Network security

US bolsters digital security with the ROUTERS Act to counter foreign cyber threats

The United States is making a pivotal move to bolster its digital security by introducing the ROUTERS Act, a bill specifically designed to address vulnerabilities in consumer internet routers and wireless infrastructure. Since these devices are crucial in connecting users to the internet, they have increasingly become prime targets for cyberattacks, particularly by foreign adversaries such as China.

Consequently, the legislation, which has already passed the House of Representatives, focuses on hardware developed or manufactured by companies based in countries of concern, including China, Iran, Russia, North Korea, and Venezuela. Notably, Chinese-made routers, such as those from TP-Link, are widely used in American households and even government agencies, presenting significant security risks.

To counter these threats, the ROUTERS Act mandates that the Department of Commerce conduct a study to assess the national security dangers posed by these devices. This crucial step could pave the way for future legislative actions to mitigate the vulnerabilities that threaten the US’s digital infrastructure.

Furthermore, the United States has already experienced the damaging effects of cyberattacks, particularly from Chinese-backed hacker groups exploiting router vulnerabilities to infiltrate networks and conduct espionage. Various reports and investigations have consistently highlighted the dangers posed by outdated and insecure routers, particularly those from manufacturers like TP-Link, which remain used by consumers and critical government agencies, including the Department of Defense.

As a result, the ROUTERS Act seeks to address these threats by requiring a comprehensive study of the national security risks posed by such devices, particularly those originating from adversarial nations. As the Senate prepares to review the bill, there is bipartisan support to strengthen it further by designating the National Telecommunications and Information Administration (NTIA) as the lead agency overseeing the study.

Given its expertise in managing digital infrastructure and cybersecurity threats, the NTIA is well-positioned to ensure a thorough evaluation of the risks. Ultimately, this would enable the United States to coordinate better efforts across federal agencies to secure its digital infrastructure and safeguard against foreign cyber threats.

Truflation loses $5.2 million in malware attack

Truflation, a blockchain-based inflation data platform, has confirmed falling victim to a malware attack. The project reported detecting abnormal activity on 25 September, which led to an estimated loss of up to $5.2 million. Blockchain analysts have tracked the losses from Truflation’s treasury and personal wallets on Ethereum, with additional losses spread across seven other blockchains.

The team is now working with law enforcement and industry partners to resolve the issue. They have also reached out to the hacker, seeking negotiation, while offering rewards to white-hat hackers who can assist. Despite the breach, Truflation has reassured its customers that their funds and staking operations remain secure.

Truflation’s token, TRUF, fell by 15.6% following the incident, though it has since partly recovered. Truflation provides real-time economic data and recently launched a marketplace that tracks commodity indexes such as sugar, petroleum, and wheat.

Celebrities fall for ‘Goodbye Meta AI’ hoax

Over 600,000 users, including celebrities like James McAvoy, Ashley Tisdale, and Tom Brady, have been tricked by a viral hoax on Instagram. The message claimed sharing the ‘Goodbye Meta AI’ post would prevent Meta, owner of Facebook and Instagram, from using personal images for AI training.

The viral trend led many to believe posting the message would revoke Meta’s ability to use their data. However, fact-checkers, including Lead Stories, have labelled these posts as false, confirming that users can only opt-out via account settings, not by posting stories.

Meta confirmed that the viral post, which gained momentum after major celebrity shares, has no impact on privacy settings. The hoax stemmed from opposition to Meta’s June announcement regarding the use of public posts to train its AI models.

Though the trend began on 1 September, its popularity spiked after celebrities shared it, with Google Trends showing increased interest after 24 September. This instance echoes past privacy-related hoaxes and reflects public unease about AI data usage.

Microsoft ramps up cybersecurity efforts following critical review

Microsoft has made significant strides in enhancing its security culture following critical feedback from the United States Cyber Safety Review Board. The company launched its Secure Future Initiative (SFI) in late 2023, leading to the involvement of 34,000 engineers dedicated to cybersecurity efforts. CEO Satya Nadella has prioritised security across the organisation, even tying employee performance reviews to security goals in recent months.

Microsoft has implemented several changes to its security processes, including improvements to its Entra ID and Microsoft Account systems, reducing inactive tenants, and enhancing network tracking for better compliance. The company has also introduced stricter controls, such as limiting personal access tokens and eliminating SSH access for internal engineering repositories.

In its push for greater transparency, Microsoft is now publishing CVEs even when customer action is not required. It has also introduced new standards with a ‘Start Right, Stay Right, and Get Right’ approach to ensure that security protocols are integrated throughout its projects.

To oversee its cybersecurity efforts, Microsoft has established a Cybersecurity Governance Council and appointed several new deputy CISOs. The company has also launched a security skilling academy for employee training, reinforcing its long-term commitment to building a robust security culture.

Cloudflare partners with ISPs to enhance internet security and privacy for users worldwide

Cloudflare, internet service providers, and network equipment providers have embarked on a collaborative journey to enhance the safety and privacy of internet users globally. By offering Cloudflare’s DNS resolvers at no cost, these providers can deliver advanced security features crucial in today’s digital landscape.

That partnership empowers ISPs and equipment manufacturers to improve their service offerings and ensures that users can enjoy a safer browsing experience without additional costs. With children spending more time online, particularly during the COVID-19 pandemic, the demand for protective measures has never been greater.

Cloudflare’s initiatives, such as the launch of 1.1.1.1 for Families, allow these partners to implement content filtering and security features tailored specifically for households. The strategic alignment ensures that families can confidently navigate the internet, knowing that harmful content is being filtered and their online activities are shielded from threats.

Furthermore, Cloudflare, alongside ISPs and network equipment providers, addresses the challenges users face in setting up effective online protections. Many consumers find configuring DNS settings and implementing security features daunting. To tackle this issue, Cloudflare is working with its partners to simplify the setup process.

By integrating Cloudflare’s services directly into their platforms, ISPs can provide a seamless user experience that encourages the adoption of these important safety measures. That collaborative approach ensures that even the least tech-savvy users can benefit from enhanced security without feeling overwhelmed.

Why does this matter?

Cloudflare, internet service providers, and network equipment providers understand the need for flexible, customisable solutions to meet diverse user needs. With Cloudflare’s Gateway product, ISPs can offer advanced filtering options that let users tailor their online experience, including content restrictions and scheduling, such as limiting social media access. These customisable options empower users to control their online safety while boosting customer satisfaction and loyalty.

ENISA set to develop cybersecurity certification scheme for EU’s digital ID wallets

The European Commission has tasked the EU Agency for Cybersecurity (ENISA) with developing a cybersecurity certification scheme for the EU Digital Identity (EUDI) wallets. That move aims to standardise and comprehensively secure digital identity wallets across EU member states.

ENISA will create harmonised requirements to support national certification schemes, involving the establishment of reference standards, procedures, and specifications crucial for security and privacy protection. The certification process will align with the Cybersecurity Act and ensure that EUDI Wallets are secure, protecting users’ privacy and personal data while allowing cross-border usability throughout the EU.

The European Digital Identity Framework, effective since May, requires EU member states to start providing EUDI Wallets within two years of adopting their implementing acts. The EC concluded its collection of input on the cybersecurity certification scheme earlier this month, with feedback highlighting the importance of preventing excessive consumer data sharing. ENISA will consider existing certification schemes, such as the European Cybersecurity Certification Scheme on Common Criteria while developing the new framework.

Why does it matter?

ENISA’s ongoing collaboration with the eIDAS Expert Group and the Certification Subgroup, alongside recommendations from its Digital Identity Standards report and current EUDI Wallet pilot projects, will significantly influence the development of the certification scheme, ensuring a robust and trustworthy digital identification system across Europe.

CrowdStrike apologises for global IT outage after faulty update

A senior executive at CrowdStrike apologised to a US House of Representatives subcommittee for a software update that caused a global IT outage in July. Adam Meyers, the company’s senior vice president for counter-adversary operations, explained that a faulty content configuration update to the Falcon Sensor security software led to widespread system crashes. Meyers assured lawmakers that CrowdStrike has reviewed its systems and is improving its update procedures to prevent future issues.

The 19 July incident, though not caused by a cyberattack or AI, led to widespread disruptions across various industries, including airlines, healthcare, media, and banks. Millions of Microsoft Windows devices were impacted, with the outage causing flight cancellations and service interruptions globally. Delta Air Lines, which cancelled 7,000 flights, is pursuing legal action against CrowdStrike, although the company denies responsibility for the airline’s losses.

In the wake of the incident, CrowdStrike lowered its revenue and profit forecasts, acknowledging that the financial impact of the faulty update could affect the company for up to a year.

Microsoft unveils tool to fix AI hallucinations amid expert concerns

Microsoft has introduced a new service, called Correction, aimed at addressing a significant flaw in AI models, hallucinations, or factually incorrect responses. The tool identifies and revises erroneous AI-generated content by cross-referencing with accurate data sources, such as transcripts. Correction, available through Microsoft’s Azure AI Content Safety API, works with various models, including OpenAI’s GPT-4.

While Microsoft promotes Correction as a way to boost AI reliability, experts remain skeptical. Researchers warn that hallucinations are deeply ingrained in how AI models operate. Since these systems rely on statistical patterns rather than actual knowledge, completely eliminating false outputs might be impossible. They also caution that this solution could create new issues, like giving users a false sense of trust in AI outputs.

Despite these concerns, Microsoft is pushing to demonstrate the value of its AI tools, having invested billions in the technology. However, concerns about performance and cost are mounting, with some clients already pausing AI deployments due to inaccuracies and high expenses. Experts argue that AI, still in its developmental stages, is being rushed into industries without fully addressing its flaws.

Tougher action against crypto miners in Russia’s Dagestan

Authorities in Dagestan are increasing efforts to crack down on illegal cryptocurrency miners. Local officials warn that these miners, known for their high electricity consumption, are causing widespread power outages and even resorting to hiding underground to evade detection.

The computing power required for digital coin mining, which runs 24/7, uses immense amounts of electricity. A recent fire at a power substation in Dagestan’s capital has been linked to the excessive energy consumption of miners. Abdulmuslim Abdulmuslimov, Dagestan’s prime minister, stressed the need for tighter regulations.

In an attempt to avoid legal repercussions, some miners have constructed underground operations. Dagestan’s government shared footage of investigators examining an underground crypto farm filled with fans to cool the mining hardware.

New regulations, signed by president of Russia, Vladimir Putin, will take effect in November 2024. These laws will require both companies and individuals involved in crypto mining to register with authorities and submit relevant information for monitoring.

Iran-related hackers planted backdoors across Middle East critical infrastructure, according to Mandiant

In a report released on 19 September, Google-owned Mandiant detailed the activities of a group it identified as UNC1860. The report highlighted the group’s advanced tools and hidden backdoors, which continue to be leveraged by other Iranian hacking operations.

The report notes that an Iranian cyber unit within the Ministry of Intelligence and Security (MOIS) has emerged as a key facilitator for the nation’s hackers, offering persistent access to critical systems in the Middle East, particularly in telecommunications and government sectors.

Mandiant adds that these groups allegedly provided initial access for cyberattacks, including operations in late 2023 against Israel using BABYWIPER malware and in 2022 against Albania with ROADSWEEP. While Mandiant couldn’t verify UNC1860’s direct involvement, they identified software designed to support such handoff operations.

UNC1860’s toolkit includes a variety of utilities that enable initial access and lateral movement within networks. These tools are engineered to bypass security software and provide covert access, which could be used for espionage or network attacks.

Mandiant describes UNC1860 as a highly capable threat actor that likely supports a range of goals, from spying to direct network assaults. The firm also reported UNC1860’s collaboration with other MOIS-associated groups like APT34, known for breaching government systems in countries like Jordan, Israel, and Saudi Arabia. A recent APT34 operation was uncovered targeting Iraqi officials.