Cybersecurity

USA scrutinise China Mobile, China Telecom, and China Unicom

The Biden administration is scrutinising China Mobile, China Telecom, and China Unicom over concerns that these firms could misuse their access to American data through their US cloud and internet businesses. The Commerce Department is leading the investigation, subpoenaing the state-backed companies and conducting risk analyses on China Mobile and China Telecom. These companies maintain a small US presence, providing services like cloud computing and routing internet traffic, giving them potential access to sensitive data.

The investigation aims to prevent these Chinese firms from exploiting their US presence to aid Beijing, aligning with Washington’s broader strategy to counteract potential threats to national security from Chinese technology companies. The US has previously barred these companies from providing telephone and broadband services. Authorities could block transactions that allow these firms to operate in data centres and manage internet traffic, potentially crippling their remaining US operations.

China’s embassy in Washington has criticised these actions, urging the US to cease suppressing Chinese companies. No evidence has been found that these firms intentionally provided US data to the Chinese government. However, concerns persist about their capabilities to access and potentially misuse data, primarily through Points of Presence (PoPs) and data centres in the US, which could pose significant security risks.

Google enhances Gmail with new AI features

Google is enhancing Gmail with new AI features designed to streamline email management. A new Gemini side panel is being introduced for the web, which is capable of summarising email threads and drafting new emails. Users will receive proactive prompts and can ask freeform questions, utilising Google’s advanced models like Gemini 1.5 Pro. The mobile Gmail app will also feature Gemini’s ability to summarise threads.

However, these upgrades will only be accessible to paid Gemini users. To benefit from these features, one must be a Google Workspace customer with a Gemini Business or Enterprise add-on, a Gemini Education or Education Premium subscriber, or a Google One AI Premium member. Despite their potential usefulness, it’s advised not to depend entirely on these AI tools for critical work, as AI can sometimes produce inaccurate information.

In addition to Gmail, Google is incorporating Gemini features into the side panels of Docs, Sheets, Slides, and Drive. The rollout follows Google’s earlier promises at the I/O conference. Further AI enhancements, including ‘Contextual Smart Reply,’ are expected to arrive for Gmail soon.

EU cybersecurity exercise organised to test energy sector’s cyber resilience

The 7th edition of Cyber Europe, organised by the European Union Agency for Cybersecurity (ENISA), tested the resilience of the EU energy sector, highlighting cybersecurity as an increasing threat to critical infrastructure. In 2023, over 200 cyber incidents targeted the energy sector, with more than half aimed specifically at Europe, underscoring the sector’s vulnerability due to its crucial role in the European economy.

Juhan Lepassaar, Executive Director of ENISA, highlighted the exercise’s role in enhancing preparedness and response capacities to protect critical infrastructure, essential for the single market’s stability.

According to ENISA’s Network and Information Security (NIS) Investments report, 32% of energy sector operators lack Security Operations Center (SOC) monitoring for critical Operation Technology (OT) processes, while 52% integrate OT and Information Technology (IT) under a single SOC.

This year’s Cyber Europe exercise focused on a scenario involving cyber threats to EU energy infrastructure amidst geopolitical tensions. Over two days, stakeholders from 30 national cybersecurity agencies and numerous EU bodies collaborated, developing crisis management skills and coordinating responses to simulated cyber incidents. The exercise, one of Europe’s largest, involved over thousand experts across various domains, facilitated by ENISA, which celebrates its 20th anniversary in 2024.

Japan’s space agency hit by series of cyberattacks, no sensitive data breached, officials confirm

Japan’s Chief Cabinet Secretary Yoshimasa Hayashi confirmed that Japan’s space agency, JAXA, has been targeted by several cyberattacks since late last year. The agency has been investigating the breaches, shutting down affected networks, and verifying that no classified information related to rocket and satellite operations or national security was compromised.

Hayashi also confirmed that hackers are located outside Japan and emphasised Japan’s commitment to enhancing its cybersecurity defences. Amidst increasing military developments in response to China’s growing power, Japan aims to develop a counterstrike capability, though experts believe Tokyo will still rely heavily on the United States for launching long-range missiles.

Defense Minister Minoru Kihara assured the public that the attacks have not impacted his ministry but stated that he is closely monitoring JAXA’s ongoing investigation. As part of the investigation, a portion of the affected JAXA network was temporarily shut down.

JAXA, which develops and launches satellites and is involved in advanced missions like asteroid exploration and potential lunar human exploration, has faced multiple cyber incidents since 2016. That year, it was among 200 Japanese companies and research institutes allegedly targeted by Chinese-speaking military hackers. Last year, unknown hackers also attempted to breach JAXA’s network server but failed to access information critical to the operation of rockets and satellites.

In February 2024, Japan’s cyber official Kazutaka Nakamizo highlighted the increasing cyber threats to the country’s critical infrastructure, particularly from China. However, he did not specify which attacks were believed to be linked to Beijing.

US billionaire aims to acquire TikTok to challenge Big Tech dominance

Frank McCourt, a US real estate billionaire, aims to acquire TikTok to combat the negative influence of major tech platforms on society. Known for owning the Los Angeles Dodgers and Olympique de Marseille, McCourt has been vocal about the harm these platforms inflict, particularly on children. Speaking at the Collision tech conference in Toronto, he emphasised the manipulative nature of social media algorithms, linking them to societal chaos and political polarisation.

McCourt’s concern stems from the detrimental impact of social media on mental health, especially among children, citing rising anxiety, depression, and youth suicides. His solution is a ‘new internet’ based on an open-source, decentralised protocol where users control their own data, a vision he calls Project Liberty. With its vast user base of young people, acquiring TikTok would significantly advance this initiative. Project Liberty has garnered support from internet pioneer Tim Berners-Lee and NYU professor Jonathan Haidt.

The acquisition bid comes amid US government pressures on TikTok to divest from Chinese ownership due to national security concerns. While the future of TikTok’s ownership remains uncertain, McCourt hopes this situation will raise awareness about data privacy issues across all platforms, emphasising the need for user control over personal data to preserve democratic values.

Cybersecurity measures ramp up for 2024 Olympics

Next month, athletes worldwide will converge on Paris for the eagerly awaited 2024 Summer Olympics. While competitors prepare for their chance to win coveted medals, organisers are focused on defending against cybersecurity threats. Over the past decade, cyberattacks have become more sophisticated due to the misuse of AI. However, the responsible application of AI offers a promising countermeasure.

Sports organisations are increasingly partnering with AI-driven companies like Visual Edge IT, which specializes in risk reduction. Although Visual Edge IT does not directly work with the Olympics, cybersecurity expert Peter Avery shared insights on how Olympic organisers can mitigate risks. Avery emphasised the importance of robust technical, physical, and administrative controls to protect against cyber threats. He highlighted the need for a comprehensive incident response plan and the necessity of preparing for potential disruptions, such as internet overload and infrastructure attacks.

The advent of AI has revolutionised both productivity and cybercrime. Avery noted that AI allows cybercriminals to automate attacks, making them more efficient and widespread. He stressed that a solid incident response plan and regular simulation exercises are crucial for managing cyber threats. As Avery pointed out, the question is not if a cyberattack will happen but when.

The International Olympic Committee (IOC) also embraces AI responsibly within sports. IOC President Thomas Bach announced the AI plan to identify talent, personalise training, and improve judging fairness. The Summer Olympics in Paris, which run from 26 July to 11 August, will significantly test these cybersecurity and AI initiatives.

Cyberattack on London hospitals leads to data leak

Cybercriminals claiming responsibility for the recent hack on London hospitals have reportedly released stolen data from the incident. England’s National Health Service (NHS) acknowledged the publication of this data, allegedly belonging to Synnovis, the pathology provider targeted in the 3 June attack. NHS officials are working closely with Synnovis, the National Cyber Security Centre, and other partners to verify the content of these files swiftly. Their focus includes determining if the data originates from Synnovis systems and if it pertains to NHS patients.

According to reports, the hackers have disclosed nearly 400GB of data on their darknet website and Telegram channel. The published information supposedly includes patient names, dates of birth, NHS numbers, and descriptions of blood tests, alongside financial spreadsheets. However, the NHS has not confirmed whether medical test results are part of the exposed data.

The attack has been attributed to the Russian-speaking hacker group Qilin, which has demanded a $50 million ransom to halt further disclosures. Synnovis, a provider jointly operated by Synlab UK & Ireland and NHS trusts, is crucial in delivering lab testing services to healthcare facilities in London and Kent. The breach has severely impacted its blood transfusion and testing capabilities, leading to the postponement of over 1,000 operations and more than 2,000 appointments at affected hospital units.

Conclusions on the UN Security Council’s open debate on cybersecurity

The UN Security Council held an open debate on cybersecurity as part of South Korea’s presidency for the month of June. The day-long debate centred on the evolving threat landscape in cyberspace, emphasising the need for digital advancements to be directed towards positive outcomes. During the ensuing debate, nearly 70 speakers shared national perspectives on the growing threats posed by rapidly evolving technologies wielded by state and non-state actors. 

UN Secretary-General António Guterres highlighted the rapid pace of digital breakthroughs, acknowledging their ability to unite people, disseminate information rapidly, and boost economies. However, he cautioned that the connectivity that fuels these benefits also exposes individuals, institutions, and nations to significant vulnerabilities. Guterres pointed to the alarming rise of ransomware attacks, which cost an estimated $1.1 billion in ransom payments last year. Nonetheless, he noted that the implications extended beyond financial costs to impact peace, security, and overall stability.

In response to these challenges, Guterres referenced the ‘New Agenda for Peace,’ which calls for concerted efforts by states to prevent conflicts from escalating in cyberspace. He stressed the importance of upholding the rule of law in the digital realm and highlighted ongoing discussions among member states regarding a new cybercrime treaty. Recognising the interconnectedness of cyberspace with global peace and security, he urged the Security Council to incorporate cyber-related considerations into its agenda.

Stéphane Duguin, CEO of the CyberPeace Institute, briefed the council, offering valuable insights into recent cyberattacks, including the ‘AcidRain’ incident affecting Ukraine and cybercriminal activities linked to the Democratic People’s Republic of Korea. Duguin emphasised the necessity of attributing cyberattacks to perpetrators to facilitate de-escalation efforts. In turn, Nnenna Ifeanyi-Ajufo, an expert in Law and Technology, highlighted the misuse of cyber technology by terrorist groups in Africa and the risks posed by states infringing on human rights under the guise of cybersecurity. She called for enhanced mechanisms to understand the cyber threat landscape across different regions.

In deliberating the Council’s role in the cyber domain, some representatives advocated for inclusive processes within the UN, particularly under the General Assembly, to establish equitable arrangements in addressing cyber threats. Others urged the Security Council to take a more active role. Several speakers stressed the Council’s potential to lead in building a secure cyberspace, bridging with existing UN efforts in cybersecurity and ensuring Global South perspectives are considered at every step of the process.

In contrast, the representative from Russia highlighted a lack of clarity in determining which malicious digital technology use could threaten international peace and security. In this regard, Russia criticised the West for attributing cyberattacks to what they called ‘inconvenient countries.’ Moreover, the representative opposed the Council’s involvement in this matter, stating that such a move would exclude states not part of the Council from the discussion.

Why does it matter?

Highlighting the urgency of addressing cyber threats, representatives stressed the need for the Council to facilitate dialogue and support capacity-building efforts, especially in developing countries lacking the resources and expertise to combat cyber threats. 

The discussions highlighted the critical need for proactive measures to address cyber threats, promote cybersecurity, and safeguard global peace and stability in an increasingly interconnected digital landscape.

Cyber incident at CDK Global disrupts auto dealership operations across US and Canada

On Wednesday, a cyber incident at CDK Global, a software provider for 15,000 auto dealerships, disrupted operations at numerous dealerships in the USA and Canada. CDK spokesperson Lisa Finney confirmed the company is investigating the incident and has shut down most systems to protect customers, with efforts underway to restore functionality as soon as possible.

Jeff Ramsey from Ourisman Auto Group in Maryland stressed that essential information, typically stored digitally, is now inaccessible, impacting their ability to close deals. Despite understanding the need for caution, Ramsey expressed concerns about potential business losses as customers might turn to unaffected dealers. The timing is particularly critical during the peak car-buying season.

Brian Benstock of Paragon Honda and Paragon Acura in New York added that while his team can resort to manual processes, the real burden falls on accountants and business staff. He also stressed ongoing worries about customer data security. CDK later announced partial restoration of some systems, though not all have been fully operational yet.

Why does it matter?

CDK’s software is essential for various dealership operations, from record-keeping to service scheduling. The disruption has caused significant inconvenience, especially since many dealers rely on these systems daily.

Airbnb faces allegations of compromising user safety

Airbnb has been accused of compromising user safety by scaling back efforts to remove extremists from its platform, according to a whistle-blower complaint by Jess Hernandez, a former contractor. Hernandez, who worked as an investigations analyst for Airbnb from May 2022 to November 2023, claims she was fired after the company directed her team to reinstate users involved in the 6 January 2021 Capitol attack. Whistle-blower Aid, representing Hernandez, stated that Airbnb’s changes undermined its public safety commitment.

Hernandez filed her complaint with the US Securities and Exchange Commission and Federal Trade Commission in May. Airbnb denied the allegations, asserting that it continues to enforce policies against dangerous individuals and has even expanded its team to enhance safety measures.

Despite these measures, Hernandez alleges that in 2023, the teams faced increased bureaucratic hurdles, slowing down their ability to remove dangerous users. The claim is supported by a 161-page complaint obtained by NBC from an anonymous source. Before her time at Airbnb, Hernandez worked with the Terrorism Research and Analysis Consortium.

Why does it matter?

The complaint adds to ongoing safety concerns within Airbnb, a platform facilitating millions of global interactions. CEO Brian Chesky has previously implemented measures like party crackdowns and bans on indoor security cameras to address these issues. Airbnb’s history of removing users associated with extremist activities dates back to 2016, including actions following the Unite the Right rally in 2017 and the Capitol attack in 2021.