Friday Five: Updated International Cyber Policy, Insights from DBIR and ONCD Reports, & More

US SETS SIGHTS ON PARTNERSHIPS TO COUNTER CYBERTHREATS, SECURE AI IN NEW GLOBAL CYBER STRATEGY BY ALEXANDRA KELLEY AND DAVID DIMOLFETTA

The U.S. State Department unveiled a new strategy to combat nation-state cyber threats by fostering international partnerships, enhancing cyber capabilities, and addressing emerging risks like generative artificial intelligence misuse. The blueprint, revealed at the RSA Conference this past Monday, aims to update the 2011 policy to adapt to evolving cyber challenges, emphasizing coalition-building to deter attacks on critical infrastructure and addressing concerns over state-sanctioned surveillance and spyware abuses. The strategy will also recognize AI's potential to exacerbate bias and control and discuss its intersection with sustainable development goals.

Read more

ONCD REPORT: ‘FUNDAMENTAL TRANSFORMATION’ IN CYBER, TECH DROVE 2023 RISKS BY TIM STARKS

The Office of the National Cyber Director released its inaugural "Report on the Cybersecurity Posture of the United States," highlighting emerging cyber threats driven by evolving technologies and interconnectedness. The top trends identified in the report include critical infrastructure risks, ransomware, supply chain exploitation, commercial spyware, and AI. Malicious actors are said to be exploiting technological complexities, with state-sponsored hackers compromising systems beyond traditional espionage targets. Meanwhile, ransomware attacks and reliance on third-party providers pose significant risks, alongside the growth of commercial spyware and AI-driven threats. With that in mind, however, the report also notes that 33 of the 36 initiatives under the Biden Administration's cybersecurity strategy have been completed on time, with more to come.

Read more

THE MISSED OPPORTUNITIES IN WHITE HOUSE’S CRITICAL INFRASTRUCTURE DIRECTIVE BY CHRISTIAN VASQUEZ

The release of the White House National Security Memorandum (NSM-22) to fortify critical infrastructure defense against cyber and physical threats has been met with mixed reactions from experts. While it acknowledges evolving risks, some claim it fails to address key changes needed, such as updating critical infrastructure sectors, with experts lamenting the lack of new sectors like space systems and cloud computing. Although NSM-22 establishes CISA as the national coordinator, ensuring sufficient funding and authorities overseeing resilience efforts requires congressional action. Challenges persist due to limited agency authorities and turnover between administrations, raising concerns about the memorandum's effective implementation and continuity beyond the current administration.

Read more

LOCKBIT RANSOMWARE ADMIN IDENTIFIED, SANCTIONED IN US, UK, AUSTRALIA BY LAWRENCE ABRAMS

Law enforcement agencies, including the FBI, UK National Crime Agency, and Europol, have unveiled indictments and sanctions against the administrator of the LockBit ransomware, identifying the Russian threat actor behind it as Dmitry Yuryevich Khoroshev. Sanctions include asset freezes and travel bans, significantly disrupting the ransomware operation. Additional charges have been brought against five other LockBit members. LockBit, one of the largest ransomware operations, suffered a major setback in February due to 'Operation Cronos,' resulting in the takedown of its infrastructure and recovery of data. Despite ongoing activity, a mass exodus of affiliates has weakened LockBit's operations, indicating potential closure. However, past trends suggest that threat actors may rebrand and continue their activities under new names in the future.

Read more

SUPPLY CHAIN BREACHES UP 68% YEAR OVER YEAR, ACCORDING TO DBIR BY NATE NELSON

The Verizon Data Breach Investigations Report (DBIR) reveals a significant increase in breaches originating from third parties, rising by 68% last year, and is attributed to vulnerabilities in third-party software exploited in ransomware and extortion attacks. Verizon expanded its definition of "supply chain breach" to include such vulnerabilities. Exploited vulnerabilities were the most common issue tracked, followed by backdoors/command-and-control (C2) and extortions. The DBIR suggests addressing bugs not just through patching but also through better vendor management, leveraging external signals such as disclosures to regulatory bodies like the SEC to assess vendor reliability.

Read more