Cyber Briefing ~ 06/11/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The recent increase in cyberattacks targeting the healthcare system has highlighted the vulnerability of hospitals and payment systems. To improve resilience, the Biden-Harris Administration is working to enhance cybersecurity in the healthcare sector through public-private partnerships. Initiatives include the launch of a healthcare cybersecurity gateway website, convening high-level executives to advance cybersecurity solutions, and the announcement of the UPGRADE program, which will invest over $50 million in creating tools for better defense against cyber threats. Leading technology providers have also committed to providing free and low-cost resources to rural hospitals.
More than 100 customers of cloud-based data warehouse vendor Snowflake have fallen victim to a widespread identity-based attack. The attacker, known as UNC5537, used stolen credentials to access customer databases, steal data, and extort victims by advertising the stolen data for sale on cybercriminal forums. The attacks were not caused by a breach of Snowflake's systems, according to Mandiant. Snowflake and incident response firms are assisting with the ongoing investigation. The impacted customer accounts lacked multifactor authentication and network policy rules, allowing unauthorized access. Snowflake is working on implementing advanced security controls to prevent future attacks.
Deloitte predicts that banks could face significant losses due to fraudsters using generative AI, deepfakes, voice cloning, and other hyperrealistic AI content. The consultancy estimates that fraud losses could reach $40 billion by 2027, with a compound annual growth rate of 32%. The rise of generative AI has made AI mimicry more accessible, posing a growing risk to financial institutions and their customers. Deloitte also forecasts the emergence of an AI risk insurance market, with AI insurance premiums projected to reach $4.7 billion by 2032.
US executive agencies have recommended that the FCC revoke China Telecom's license to provide international telecommunications services to and from the United States. The decision comes in light of concerns over the Chinese government's misrouting of internet traffic, malicious hacking, and control. The move is part of an escalating tension between the US and China and aims to ensure the integrity of America's telecommunications systems.
Russian cyber attacks against European infrastructure have doubled ahead of the EU elections and the 2024 Paris Olympics. Attacks linked to Russia target election services and critical infrastructure. Russia is accused of hacking Germany's leading opposition party. Microsoft reports on Russian propaganda efforts to "denigrate" the IOC and stoke fears of Olympic violence. Russia was also accused of wider "hybrid activities," including disinformation and sabotage across Europe. Measuring the impact of disinformation is difficult as companies are best placed to detect it and also stop it.
Senators Maggie Hassan and Marsha Blackburn have accused UnitedHealth Group, a major healthcare firm, of not complying with federal law by failing to notify patients after suffering a cyberattack in February. The bipartisan pair demanded that UnitedHealth Group take immediate responsibility and provide patients and healthcare providers with information about the breach. The Department of Health and Human Services is currently investigating the company's compliance with the Health Information Portability and Accountability Act (HIPAA). The ransomware attack on UnitedHealth subsidiary Change Healthcare led to confusion among healthcare providers regarding their responsibility to notify affected patients.
Hackers are posing as job applicants in the cybersecurity field, taking advantage of the high demand for professionals and the use of artificial intelligence (AI) in the hiring process. This poses a risk of intellectual property theft and corporate data breaches. Companies are implementing measures such as identity verification and skill aptitude tests to detect impostors. Still, the rise of AI tools like chatbots and deepfakes makes it more challenging to spot fraudulent applicants. Cybersecurity professionals are on high alert for AI-aided hacks and cybercrime.
Switzerland has reported an increase in cyberattacks and disinformation ahead of a peace summit for Ukraine. The summit aims to create a pathway for peace in Ukraine, with 90 states and organizations participating. While Russia has not been invited, the talks aim to involve both Russia and Ukraine in a future peace process. Switzerland has experienced personal attacks against its president in Russian media, prompting concerns about disinformation campaigns. The summit will discuss various international concerns, including nuclear and food security, freedom of navigation, and humanitarian issues.
Snowflake is urging its clients to implement stronger security controls as companies like Advanced Auto Parts and Live Nation investigate potential data breaches. Hackers targeted some of Snowflake's customers' accounts using information-stealing malware or purchased credentials. Snowflake is now developing a plan that would require customers to take advanced security measures, such as implementing multifactor authentication. The move comes after Live Nation discovered unauthorized activity within a third-party cloud database hosted on Snowflake. Snowflake denies responsibility for the breach and is working with cybersecurity firms to investigate the incidents.
Microsoft is making its new "Recall" feature, which captures screenshots on AI-powered PCs, opt-in instead of on by default after privacy concerns were raised. Recall searches a user's files, photos, emails, and browsing history and periodically takes screenshots that can also be searched. Microsoft said it built-in privacy protections but will now require users to opt-in and use authentication to enable the feature due to criticism.
Brian Harrell, Vice President and Chief Security Officer of AVANGRID and McCrary Institute Senior Fellow, discusses the importance of fortifying security in the sustainable energy sector, highlighting the evolving threat landscape, the need for a strategic roadmap, and the significance of IT, OT, and physical security convergence.
Twenty-two Chinese nationals were sentenced to long prison terms by a court in Lusaka, Zambia, on charges related to cybercrimes, including internet fraud and online scams targeting victims in Zambia, Singapore, Peru, and the United Arab Emirates. The group was part of 77 people, mostly Zambians, arrested in April in a raid on a Chinese-run business. The business employed Zambians to engage in deceptive conversations on messaging apps using provided SIM cards and scripts.
A new leader takes power in Taiwan, Taiwan and China hold competing military drills, and the rhetoric from both sides grows increasingly strident, as do calls from U.S. lawmakers to come to Taiwan’s aid in the case of a Chinese invasion. The U.S. and China engage in fierce economic competition over trade and economic policy. Some see a looming great-power conflict between the U.S. and China focused on Taiwan. Cyber Initiatives Group Principal Dmitri Alperovitch discusses in a new book the dangers and ways to mitigate risks regarding Taiwan in the years ahead.
The U.S. Chamber of Commerce is urging the introduction of legislation that would establish a White House-level body responsible for convening federal stakeholders, including independent regulatory agencies, to harmonize cyber requirements across the government. The proposed committee would aim to drive regulatory cohesion and ensure all relevant agencies work together to address the patchwork of cyber regulations. The Chamber is in discussions with the Senate Homeland Security Committee and expects the bill to be introduced in the Senate first.
MITRE policy shop outlines recommendations for the incoming administration to strengthen U.S. cyber leadership ahead of the 2024 election. Recommendations focus on protecting critical infrastructure, implementing zero trust and SBOMs, preparing for quantum computing, and clarifying authorities across government cyber leaders. Steps include assessing the government's post-quantum cryptography readiness, migrating federal agencies to zero trust architecture, updating national preparedness for infrastructure attacks, and operationalizing SBOMs. Calls for exploring new public-private partnership models and independent agency status for CISA. Emphasizes the need for more cohesive, coordinated cyber leadership across government.
领英推荐
The FCC suggests that broadband providers create plans to address security flaws in the Border Gateway Protocol (BGP) and submit quarterly reports on their progress in mitigating BGP risks. The aim is to improve the security of internet routing and prevent potential threats to personal information and critical infrastructure.
Patients with cancer and those needing emergency operations had their treatment canceled due to a major cyberattack on NHS hospitals in London. Over 200 emergency and life-saving operations had to be canceled, and more than a third of procedures and operations have been affected. The cyberattack was carried out by the Russian cybercrime group Qilin, and the impact on NHS services could last for months. The National Cyber Security Centre is involved in managing the situation.
Internal source code and data belonging to The New York Times were stolen from the company's GitHub repositories in January 2024 and leaked on the 4chan message board. The stolen data, which includes around 3.6 million files and 5 thousand repositories, was shared as a torrent file. The threat actor behind the breach claims to have used an exposed GitHub token to access the repositories. The New York Times confirmed the breach and stated that it occurred due to an inadvertently exposed credential to a cloud-based third-party code platform. The breach did not impact the company's internal systems or operations.
The top US cyber defense agency, CISA, is considering revamping its Joint Cyber Defense Collaborative (JCDC) due to criticism over unclear membership rules and participation hurdles. The agency's Cybersecurity Advisory Committee has recommended that CISA deepen the JCDC's focus on operational collaboration and clarify key operational components. While the JCDC has achieved milestones, it is still in an early stage, nearly three years after its establishment. CISA has accepted or partially accepted previous recommendations from the committee and is expected to review the latest suggestions for improvement.
With the recent allowance of sideloading on iOS devices in Europe, Apple has implemented security measures to mitigate the risks. Notarization, identity verification, real-time monitoring, and sandboxing are key components in enhancing app security and preventing the widespread distribution of malware. While these measures may not be foolproof, they aim to strike a balance between flexibility and security in the iOS ecosystem.
Apple is reportedly developing its own password manager, aiming to compete with popular third-party options like LastPass and 1Password. The move comes as concerns over data breaches and the need for secure password management continue to grow. Apple's offering is expected to integrate tightly with its ecosystem of devices and services, providing a seamless user experience.
Microsoft has responded to concerns raised by cybersecurity experts and changed its computer history-saving feature, Copilot+ Recall, to an opt-in feature. Recall takes screenshots of user activity, including sensitive information, but users will now have to choose to enable the feature actively. Microsoft is also implementing additional security measures to protect user data.
A Russian ransomware group has compromised blood transfusion checks in the NHS, leading to an increased risk of errors and potential harm to patients. The cyberattack has disrupted end-to-end automated blood issues, resulting in the cancellation of elective surgeries and delays in transfusions. Hospitals in London, including St Thomas' and King's College hospitals, have had to postpone cancer operations and organ transplants. Experts warn that the NHS may become more vulnerable to future cyberattacks, especially with the increasing use of public-private partnerships.
Ethical hackers are using AI models, similar to ChatGPT, to identify software bugs and claim rewards. However, others are leveraging the same AI tools to generate realistic yet nonsensical bug reports, making it difficult to distinguish trustworthy reports. The use of AI in bug reporting presents both opportunities and challenges in the cybersecurity community.
The Federal Communications Commission (FCC) has unanimously approved a notice of proposed rulemaking (NPRM) requiring broadband providers to submit information on their internet routing security practices to address vulnerabilities in the Border Gateway Protocol (BGP). The proposal aims to promote more secure internet routing and provide up-to-date information on BGP vulnerabilities. Broadband providers would be required to create confidential reports on their BGP risk mitigation efforts and file public data quarterly to demonstrate progress. The FCC is seeking comments on providing flexibility in reporting requirements and promoting risk-based routing security.
The Cybersecurity and Infrastructure Security Agency (CISA) is finalizing a roadmap that will guide federal agencies on how to prepare for the implementation of post-quantum cryptography. The roadmap will address budgetary planning, acquisition and vendor management and will provide guidance on cryptographic migration costs and cryptographic inventory discovery tools. It will also cover risk assessment, proposing policies and standards for cryptographic dependencies, and monitoring vendors for the validation of post-quantum cryptography solutions. CISA aims to establish a governance council to track agency progress and collaborate with the acquisition community to ensure the right elements are included in contracts.
Senate Finance Chairman Ron Wyden is calling on the Department of Health and Human Services (HHS) to require "systemically important entities" in the health sector to adhere to a minimum set of cybersecurity standards. Wyden argues that the current approach of self-regulation and voluntary best practices is inadequate, leaving the healthcare system vulnerable to cyberattacks. The recommendations include mandating technical cybersecurity standards for systemically important entities, implementing resiliency requirements, conducting periodic cybersecurity audits, and providing cyber assistance to healthcare providers.
Subscribe to our LinkedIn Cyber Briefing .
Subscribe to the daily Cyber Briefing email .
Subscribe to our Cyber Focus podcast .
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.