Hostile state hackers, AI pushes forward, and network defences under attack

Hostile state hackers, AI pushes forward, and network defences under attack

Welcome to the third issue of Security Insights, Zaizi's cybersecurity LinkedIn newsletter!

As experts in helping public sector organisations design, build and sustain user-centred and secure digital services, we created Security Insights to keep you informed.?

This newsletter provides a regular roundup of key security and cybersecurity news, including our expert analysis to help you understand the latest threats, trends, and best practices.

The Readout

Against a grim global backdrop, including refreshed NATO warnings about undersea infrastructure (which could cause global chaos if attacked), strategic leaders in the UK public sector face the unenviable task of fortifying their defences against a spectrum of cybersecurity challenges. Recent insights highlight critical areas requiring immediate attention to safeguard national security and maintain operational integrity.

One of the most pressing concerns voiced by Nicky Stewart, a former executive at the Cabinet Office and UKCloud, relates to the burgeoning challenges within the cloud computing and artificial intelligence (AI) sectors [1]. Stewart warns that without swift and decisive regulatory action from bodies like the Competition and Markets Authority (CMA), the competition issues currently plaguing the cloud landscape could soon replicate in AI technologies. This potential stifling of innovation and market fairness underscores the necessity for strategic leaders to advocate for and implement robust regulatory frameworks.?

However, the government may already be suffering the adverse effects of the move to the cloud. According to CDDO papers [4], the UK government faces substantial challenges in negotiating cloud infrastructure contracts due to vendor lock-in with major providers like AWS and Microsoft. The situation is exacerbated by large-scale contracts, such as those signed under the One Government Value Agreement, which lock in services and prices, leading to reduced flexibility and increased costs over time. These agreements have led to AWS significantly boosting its revenues from UK public sector deals, underscoring the financial impact on government spending.

Furthermore, new cybersecurity research has revealed that command-line interface (CLI) tools from major cloud service providers like Amazon Web Services (AWS), Google Cloud, and Microsoft Azure could potentially expose sensitive credentials in build logs [6]. This discovery points to the importance of securing build environments and implementing stringent access and credential management systems to prevent unauthorised access and data breaches.

Adding to the complexity of the cybersecurity environment, the UK's National Cyber Security Centre (NCSC), a part of GCHQ, has recently disclosed activities by Chinese state-affiliated cyber actors, specifically APT31 [2]. This group is implicated in the targeted reconnaissance of email accounts belonging to UK parliamentarians, particularly those who have openly criticised China's actions. The implications of such state-sponsored cyber activities are profound, necessitating enhanced defensive strategies and international collaboration to mitigate the risks posed by geopolitical cyber threats.

However, the cybersecurity challenges are not confined to the UK. Internationally, the US has faced significant breaches, with Russian government-backed hackers stealing emails from several federal agencies during a cyberattack on Microsoft systems [5]. This incident highlights the ongoing threat of state-sponsored cyber espionage and reinforces the need for robust cybersecurity protocols and international cooperation to defend against such incursions.

The recent fix by Palo Alto Networks for a critical vulnerability in its firewall operating systems [7], and the disclosure that Duo was breached [8] also emphasise the relentless nature of cyber threats. The Palo Alto flaw allowed for remote code execution by unauthenticated attackers, highlighting the critical need for timely application of security patches and vigilant network monitoring. While the Duo breach may lead to targeting of staff and further security incidents over time, departments using a combination of both services should be particularly wary over the coming months.

As the cybersecurity landscape continues to shift on its tectonic plates, strategic leaders must prioritise the development of comprehensive cybersecurity strategies that address these multifaceted challenges.?

UK Public Sector

1. Regulators must act now to get a grip on the relationship between cloud and AI: Without urgent action from the CMA and others, the systemic competition challenges of the cloud landscape will be replicated elsewhere, according to former Cabinet Office and UKCloud executive Nicky Stewart.

2. UK calls out China state-affiliated actors for malicious cyber targeting of UK democratic institutions and parliamentarians: The National Cyber Security Centre – a part of GCHQ – assesses that the China state-affiliated cyber actor APT31 was almost certainly responsible for conducting online reconnaissance activity in 2021 against the email accounts of UK parliamentarians, most of whom have been prominent in calling out the malign activity of China.

3. i.AI highlights work on rAPId data sharing solution: The Incubator for AI (i.AI) unit in the Cabinet Office has begun work on a project to expand the functions of rAPId data sharing solution for government bodies. A working version is now available as open source on GitHub and i.AI said it is being actively used by several government departments including the Cabinet Office and HM Treasury.

4. UK govt office admits ability to negotiate billions in cloud spending curbed by vendor lock-in: A document from the Cabinet Office's Central Digital & Data Office, circulated within Whitehall, seen by The Register, says the "UK government's current approach to cloud adoption and management across its departments faces several challenges" which combined result "in risk concentration and vendor lock-in that inhibit UK government's negotiating power over the cloud vendors."

Global

5. US says Russian hackers stole federal government emails during Microsoft cyberattack: U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that Russian government-backed hackers stole emails from several U.S. federal agencies as a result of an ongoing cyberattack at Microsoft.

6. AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs: New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organisations.

7. Palo Alto Networks fixes zero-day exploited to backdoor firewalls: This maximum severity security flaw (CVE-2024-3400) affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with device telemetry and GlobalProtect (gateway or portal) enabled. Unauthenticated threat actors can exploit it remotely to gain root code execution via command injection in low-complexity attacks that don't require user interaction.

8. Cisco Duo warns third-party data breach exposed SMS MFA logs: Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider.

Quick definitions

APT: “Advanced Persistent Threats” are sophisticated, stealthy, and continuous cyberattack campaigns often sponsored by nation-states or other well-resourced groups targeting specific entities. These attacks are characterised by their long duration and focus on quietly gathering sensitive information from the targeted systems rather than causing immediate harm.

Zero Day: A “Zero Day” refers to a previously unknown software vulnerability that hackers can exploit before developers become aware of the issue and release a fix. This term also denotes the period when there is no existing defence against the new vulnerability, making it a highly effective avenue for cyberattacks.


要查看或添加评论,请登录

社区洞察

其他会员也浏览了