Cyber Briefing ~ 07/12/2024
McCrary Institute
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
~Weekly Director's Note~
Dear Readers,
In this week's episode of Cyber Focus, I had the privilege of hosting Sue Gordon , a true titan of the intelligence community. Sue's career spans roles as Principal Deputy Director of National Intelligence, Deputy Director of the National Geospatial Intelligence Agency, and various positions at the Central Intelligence Agency. Sue emphasized the need for deeper collaboration and shed light on how private companies are increasingly "making national security decisions,” sometimes without awareness. She also discussed "the supply chain problem we're not talking about,” cyber workforce shortages. She made me smile with her compelling case for designating space as critical infrastructure, where she argued that space represents both a "disproportionate advantage" and a "disproportionate target," highlighting the need to better protect space infrastructure.
Seven U.S. allies issued a rare coordinated warning about a Chinese state-sponsored hacking group known as APT40. According to Mike Cherney of The Wall Street Journal , this unusual joint advisory was led by Australia and included the U.S., UK, Canada, New Zealand, Germany, Japan, and South Korea. The warning detailed APT40's activities, which are believed to be directed by Beijing's intelligence services, with particular emphasis on the group's sophisticated tactics in targeting networks and stealing valuable data.
Relatedly, Emma Farge of Reuters reported that China far outpaces other countries in generative AI patent filings, with six times more patents than its closest rival, the United States. According to data from the World Intellectual Property Organization, China filed over 38,000 generative AI inventions between 2014-2023, compared to just 6,276 filed by the U.S. in the same period. This surge in patent filings spans a broad range of sectors, from autonomous driving to publishing and document management.
Joseph Menn of The Washington Post reports on a successful effort by the United States and several allies that took down a sophisticated Russian propaganda operation that used artificial intelligence to drive nearly a thousand covert accounts on the social network X. The dismantling of this AI-powered "bot farm" represents a notable victory for intelligence agencies, experts quoted in Menn's article warn that this case likely represents only a fraction of similar operations worldwide.
In a move to bolster national cybersecurity, the White House issued a directive for federal agencies to increase their budget requests for cyber investments for fiscal year 2026. As reported by Christian Vasquez in CyberScoop , Office of Management and Budget Director shalanda young and National Cyber Director Harry Coker Jr. instructed agency heads to align their budget proposals with the administration's national cyber strategy and implementation plan. The memo emphasizes several key areas for investment, including the transition to zero-trust architectures, addressing critical infrastructure security as outlined in a recent national security memorandum, and improving open-source software security.
As NATO leaders gathered for their summit in Washington this week, cybersecurity emerged as a critical focus area for the alliance. A comprehensive report by Mandiant (part of Google Cloud) ’s John Hultquist outlines the evolving and intensifying cyber threats facing NATO. The report details aggressive activities from state-sponsored actors, hacktivists, and cybercriminals, with a particular emphasis on espionage, disruptive attacks, and disinformation campaigns targeting NATO members. In response to these threats, Brandi Vincent of DefenseScoop reported that NATO is preparing to launch a first-of-its-kind integrated cyber defense center. This new center, to be located at NATO's military headquarters in Belgium, aims to enhance information sharing, capability development, and collective defense against cyber attacks. The center is expected to be fully operational by 2028. Also, Gintaras Radauskas with Cybernews emphasized the constant and evolving nature of cyber threats facing the alliance, highlighting the increasing boldness of adversaries and the potential for attacks on critical infrastructure.
The recent Supreme Court decision overturning the long-standing Chevron doctrine is expected to subject cybersecurity regulations to increased judicial scrutiny, according to an analysis by Venable LLP attorneys Harley Geiger , Len Gordon , and Michael Munoz . This shift poses challenges for agencies like the Federal Trade Commission and critical infrastructure regulators, potentially limiting their ability to adapt quickly to evolving cyber threats. The decision may lead to more narrowly scoped regulations, increased vulnerability of existing rules to legal challenges, and a greater burden on Congress to provide clear statutory backing for cybersecurity measures.
Finally, NATO is backing an initiative to safeguard internet connectivity in the event of subsea cable disruptions. As reported by Katrina Manson for Bloomberg , NATO is supporting a $2.5 million project aimed at developing a system that will reroute internet traffic from subsea cables to satellite systems in the event of sabotage or natural disasters. As a frequent advocate for designating Space as a Critical Infrastructure sector, this initiative is a reminder of the crucial role space-based systems play in our national and global security.
Until next week, stay vigilant.
War Eagle,
The Biden administration directs federal agencies to increase budget requests for cybersecurity investments in the upcoming fiscal year. This aligns with the administration's national cyber strategy and push for agencies to implement zero-trust architectures by the end of fiscal 2026. The memo also calls for agencies to reflect critical infrastructure security priorities, open-source software security, and cyber workforce development in their budget submissions. The White House aims to strengthen the government's cyber defenses through increased and targeted funding.
NATO allies have pledged to establish an integrated cyber defense center in Belgium and develop a new strategy to secure NATO networks. The NATO Integrated Cyber Defense Center will enhance network protection, situational awareness, and the implementation of cyberspace as an operational domain. The center will bring civilian and military personnel together, leveraging advanced technologies to increase situational awareness and collective resilience in cyberspace. Additionally, member nations will strengthen the protection of critical undersea infrastructure and enhance political dialogue and practical cooperation with the Western Balkans to counter cyber threats. The alliance also expresses concern over China's support of Russia's war effort and its challenge to NATO's interests, security, and values.
The U.S. and several allies said they had seized control of a sophisticated Russian propaganda mill that used artificial intelligence to drive nearly a thousand covert accounts on the social network X. The takedown is unusual as Western intelligence agencies traced it to a Russian FSB intelligence officer and a former senior editor at state-controlled RT, formerly Russia Today. The agencies provided detailed information about the inner workings of the botnet, including software programs used to manage the network, to help other investigators and companies know what to look for, as AI's large language models have helped Russian propagandists scale their operation and avoid detection. While this operation has been disrupted, many other similar systems are already in place, and they will likely continue to adapt and evolve as new detection methods emerge.
The Australian Signals Directorate has issued a technical advisory warning about the threat posed by the APT40 hacking group, which it says conducts "malicious cyber operations" for an arm of China's Ministry of State Security based in Hainan province. The agency says APT40 is actively targeting Australian networks and government and private sector entities in the region, looking to exploit vulnerabilities and gain unauthorized access. This attribution of the threat actor to China comes amid growing concerns over state-sponsored cyberattacks targeting critical infrastructure in Australia.
NATO is set to unveil plans for a new integrated cyber defense center at its military headquarters in Mons, Belgium. The center will facilitate information-sharing, capability development, and defense against cyber attacks among allies, aiming to enhance the alliance's overall cyber resilience and deterrence. The new hub will physically co-locate personnel from across NATO's members to provide the Supreme Allied Commander Europe with continuous visibility into existing and emerging cyber threats that could impact military operations. Funding for the center will come from the allies' common budget and voluntary national contributions to have it fully operational by or before 2028.
The Pentagon's top personnel official says the United States Department of Defense is struggling to retain cybersecurity talent despite having success in recruiting. To address this challenge, the department must leverage its authorities to offer competitive pay and training opportunities and improve messaging to attract early career talent. The official also emphasized recognizing skills beyond traditional degree requirements to expand the hiring pool.
The Office of the National Cyber Director, The White House and the Office of Management and Budget have issued a joint memorandum outlining their fiscal 2026 cyber budget priorities for agencies. The priorities are organized by the five pillars of President Biden's national cyber strategy, which include defending critical infrastructure, disrupting threat actors, and building international partnerships.
@Alan Brian Long Jr. and Maj. Alexander Pytlar disagrees with some academics, military leaders and politicians who believe establishing a U.S. Cyber Force will address challenges faced by DOD cyberspace operations. They argue that cyberspace operations are integrated within services to support domain-specific platforms, so a separate Cyber Force would have to re-integrate, which the current model does efficiently. Also, new authorities allow Cybercom to improve budget/training control to address readiness issues without disrupting ongoing critical cyberspace missions, so staying the course is more prudent than a disruptive new service.
The National Security Agency has released its final Cybersecurity Information Sheet, focusing on the Automation and Orchestration pillar of the Department of Defense's Zero Trust framework. The report recommends automating routine tasks, employing advanced algorithms and analytics, and coordinating security operations to enhance threat detection and response. This release concludes the series of CSIs addressing the seven pillars of the ZT framework, offering comprehensive security guidance for implementing ZT and maturing cybersecurity protections.
The Federal Bureau of Investigation (FBI) , alongside international partners, has dismantled a Russian-backed disinformation campaign that utilized AI-powered bots to spread pro-Kremlin narratives on social media, including undermining support for Ukraine. A deputy editor allegedly launched the operation at a Russian state media outlet, highlighting ongoing efforts to combat foreign influence operations.
Threat actors have been exploiting a zero-day vulnerability (CVE-2024-38112) patched by Microsoft in July for at least 18 months. The flaw affects the MSHTML (Trident) engine used by Internet Explorer and can also impact newer Windows 10 and Windows 11 systems. The vulnerability allows attackers to send victims specially crafted Internet Shortcut files, which, when clicked, open an attacker-controlled URL using Internet Explorer. At least two threat actors have been observed exploiting this flaw in targeted info stealer campaigns, with one campaign aiming to drop the Atlantida information stealer. Organizations are urged to apply Microsoft's mitigations for the vulnerability.
A recent data breach at Evolve Bank & Trust affected over 7.64 million individuals, with unauthorized access and downloading of customer information by the LockBit ransomware group. While there is no evidence of customer funds being accessed, personal data, including names, Social Security numbers, bank account numbers, and contact information, may have been compromised. Evolve has implemented enhanced security measures and has been offering free access to identity theft protection services for two years.
Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation (FBI) have issued an advisory urging software vendors to eliminate operating system command injection vulnerabilities from their products. Several threat groups have exploited these vulnerabilities in widely used network devices, highlighting the need for secure-by-design practices. The agencies recommend that technology manufacturers analyze past instances of these vulnerabilities and develop plans to eliminate them in the future. CISA also encourages software manufacturers to sign the secure-by-design pledge. Despite CISA's efforts to promote secure practices, the persistence of unsafe software development practices remains challenging.
Recommended by LinkedIn
CEOs can no longer overlook cybersecurity plans as the risk of breaches and the impact on businesses have increased. CEOs are now responsible for integrating cybersecurity into the overall business strategy, aligning it with business goals, and overseeing the development of risk mitigation strategies and incident response plans. They should actively engage in cybersecurity, activating incident response plans, making decisions, and communicating with key stakeholders. CEOs should ask probing questions about the company's cybersecurity coverage and confidence level. Failure to prioritize cybersecurity can lead to severe consequences, including firings, forced resignations, shareholder lawsuits, and charges from regulatory bodies like the SEC.
In a major shift, NATO has accused China of becoming "a decisive enabler of Russia's war against Ukraine" by providing critical military support and technology to rebuild Russia's defense industry. This declaration, approved by the 32 NATO leaders, marks the first time the alliance directly calls out China's role in the ongoing conflict. The statement warns that China's continued support will negatively impact its global interests and reputation, raising the prospect of potential economic sanctions. This represents a significant escalation in NATO's stance towards China and its involvement in the Ukraine war.
The upcoming NATO summit in Washington, D.C., is a prime target for foreign adversaries looking to conduct cyber espionage and disinformation campaigns. Security experts warn of a spike in attempted cyberattacks against summit delegates and supporting staff, as well as efforts to sway public perception through the spread of false narratives. Russia, in particular, is seen as a major threat, given its longstanding hostility towards NATO and the alliance's support for Ukraine. Cybersecurity will be critical as the 32 member states and other key allies gather to celebrate NATO's 75th anniversary.
The Chinese government's cybersecurity agency has been accused of misrepresenting research from Western security firms to deny allegations that a Beijing-backed hacking group, Volt Typhoon, is targeting critical infrastructure in the West. Cybersecurity companies have pushed back, stating that the CVERC report distorts their findings to support a false narrative. This appears to be an attempt by China to manipulate public perceptions of its cyber threats.
The Australian government has directed all government entities to assess their technology assets and identify any that foreign states may control or manipulate. This move responds to increasing cyber threats from hostile states and financially motivated actors. The instructions require government entities to identify Foreign Ownership, Control, or Influence risks associated with their technology, including hardware, software, and information systems. They must also conduct a stocktake of internet-facing systems and services and develop security risk management plans. The aim is to enhance visibility and cybersecurity across the government's technology estate.
OpenAI is collaborating with Los Alamos National Laboratory to study the benefits and risks of using generative AI in a laboratory setting. The initial experiment involves using AI to assist individuals without molecular biology expertise in performing basic biomedical tasks, such as helping genetically engineered bacteria produce insulin. The partnership aims to understand how AI can contribute to scientific progress while identifying and mitigating potential risks. This research expands on previous experiments conducted by OpenAI, focusing on combining text, vision, and voice data in real-world laboratory work.
The director of the Pentagon's Zero Trust Portfolio Management Office anticipates a forthcoming "directive type" memo that will grant his office more authority to enforce zero-trust cybersecurity deadlines across the Defense Department. The memo aims to codify the office's role and give it the power to "command and control" zero-trust implementation within DoD.
Following a request for information last year, the U.S. Department of Transportation awarded over $7.2 million in contracts to companies developing alternative positioning, navigation, and timing technologies to complement and secure GPS services. The investments aim to improve the reliability of critical PNT infrastructure.
The U.S. Department of Justice seized domains and social media accounts used by Russian actors to spread disinformation in the US, Canada, and Europe. The bot farm utilized AI-enhanced software to create convincing false personas and automate the dissemination of pro-Russian narratives.
This paper examines the Intellexa Consortium, a complex web of holding companies and vendors for spyware and related services, which has faced recent sanctions by the US government. The paper argues that policymakers must approach the spyware market as a whole, a large and interlinked system, rather than constraining their focus on individual vendors. It provides a case study of the Intellexa Consortium to demonstrate the need for greater transparency and increased attention on the individuals and investors that facilitate the proliferation of spyware.
Microsoft is being criticized for notifying customers about a Russian government hacking incident. Experts say the emails look like spam or phishing attempts. The emails include a "secure link" that does not appear connected to Microsoft, leading some recipients to believe the messages are malicious.
Google is making its dark web monitoring service free to all users in eligible countries via the Results About You dashboard. Previously, this feature was only available to paid Google One subscribers. Users can manually add details to their monitoring profile for more accurate results and delete or restart it as needed. Staying alert to data breaches and leaks is crucial for online safety, and using strong passwords, two-factor authentication, password managers, and up-to-date antivirus software can help.
A group of state election officials is urging the U.S. Cybersecurity and Infrastructure Security Agency to revise a draft rule that would require election offices to disclose suspected cyberattacks to the federal government. They cite the mandate as too burdensome on overworked local officials.
This article examines the use of the online platform Discord by military members and veterans, as well as its exploitation by extremist groups. It highlights high-profile cases of classified information leaks and the platform's efforts to combat hate and violent extremism while acknowledging that pockets of extremism remain despite the company's moderation efforts.
This article provides guidance for federal agencies and private organizations to navigate the complex web of cybersecurity regulations and achieve network compliance. Key strategies include focusing on vulnerability management, adopting multifunctional technologies, implementing efficient evidence collection, and prioritizing staff retention and collaboration.
The Edison Electric Institute urges the Cybersecurity and Infrastructure Security Agency (CISA) to harmonize its proposed incident reporting rule with existing electric sector cyber regulations. EEI argues that harmonization is vital to ensure agencies receive the most helpful information and overlapping reporting requirements do not overburden covered entities. Additionally, EEI emphasizes that CISA's forthcoming cybersecurity information reporting requirements must not weaken the ability of EEI member companies to participate in voluntary public-private collaboration efforts, as these partnerships are integral to the cyber defense posture of the electric sector. EEI calls on CISA to carefully consider its proposal's impacts on these voluntary programs when developing the final rule.
The Edison Electric Institute urges CISA to harmonize its proposed incident reporting rule with existing cyber regulations governing the electric sector and ensure that the final rule does not negatively impact voluntary partnerships.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to the daily Cyber Briefing email.
Subscribe to our Cyber Focus podcast.
Copyright © 2024 Auburn University's McCrary Institute. All Rights Reserved.