Cyber Briefing ~ 02/03/2024

US Officials Disrupt A State-Backed Chinese Cyber Threat And Warn Of Continued Risk

FBI Director Chris Wray warned the House Select Committee on the Chinese Communist Party that Chinese hackers are poised to severely disrupt critical US infrastructure in the event of conflict between the two nations, as US officials announced they had disrupted a Chinese cyber operation targeting water treatment plants, the electrical grid and transportation systems through botnet hijacking, but cautioned more remains to be done to eliminate vulnerabilities. (WASHINGTONPOST.COM)

Intel Leaders Warn Of Potential ‘Cyber Invasion’ Of The U.S. By China

The nation's top cybersecurity officials warned that Chinese state-backed hackers have already infiltrated critical U.S. infrastructure networks and are poised to severely disrupt sectors including transportation, energy and water in the event of conflict, as the Justice Department announced disrupting one Chinese hackers' botnet operation but cautioned more vulnerabilities remain that adversaries could exploit. (POLITICOPRO.COM)

US Disrupts China-Backed Hacking Operation Amid Warning of Threat to American Infrastructure

The US government has announced the disruption of a China-backed hacking operation targeting critical US infrastructure. FBI Director Christopher Wray warned that China's hackers are positioning themselves to cause "real-world harm" to American citizens and communities in the event of a future conflict. The hacking group, known as Volt Typhoon, aims to disrupt the US military's ability to mobilize during a potential conflict over Taiwan. US cybersecurity agency CISA director Jen Easterly highlighted the vulnerabilities in US critical infrastructure that make it easy for Chinese hackers to target. The US operation in December successfully disrupted Volt Typhoon's infrastructure, including a China-controlled botnet. (TECHCRUNCH.COM)

Cyberattacks on Guam Could Sap US Forces in Indo-Pacific, Nakasone Says

Chinese cyberattacks on critical infrastructure in Guam or other Indo-Pacific areas could severely impact US military capabilities in the region, according to Gen. Paul Nakasone, the leader of the National Security Agency and US Cyber Command. Targeting the networks supporting Guam's utilities and emergency response systems could have a significant effect on military operations. The Five Eyes alliance has previously warned of Chinese espionage groups infiltrating Guam, and the Pentagon's 2023 cyber strategy highlights China's readiness to launch cyberattacks on critical infrastructure. (DEFENSENEWS.COM)

Cyber Chiefs Confident 2024 Election Will Be 'Most Secure' in History

Gen. Paul Nakasone, head of U.S. Cyber Command and the NSA, expressed confidence that the upcoming 2024 elections will be the most secure to date. He stated that there are no indications of planned cyberattacks, and emphasized the broad partnerships and understanding of technologies in place to prevent interference. Lt. Gen. Timothy Haugh will succeed Nakasone as the new leader of the NSA and Cyber Command. (POLITICO.COM)

Chinese Hacking against U.S. Infrastructure Threatens American Lives, Officials Say

Senior U.S. officials have warned that China is preparing to launch potentially damaging cyberattacks on U.S. critical infrastructure networks, including those related to water facilities, electrical grids, oil and natural gas pipelines, and transportation systems. The Biden administration aims to highlight China's hacking prowess and its ability to cause disruption and chaos during a future conflict, particularly over Taiwan. The recent dismantling of a botnet consisting of hacked routers was part of the effort to address Chinese cyber intrusions. Officials have expressed concerns about China's interest in infiltrating U.S. critical infrastructure networks and the potential for catastrophic cyberattacks. (WSJ.COM)

Microsoft CEO Satya Nadella Calls for Digital Geneva Convention to Address Nation-State Hackers

Following the recent admission that Russian group Cozy Bear hacked into Microsoft's corporate network, CEO Satya Nadella warns of the potential breakdown in world order caused by nation-state hackers. He suggests the formation of a cyber Geneva Convention, bringing together the US, Russia, and China to establish guidelines for cyber warfare. Microsoft previously advocated for a digital Geneva Convention in 2017 to protect against nation-state threats. The recent cyberattacks by Cozy Bear on Microsoft and HPE highlight the urgency for international cooperation in cybersecurity. (BUSINESSINSIDER.COM)

DOJ Disrupts Chinese Hacker Effort to Use Malware to Hijack US-Based Routers

The US Justice Department has successfully disrupted an attempt by Chinese government-sponsored hackers to target critical infrastructure networks in the US using malware that had infected "hundreds" of home and small business routers. The operation involved removing the malware from the routers and implementing measures to prevent reinfection. FBI Director Chris Wray highlighted China's efforts to target sectors such as water treatment plants, electrical grids, oil and gas pipelines, and transportation systems. The fear is that such attacks could disrupt daily life or impact US military response during a crisis. (GO.COM)

Schneider Electric Hit by Ransomware Attack Against Its Sustainability Business Division

A ransomware group known as Cactus Ransomware claimed responsibility for a January 2023 attack on Schneider Electric's sustainability business division that impacted over 2,000 customers using the EcoStruxure Resource Advisor platform. The energy management company is investigating the full impact and working to restore operations at the affected division with help from outside cybersecurity experts and its own global incident response team. No details were disclosed about any ransom demand or how hackers initially accessed systems. (UTILITYDIVE.COM)

23andMe Missed Hack for Months, Exposing Sensitive Data

Genetic testing company 23andMe suffered a data breach from April to September 2023, resulting in hackers accessing customer data. The breach compromised 14,000 user profiles, as well as the profiles of 5.5 million relatives and 1.4 million Family Tree feature profiles. 23andMe has implemented stricter security measures since the incident, including two-step verification. However, the company is facing a class-action lawsuit, with users blaming 23andMe for the breach and accusing the company of failing to protect their privacy. (ITBREW.COM)

Mercedes-Benz Accidentally Shared Its Source Code and Business Secrets with the Whole World

UK-based security company RedHunt Labs discovered an authentication token belonging to a Mercedes-Benz employee published on a public GitHub repository. This token could have provided unrestricted access to business secrets, authentication credentials, blueprints, design documents, and other critical internal information. The exposed repositories also included keys for Microsoft Azure and Amazon Web Services (AWS) servers, a Postgres database, and the source code for Mercedes-Benz software. Mercedes-Benz has since revoked the API token and removed the public repository, while conducting an internal investigation and implementing remedial measures. So far, there is no evidence of malicious actors exploiting the exposed information. (TECHSPOT.COM)

Ivanti Patches Two Zero-Days Under Attack, Discovers Another

Ivanti has warned that hackers are exploiting a newly discovered zero-day vulnerability in its Connect Secure VPN product. The flaw allows unauthorized access to restricted resources without authentication. Ivanti has released a patch to protect against this vulnerability, but it is advised that customers factory reset their appliance before applying the patch. (TECHCRUNCH.COM)

The Scary Reason Why Travelers Should Avoid Using Airport Charging Ports

A TikTok video warns travelers about the cybersecurity risks associated with airport charging stations. Dubbed "juice jacking," cybercriminals can use USB ports to steal data from devices. The video advises using battery packs or power-only USB cables instead. The FBI has issued a warning about this type of cyber attack. While some viewers appreciated the advice, others expressed frustration and resignation towards data theft. (NYPOST.COM)

Companion Bills Introduced to Improve Cybersecurity in Food and Ag Sectors

Legislation has been introduced in both the House of Representatives and the Senate to enhance cybersecurity protections in the food and agriculture sectors. The bipartisan Farm and Food Cybersecurity Act aims to identify vulnerabilities and strengthen protective measures against cyber threats. It would require the US Department of Agriculture to conduct regular cybersecurity threat studies and collaborate with other government agencies to simulate food-related cyber disruptions. The bills have garnered support from various industry associations and organizations. (MEATPOULTRY.COM)

Biden Issues Veto Threat Over GOP Push to Overturn SEC Cyber Disclosure Rule

President Joe Biden is prepared to veto a Senate resolution that seeks to repeal a rule implemented by the Securities and Exchange Commission (SEC) requiring public companies to disclose certain cybersecurity information. The resolution, introduced by Senator Tom Tillis, aims to rescind the regulation, arguing that it adds unnecessary bureaucracy. However, the White House defends the rule, stating that it promotes transparency, informs investors, and establishes uniform cybersecurity standards. The Biden administration believes that disclosing cyber incidents will incentivize companies to invest in cybersecurity and manage cyber risks effectively. The resolution will be considered by the Senate. (WASHINGTONEXAMINER.COM)

Fulton County Schools Investigate IT Security Incident Involving Students

Fulton County Schools in Atlanta are investigating an IT security incident involving students from Innovation Academy. The incident involved unauthorized access to information technology systems. The school district has taken steps to contain the incident and is working with law enforcement and external partners to conduct a comprehensive network review to determine the extent of the incident and the data that may have been accessed. The investigation is ongoing. (ROUGHDRAFTATLANTA.COM)

Subscribe to our LinkedIn Cyber Briefing.

Subscribe to our Cyber Focus podcast.

Copyright © 2024 Auburn University's McCrary Institute. All Rights Reserved.

Follow the McCrary Institute on: LinkedIn, Twitter, Threads, Instagram, Facebook, and YouTube.