Last Week in Cybersecurity

TLWR: Crypto Company, Patrica, begins repayment to customers after 2022 Cyber breach

Patricia Technologies, a Nigerian-based fintech firm, has initiated repayments to customers affected by a significant cyberattack in 2022. The breach resulted in losses exceeding ?600 million and led to temporary restrictions on withdrawals. Collaborating with law enforcement, Patricia's efforts culminated in several arrests, including that of a prominent politician. The company had previously outlined a two-to-five-year repayment plan, which commenced on December 10, 2024, starting with the first batch of affected customers. Affected customers have been notified via email and are encouraged to update their account details on the Patricia platform. The company advises all impacted users to monitor official communication channels for updates on their repayment timelines.?

https://leadership.ng/patricia-begins-repayment-to-customers-after-2022-cyberattack/??

TLWR: Ardyss International’s breach and multi-pronged threat: external and internal

Ardyss International, a U.S.-based multi-level marketing company, experienced a significant data breach in December 2024. The hacker, known as "0mid16B," claimed to have infiltrated Ardyss's servers, extracting 596 GB of data, including over 1.17 million customer records. The compromised information encompassed customers' names, firm affiliations, postal addresses, and phone numbers.

The breach was facilitated through two server vulnerabilities. Although Ardyss's IT team detected and removed the intruder's access twice, the hacker regained entry during periods when the team was inactive. While the hacker deleted files and databases, including backups, the company managed to recover data via shadow copies. Despite attempts to engage Ardyss's executives for ransom negotiations, the company did not respond, leading the hacker to offer the stolen data for sale.

An internal issue emerged when an employee, "Gerardo V," accessed the hacker's communication channel without authorization. Identifying himself as "GOD OF SALES," he sought personal financial gain by proposing to provide sensitive company information to the hacker in exchange for $15,000 USD. This incident highlights potential insider threats within the organization.

The breach underscores the critical need for robust cybersecurity measures and vigilant internal security protocols to safeguard sensitive data and prevent both external and internal threats.

https://databreaches.net/2024/12/24/todays-insider-threat-ardyss-edition/

TLWR: Yearly Reminder - Protecting Yourself from Holiday AI Scams.

During the holiday season, scammers are increasingly leveraging artificial intelligence (AI) to craft more convincing and sophisticated scams. To safeguard yourself, consider the following measures:

1. Be Vigilant with Phishing Attempts.
2. Establish a Family Code Word.
3. Secure Your Social Media Accounts.
4. Verify Website Authenticity such as "https://", padlock icon or URL misspellings in the URL.
5. Stay Informed and Educated.

By implementing these precautions, you can enhance your security and reduce the risk of falling prey to AI-driven scams during the holiday season.

https://www.npr.org/2024/12/24/nx-s1-5235265/how-to-protect-yourself-from-holiday-ai-scams?

TLWR: How would Cybersecurity look like in a Trump Presidency?

The anticipated return of President Donald Trump is expected to bring significant changes to U.S. cybersecurity policies, particularly concerning the Cybersecurity and Infrastructure Security Agency (CISA). Established in 2018 during Trump's first term, CISA's role has evolved, especially following the 2020 election and its efforts to combat misinformation, leading to conservative criticism.

Under the new administration, potential shifts include:

• Restructuring CISA: There are discussions about narrowing CISA's focus, possibly transferring it to the Transportation Department, emphasizing core cybersecurity functions, and reducing its involvement in areas like misinformation.
• Deregulation: The administration may reduce cybersecurity regulations, favoring public-private partnerships and industry-led initiatives over federal mandates.
• Offensive Cyber Operations: A more aggressive stance against foreign cyber adversaries, such as China and Russia, is anticipated, potentially increasing military cyber operations.

These changes could impact the federal government's role in cybersecurity, affecting national cyber defense strategies and the regulatory environment for businesses.

https://www.darkreading.com/cybersecurity-operations/trump-20-portends-shift-cybersecurity-policies?

Additional Reading:

https://www.wired.com/story/trump-administration-cybersecurity-policy-reversals

https://www.wsj.com/articles/trumps-second-term-is-expected-to-bring-big-change-to-top-u-s-cyber-agency-cfcab148

https://www.politico.com/news/2024/10/22/former-officials-next-administration-cyber-policies-00184854?

TLWR: AI systems are developing a lot more rapidly

As artificial intelligence (AI) systems rapidly advance, traditional evaluations like the SATs and the U.S. bar exam are becoming insufficient to gauge their capabilities. In response, organizations are developing more challenging assessments to better understand and monitor AI performance.

Emergence of Advanced Evaluations

New evaluations, or "evals," are being introduced to test AI systems beyond standard benchmarks. For instance, Epoch AI's FrontierMath presents exceptionally challenging math questions, on which current AI models initially scored around 2%. However, within a month, OpenAI's latest model achieved a 25.2% score, indicating rapid progress.

Challenges in Designing Effective Evals

Creating scientifically rigorous and practically applicable tests is complex. Issues such as data contamination, where AI models are inadvertently trained on evaluation data, and the potential for models to "game" the tests complicate the process. Despite these challenges, developing robust evals is crucial for understanding AI capabilities and mitigating potential risks.

Importance of Third-Party Audits and Policy Integration

The rapid advancement of AI underscores the need for independent audits and the integration of these evaluations into policy-making and regulatory frameworks. Such measures are essential to ensure AI systems are developed and deployed safely, minimizing risks in areas like cybersecurity and bioterrorism.

https://time.com/7203729/ai-evaluations-safety/?

TLWR: Trust but Verify and keep on verifying on a regular cadence.

The article "Too Much 'Trust,' Not Enough 'Verify'" from Dark Reading discusses the pitfalls of the traditional "trust but verify" cybersecurity approach, which assumes that once a user or device is verified, it can be trusted indefinitely. This method is increasingly inadequate due to evolving cyber threats and the dynamic nature of modern networks.

Key Points:

• Limitations of 'Trust but Verify': Initially suitable for well-defined, self-contained networks, this approach falters in today's complex environments. Verifying users or devices only once and granting perpetual trust overlooks potential changes in their status or behavior, increasing vulnerability to insider threats and compromised devices.
• Need for Continuous Verification: Emphasizes the importance of ongoing verification processes. For instance, employees might undergo background checks upon hiring, but without regular re-evaluations, any subsequent risks remain undetected.?
• Challenges in Implementation: Security teams often face resource constraints, making it challenging to maintain continuous verification. Tasks such as applying security patches, analyzing third-party assessments, and monitoring IoT devices demand significant time and effort. Without adequate resources, maintaining a robust security posture becomes difficult.
• Advocacy for Zero Trust Architecture: The authors advocate for adopting a Zero Trust model, which operates on the principle of "never trust, always verify." This approach requires continuous verification of all users and devices, regardless of their location within or outside the network perimeter, thereby enhancing security by minimizing implicit trust.

https://darkreading.com/cyberattacks-data-breaches/too-much-trust-not-enough-verify?