Cyber Briefing ~ 02/08/2024

U.S. and International Partners Publish Cybersecurity Advisory on People’s Republic of China State-Sponsored Hacking of U.S. Critical Infrastructure

A joint cybersecurity advisory has been published by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), warning of malicious activity by a People’s Republic of China (PRC) state-sponsored cyber actor known as Volt Typhoon. The advisory provides details on the PRC's efforts to conceal hacking activity, guidance for potential victims, and encourages reporting of any suspected incidents. (CISA.GOV)

Microsoft: Iran Is Refining Its Cyber Operations

According to researchers at Microsoft, Iranian cyber operations targeting Israel and its adversaries are becoming more focused, refined, and bold. They have observed increased collaboration among Iranian-linked groups, which could pose a challenge to defending against attacks on American critical infrastructure and the 2024 elections. Iranian operations can range from reactive and misleading to destructive and coordinated, targeting countries and entities perceived as aiding Israel. The use of artificial intelligence and the involvement of contractors in Iran further complicate the threat landscape. (CYBERSCOOP.COM)

CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force

CISA has renewed the Information and Communications Technology Supply Chain Risk Management Task Force for two more years to address global ICT supply chain risks through collaborative work on issues like artificial intelligence and by developing tools for small-and medium-sized businesses. (CISA.GOV)

How Neurodiversity Can Help Fill the Cybersecurity Workforce Shortage

The shortage of cybersecurity professionals can be mitigated by recruiting individuals with neurodiverse conditions such as ADHD, autism, and dyslexia. Neurodiverse individuals bring unique perspectives and skills that can contribute to problem-solving and innovation in cybersecurity. Emphasizing performance over communication, providing flexible work opportunities, and fostering clear guidelines and teamwork are key to successfully integrating neurodivergent talent into the workforce. By tapping into this pool of talent, the cybersecurity industry can address the growing demand for skilled professionals and benefit from diverse perspectives and innovative thinking. (DARKREADING.COM)

Cyber Focus Podcast - Episode 2: Covering the Cybersecurity Beat with CNN's Sean Lyngaas

In this Cyber Focus podcast, McCrary Institute Director Frank Cilluffo sits down with CNN cybersecurity reporter Sean Lyngaas to discuss the intricacies of covering the dynamic field of cybersecurity. Lyngaas provides insights into tracking advanced persistent threats from actors like North Korea and Iran, and the careful balance between technical precision and readability for broad audiences. He also reflects on how context surrounding geopolitics and critical infrastructure are important to fully understanding modern cyber threats. (BIT.LY)

CISA and EPA Collaborate on Water and Wastewater Sector Cyber Resources

CISA and EPA hosted a CISA Live event to highlight the critical importance of water sector cybersecurity. They released the Water and Wastewater Sector Cybersecurity Toolkit, which provides practical safeguards and solutions to enhance the sector's resilience against evolving cybersecurity challenges. The toolkit includes a Cybersecurity Incident Response Guide and offers free cybersecurity assessment services, vulnerability scanning assessment services, technical assistance support, and more. CISA and EPA will update the toolkit periodically to meet the sector's evolving needs. (CISA.GOV)

White House Ramping Up Efforts to Combat Deepfakes

The White House is intensifying its efforts to combat deepfakes and manipulated media. Deputy National Security Advisor Anne Neuberger stated that the White House is exploring the use of watermarking to better identify and disclose computer-generated images. Neuberger urged companies to invest in technology to detect deepfakes and called for responsible companies to use tools that inform consumers about AI-generated content. The White House is also looking to Congress to develop new laws to address the challenges posed by manipulated media. (CYBERSCOOP.COM)

WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps

WhatsApp is working on enabling interoperability with other messaging apps to comply with new EU rules. The plan is to allow people to message across different apps while maintaining end-to-end encryption. Initially, interoperability will focus on text messaging and media sharing, with calls and group chats to come later. Users will have the option to opt-in to receive messages from other apps in a separate inbox, ensuring privacy and security standards are preserved. However, challenges such as spam, scams, and different privacy standards across apps remain. The full details of the plan will be published in March. (WIRED.COM)

Zuckerberg’s Secret Weapon for AI Is Your Facebook Data

Mark Zuckerberg plans to use data from Facebook and Instagram to develop powerful artificial intelligence (AI). Meta, the parent company of Facebook, has an extensive amount of data, greater than the Common Crawl dataset often used to train AI models. The abundance of user-generated content, particularly comment threads, could be valuable for training conversational agents. However, using this data raises concerns about privacy infringement, ethical questions, compliance with data protection laws, and the presence of bias and toxicity in the data. Zuckerberg's ambition to build "general intelligence" comes with potential risks and challenges for users' privacy and content moderation. (BLOOMBERG.COM)

Finance Worker Pays Out $25 Million After Video Call with Deepfake 'Chief Financial Officer'

A finance worker at a multinational firm in Hong Kong was deceived into paying out $25 million to fraudsters using deepfake technology. The worker attended a video conference call where all the participants, including what he believed to be the company's chief financial officer, were deepfake recreations. The scam involved the worker receiving a message from the purported CFO, discussing the need for a secret transaction. Despite initial suspicions, the worker was convinced by the realistic appearance and voices of the participants. Hong Kong police have made six arrests in connection with similar deepfake scams. The incident highlights the concern over the sophistication of deepfake technology and its potential for nefarious uses. (CNN.COM)

Enriching Threat Intelligence with Mappings

The Center for Threat-Informed Defense (Center) is working on mappings projects to make cyber threat intelligence (CTI) more actionable. These projects link adversary behaviors in MITRE ATT&CK® to publicly documented security controls, providing defenders with guidance on which native security capabilities to use. For example, NIST 800–53 Control Mappings and Security Stack Mappings for cloud platforms like Google Cloud Platform (GCP) and Amazon Web Services (AWS) help defenders understand which security controls are effective against specific techniques. The Center is expanding these mappings and developing tools like Mappings Explorer to make them easier to use. (MEDIUM.COM)

Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities

Google has granted $1 million to the Rust Foundation to enhance the interoperability between Rust and C++ code. Google has adopted Rust due to its memory safety benefits, which have helped prevent hundreds of vulnerabilities in the Android ecosystem. The support from Google has enabled the Rust Foundation to launch an Interop initiative aimed at improving interoperability and accelerating the adoption of Rust. Google also plans to aggregate and publish audits for Rust crates used in open source Google projects. (SECURITYWEEK.COM)

Verizon Employee Data Exposed in Insider Threat Incident

Around 63,000 Verizon employees have been affected by a breach caused by an insider threat, resulting in the inadvertent disclosure of personal information. The exposed data includes names, addresses, Social Security numbers, and compensation information. Verizon is reviewing its technical controls to prevent future incidents and there is currently no evidence of misuse or external sharing of the information. This incident highlights the need for a cultural shift in access management and a modernized approach to security tools. This is Verizon's second data breach incident in less than a year. (DARKREADING.COM)

As Smart Cities Expand, So Do the Threats

The rapid growth of smart cities brings new cybersecurity challenges. The interconnected systems and devices within smart city ecosystems are vulnerable to attacks, with emergency alerts, street video surveillance, and smart traffic lights being the most vulnerable. The convergence, interoperability, and integration of these systems further increase the attack surface and potential impacts. The lack of built-in security features and the difficulty of securing diverse devices pose significant challenges. Improving cybersecurity posture and providing basic cyber hygiene training for city personnel is crucial to mitigate risks. (DARKREADING.COM)

Las Vegas Gears Up for Super Bowl Cyber Challenge

Las Vegas is preparing for heightened hacker threats during the Super Bowl event, with concerns about cyberattacks stemming from geopolitical tensions and previous incidents at casino and hotel operators. Preparations include scenario testing, training, and joint cybersecurity exercises involving government agencies, local authorities, and companies. The city's status as a leading smart city and the use of AI tools for cybersecurity also present additional challenges. Cybersecurity, physical security, and information technology teams must collaborate to ensure system availability during the event. (WSJ.COM)

Millions of Hacked Toothbrushes Used in Swiss Cyber Attack, Report Says

Hackers utilized approximately 3 million internet-connected toothbrushes to carry out a distributed denial of service (DDoS) attack against a Swiss company. The attack, which overloaded the company's website, resulted in millions of euros in damages. Cybersecurity firm Fortinet warned about the risks associated with smart devices, emphasizing the need for protective measures. Some researchers have raised doubts about the report, questioning the feasibility of compromising such a large number of toothbrushes. The incident highlights the growing security concerns surrounding internet-connected devices. (CO.UK)

Ransomware Gangs Make a Comeback, Raking in $1.1B in Payments

Ransomware gangs experienced a significant resurgence in 2023, with victims paying a record $1.1 billion in ransom following a decline in attacks in 2022. Cybercriminals targeted a range of organizations, including hospitals, schools, and major corporations, with payments to assailants doubling compared to the previous year. The rise in "big game hunting" attacks targeted wealthier entities and resulted in a greater number of ransom payments exceeding $1 million. Factors contributing to the decline in payments in 2022 included geopolitical events and law enforcement actions. The growth of new ransomware variants and an increase in the number of attackers indicate a continued rise in attacks in 2024. (THEGUARDIAN.COM)

Clorox Incurs $49M in Costs from 2023 Cyberattack

Clorox has reported $49 million in costs associated with a cyberattack that occurred in August 2023. The breach led to system disruptions, order processing delays, and significant product outages, impacting the company's net sales and earnings. Clorox expects to incur ongoing costs related to the cyberattack in future periods. The incident underscores the rising costs of cybersecurity breaches and the regulatory risks faced by businesses in the aftermath of such incidents. (CFODIVE.COM)

Data Breach Class Actions Are on the Rise, Report Finds

A report by Duane Morris reveals that data breach class actions have seen a significant increase in scale, with copycat and follow-on lawsuits being filed across multiple jurisdictions. In 2023, class actions and government enforcement lawsuits resulted in settlements exceeding $50 billion. The report also highlights the potential impact of generative AI on the plaintiffs' class action bar, enabling them to file suits more efficiently. Companies faced substantial costs in responding to data breach class actions, and courts grappled with issues of standing and uninjured class members. Generative AI is expected to play a transformative role in class action litigation. (LEGALDIVE.COM)

Google Calls on US to Do More to Rein in Spyware Sales, Misuse

Google's Threat Analysis Group (TAG) has released a report urging the government to take stronger action against the sales and misuse of spyware. The report highlights the documented harm caused by spyware targeting journalists, human rights defenders, and dissidents. Google specifically calls out commercial surveillance vendors (CSVs) like NSO Group, Cy4Gate, RCS Labs, Intellexa, Negg Group, and Variston. The company emphasizes the need for collaboration between government, industry, and civil society to change the incentive structure that allows these technologies to proliferate. (THEHILL.COM)

Company Worker in Hong Kong Pays Out £20M in Deepfake Video Call Scam

Hong Kong police are investigating a case where an employee claims she was tricked into transferring HK$200m (£20m) of her company's money to fraudsters in a deepfake video conference call. The employee received video conference calls from individuals posing as senior officers of the company, who instructed her to transfer money to designated bank accounts. The case highlights the use of artificial intelligence (AI) in perpetrating fraud, with the fraudster likely using pre-downloaded videos and AI-generated fake voices during the conference call. The incident underscores the need for vigilance in online meetings, even with many participants. (THEGUARDIAN.COM)

How Security Experts Unravel Ransomware

Security professionals are collaborating with law enforcement to develop free decryption tools to help victims of ransomware attacks. These tools are created through reverse engineering, working with law enforcement, and obtaining publicly available encryption keys. By understanding the encryption process and deducing the encryption key, researchers can create tools to decrypt files. Inexperienced hackers who make mistakes in their encryption methods can also provide clues for decryption. Additionally, hackers sometimes publicly release their encryption keys, which can be used to create decryption tools. The best defense against ransomware is to regularly backup data to avoid paying ransoms. (ENGADGET.COM)

Report: Mac Security Threats on the Rise, Here's What to Watch Out For

According to Malwarebytes' latest report, ransomware continues to be the most significant cyberthreat, with a surge in attacks in 2023. Additionally, Mac malware is increasing, and businesses need to be prepared for cyber threats beyond just malware. The report also highlights the need for a new threat prevention playbook and the shift from macros to malvertising. Mac users should be aware of the evolving threat of MacStealer malware. (9TO5MAC.COM)

Cyberattack on a Chicago Children's Hospital Shuts Down Systems for a Week

Lurie Children's Hospital in Chicago has experienced a week-long outage of its computer systems following a cybersecurity incident. While the hospital remains operational, the outage has caused difficulties in scheduling, accessing medical records, and prescription history. The hospital has not provided specific details about the incident or whether a ransom has been demanded. Investigations are ongoing, and the hospital is working with law enforcement agencies to resolve the matter. (CNN.COM)

Dutch Intelligence Blames Chinese State for Cyber Espionage in the Netherlands

A Dutch intelligence report alleges that China's Ministry of State Security was actively hacking government, private sector and academic targets in the Netherlands from 2012 to 2018. The report says China was interested in political, economic and military information. (BLOOMBERG.COM)

Subscribe to our LinkedIn Cyber Briefing.

Subscribe to our Cyber Focus podcast.

Copyright © 2024 Auburn University's McCrary Institute. All Rights Reserved.

Follow the McCrary Institute on: LinkedIn, Twitter, Threads, Instagram, Facebook, and YouTube.