Cyber Briefing ~ 07/15/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
Hackers have stolen at least six months of 2022 phone records for almost all of AT&T's 95 million mobile customers, including some location data. Affected customers should be vigilant against fraud and consider upgrading security measures, as the stolen data could be used for identity theft, blackmail, and other malicious purposes.
New research finds that a Russian disinformation network called Doppelganger operates infrastructure across Europe. The group registers legal entities in 10 countries to obscure its origins and build propaganda campaigns. It provides services to cybercriminals, too. The network's core is a Russian hosting provider linked to malware groups. Some European firms unknowingly host Doppelganger's infrastructure. Despite knowing about it, researchers say authorities don't seem to be stopping the campaigns.
Researchers are struggling to find effective ways to combat misinformation and disinformation online, as tools like fact checks and media literacy are less effective than anticipated. The challenge lies in the complexity of the problem and the difficulty in defining and addressing it. The search for solutions continues, with proposals ranging from redesigning online spaces to using artificial intelligence as a monitoring tool. However, the battle against false narratives remains an uphill struggle.
The White House issued guidance requiring federal research agencies to have certain research institutions implement cybersecurity programs. This aims to address growing threats from China exploiting research. Higher ed institutions must follow new NIST guidance within a year, and other institutions must follow relevant federal cyber guidelines. Agencies have six months to update policies and ensure implementation within 18 months. They must balance security without discrimination.
The SEC's Director of the Division of Corporation Finance, Erik Gerding, has clarified the disclosure of cybersecurity incidents by reporting companies. The statement emphasizes that the mandatory disclosure of material cybersecurity incidents under Item 1.05 of Form 8-K is triggered once the incident is considered material. Voluntary disclosure of non-material incidents or incidents still under materiality assessment should be made under a different item of Form 8-K. The statement also outlines the requirements for updating disclosures and assessing materiality. Smaller reporting companies have a compliance deadline of June 15, 2024.
AT&T reported a cyber incident that impacted "nearly all" of its customers, following a delay granted by the Justice Department to disclose details over national security concerns publicly. The company provided details on the data accessed and the actions taken in response to the incident.
Utilities want to expand power generation, citing AI and data centers, but have a history of overestimating demand. While AI's potential is accurate, business models and efficiency gains could constrain energy needs. Data centers currently use little grid power - 2.5% in the US. Regulators should ensure rates don't rise due to unreliable projections. Consumers and companies want affordable, green energy. State oversight is critical to balancing costs, development and environmental goals as AI advances.
Clay County, Indiana, declared a local disaster after a ransomware attack shut down government services and prevented access to data. The county courthouse and health department closed. A neighboring county was also hit recently. These follow numerous attacks on local governments across the U.S. this year, including one in October against Dallas County, Texas, that exposed 200,000 people's data. Ransomware attacks on cities and counties continue to rise.
A pro-Russia hacking group has been targeting transportation and government websites in Europe. They have hit sites for airports, railways, public transportation, and more. Analysts say it's meant to undermine security and have a psychological impact, not necessarily cause major disruption. These groups persistently target Ukraine's allies like NATO members. The goal is to undermine support for Ukraine.
Phone surveillance app mSpy suffered a data breach in May 2024, exposing millions of customer support tickets and personal information. The breach included emails from individuals seeking help to track the phones of their partners, relatives, or children. The leaked dataset, obtained by Have I Been Pwned, highlights the global reach of mSpy's customers. The Ukrainian company Brainstack, behind mSpy, has not publicly acknowledged the breach. This is the third known data breach for mSpy since its inception.
Republican lawmakers are urging the Biden administration to conduct an intelligence community assessment of the partnership between Microsoft and Abu Dhabi AI firm G42. The assessment would focus on G42's connections to China, raising concerns about potential access to sensitive US technology. Representatives McCaul and Moolenaar expressed their concerns in a letter to National Security Advisor Jake Sullivan.
The General Services Administration (GSA) has announced a new FedRAMP pilot program called Agile Delivery, which aims to streamline the review of significant changes to the government's cloud services compliance program. The pilot will focus on adding new features to existing cloud service offerings and aims to remove the requirement for advanced approval for each change. Cloud service providers are invited to apply, and the GSA anticipates making selections by August 16. The goal of the pilot is to shift the FedRAMP process to continuous assessment rather than assessing point-in-time snapshots.
Sam Bresnick, a Research Fellow at Georgetown's Center for Security and Emerging Technology, discusses his report on China's perspectives on using artificial intelligence in warfare. He analyzes Chinese-language journal articles to understand Beijing's hopes for AI technologies and the concerns of Chinese defense officials.
The National Cyber Incident Response Plan (NCIRP) is hosting a virtual public listening session on August 1, 2024, from 1 to 2 p.m. EST. Attendees can provide feedback on the NCIRP and their experiences coordinating with the federal government on cyber incident response. Interested individuals can pre-register at the provided link and email any questions to ncirp@cisa.dhs.gov.
Over 2.3 million individuals are notified by Advance Auto Parts that their data was stolen in recent Snowflake data theft attacks. The breach occurred between April 14 and May 24, 2024, and affected job applicants and current/former employees. The stolen data includes names, Social Security numbers, driver's licenses, and government ID numbers. Advance Auto Parts offers those affected complimentary identity theft protection and credit monitoring services. The reported number of affected individuals is significantly lower than the 380 million records claimed by the threat actor responsible for the breach.
A file containing nearly 10 billion passwords, named RockYou2024, has been posted on a hacking site. Cybernews experts believe this is the most significant password leak, with passwords collected from over 4,000 databases spanning the past 20 years. The leaked passwords pose a significant risk for credential stuffing attacks, where hackers use stolen information to gain unauthorized access to other accounts. Users are urged to reset passwords, enable two-factor authentication, use password managers, be cautious of suspicious emails, and educate others on safe practices.
Indonesia is recovering encrypted data in a significant ransomware attack affecting over 160 government agencies. The attackers, known as Brain Cipher, initially demanded a ransom of $8 million but later apologized and released the decryption key for free. The attack disrupted various government services, including immigration and operations at major airports. While most of the data had not been backed up, data for 30 public services overseen by 12 ministries has been recovered using decryption. It remains unclear if the government used Brain Cipher's decryption key.
AT&T has disclosed a massive data breach in which the call and text message records of tens of millions of its cellphone customers and non-AT&T customers were exposed. The compromised data includes telephone numbers, call duration, and interaction history between May 2022 and October 2022. However, the communications' content and the messages' timing were not included. AT&T claims the data is not publicly available, but independent verification is lacking. The breach is separate from a previous incident in March that involved the release of personal information of 73 million customers.
Due to security concerns, Germany has announced plans to phase out the use of Chinese components from telecom giants Huawei and ZTE in its 5G networks. The Interior Ministry stated that components from these Chinese companies will be barred from 5G core networks by the end of 2026, and "critical management systems" will be replaced by the end of 2029. The decision comes as Germany aims to protect its critical infrastructure and reduce security risks associated with one-sided dependencies. China has called on Germany to evaluate 5G technology providers without political considerations and provide a transparent market environment for businesses from all countries. Tensions between Berlin and Beijing have been rising, with Germany seeking to reduce its economic dependency on China.
China has responded angrily to a NATO statement accusing Beijing of enabling Russia's war in Ukraine and expressing concern over China's nuclear arsenal expansion. The Chinese Foreign Ministry described NATO's statement as prejudiced, smearing, and provocative and warned the alliance to avoid meddling in Asia. The strong rebuke reflects heightened geopolitical tensions as the war in Ukraine continues and China and Russia seek an alternative to the US-led global order. NATO's criticism of China departs from its reluctance to confront Beijing openly.
The National Security Agency (NSA) has released guidance on the final pillar of the Defense Department's zero trust architecture, focusing on the maturation of automation and orchestration of security controls. The guide highlights key capabilities such as policy orchestration, critical process automation, artificial intelligence, and security operations coordination. It provides specific steps for organizations to mature their security practices from the primary stage to the advanced level. This completes the NSA's series on the seven DOD zero trust architecture pillars.
Norma Krayem, a private sector leader on cyber issues and former senior federal official, highlights the importance of focusing on congressional intent when crafting cybersecurity rules following the Supreme Court's Chevron ruling. While agencies still have room to develop cyber regulatory policies, they must avoid overreach and adhere to clear statutory authority. Krayem emphasizes the need for agencies to be clear about their existing authorities and engage with critical infrastructure operators.
Stakeholders in the communications and banking sectors emphasize the need for harmonization in CISA's incident reporting regime to avoid diverting attention from emerging cyber threats and burdening operational teams. They propose that CISA serve as a clearinghouse for incident reporting requirements to drive harmonization and ease compliance for the industry. The comment period for CISA's proposed rule closed on July 3.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to the daily Cyber Briefing email.
Subscribe to our Cyber Focus podcast.
Copyright © 2024 Auburn University's McCrary Institute. All Rights Reserved.