Cyber Briefing ~ 09/13/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
~Weekly Director's Note~
Dear Readers,
Take a moment today to honor those we lost in the September 11th attacks as well as our first responders, first preventers, and everyone who contributed to defend our homeland. May we continue to strive toward unity and never forget.
This week on Cyber Focus, I had the privilege of sitting down with Robert M. Lee , CEO and co-founder of Dragos, Inc. , a leading industrial control systems and operational technology cybersecurity company. We delved into critical topics such as the differences between IT and OT environments, the increasing convergence of cyber and physical systems, and the potential consequences of cyber attacks on critical infrastructure. Rob highlighted recent threats like Pipedream and Volt Typhoon, emphasizing the urgent need for improved visibility and security measures in OT networks. To enjoy the full episode, head over to YouTube , Spotify , Apple Podcasts , or our website . And, if you enjoy what we are doing, please subscribe so you never miss an episode.
Yesterday, the Select Committee on the Chinese Communist Party and the House Committee on Homeland Security released a significant report on potential threats to U.S. port infrastructure security from China. The investigation, conducted over more than a year, involved key stakeholders in the maritime sector, various government agencies, and strategic seaports. The report highlights concerns about Chinese state-owned cranes and their potential for intelligence collection , as well as broader cybersecurity risks related to PRC-linked port infrastructure.?
In related supply chain news, Mackenzie Hawkins of Bloomberg News reported that the White House plans to impose new export controls on critical technologies, including quantum computing and semiconductor goods. These measures aim to align key allies in a US-led effort to thwart technological advancements in China and other adversarial nations . The controls will cover worldwide exports but include licensing exemptions for countries implementing similar measures, encouraging a unified approach among allies to restrict China's access to cutting-edge technologies.
Quinta Jurecic and Natalie Orpett of The Lawfare Institute reported on the series of coordinated actions by U.S. government agencies to combat Russian influence operations . Recently, the U.S. Department of Justice unveiled several indictments targeting Russian operatives, including employees of RT allegedly running a covert media operation in the U.S. and individuals involved in sanctions evasion. The U.S. Department of the Treasury and 美国国务院 also announced sanctions and visa restrictions on Russian entities and individuals linked to propaganda and cyber activities.
Building on these efforts, the Federal Bureau of Investigation (FBI) , Cybersecurity and Infrastructure Security Agency , National Security Agency , and international partners released a joint Cybersecurity Advisory on Russian military cyber actors targeting U.S. and global critical infrastructure . The advisory focuses on the activities of the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155), detailing their tactics, techniques, and procedures used in cyber operations against global targets. This collaborative effort aims to provide critical information to organizations to help them defend against and mitigate potential Russian cyber threats.
A network of nearly two dozen Iranian-linked websites targeting U.S. minority and veteran voters has been uncovered, as reported by Maggie Miller in POLITICO . The Foundation for Defense of Democracies (FDD) investigation reveals a coordinated influence campaign, with sites disseminating pro-Iranian content and fake news .
Reuters News Agency reporters Seher D. and Vallari Srivastava highlight a 70% surge in cyberattacks on U.S. utilities in 2024 compared to 2023, according to Check Point Research. An average of 1,162 attacks occurred through August, highlighting the growing vulnerability of U.S. power infrastructure as the grid expands and digitalizes. Experts warn of potentially devastating consequences from a coordinated attempt.
In a compelling opinion piece for The Cipher Brief , Mike K. , a former DoD counterterrorism intelligence officer, emphasizes the urgent need for the next U.S. administration to establish clear red lines for infrastructure cyberattacks . Kosak points out the alarming increase in cyber breaches of U.S. critical infrastructure by nation-state actors, particularly China and Russia. He argues that current U.S. strategies are inadequate to address these threats, which could potentially endanger civilian lives. Kosak proposes a multifaceted approach to cyber deterrence, including diplomatic, informational, military, and economic measures. For some additional insights on this topic, readers can explore this recent CNN op-ed , where my colleague Joshua Whitman, PhD and I argue for the designation of state sponsors of cybercrime as a crucial step in combating these growing threats.
Alexander Martin reports in The Record from Recorded Future News that the UK government has designated the data center sector as part of its Critical National Infrastructure , placing it on par with sectors like energy and water supplies. This move aims to enhance protection against cyber attacks, environmental disasters, and IT blackouts for vital data, including NHS, financial, and personal information. While the UK's approach differs slightly from the US, this development highlights the growing recognition of data centers' critical role in national security and economic stability. I continue to call for the U.S. to take similar steps by formally designating cloud infrastructure and space infrastructure as critical infrastructure sectors.?
Becky Bracken 's recent article in Dark Reading highlights a growing security concern in industrial control systems and operational technology environments. According to research by Claroty 's Team82, the proliferation of remote access tools in these critical infrastructure sectors creates an expansive and vulnerable attack surface . The study found that 55% of examined organizations use at least four RATs , with some employing up to 16 different tools. Many of these tools lack essential security features like multi-factor authentication, auditing, and session recording. This "remote access sprawl" is particularly concerning for critical infrastructure sectors, as it increases the risk of breaches and potential physical consequences.
Brandi Vincent reports in DefenseScoop that the Department of Defense is finalizing a new zero trust "assessment standard" to guide Pentagon components in evaluating cybersecurity solutions. Les Call , director of the DOD's Zero Trust Portfolio Management Office, shared this development at FedTalks 2024. The standard aims to address the unique challenges of assessing zero-trust implementations. This is good news to see.
Thank you for reading this edition of our weekly Director’s Note. If you found this information valuable, please consider sharing it with your colleagues and inviting them to subscribe .
War Eagle,
The House Select Committee on the CCP and House Homeland Security Committee conducted a year-long investigation, uncovering potential national security risks posed by Chinese state-owned port equipment manufacturer ZPMC and its presence in U.S. ports. The investigation revealed cybersecurity vulnerabilities, intelligence collection concerns, and the pervasive threat of PRC-linked technology in critical port infrastructure. The Committees interviewed key stakeholders, reviewed information from government agencies, and visited U.S. ports to assess the security challenges posed by ZPMC's equipment and operations.
The British government recognizes data centers as vital infrastructure on par with sectors like energy and water supplies. This move aims to strengthen protection against cyber threats, environmental risks, and ensure continuity during crises. The sector's new status signifies increased government support and collaboration to safeguard essential services and economic growth.
Russian operatives behind "Operation Overload" are now targeting the upcoming U.S. elections with a disinformation campaign. The campaign, originating from Russia, involves bombarding fact-checkers and newsrooms with emails containing false narratives and manipulated content, aiming to influence American audiences.
An estimated 2.9 billion Social Security records were stolen in April 2023, so consumers should check if their number was compromised, alert financial institutions to freeze accounts, obtain credit reports, alert authorities by filing a police report, consider getting an IP PIN from the IRS if tax fraud is a concern, and stay vigilant against scams by monitoring accounts and using strong passwords. Even if your SSN wasn't compromised, remain cautious by backing up files, using encryption, installing software updates, limiting app downloads, avoiding public Wi-Fi, reviewing medical/financial records, and being wary of phishing schemes.
Elite Russian spy unit, GRU's Unit 29155, allegedly scanned web domains across 26 countries for new victims. Linked to assassination attempts and coup plots, the cyber division targeted critical infrastructure and used ransomware-like malware, posing a significant threat to global cybersecurity.
With the U.S. presidential election approaching, the Cybersecurity and Infrastructure Security Agency offers a checklist for election offices to enhance cybersecurity measures. Recommendations include implementing multi-factor authentication, maintaining offline backups, and conducting cyber hygiene scans to safeguard against ransomware and DDoS attacks.
China's tech giants, including Alibaba and Tencent, are launching their own AI models to compete with U.S. companies. With ambitions to lead in AI, China intensifies its tech rivalry with the U.S. Key Chinese AI models are developed by major tech firms like Baidu, Alibaba, Tencent, Huawei, and ByteDance.
Google Cloud unveils a new backup storage vault feature to shield organizations from ransomware attacks. The feature ensures data backups are immutable and indelible, safeguarding against tampering and unauthorized deletion during cyberattacks.
Federal agencies have until month-end to patch four Microsoft bugs, including highly exploited ones affecting tools like Windows Update and Windows Installer. Experts stress urgency, especially for industries like healthcare and finance. Exploit codes for some vulnerabilities are already circulating, raising concerns for potential cyber attacks.
领英推荐
The proliferation of remote access tools used to access critical infrastructure networks has created an insecure attack surface attractive to cyberattackers. Research found 55% of OT networks have at least 4 tools, and 79% have more than 2 tools lacking basic security. This sprawl has enabled breaches at Colonial Pipeline and others. Experts advise getting an inventory of all tools, eliminating insecure ones, setting security standards, and better governing use of tools.
Russian operatives, including Ilya Gambashidze, orchestrated the "Good Old USA Project" to influence the 2024 U.S. election in favor of Donald Trump. The disinformation campaign, known as Doppelganger, targeted minorities, swing-state residents, and gamers, using AI-generated content and fake social media accounts to spread pro-Russian narratives.
FDD uncovers an Iranian network of 19 websites masquerading as independent sources, targeting global audiences with pro-Iran content. Sites include those critical of the U.S. and allies, promoting Iranian interests. Technical indicators confirm the interconnectedness of these websites, urging international collaboration for takedown.
FBI's report reveals over 69,000 complaints involving cryptocurrency fraud in 2023, totaling $5.6 billion in losses. Investment fraud was the most prevalent scheme, with losses reaching $3.9 billion. FBI urges reporting of such crimes to combat evolving fraudulent activities.
National Crime Agency (NCA) faces critical challenges with morale plummeting and officers leaving due to pay disparities. Report reveals spending on temporary staff has surged, leading to unfilled roles and a decline in officers' pay. Urgent reform and investment are needed to enhance NCA's effectiveness in combating major threats.
The Federal Highway Administration embraces CISA's Cyber Security Evaluation Tool (CSET) to enhance transportation authorities' cybersecurity posture. CSET aids in assessing cybersecurity practices, identifying vulnerabilities, and prioritizing mitigation efforts, offering a structured approach for organizations to bolster cybersecurity resilience.
House passes legislation targeting national security risks posed by China. Bills include studies on national security risks from consumer routers and modems developed or controlled by China, Iran, North Korea, or Russia. Additionally, bills address transparency on entities with ties to specified countries and strategies to promote secure telecommunication infrastructure globally.
Health ISAC Leads Effort to Transform SBOM Information Sharing Under Cisa-Facilitated Community Work
ISACs, like Health ISAC, are exploring the role of distributing Software Bill of Materials (SBOM) across supply chains for enhanced transparency. The project aims to define SBOM distribution use cases, required features, and ensure data integrity and security during transit.
The National Institute of Standards and Technology is exploring the integration of data governance activities into a joint profile spanning cybersecurity, privacy, and AI risk management frameworks. Through working sessions, NIST aims to align data governance objectives and activities across these frameworks to help organizations meet their goals.
The Port of Seattle is still recovering from a suspected cyberattack that disrupted operations. While the airport's travel experience is back to normal, websites remain down. Port officials recommend investing in cybersecurity and having contingency plans in place for critical systems to mitigate potential cyber threats.
The State Educational Technology Directors Association's report highlights cybersecurity as the top priority for K-12 schools, followed by rising support for artificial intelligence in education. Concerns include funding shortages for cybersecurity and the need for equitable access to ed-tech tools and training for educators.
An agreement has been reached between the city and cybersecurity whistleblower, Connor Goodwolf (real name David L. Ross Jr.), regarding a restraining order related to a data breach exposing city employees' and residents' information. While the order restricts dissemination of data, the civil lawsuit against Ross for damages will proceed.
Microsoft accelerates towards a hundred-logical-qubit capability, demonstrating logical operations with a high number of error-corrected qubits. Partnering with Atom Computing, advancements show significant progress in reliable quantum computing for complex calculations previously unattainable with classical hardware.
Subscribe to our LinkedIn Cyber Briefing .
Subscribe to the daily Cyber Briefing email .
Subscribe to our Cyber Focus podcast .
Copyright ? 2024 Auburn University 's McCrary Institute. All Rights Reserved.
AI Engineer| LLM Specialist| Python Developer|Tech Blogger
2 个月Discover the secret weapons of successful developers – our Top 10 AI Tools for Developers! Build faster, smarter apps and websites, and even explore AI chatbot creation. Let's code together into a brighter future! https://www.artificialintelligenceupdate.com/top-10-ai-tools-for-developers/riju/ #learnmore