Cybersecurity

Biden administration bans Kaspersky software sales and sanctions the company’s executives

The Biden administration is set to ban the sale of Kaspersky’s products in the US, citing national security concerns over the firm’s ties to the Russian government. The ban is aimed at mitigating the risks of Russian cyberattacks, as the renowned software’s privileged access to computer systems could allow it to steal sensitive information or install malware. The new rule, which leverages powers created during the Trump administration, will also add Kaspersky to a trade restriction list, barring US suppliers from selling to the company.

These restrictions, effective from 29 September, will halt new US business for Kaspersky 30 days after the announcement and prohibit downloads, resales, and licensing of the product. The decision follows a long history of regulatory scrutiny, including a 2017 Department of Homeland Security ban on Kaspersky products from federal networks due to alleged ties with Russian intelligence. Efforts by Kaspersky to propose mitigating measures were deemed insufficient to address these risks.

Furthermore, the U.S. Treasury Department sanctioned twelve executives and senior leaders from Kaspersky on Friday, marking another punitive measure against the cybersecurity company. The Office of Foreign Assets Control (OFAC) targeted the company’s chief operating officer, top legal counsel, head of human resources, and leader of research and development, among others. However, the company itself, its parent and subsidiary companies, and its CEO, Eugene Kaspersky, were not sanctioned.

This action follows a final determination by the Commerce Department to ban the Moscow-based company from operating in the U.S., citing national security risks and concerns about threats to critical infrastructure.

Why does it matter?

Another reaction from the authorities stresses the administration’s strategy to counter potential cyber threats amid the ongoing conflict in Ukraine. And while the impact of the entity blacklisting on Kaspersky’s operations remains to be seen, it appears now that it could significantly affect the company’s supply chain and reputation. Kaspersky, which operates in over 200 countries, has previously denied all accusations and, in response to these restrictive measures, has been operating a networks of Transparency Centers under its Global Transparency Initiative (GTI) where the company provides its source code for an external examination.

Ransomeware group involved in cyberattack to London hospitals declares political motives

A ransomware group known as Qilin has recently come under fire for its involvement in a cyberattack that caused significant disruptions at London hospitals. In a surprising turn of events, the group expressed remorse for the harm caused by the attack but vehemently denied any responsibility. Instead, the group framed the incident as a form of political protest. The group engaged in a conversation with the BBC via an encrypted chat service, qTox, where they attempted to justify their actions as a retaliatory measure against the UK government’s involvement in an unspecified war.

Despite Qilin’s claims of seeking revenge, cybersecurity experts, including Jen Ellis from the Ransomware Task Force, remain skeptical of the group’s motives, explaining cyber gangs often lie. Above all, she emphasises that the consequences of the attack carry more weight than understanding the reasons behind the attack. The cyberattack resulted in the postponement of more than 1,000 operations and appointments, prompting the healthcare system to declare a critical incident. The disruption caused by the attack has raised serious concerns about the vulnerability of critical infrastructure to malicious cyber activities in the country.

Qilin, believed to be operating from Russia, has refrained from disclosing specific details about its location or political affiliations. The lack of transparency has added to the complexity of the situation, as authorities and cybersecurity experts work to understand the group’s objectives and the potential future attack vectors. This represents the group’s first declaration of a political motivation behind their cyber intrusions. Qilin has been under observation since 2022, during which time it has executed targeted attacks at educational establishments, medical facilities, corporations, governmental bodies, and healthcare organisations.

Why does it matter?

The aftermath of the cyberattack demonstrates the urgent need for cybersecurity  preparedness within critical sectors such as healthcare. As organisations strive to recover from such incidents, the focus remains on safeguarding sensitive data, restoring disrupted services, and preventing future attacks. The evolving nature of cybercrime, as seen with groups like Qilin, shows the ongoing challenges faced by cybersecurity professionals in protecting critical infrastructure from malicious actors.

Financial sector faces phishing attacks targeting Microsoft 365 accounts

According to a recent report by BleepingComputer, organisations within the financial sector have been targeted in a sophisticated attack campaign since February, where employees’ Microsoft 365 accounts were compromised using the ONNX phishing-as-a-service platform, suspected to be a revamped version of the Caffeine phishing kit. 

The attackers, posing as human resources departments, sent deceptive emails regarding salary updates with PDF attachments containing QR codes. Upon scanning these codes, recipients were redirected to a counterfeit Microsoft 365 login page undetected by standard phishing protections. EclecticIQ’s findings reveal that login credentials and two-factor authentication tokens entered on these fake pages were extracted by the attackers for subsequent email account hijacking and data theft activities. 

The ONNX PhaaS platform, accessible through Telegram, not only offers customisable Microsoft Office 365 phishing templates and various webmail services but also employs encrypted JavaScript code, Cloudflare services, and a bulletproof hosting service to evade detection.

Key player in semiconductor industry targeted in major data breach

The infamous threat actor Intelbroker has purportedly masterminded a data breach targeting Advanced Micro Devices (AMD), a prominent player in the semiconductor industry. The alleged breach of AMD’s systems was disclosed on BreachForums alongside detailed information about the intrusion and various data samples.

In response to these claims, AMD officials have issued a statement acknowledging the reported data breach by a cybercriminal group. The company stated that it is collaborating with law enforcement authorities and a third-party hosting partner to investigate the alleged breach and assess the nature and impact of the compromised data.

Intelbroker asserts that the leaked AMD data includes a wide range of sensitive information stolen from AMD’s databases. The data includes technical specifications, product details, and internal communications allegedly sourced from AMD’s secure servers. These disclosures not only point towards the possible extent of the breach but also raise concerns about potential vulnerabilities within AMD’s cybersecurity infrastructure.

The following incident is not the first cybersecurity challenge faced by AMD. In 2022, the company reportedly fell victim to the RansomHouse hacking group. Following the 2022 breach and the current incident, AMD initiated thorough investigations to evaluate the breach’s implications and in turn enhance its defences against cyber threats. These disclosures can potentially compromise AMD’s competitive edge and raise concerns about intellectual property theft and corporate espionage.

Who is Intelbroker?

Intelbroker, the alleged perpetrator behind the recent AMD data breach, has a track record of targeting critical infrastructure, major tech companies, and government contractors. The hacker operates as a lone wolf and employs sophisticated tactics to exploit vulnerabilities and access sensitive information. Previous breaches include infiltrations at Los Angeles International Airport (LAX) and US federal agencies via Acuity, emphasising the widespread impact of their activities.

The motives driving Intelbroker’s cyber campaigns range from financial gain through the sale of stolen data on dark web platforms to potential geopolitical agendas aimed at disrupting critical infrastructure and corporate operations. 

Philippine Maritime Authority hit by system breach

The Maritime Industry Authority (MARINA) in Philippines, a government agency responsible for integrating the development, promotion, and regulation of the maritime industry in the country, acknowledged on Monday that its online platforms encountered a security breach during the weekend. The breach impacted four of MARINA’s systems, prompting an immediate response from the agency to ensure the security of its data.

Upon detecting the attack, MARINA swiftly deployed personnel to its central office in Manila’s Port Area on Sunday. The agency highlighted its quick actions in implementing protective measures. Presently, MARINA’s IT team is working in conjunction with the Department of Information and Communications Technology-Cybercrime Investigation and Coordinating Center (DICT-CICC) to probe the breach and mitigate potential risks to sensitive information.

While MARINA did not disclose the specific systems affected or the extent of the breach, these systems handle crucial data such as vessel registrations, seafarers’ information documents, and record books. As the regulatory body overseeing maritime activities, MARINA aims to have its systems fully operational by Tuesday to resume normal processing of applications.

This security incident adds to a string of cyberattacks targeting Philippine government entities. In May, the Philippine National Police (PNP) halted its online services following breaches that impacted its Logistics Data Information Management System and the Firearms and Explosives Office. Furthermore, in October 2023, a ransomware attack compromised the data of over 13 million members of the Philippine Health Insurance Corp.

Chinese scientists develop world’s first AI military commander

China’s AI military commander substitutes for human military leaders in simulated war games hosted by the Joint Operations College of the National Defence University, amidst growing tensions with the US over the use of militarised AI in combat. The bots, the first of their kind, are completely automated, possess the perception and reasoning skills of human military leaders, and are learning at an exponential rate. They have also been programmed to illustrate the weaknesses of some of the country’s most celebrated military leaders such as General Peng Dehuai, and General Lin Biao. 

The AI arms race between the two countries can be likened to the chicken and egg analogy, in that both countries have expressed interest in regulating the use of these unmanned implements on the battlefield; yet, there are increasing media coverage of either on-going experiments or caged prototypes in both countries. These include the rifle-toting robot dogs, and surveillance and attack drones, some of which reportedly have already been used in battlefields in Gaza and in the Ukraine. The situation renders international rule-making in the space increasingly difficult, particularly as other players, such as NATO seek to ramp up investments in tech-driven defence systems. 

US Justice Department to investigate TikTok over child privacy complaint

The US Federal Trade Commission (FTC) has referred a complaint against TikTok and its parent company, ByteDance, to the Justice Department over potential violations of children’s privacy. The move follows an investigation that suggested the companies might be breaking the law and deemed it in the public interest to proceed with the complaint. The following investigation stems from allegations that TikTok failed to comply with a 2019 agreement to safeguard children’s privacy.

TikTok has been discussing with the FTC for over a year to address the agency’s concerns. The company expressed disappointment over the FTC’s decision to pursue litigation rather than continue negotiations, arguing that many of the FTC’s allegations are outdated or incorrect. TikTok remains committed to resolving the issues and believes it has already addressed many concerns.

Separately, TikTok is facing scrutiny from US Congress regarding the potential misuse of data from its 170 million US users by the Chinese government, a claim TikTok denies. Additionally, TikTok is preparing to file a legal brief challenging a recent law that mandates its parent company, ByteDance, to divest TikTok’s US assets by 19 January or face a ban.

USA pushes allies on China chip restrictions

A US official is heading to Japan following discussions with the Dutch government to strengthen efforts to limit China’s semiconductor production capabilities. Alan Estevez, the US export policy chief, aims to build on a 2023 agreement between the USA, Japan, and the Netherlands to prevent China from accessing advanced chipmaking equipment, which could enhance its military.

In 2022, the US imposed restrictions on advanced chip shipments to China, involving companies like Nvidia and Lam Research. Japan followed suit in 2023, restricting exports of 23 types of chipmaking equipment, while the Dutch government began regulating ASML’s semiconductor equipment sales to China. Washington is now seeking to add 11 more Chinese chipmaking factories to its restricted list and further control chipmaking equipment.

US officials have had ongoing discussions with allies, including visits to the Netherlands, to prevent ASML from servicing certain equipment in China. While ASML expects to service most of its equipment sold to China, US rules prevent using American spare parts.

The Chinese Embassy in Washington did not respond to requests for comment.

NATO to upgrade defence capabilities with cutting-edge technologies

In a bid to innovate in the area of defence, with the aim to replace the now old-school armoury, selected tech companies have received funds to begin work on upgrading key components of NATO’s defence system. Recipients include the British-based Fractile and German ARX Robotics, as well as a computer chip manufacturer and a robot designer.

Others include startups such as iCOMAT and Space Forge, which are companies that operate in the manufacturing space arena. This signals the first outlay of the €1.1 billion NATO Innovation Fund (NIF), which is slated to increase given partnerships with venture capitalists like Space Ventures, Squared Ventures, OTB Ventures and Join Capital. The project seeks access to key technologies to ensure a safe and secure future on the European continent.

National Cyber Director stresses the need for unified cybersecurity requirements in the US

The head of the US Office of the National Cyber Director (ONCD), Harry Coker, has urged the US Congress to harmonise cross-sector baseline cybersecurity requirements in regulated industries, following years of federal and international guidance. Coker highlighted that the lack of regulatory harmonisation poses significant challenges to both cybersecurity outcomes and business competitiveness, as reported by organisations representing the majority of critical infrastructure sectors.

Harry Coker, a Navy veteran and former executive director of the NSA (2017-2019), was confirmed by the US Senate as ONCD director in December 2023, following the resignation of former ONCD Director Chris Inglis in February 2023.

In August 2023, the Office of the National Cyber Director (ONCD) sought private sector input on the state of cybersecurity regulation. Feedback was received from 11 of the 16 critical infrastructure sectors, encompassing over 15,000 businesses, states, and other organizations in the US. The summary of these responses revealed several challenges, including the absence of reciprocity between state and federal regulators and international partners. Regulatory inconsistencies that create barriers to entry, especially for small and mid-sized businesses have also been mentioned among key issues for industry. Furthermore, organizations expressed confusion about which federal agencies are responsible for regulating the defence industrial base, noting that it is unclear which federal agency acts as the clearinghouse for cyber-related regulations and requirements.

In response to the feedback, Coker announced that ONCD has initiated new harmonisation projects, including a pilot reciprocity framework within a critical infrastructure subsector. The pilot project aims to provide valuable insights for designing a comprehensive cybersecurity regulatory approach. Coker emphasized the need for Congress’s assistance to bring all relevant government agencies together to develop a cross-sector framework for harmonisation and reciprocity of baseline cybersecurity requirements. ONCD has not yet provided further details about the pilot project or other ongoing initiatives aimed at driving regulatory harmonisation.