Cyber Briefing ~ 05/30/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
OpenAI has begun training its newest AI model to power the ChatGPT chatbot, aiming to bring the company closer to artificial general intelligence (AGI). Additionally, OpenAI announced the formation of a committee, including CEO Sam Altman, to evaluate the safety and security of its AI products. This move comes amidst lawsuits, staff departures, and concerns about AI technology spreading disinformation, job loss, and copyright infringement. The committee aims to address these issues and release recommendations after a 90-day review. Former OpenAI board members have recently called for increased regulation of AI.
The U.S. Securities and Exchange Commission (SEC) clarified that its cybersecurity breach reporting requirements are not intended for the voluntary disclosure of "immaterial" incidents. The rules require public companies to report "material" cybersecurity incidents within four days of determining their materiality. The SEC expressed concerns about confusion caused by voluntary filings that may mislead investors. The Division of Corporate Finance encourages companies to disclose immaterial incidents under a different item of Form 8-K and file an Item 1.05 Form 8-K if subsequent materiality is determined. Smaller reporting companies will be subject to the rules starting June 5.
McCrary Institute Advisory Board Member Admiral Michael Rogers, former Director of the National Security Agency and Commander of U.S. Cyber Command discusses the evolving cybersecurity landscape, the importance of information sharing and partnerships, and the challenges facing CISOs in today's geopolitical environment.
McCrary Institute Advisory Board Member, Retired Admiral Michael Rogers discusses the recently released National Cybersecurity Strategy, highlighting its focus on critical infrastructure protection, disrupting threat actors, and incentivizing security through market forces. He emphasizes the need to learn from real-world scenarios like the Ukraine conflict and shift responsibilities beyond just end-users. The strategy aims to bolster cyber resilience, but Rogers suggests it may not go far enough in driving long-term change.
Katherine Gronberg, a McCrary Institute Senior Fellow, discusses the Biden Administration's focus on securing industrial control systems and internet-connected devices. The upcoming national cyber security strategy is expected to call for new regulations and harmonization of cyber security requirements across critical infrastructure sectors, which may pose significant challenges for private companies, especially smaller operators, due to resource constraints.
McCrary Institute Advisory Board Member, Retired Admiral Mike Rogers discusses the evolving ransomware threat to operational technology (OT) environments and critical infrastructure. He highlights the challenges OT operators face in responding to these attacks, the importance of cyber resilience, and the need for better collaboration between IT and OT teams. Rogers also shares insights on the decision-making process around paying ransoms and the role of cyber insurance in incentivizing improved security practices.
A ransomware attack several weeks ago on the Ascension Hospital network is still causing major issues. Nurses are being forced to manually enter patient information without electronic records, leading to concerns about mistakes and patient safety.
The Department of Justice is leveraging the False Claims Act, a law from the Civil War era, to hold contractors accountable for misleading the government about their cybersecurity measures. The initiative aims to enforce cybersecurity rules in federal contracts and punish contractors who fail to protect government data. So far, five cyber-fraud cases have been closed, with more prosecutions expected in the future. The DOJ's approach aligns with President Biden's cybersecurity strategy, which emphasizes increased accountability for companies in defending against hackers.
Telegram, a messaging app known for lax content moderation, has become a platform for pro-Kremlin disinformation groups to spread fake news and recruit individuals for acts of sabotage. European officials, who are prioritizing the fight against fake news ahead of upcoming elections, have limited power to regulate Telegram due to its user numbers falling below the threshold required for stricter regulations. The app's unaccountability has raised concerns about the spread of disinformation and the lack of content moderation.
In 2022, TikTok proposed an extraordinary deal to the U.S. government, offering control over its U.S. operations, veto power over hires, and a kill switch. However, the Biden administration declined the offer. The proposal aimed to address concerns about the video app's ownership by a Chinese company and its potential threat to national security.
A leak of internal documents purportedly revealing details about Google's search algorithm has raised questions about the company's transparency. The leaked documents offer insights into how Google's search works, including information on data collection, site rankings, and handling of small websites. Some details appear to contradict public statements made by Google representatives. Google has not responded to requests for comment on the legitimacy of the leaked documents. The leak provides a rare glimpse into the secretive world of Google's search algorithm and has sparked discussions about the need for greater transparency in the industry.
Microsoft warns of a new North Korean threat actor named Moonstone Sleet, engaged in espionage and revenue generation attacks. The group employs tactics used by other North Korean threat actors and has established itself as a well-resourced adversary. Moonstone Sleet sets up fake companies, uses trojanized tools, creates malicious games, and deploys custom ransomware. The group targets education, defense industrial base, and software and IT organizations while also investing in building fake identities to support its malicious activities.
Disruptive digital attacks in the European Union have doubled, many of which are attributed to Russian-backed groups. The increase in attacks with geopolitical motives has been observed since Russia's invasion of Ukraine. Attacks against European infrastructure aimed at causing disruption have significantly risen, according to Juhan Lepassaar, head of the European Union Agency for Cybersecurity. These attacks are also targeting election-related services as the EU prepares for the European Parliament elections. Lepassaar emphasized the need to understand digital security and make it second nature in the same way as physical security in everyday life.
领英推荐
An Ascension Seton hospital in Texas has been dealing with issues from a ransomware attack for almost three weeks now. The attack has caused problems with accessing electronic records, leading to delays in care and potential mistakes.
Researchers were able to recover the password to a crypto wallet containing $3 million by exploiting a flaw in an old version of the RoboForm password manager. The flaw allowed them to reverse engineer the password generation process and narrow down the possible guesses. Siber Systems, the maker of RoboForm, confirmed that the issue was fixed in a 2015 version but did not disclose the details. It is unclear if current versions still contain the vulnerability.
The Seattle Public Library has suffered a ransomware attack, causing a complete halt in services, including the wireless network, computers, and the online catalog. The incident occurred over the Memorial Day weekend, and while the library had planned to conduct maintenance on a server, they discovered the attack instead. All systems have been taken offline, and law enforcement has been contacted. The library will remain open, but books and CDs will be lent manually. Similar attacks on libraries have occurred globally, prompting officials to propose a program to enhance library cybersecurity measures.
A new report from the Marin County Civil Grand Jury recommends the formation of a cybersecurity joint powers authority to address cyber threats. The report highlights previous cyberattacks on the county and its municipalities, emphasizing the need for improved cybersecurity measures and awareness. The grand jury also suggests hiring additional county employees dedicated to cybersecurity and mandating business continuity plans in IT service contracts.
CDEK, one of Russia's largest delivery companies, has experienced a cyberattack that disrupted its services for several days. The hacker group, known as Head Mare, claimed responsibility for encrypting the company's servers with ransomware and destroying backup copies of its corporate systems. While CDEK initially attributed the disruption to a "massive technical failure," an anonymous source within the company revealed that it was indeed a ransomware attack. The company is working towards restoring full operation and intends to resume services by May 29th. The motive behind the attack remains unclear.
Auction house Christie's has confirmed a data breach following a ransomware attack by the group RansomHub. The hackers claim to have stolen sensitive personal information from at least 500,000 private clients and are threatening to leak the data unless a ransom is paid. Christie's stated that while some personal data was accessed, there is no evidence of compromised financial or transactional records. The company is notifying privacy regulators, government agencies, and affected clients.
The Space Force is developing a program called the Commercial Augmentation Space Reserve (CASR) to ensure it can rely on commercial vendors' space systems during times of conflict. Companies voluntarily joining the reserve would be contracted to provide their systems to the military, with clear expectations and compensation. CASR aims to provide peacetime capabilities while allowing for surge and scalability during wartime. The program will initially focus on space domain awareness and satellite communications, with plans to work with the intelligence community for tactical intelligence, surveillance, and reconnaissance (ISR).
Chinese companies facing restrictions in the U.S. are rebranding and creating American subsidiaries to continue their business operations. These moves, aimed at buffering against anti-China policies, are legal but frustrate regulators. American entrepreneurs also see opportunities in working with popular Chinese companies. The practice of rebranding and obfuscation is expected to intensify as the U.S. government expands blacklists and imposes restrictions.
The cybersecurity industry is thriving due to the prevalence of cyberattacks. Spending on security is expected to reach $215 billion this year, up 30% from 2022. While improved security could lessen the need for some defenses, threats ensure that security tools won't become obsolete. Vendors benefit from selling products to mitigate attacks, though the complexity introduced can be problematic. Experts say attacks persist due to systemic weaknesses and living, adaptable adversaries. Though solutions help, new issues arise. Ultimately, the cybersecurity market grows in tandem with evolving digital threats.
Cyber risks are a top priority for banking executives. The most prominent application of quantum computing in banking currently is fighting cyber threats from quantum computing. Banks are hiring quantum talent and working to understand its implications. Emerging quantum-safe technologies like rapidly changing passwords can mitigate risks from quantum computing and protect banks against cyber threats. Quantum computing is being employed mainly to boost banks' cyber defenses.
North Korean hacker groups like Lazarus and Kimsuky engage in cyber espionage and crypto theft to fund the country's sanctioned weapons programs, according to the UN. Kimsuky poses as an expert to phish targets, while Lazarus steals crypto, funding 50% of North Korea's WMDs. Though intended to curb activities, sanctions may drive more cybercrime. The NSA recommends that organizations enable DMARC email authentication to stop Kimsuky phishing. Ultimately, sanctions appear ineffective, so diplomatic efforts and global cooperation on cyber defenses could provide a sustainable solution.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to the daily Cyber Briefing email.
Subscribe to our Cyber Focus podcast.
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.