Pete Recommends – Weekly highlights on cyber security issues, August 31, 2024

Subject: Fraud tactics and the growing prevalence of AI scams
Source: Help Net Security
https://www.helpnetsecurity.com/2024/08/23/fraud-tactics-ai-scams/

In the first six months of 2024, Hiya flagged nearly 20 billion calls as suspected spam – more than 107 million spam calls everyday. The data showed spam flag rates of more than 20% of unknown calls (calls coming from outside of someone’s address book) in 25 out of the 42 countries – with some spam flag rates above 50%.The first half of 2024 also saw an increase in AI deepfake scams, which use AI-generated voice-cloning technology to impersonate people and/or organizations. Ahead of the primary election in January, voters in New Hampshire received robocalls impersonating Joe Biden using an AI-generated voice.

As AI tools become more powerful and accessible, researchers anticipate that voice-cloning impersonation scam tactics will continue to be on the rise in 2024 and beyond.

Tagged:

Subject: US sues Georgia Tech alleging litany of security failings
Source: The Register
https://www.theregister.com/2024/08/23/us_georgia_tech_lawsuit/

The US is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees.

Georgia Institute of Technology (GIT), commonly referred to as Georgia Tech, and its contracting entity, Georgia Tech Research Corporation (GTRC), are being investigated following whistleblower reports from insiders Christopher Craig and Kyle Koza about alleged failures to protect controlled unclassified information (CUI).

The series of allegations date back to 2019 and continued for years after, although Koza was said to have identified the issues as early as 2018.

Among the allegations is the suggestion that between May 2019 and February 2020, Georgia Tech’s Astrolavos Lab – ironically a group that focuses on cybersecurity issues affecting national security – failed to develop and implement a cybersecurity plan that complied with DoD standards (NIST 800-171).

To summarize, the issue centers around the claim that the assessment was carried out on a “fictitious” environment, so on that basis the score wasn’t given to a system related to the DoD contract, the US alleges. The claims are being made under the False Claims Act (FCA), which is being utilized by the Civil Cyber-Fraud Initiative (CCFI), which was introduced in 2021 to punish entities that knowingly risk the safety of United States IT systems.

“Because the allegations suggest Georgia Tech falsely certified it was compliant with DoD contractual and regulatory requirements, they present a textbook case of potential FCA liability predicated on alleged non‐compliance with NIST standards,” states an assessment of the case from legal experts at O’Melveny.

More about

Subject: CrowdStrike Exposes North Korea’s Covert Workforce In U.S. Tech
Source: VentureBeat
https://venturebeat.com/security/crowdstrike-2024-report-exposes-north-koreas-covert-workforce-in-u-s-tech-firms/

North Korean nation-state attackers were successfully posing as job applicants and have placed more than 100 of their covert team members in primarily U.S.-based aerospace, defense, retail and technology companies. CrowdStrike’s 2024 Threat Hunting Report exposes how North Korea-Nexus adversary FAMOUS CHOLLIMA is leveraging falsified and stolen identity documents, enabling malicious nation-state attackers to gain employment as remote I.T. personnel, exfiltrate data and perform espionage undetected.

Affiliated with North Korea’s elite Reconnaissance General Bureau (RGB) and Bureau 75, two of North Korea’s advanced cyberwarfare organizations, FAMOUS CHOLLIMA‘s specialty is perpetuating insider threats at scale, illicitly obtaining freelance or full-time equivalent (FTE) jobs to earn a salary funneled to North Korea to pay for their weapons programs, while also performing ongoing espionage.

“The most alarming aspect of the campaign from FAMOUS CHOLLIMA is the massive scale of this insider threat. CrowdStrike notified over a hundred victims, primarily from U.S. companies who unknowingly hired North Korean operatives,” Adam Meyers, head of counter adversary operations at CrowdStrike, told VentureBeat.

“These individuals infiltrate organizations, particularly in the tech sector, not to contribute but to funnel stolen funds directly into the regime’s weapons program,” Meyers said.

FBI, DOJ took swift action yet large-scale insider threats continue – On May 16 of this year, the Federal Bureau of Investigation (FBI) issued an alert warning American businesses that” North Korea is evading U.S. and U.N. sanctions by targeting private companies to illicitly generate substantial revenue for the regime.” The Department of Justice (DoJ) took swift action against laptop farms FAMOUS CHOLLIMA had created through incentives to two Americans recently.

Filed: https://venturebeat.com/category/security/

Subject: Microsoft to overhaul Windows security after outage hits hospitals
Source: Becker’s Health IT
https://www.beckershospitalreview.com/cybersecurity/microsoft-to-overhaul-windows-security-after-outage-hits-hospitals.html

Microsoft plans to improve the security of Windows after a faulty update sent to the operating system caused a global IT outage that affected hospitals and health systems.The tech giant scheduled a summit for Sept. 10 at its Washington headquarters with CrowdStrike, the cybersecurity company that delivered the bad update, and other security partners, inviting government representatives as well.

“Our objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers,” Microsoft wrote in an Aug. 23 blog post. “Our discussions will focus on improving security and safe deployment practices, designing systems for resiliency and working together as a thriving community of partners to best serve customers now, and in the future.”

Subject: Remote Work: A Ticking Time Bomb Waiting to be Exploited
Source: Bleeping Computer
https://www.bleepingcomputer.com/news/security/remote-work-a-ticking-time-bomb-waiting-to-be-exploited/

Remote work allows unvetted software outside the security boundaries of your firewall and poses additional risk as users are more likely to fall for tricks and scams when outside the office.On top of network security concerns, users working on home PCs can install any software on it, introducing shadow IT and other unknown security holes, putting corporate data at risk.

Challenges of a Hybrid Work Environment – The risk of shadow IT is not limited to the employee alone. If they work from home, they run the risk of a friend or relative using their work device for personal reasons, whether it be for entertainment, education, or productivity.

This security hole also arises with traditional home networking equipment that is easy to use right out of the box. Unfortunately, most home users never change the default security settings of these devices, making them an easy target for criminals.

Additionally, remote employees may use public Wi-Fi, making them susceptible to man-in-the-middle or evil twin attacks.

These attacks could enable a bad actor to intercept and access valuable business data. They can steal login credentials and use those to access even more of an enterprise’s resources.

The Basics to Mitigating Cyber Risks Associated with Hybrid Workers. Although the challenges posed by a hybrid work structure can seem intimidating, there are steps an enterprise can take to mitigate these associated risks.

Since the security of the networks in which a company’s endpoints connects to is no longer under your organization’s control, the emphasis must shift to controlling and securing the devices directly:

Filed: https://www.bleepingcomputer.com/news/security/

Subject: Audit finds notable security gaps in FBI’s storage media management
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/audit-finds-notable-security-gaps-in-fbis-storage-media-management/

An audit from the Department of Justice’s Office of the Inspector General (OIG) identified “significant weaknesses” in FBI’s inventory management and disposal of electronic storage media containing sensitive and classified information. The report highlights multiple issues with policies and procedures or controls for tracking storage media extracted from devices, and significant physical security gaps in the media destruction process. The FBI has acknowledged these issues and is in the process of implementing corrective actions based on the recommendations from OIG.
OIG’s findings…Recommendations and FBI’s response…
FBI acknowledged the audit’s findings and stated it is in the process of developing a new directive titled “Physical Control and Destruction of Classified and Sensitive Electronic Devices and Material Policy Directive.
“This new policy is expected to address the problems identified in the storage media tracking and classification markings….

Subject: When A.I.’s Output Is a Threat to A.I. Itself
Source: New York Times – NB no paywall: https://archive.ph/KWZXI
https://www.bespacific.com/when-a-i-s-output-is-a-threat-to-a-i-itself/ [from the GOGI dept … ]

The New York Times: “As A.I.-generated data becomes harder to detect, it’s increasingly likely to be ingested by future A.I., leading to worse results. The internet is becoming awash in words and images generated by artificial intelligence. Sam Altman, OpenAI’s chief executive, wrote in February that the company generated about 100 billion words per day — a million novels’ worth of text, every day, an unknown share of which finds its way onto the internet. A.I.-generated text may show up as a restaurant review, a dating profile or a social media post. And it may show up as a news article, too: NewsGuard, a group that tracks online misinformation, recently identified over a thousand websites that churn out error-prone A.I.-generated news articles….
Subject: Safeguarding Subsea Cables Protecting Cyber Infrastructure amid Great Power Competition
Source: Center for Strategic & International Studies
https://www.bespacific.com/safeguarding-subsea-cables-protecting-cyber-infrastructure-amid-great-power-competition/

“The length in kilometers — 750,000 miles — of the world’s undersea fiber-optic cables. These cables, which carry more than 95% of international data globally, are highly vulnerable to accidental disruption such as from ships’ anchors or natural disasters like earthquakes, a new report from the Washington-based Center for Strategic and International Studies warned. The cables also represent what CSIS called “an easy target for saboteurs  [11-page PDF]…

Subject: Employee arrested for locking Windows admins out of 254 servers in extortion plot
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/employee-arrested-for-locking-windows-admins-out-of-254-servers-in-extortion-plot/

A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer.According to court documents, company employees received a ransom email titled “Your Network Has Been Penetrated” on November 25, around 4:44 PM EST. The email claimed that all IT administrators had been locked out of their accounts and server backups had been deleted to make data recovery impossible.

Additionally, the message threatened to shut down 40 random servers on the company’s network daily over the next ten days unless a ransom of €700,000 (in the form of 20 Bitcoin) was paid—at the time, 20 BTC were worth $750,000.

The investigation coordinated by FBI Special Agent James E. Dennehy in Newark uncovered that 57-year-old Daniel Rhyne from Kansas City, Missouri, who was working as a core infrastructure engineer for the New Jersey industrial company, had remotely accessed the company’s computer systems without authorization using a company administrator account between November 9 and November 25.

Filed: https://www.bleepingcomputer.com/news/security/

Subject: Wyze’s new AI feature lets users search security cam footage
Source: GeekWire
https://www.geekwire.com/2024/new-ai-feature-from-wyze-lets-users-search-across-video-footage-from-security-cams/

Wyze Labs is rolling out a new feature that uses artificial intelligence to let users search via text for specific moments in their security-camera videos.The Kirkland, Wash.-based company is releasing the AI video search feature Wednesday for customers on its $9.99/month Cam Unlimited plan.

Wyze CEO Yun Zhang said in a news release that users will be surprised by the granular details they can search for, such as trash cans or garden tools, attributes such as colors and shapes, or specific queries such as “show me a delivery man with red roses,” or “show me my cat in the backyard.”

One of Wyze’s biggest competitors, Amazon’s Ring business, has been working on a yet-to-be-released AI-powered video search feature of its own, Ring CEO Liz Hamren told GeekWire in an interview published earlier this year. Amazon often introduces new features at an annual fall product unveiling.


Filed Under: Tech

Tagged With: AIWyzeYun Zhang

Subject: Recent AI summaries in beSpacific
Source: beSpacific
https://www.bespacific.com/category/ai/

A real time update to this topic:

Subject: How safe is Telegram?
Source: Proton VPN Blog
https://www.bespacific.com/how-safe-is-telegram/

Proton VPN Blog: “News that Telegram (new window) founder and CEO Pavel Durov has been arrested (new window) and charged on a wide range of charges(new window), including fraud, drug trafficking, organized crime, and the promotion of terrorism, has thrown a spotlight on the unmoderated nature of the controversial messaging platform. But is Telegram safe to use? As we’ll discuss in this article, that very much depends on how you use it. Telegram is an open source, cloud-based messaging app that allows you to send text messages, voice messages, photos, videos, and files of various types. It was launched in 2013 by brothers Pavel and Nikolai Durov, who also founded the Russian social networking site VK(new window) (from its original name, VKontakte). Boasting over 500 million users, …NB: The legal status and charging of Pavel Durov is still in-flux.

Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.

Subject: HHS appeals ruling on hospital website tracking
Source: Becher’s Health IT
https://www.beckershospitalreview.com/cybersecurity/hhs-appeals-ruling-on-hospital-website-tracking.html

HHS has appealed a court ruling that disallowed the agency from prohibiting hospital websites’ use of consumer-tracking technology. Attorneys with the Justice Department’s civil division filed the appeal Aug. 19 in federal appeals court following a judge’s June order striking down HHS’ guidance to hospitals on the tracking technology.After many hospital and health system websites were found to be using so-called pixel technology that gathers information on visitors, HHS said in 2022 that healthcare organizations that transmitted data to technology companies without users’ consent could be violating HIPAA.

Filed: https://www.beckershospitalreview.com/cybersecurity.html

LinkedIn
Posted in: AI, Cybercrime, Cybersecurity, Government Resources, Healthcare, Privacy