience in critical infrastructure sectors, with a focus on healthcare and water. The plan includes increased intelligence sharing, closer cooperation with the private sector, proactive threat disruption, and taking down malicious actors. While progress has been made, the report highlights persistent threats from China-affiliated groups and ransomware attacks. However, there are concerns about the resilience of the private sector and the challenges of engaging and harmonizing with industry mandates.
The Department of Homeland Security is preparing for an array of election threats, including foreign meddling, threats of violence, and disinformation campaigns. DHS will work with state and local partners to secure election infrastructure and help officials respond to threats. The Cybersecurity and Infrastructure Security Agency will provide intelligence, training, and resources to counter hacking, physical dangers, and false narratives that undermine trust. DHS coordinated with law enforcement and election offices after fentanyl mailings targeted officials last year. Ensuring polling sites stay open amid bomb threats or other disruptions will be a key focus. The agency says an "unprecedented threat environment" requires an unprecedented response to secure the integrity of the election process.
The hacking group Scattered Spider, previously known for targeting MGM Resorts International, is now focusing on banks and insurance companies. Using phishing tactics, the group has successfully compromised the systems of at least two insurance companies and targeted major financial institutions.
Russia, China, and Iran are leveraging the protests over the war in Gaza at American universities to exacerbate social and political divisions within the United States. While there is little evidence of direct support for the protests, these countries are amplifying the tensions through state media, inauthentic accounts, and propaganda campaigns. The goal is to portray the U.S. as a country in turmoil and undermine its international standing. Researchers are also concerned about foreign influence operations targeting the upcoming presidential election.
U.S. Cyber Command wants to increase the complexity of simulations and actors within its Persistent Cyber Training Environment platform to allow cyber warriors to test their skills against increasingly sophisticated threats. The platform provides access to collective training and mission rehearsal. New features will focus on usability to recreate complex scenarios incorporating intelligence, language, and adversarial techniques. This will help cyber warriors anticipate real-world threats like ransomware, AI attacks, and social engineering employed by China, Russia and Iran. The program office is also adding multidomain training at the request of allies to simulate wartime coordination. Overall the goal is to provide the realism cyber operators would face against live adversaries.
The U.S. Department of Defense has announced a comprehensive cybersecurity strategy for the Defense Industrial Base (DIB), focusing on strengthening governance, broadening cybersecurity posture, preserving resiliency, and boosting collaboration. The multi-year plan emphasizes the importance of a Zero Trust architecture and offers cyber resources, tools, and services to enhance DIB companies' cybersecurity capacity. The strategy showcases a collaborative approach between the government and private sector to address evolving cyber threats.
Dmitry Khoroshev, the leader of the ransomware gang LockBit, has been charged by US authorities with hacking-related crimes. Khoroshev, a 31-year-old Russian national, is accused of being the "creator, administrator, and developer" of LockBit, which has attacked at least 2,500 victims and extorted approximately $500 million in ransom payments. Khoroshev remains at large, and a $10 million reward has been offered for information leading to his arrest or conviction. This action is part of ongoing efforts by law enforcement to combat cybercrime and disrupt ransomware organizations.
领英推荐
The City of Wichita is investigating a ransomware attack that occurred over the weekend, leading to the shutdown of many city networks and services. The attack affected various core city services, including water, public transit, and the airport. The city has implemented business-continuity measures and is working with third-party specialists to restore the computer network. The investigation is ongoing, and there is currently no timeline for when systems will be restored. The city has been transparent about the incident to inform and prepare citizens for disruptions.
More than 60 large technology vendors, including Google and Microsoft, have committed to the Secure by Design Pledge initiated by the Cybersecurity and Infrastructure Security Agency (CISA). The pledge aims to shift the burden of security from smaller organizations to larger tech providers by integrating security into their products from the start. Signatories will make a good-faith effort to implement seven baseline security goals over the next year and demonstrate measurable progress publicly. While the pledge is voluntary, it marks a significant step in enhancing upfront investments in security and mitigating the impact of cyber attacks on the U.S. economy.
The Biden administration, along with the governments of the United Kingdom and Australia, have announced charges against Dmitry Yuryevich Khoroshev, the Russian leader of the LockBit ransomware operation. Khoroshev is accused of developing and distributing the LockBit ransomware, which has targeted over 2,000 victims globally, resulting in more than $1 billion in ransom payments. The charges include fraud and extortion, carrying a maximum penalty of 185 years in prison. The Treasury Department has also sanctioned Khoroshev, and the State Department has offered a reward of up to $10 million for information leading to his arrest. This action is part of a broader effort to combat ransomware operations and hold cybercriminals accountable.
The White House has announced over 30 new initiatives to address cyber threats in the United States. These initiatives, spearheaded by various federal agencies, aim to bolster the nation's cybersecurity and have bipartisan support. The initiatives include creating a software liability framework, promoting cybersecurity best practices in crucial sectors, deterring juvenile cyber crimes, and developing secure manufacturing guidance for semiconductors. The Office of the National Cyber Director also released a report stating that U.S. cybersecurity has improved, emphasizing the need to strategically shape the digital world to stay ahead of adversaries.
The UK's Ministry of Defense (MoD) has experienced a suspected cyber-attack, believed to be carried out by China. The hack targeted an MoD payroll system, compromising the personal information of around 270,000 current and former armed forces members. Defense Secretary Grant Shapps will provide an update to the House of Commons, although he is not expected to directly name China as the perpetrator. A full investigation will be launched, including potential failings by a private contractor. China has denied the allegations, calling them "completely fabricated and malicious slanders."
A Security Symphony from the Aspen Digital think tank calls for establishing regulatory harmonization principles for cybersecurity, with a focus on collaboration and standardization. The principles span interoperability, transparency, market competition, and mutual recognition frameworks. The paper demonstrates the real-life harms of lacking coordination and the benefits of harmonized models through case studies on the 2016 "Avalanche" network takedown and the Factor Analysis of Information Risk (FAIR) framework. With over 60 countries implementing fragmented regulations, inconsistent compliance allows bad actors to exploit gaps. The authors, a group of cybersecurity experts, offer guidance on harmonizing the global regulatory landscape.
The US has revoked licenses allowing Intel and Qualcomm to ship chips to Huawei, impacting the company's ability to power its laptops and hurting US suppliers. The move comes after pressure from Republican lawmakers and is aimed at protecting national security and diminishing China's technological advancement. China has criticized the US for abusing export controls without justification.
TikTok and parent company ByteDance have filed a legal challenge against a U.S. law that requires TikTok's sale within a year or face a ban. They argue that the law violates First Amendment rights and lacks proof of national security risks. TikTok seeks to have the law declared unconstitutional and blocked from enforcement. The Biden administration and Congress defend the law, citing concerns about Chinese influence and data access. TikTok has previously won court battles against potential bans in the U.S.
During recent high-level talks between U.S. and Chinese officials, the Volt Typhoon espionage campaign targeting American critical infrastructure was directly addressed. The discussions covered a wide range of technology issues, with Secretary of State Antony Blinken emphasizing the danger and escalation of holding American critical infrastructure at risk. While Beijing denies any affiliation with the hacking network, the U.S. considers its actions to violate the spirit of the United Nations' framework for responsible behavior in cyberspace. The two countries are expected to meet again to discuss artificial intelligence issues.
The Ministry of Defense (MoD) in the UK has experienced a suspected Chinese cyberattack, exposing the personal details of tens of thousands of troops. The hack targeted an MoD payroll system operated by a contractor, compromising names, bank details, and a few thousand home addresses. Defense Secretary Grant Shapps did not directly accuse China but referred to the attack as the work of a malign actor with potential state involvement. Conservative MPs expressed suspicions towards China, while the Chinese Embassy in London called the claims "completely fabricated and malicious slanders."
Officials in Westminster suspect that China was behind a hack on a third-party payment system used by the British armed forces. The Ministry of Defence will make a statement about the cyber incident, warning about hostile states targeting organizations for cyber espionage. The incident affected a payment system operated by a contractor, potentially compromising names, bank details, and personal addresses. The investigation is ongoing, and while no evidence of data removal has been found, the government is taking precautionary measures. About 270,000 personnel and veterans have been affected. China has consistently denied allegations of engaging in malicious cyber activity.
Ukraine's military intelligence agency (HUR) reportedly conducted a successful cyberattack on Russia's 1C Company, a software developer and distributor. The attack disabled a corporate cloud provider and a remote work server, impacting users in Russia. HUR has previously targeted Russia's ruling United Russia party. Russia, in turn, has been accused of carrying out cyberattacks across Europe, including GPS jamming of civilian aircraft.
The Spanish Startup Association has lodged a complaint with the Spanish antitrust regulator, accusing Microsoft of anti-competitive practices in the cloud computing sector. The association alleges that Microsoft has leveraged its dominant position to force the use of its Azure cloud and imposed artificial barriers that hinder competition and choice for startups. Microsoft has defended its practices, emphasizing customer choice and flexibility. The association has called for an investigation and measures to ensure a competitive market.
The State Department has unveiled the "United States International Cyberspace & Digital Policy Strategy," aiming to promote an open and secure digital environment, coordinate digital governance approaches, defend against cyber threats, and enhance partners' capabilities through international collaboration. The strategy is built on principles of pursuing an affirmative vision for cyberspace, promoting cybersecurity and sustainable development, and employing diplomatic tools for implementation.
The White House has released a comprehensive cybersecurity report and implementation plan, assessing the nation's cybersecurity posture and outlining initiatives to strengthen it. The plan includes 100 government initiatives focused on critical infrastructure defense, disrupting threat actors, shaping market forces, investing in resilience, and forging international partnerships.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to the daily Cyber Briefing email.
Subscribe to our Cyber Focus podcast.
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.