Tag: Cybersecurity
UN drafts US-led AI resolution
The United Nations has drafted a resolution aimed at bringing the rest of the world in line with existing US artificial intelligence (AI) security guidelines. These follow those already developed by the US Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). Both emphasize the importance of “secure-by-design” and “secure-by-default” principles for AI systems. The UN Assembly called on all Member States and stakeholders “to refrain from or cease the use of artificial intelligence systems that are impossible to operate in compliance with international human rights law.” The Assembly added that the same rights that people have offline must also be protected online throughout the life cycle of artificial intelligence systems.
US Government Sanctions 7 Chinese Hackers – March 26th
The Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against seven Chinese nationals based in Wuhan, China, for their affiliation with the 'APT31' hacking group. According to OFAC, APT31 is a nation-state-backed Chinese hacking group focused on infiltrating critical infrastructure in Eastern Europe, France, and the US.
UK Deputy PM Warns of Chinese Cyber Threats to Government – March 25th
The UK's Deputy Prime Minister, Oliver Dowden, is expected to formally announce to the press that China is behind a wave of cyber attacks against UK government officials and will urge the protection of voters' data. Despite the denial from China's Ministry of Foreign Affairs, the UK government remains on high alert for politically fueled cyber attacks as the election period nears.
US blocks sales of citizens’ data to hostile powers
In what is being seen by some on the Hill as a case of too little too late, Washington has this week finally blocked the sale of US citizens’ personal sensitive data to four hostile foreign powers: North Korea, China, Russia, and Iran. Sensitive data includes ordinary people’s social security numbers, financial account numbers, biometric information, genetic information, precise geolocation information, and most of their private communications. Washington’s Energy and Commerce Committee top Democrat, Congressman Frank Pallone Jr, simultaneously issued a statement highlighting the massive threat foreign data sales present to ordinary people.
China and Iran launch lethal attacks on US infrastructure
The White House has issued an urgent appeal to all US state governors to prepare to cope with their water systems being attacked and taken down by Chinese cyber-attacks. Iran, which has honed its industrial espionage techniques via consistent attacks on Israel’s infrastructure, is also proving effective in taking down water facilities in the US. The letter from the White House contains a stark warning that attacks on US water facilities are no longer a potential threat but an increasingly frequent event with real-world consequences. It was signed by the Assistant to the President for National Security Affairs, Jake Sullivan, and by Environmental Protection Agency Administrator Michael S. Regan.
Rise in Tax-Related Phishing Scams Detected – March 22nd
Microsoft's Threat Intelligence arm issued a warning on the rise of new, sophisticated tax phishing scams that could lead to stolen personal and financial data. These tax-related phishing scams are initiated by impersonating trusted employers, tax agencies, and payment processors. Victims click on a malicious attachment, which leads to a believable landing page designed to capture sensitive information.
CISA Warns of “Volt Typhoon” Group Targeting Critical Infrastructure – March 21st
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the Chinese-linked "Volt Typhoon" group, which is targeting critical infrastructure. The CISA warning, issued in collaboration with the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), confirmed the recent critical infrastructure attacks initiated by “Volt Typhoon” and the group's tactics and motives.
Beware of fake Google docs
An under-the-radar attack that creates fake Google docs is now playing havoc across multiple sectors in the US and UK, particularly in healthcare. Companies’ increasing reliance on widely-used off-the-shelf external software may save costs and create efficiencies in the short-term, but it also offers new inroads for the current generation of increasingly devious and skilled cybercriminals Cybersecurity firm Netskope has identified a new Google Docs threat in the wild, AZORult infostealer. It is designed to steal sensitive information such as user credentials, browser information, credit card details and crypto-wallet data. A comprehensive study conducted by Netskope’s research team has uncovered a campaign where an attacker created fake Google Docs pages on Google sites from which to download malicious payloads.
Chinese ‘Earth Krahang’ Group Compromised 70 Organizations – March 20th
Trend Micro reported on an advanced persistent threat actor linked to the Chinese government called ‘Earth Krahang’, compromising over 70 organizations, with a focus on governments. Focusing on cyber espionage, 'Earth Krahang' and its attacks target government agencies, affecting 48 government organizations across Asia, the Americas, Europe, and Africa.
SE Asian cybercriminals adopt drug-cartel tactics
A police raid on a Philippines online organization highlights not only the ongoing digital crime boom in Southeast Asia but also the increasingly blurred line between cybercrime and ordinary gangsters. Police raided the premises of the Tarlac Pogo firm following a complaint filed by a Vietnamese worker who bore signs of having been recently tortured in the form of electrocution scars. The police discovered 875 people, including 504 foreigners, who had been lured to work for what purported to be an online gaming company, but was actually a forced labour camp operating romance scams.
Employee mistrust of workplace AI is growing
Amid widespread speculation that artificial intelligence (AI) will make most of today’s jobs redundant and even replace humanity itself, the UK’s Institute for the Future of Work has taken a more pragmatic approach. Its study on the impact of modern technologies on almost 5,000 workers highlights employee concerns about the adverse effect AI is already having on their day-to-day work lives. While the majority of those surveyed believed that older technologies such as laptops and smartphones generally improve their quality of life, the same is not true of AI.
Fake Chrome Update Spreads Banking Malware – March 19th
According to a Broadcom report, a banking trojan named "Cerberus" pretending to be a Google Chrome update has successfully distributed to numerous systems. Affecting only Android users, the Cerberus malware allows attackers to completely control affected systems through its complex remote access capabilities.