Friday Five: The Dark Side of AI, New CISA Directives, & More
New guidance from CISA, a warning to cybersecurity professionals, the continued rise of AI, and more took this past week's infosec headlines. Catch up on all of these stories and more in this week's Friday Five!
AI WILL INCREASE THE NUMBER AND IMPACT OF CYBERATTACKS, INTEL OFFICERS SAY BY DAN GOODIN
The UK’s Government Communications Headquarters (GCHQ) has warned that threats from malicious cyberactivity are likely to increase as nation-states, financially motivated criminals, and novices increasingly incorporate artificial intelligence (AI) into their routines. The assessment predicts that ransomware will be the biggest threat to get a boost from AI over the next two years, as it will lower barriers to entry and bring a surge of new entrants into the criminal enterprise. The GCHQ predicts that AI will almost certainly increase the volume and impact of cyber attacks in the next two years, particularly in reconnaissance and social engineering. Generative AI (GenAI) can already be used to enable convincing interaction with victims, creating lure documents without the translation, spelling, and grammatical mistakes that often reveal phishing.
CFPB’S PROPOSED DATA RULES WOULD IMPROVE SECURITY, PRIVACY, AND COMPETITION BY BARATH RAGHAVAN & BRUCE SCHNEIER
The Consumer Financial Protection Bureau (CFPB) has proposed rules that would give Americans more control over their financial data and undermine the data broker economy. The rules align with the decoupling principle, separating which companies see what parts of data to improve privacy and harden cloud infrastructure against hacks. The CFPB's rules would allow people to obtain their financial data at no cost, control who it's shared with, and choose who they do business with within the financial industry. The rules may help eliminate the incentive for companies to buy and sell toxic assets and improve overall data security.
NORTH KOREA'S SCARCRUFT ATTACKERS GEAR UP TO TARGET CYBERSECURITY PROS BY TARA SEALS
The North Korea-sponsored advanced persistent threat (APT) group ScarCruft, also known as APT37, Inky Squid, RedEyes, and Reaper, is reportedly preparing for targeted attacks on cybersecurity researchers and members of the threat intelligence community. SentinelLabs found that ScarCruft spent November and December targeting media organizations and think-tank personnel focused on North Korean affairs. While analyzing the campaign, researchers discovered new, in-development malware and trial infection chains indicating a shift towards targeting the threat intelligence community. ScarCruft is experimenting with new infection chains and modifying malicious code implementations to evade detection.
CISA ISSUES EMERGENCY DIRECTIVE FOR FEDERAL AGENCIES TO PATCH IVANTI VPN VULNERABILITIES BY CHRISTIAN VASQUEZ
The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive instructing federal agencies to patch their systems against an active zero-day exploit targeting Ivanti Connect Secure VPN and Policy Secure products. The vulnerabilities were publicly released by Ivanti on January 10, and the organization has since released a temporary mitigation, but a permanent patch is pending. CISA is investigating the potential targeting of agencies, and while 15 agencies using vulnerable devices have been identified, they quickly mitigated the bugs. The campaign, described as opportunistic, has impacted at least 2,100 devices worldwide. A nation-state group motivated by espionage is suspected to be responsible for the exploit and the activity cluster has since been dubbed "UNC5221."
CISA'S WATER SECTOR GUIDE PUTS INCIDENT RESPONSE FRONT & CENTER BY ROBERT LEMOS
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a 27-page guide to help water and wastewater utilities improve their response to cyberattacks. The guide includes advice on creating an effective incident response playbook and aims to encourage collaboration among businesses in the sector. It addresses the resource constraints that hamper cybersecurity efforts in the water and wastewater sector, emphasizing the need for reporting cyber incidents, improving detection capabilities, and planning for containment, eradication, and recovery. The guidance follows an increase in cyberattacks targeting the critical infrastructure of water and wastewater utilities.