U.S. government agencies and private sector organizations should "remain on heightened alert" for disruptive cyberattacks targeting critical infrastructure amid a series of escalating global conflicts, a top official for the U.S. Cybersecurity and Infrastructure Security Agency said on Wednesday.
In the latest weekly update, editors at Information Security Media Group discuss the impact of the Israel-Hamas war on the threat landscape and the workforce, the role of the U.S. in shaping the future of AI technology, and highlights from ISMG's Financial Services Summit in New York.
U.S. government agencies and the private sector embraced information sharing but lack a coordinated response plan in the event of a massive cyberattack, a House Republican said. Public-private partnerships are essential since 80% of critical infrastructure in the U.S. is owned by the private sector.
Thousands of North Korean IT workers hid their identities to earn hundreds of millions of dollars in IT contract work from overseas companies to help finance the country's weapons development program, U.S. and South Korean agencies said. Officials said to watch for workers who are camera-shy.
Hackers used an updated malware framework dubbed Mata by Kaspersky to target more than a dozen oil, gas and defense sector companies in Eastern Europe, including air-gapped systems. Kaspersky previously associated Mata with North Korea but doesn't attribute this campaign to the Pyongyang regime.
North Korean nation-state threat actors are exploiting a critical remote code execution vulnerability affecting multiple versions of a DevSecOps tool - a high-risk development, especially in light of Pyongyang hackers' recent track record of supply chain hacks.
Nation-state hackers are targeting a vulnerability in WinRAR, a popular Windows utility for archiving files, warns Google’s Threat Analysis Group, which said it has seen "government-backed hacking groups" who hail from multiple countries, including China and Russia, targeting the bug.
Nation-state hacks against Western start-ups are surging in a bid by competitor nations to glean intellectual property, warns the Five Eyes intelligence alliance. The stolen data was likely used to fast-track technological and military capabilities within adversary nations, alliance members say.
Amplifying kinetic attacks, Russian hackers in recent months have hit at least 11 telecommunications firms in Ukraine with a barrage of "destructive" malware designed to exfiltrate data, steal social media account credentials, destroy IT systems and disrupt operations, the Ukrainian government says.
A financially motivated hacking group turned cyberespionage operation targeted attendees of high-profile European conferences, including the Women Political Leaders Summit in Brussels. Threat actor Void Rabisu - also known as Tropical Scorpius and UNC2596 - has been honing its backdoor.
It could be weeks or months before outsiders have a clear picture of the cyber dimension of the conflict between Hamas and Israel, a cyber expert said. "As some of these stories come out, as we will start to learn about what was actually targeted," said Rob T. Lee of the SANS Institute.
In the latest weekly update, Ari Redbord, head of legal and government affairs at TRM Labs, joined ISMG editors to discuss: how Hamas is using crypto to finance operations, the latest illicit activities by North Korean actors, and how the trial of FTX's Sam Bankman-Fried could impact the industry.
A top U.S. cybersecurity official said Israel has avoided significant cyberattacks since Hamas' invasion Saturday but said that wouldn't necessarily be America's experience should armed conflict break out with China. "There have not been significant cyberattacks as of right now," said Brandon Wales.
The violent surprise attack on Israel by Hamas and the region's escalating war spotlights the critical importance of situational awareness, and especially for healthcare organizations that rely on medical or tech products from Israeli technology firms, said Denise Anderson, president of the H-ISAC.
Amnesty International says the Vietnamese government is likely behind a wave of attempted Predator spyware infections against targets including members of the U.S. Congress and European officials. Central to the campaign was an account on social media network X (formerly Twitter).