The US government has launched a Digital Transformation with Africa (DTA) initiative dedicated to ‘expand[ing] digital access and literacy and strengthen[ing] digital enabling environments across the continent’. The USA plans to dedicate over US$350 million to this initiative, which is expected to support the implementation of both the African Union’s Digital Transformation Strategy and the US Strategy Towards Sub-Saharan Africa. DTA’s objectives revolve around three pillars:
- Digital economy and infrastructure: (a) expanding access to an open, interoperable, reliable, and secure internet; (b) expanding access to key enabling digital technologies, platforms, and services and scale the African technology and innovation ecosystem; (c) facilitating investment, trade, and partnerships in Africa’s digital economy.
- Human capital development: (a) facilitating inclusive access to digital skills and literacy, particularly for youth and women; (b) fostering inclusive participation in the digital economy; (c) strengthening the capacity of public sector employees to deliver digital services.
- Digital enabling environment: (a) strengthening the capacities of authorities and regulators to develop, implement, and enforce sound policies and regulations; (b) supporting policies and regulations that promote competition, innovation, and investment; (c) promoting governance that strengthens and sustains an open, interoperable, reliable, and secure digital ecosystem.
The third edition of Cyber Signals, a yearly report which highlights security trends and insights from Microsoft’s 8,500 security experts and 43 trillion daily security signals, was recently launched. In this edition, experts present new information on broader threats to critical infrastructure posed by converging information technologies, the Internet of Things (IoT), and operational technology (OT) systems.
Some of the report’s highlights include:
- Unpatched, high-security vulnerabilities identified in 75% of the most common industrial controllers in customer OT networks.
- Over one million connected devices publicly visible on the internet running Boa, an outdated and unsupported software widely used in IoT devices and software development kits.
- An 78% increase in disclosures of high-severity vulnerabilities from 2020 to 2022 in industrial control equipment produced by popular vendors.
The US Federal Bureau of Investigation’s (FBI’s) security platform InfraGard, a platform created to provide cyberthreat information-sharing collaborations with the private sector, has been hacked. The InfraGard programme holds details of high-profile personalities in the private sector, most of whom manage critical national security and welfare infrastructure such as, but not limited to, power and drinking water plants, financial services, transportation, manufacturing, healthcare, nuclear energy, and communication firms. A database containing contact details of over 87,000 members of InfraGard appears to have been posted on BreachedForums, a cybercrime and hacking forum.
ChatGPT, recently created by OpenAI, has alarmed cybersecurity experts. Essentially, this chatbot is an optimising language model which assists users in generating human-like text. Cybersecurity experts have warned that there is a high chance that cybercriminals could use this model to teach them how to craft cyberattacks. Suleyman Ozarslan, the co-founder of cyber resilience organisation Picus Security, tested the chatbot by describing its tactics and techniques of ransomware without using the word ransomware as such. ChatGTP generated a text which provided the ‘pieces’ for ransomware. Namely, Ozarslan stated that the chatbot wrote effective virtualisation/sandbox evasion code that hackers could use, eventually enhancing cybercrime.
Trend Micro security researchers have identified an advanced remote access trojan (RAT) named CHAOS that enhances Linux cryptocurrency mining attacks. It is based on an open-source project in which the main downloader script and further payloads are hosted in different locations to ensure the campaign remains active and constantly spreading. Investigation shows that the main server appears to be in Russia, which is also used for cloud bulletproof hosting. Trend Micro researchers stated that the infection routine of cryptocurrency mining malware seems minor, but organisations and individuals should stay cautious.
Cybersecurity researchers found that North Korean hackers pretend to work for a think tank to obtain opinions and reports from foreign experts to better understand Western policy on North Korea. According to Reuters, some of the issues raised in the emails concerned China’s reaction to North Korea’s nuclear tests, while researchers dubbed Thallium to be among these hacking groups, which have been targeting government employees, think tanks, academics, and human rights organisations. Microsoft Threat Intelligence Center (MSTIC) told Reuters that the impersonation tactic appears to be quicker than hacking someone’s account, but makes it harder for defenders to stop the emails as it is up to the recipient to identify them most of the time.
Australia and Vanuatu signed a bilateral security agreement, which includes cybersecurity cooperation. Australia already helped Vanuatu after a ransomware attack in November which impacted emergency services, schools, and hospitals.
This agreement is part of Australia’s renewed push to strengthen its relationships with other countries in the Pacific in the context of China’s increasing presence.
Russia will soon present proposals for universal and binding agreements on international information security, according to Russian Deputy Foreign Minister Oleg Syromolotov. As he explained, this resolution will support the activities of the UN Open-Ended Working Group on ICT security and use. It could serve as a platform for reaching a consensus on international information security.
CISCO identified an increased infection of Truebot malware, with a high possibility of its association with the Evil Corp threat actor. CISCO also found that attackers shifted their malicious delivery methods among various techniques. In October 2022, many infections used Raspberry Robin, a recent malware spread through USB drives, as a delivery vector. One of these attacks had a fully featured custom data exfiltration tool named Teleport, which was used to steal information. So far, two Truebot botnets have been identified. The first is distributed online, focusing on Mexico, Pakistan, and Brazil. In contrast, the second mainly focuses on the USA and is almost exclusively composed of Windows servers.
A hospital in the Parisian suburb of Versailles, France, has been the victim of a cyberattack which led to the cancellation of all operations and transfer of patients to other hospitals. It appears that the attack was led by ransomware actors, but it is yet unclear whether data was stolen.