Network security Archives | Page 176 of 178

FCC seeks transfer of net neutrality legal challenges to federal court in Washington

The Federal Communications Commission (FCC) has requested that a series of legal challenges against its decision to reinstate net neutrality rules be moved to a federal court in Washington, DC. The move follows the random selection of the US 6th Circuit Court of Appeals in Cincinnati to hear the cases. The FCC argued that the DC Circuit is better suited to handle the case due to its extensive history with net neutrality issues.

Net neutrality rules, which mandate equal treatment of internet data and users by internet service providers (ISPs), were reinstated by the FCC in April. These rules prevent ISPs from blocking or slowing down traffic to certain websites or offering paid prioritisation for improved network speeds. The reinstated regulations also provide the FCC with new tools to address national security concerns and monitor internet service outages.

The FCC rejected a request from major industry groups, including AT&T, Comcast, and Verizon, to delay the implementation of the net neutrality rules set to take effect on 22 July. The commission emphasised that postponing the rules would impede its ability to fulfil other policy objectives that benefit consumers, particularly in national security and public safety. The FCC noted that the industry groups failed to provide evidence of irreparable harm from the order’s implementation.

Reinstating net neutrality has been a priority for President Joe Biden, following an executive order in July 2021 encouraging the FCC to revive the 2015 rules established under President Obama. The Trump administration had previously repealed these rules, arguing they hindered innovation and reduced investment in network infrastructure, a claim disputed by Democrats.

The Snowflake cyberattack could become one of the biggest data breaches ever

A recent hack targeting customers of the cloud storage company Snowflake is shaping up to be one of the largest data breaches ever. Criminal hackers have been attempting to access accounts using stolen login details, impacting notable companies like Ticketmaster and Santander. Snowflake initially reported that only a limited number of customer accounts were accessed. Still, cybercriminals have since claimed to be selling data from other major firms, including Advance Auto Parts and LendingTree.

The situation has escalated, with hundreds of Snowflake customer passwords found online and accessible to cybercriminals. The breach underscores the rising use of infostealer malware, which extracts login details from compromised devices. Snowflake, in collaboration with cybersecurity firms CrowdStrike and Mandiant, has determined that the attack primarily targeted accounts with single-factor authentication. The company urges customers to enable multifactor authentication to mitigate the risk.

While the origin of the stolen data remains unclear, it highlights the vulnerabilities inherent in interconnected services provided by third-party vendors. Companies like Snowflake increasingly advise their clients to enforce strict security measures and reset login credentials to prevent further breaches. The US Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Center have issued alerts regarding the incident, emphasising the need for enhanced cybersecurity practices.

Daixin Team claims Dubai ransomware attack

Dubai, known for its ultra-luxurious lifestyle and wealthy population, has reportedly fallen victim to a ransomware attack by the Daixin Team. The cybercriminal group claimed on their dark blog to have exfiltrated 60-80GB of sensitive data from the Government of Dubai’s network systems, including ID cards, passports, and other personally identifiable information (PII).

The stolen data, which has not yet been fully analysed or released, reportedly includes many personal and business records. Among the sensitive information are details about the residents of this city in the UAE, many of whom are expatriates and high-net-worth individuals. Due to the city’s high concentration of wealthy residents, this data breach poses significant risks, such as identity theft and targeted phishing attacks.

The Daixin Team, a Russian-speaking ransomware group active since at least June 2022, is known for targeting various sectors, including healthcare and utilities. They typically gain access through compromised VPN servers or phishing attacks and often publish stolen data if ransom demands are not met. The Government of Dubai has been contacted for comment but has not yet responded.

Qilin group claims responsibility for the cyberattack on London hospitals

The Qilin ransomware group has claimed responsibility for a cyberattack on Synnovis labs, a key partner of the National Health Service (NHS) in England. The attack, which began on Monday, has severely disrupted services at five major hospitals in London, including King’s College Hospital and Guy’s and St Thomas’ NHS Foundation Trust. The NHS declared the situation a ‘critical incident,’ noting that the full extent and impact of the attack on patient data remain unclear.

Synnovis, a prominent pathology service provider, runs over 100 specialised labs offering diagnostics for various conditions. Due to the ransomware attack, several critical services, such as blood testing and certain operations, have been postponed, prioritising only the most urgent cases. NHS England has deployed a cyber incident response team to assist Synnovis and minimise patient care disruption, though longer wait times for emergency services are expected.

The Qilin group, operating a ransomware-as-a-service model, typically targets victims via phishing emails. The attack on Synnovis has raised significant concerns about the security of healthcare systems and the reliance on third-party providers. Kevin Kirkwood from LogRhythm emphasised that the attack causes operational disruptions and undermines public trust in healthcare institutions. He called for robust security measures, including continuous monitoring and comprehensive incident response plans, to protect healthcare infrastructure better and ensure patient safety.

Ransomware attack disrupts major London hospitals

A ransomware attack on Synnovis, a pathology services provider, has severely disrupted major hospitals in London, including King’s College Hospital, Guy’s and St Thomas’, and the Royal Brompton. This incident has led to the cancellation and redirection of numerous medical procedures. The hospitals have declared a ‘critical incident’ due to the significant impact on services, notably affecting blood transfusions. Synnovis’ CEO, Mark Dollar, expressed deep regret for the inconvenience caused and assured efforts to minimise the disruption while maintaining communication with local NHS services.

Patients in various London boroughs, including Bexley, Greenwich, and Southwark, have been affected. Oliver Dowson, a 70-year-old patient at Royal Brompton, experienced a cancelled surgery and expressed frustration over repeated delays. NHS England’s London region acknowledged the significant impact on services and emphasised the importance of attending emergency care and appointments unless instructed otherwise. They are working with the National Cyber Security Centre to investigate the attack and keep the public informed.

Synnovis, a collaboration between SYNLAB UK & Ireland and several NHS trusts, prides itself on advanced pathology services but has fallen victim to this attack despite stringent cybersecurity measures. Deryck Mitchelson from Check Point highlighted the healthcare sector’s vulnerability to such attacks, given its vast repository of sensitive data. Recent cyber incidents in the UK, including a similar attack on NHS Dumfries and Galloway, underscore the persistent threat to healthcare services. Government agencies actively mitigate the current situation and support affected NHS organisations.

Poland allocates $760 million to counter Russian cyber threats

Poland has announced plans to allocate over 3 billion zlotys ($760 million) towards strengthening its cybersecurity measures following a suspected Russian cyberattack on the state news agency PAP. The attack, which authorities believe originated from Russia, has raised concerns ahead of the European Parliament elections in Poland. These fears escalated after a false article about military mobilisation appeared on PAP, prompting heightened vigilance against potential interference from Moscow.

Krzysztof Gawkowski, Poland’s digitalisation minister, emphasised the country’s commitment to defending against cyber threats, describing Poland as being on the frontline of the cyber fight against Russia. Gawkowski revealed that Poland had thwarted several cyber attacks on critical infrastructure over the weekend, underscoring the urgency of bolstering cybersecurity measures in the face of ongoing threats.

Amid accusations of Russian attempts to destabilise Poland, the Russian embassy in Warsaw has denied knowledge of the cyberattack on PAP and dismissed allegations of Russian interference. However, Poland has cited incidents of sabotage and arson on its soil, linking them to Russia. Additionally, Polish authorities assert that Russian secret services are actively gathering information on weapons deliveries to Ukraine following Russia’s invasion in February 2022. In response, Poland has announced the re-establishment of a commission to investigate Russian influence, highlighting the country’s efforts to address security concerns and safeguard against external threats.

Chinese national behind 911 S5 botnet arrested in Singapore

The US Department of Justice (DOJ) announced the arrest of a Chinese national, Wang Yunhe, in an international operation targeting cybercrime. Wang, aged 35, was apprehended in Singapore on 24 May for allegedly creating and using malware responsible for cyberattacks, large-scale fraud, and child exploitation. This arrest comes on the heels of a similar high-profile sweep last August, involving 10 Chinese citizens charged with laundering over $2 billion through Singapore.

According to the US Treasury Department, the botnet, known as ‘911 S5,’ was used by criminals to compromise personal devices to further conduct identity theft, financial fraud, and child exploitation.

The Treasury’s Office of Foreign Assets Control has now imposed sanctions on three Chinese nationals behind the platform—Yunhe Wang, Jingping Liu, and Yanni Zheng—and on three entities owned or controlled by Yunhe Wang. FBI Director Christopher Wray described the ‘911 S5’ botnet as likely the world’s largest, comprising malware-infected computers in nearly 200 countries.

According to the DOJ, Wang and unnamed accomplices developed and distributed malware that compromised millions of residential Windows computers worldwide. From 2018 to July 2022, Wang accrued $99 million from selling access to hijacked IP addresses, facilitating cybercriminals in bypassing financial fraud detection systems. These criminals committed fraud, resulting in losses exceeding $5.9 billion, including 560,000 fraudulent unemployment insurance claims.

Wang used the illicitly obtained proceeds to acquire assets globally, spanning properties in the USA, Saint Kitts and Nevis, China, Singapore, Thailand, and the UAE. His possessions included luxury sports cars, numerous bank accounts, cryptocurrency wallets, luxury watches, and 21 properties across multiple countries. Matthew S. Axelrod from the US Department of Commerce’s Bureau of Industry and Security described the case as resembling a screenplay, highlighting the extensive criminal enterprise and lavish expenditures financed by nearly $100 million in profits.

The operation is a collaborative effort led by law enforcement agencies from the US, Singapore, Thailand, and Germany. It underscores the international cooperation required to combat cybercrime effectively.

The FBI has published information at fbi.gov/911S5 to help identify and remove 911 S5’s VPN applications from infected devices.

Israeli private investigator questioned by FBI over hack allegations

An Israeli private investigator, Amit Forlit, who is wanted by the US over hack-for-hire allegations, had reportedly been questioned by FBI agents regarding his work for the Washington public affairs firm DCI Group, according to sources familiar with the matter. This revelation sheds light on a broader US probe into cyber-mercenary activities, suggesting a deeper investigation than previously acknowledged.

Forlit was arrested at London’s Heathrow Airport on 30 April on cybercrime and wire fraud charges related to a ‘hack for hire scheme’ allegedly conducted on behalf of various clients. Following a procedural error by British authorities, he was released two days later but was rearrested on the same charges on Thursday. Forlit has since been released on bail, with conditions including surrendering his passport and remaining in the country.

Despite Forlit’s denial of commissioning or paying for hacking, his connection to convicted Israeli private investigator Aviram Azari, who was sentenced last year, raises questions. Forlit allegedly expressed concern about potential arrest by American law enforcement following Azari’s case. Additionally, Forlit is facing a separate lawsuit in New York federal court over allegations of email theft in 2016, although he denies any involvement. Court records suggest Forlit had business ties with DCI Group, further implicating him in the ongoing investigations.

Microsoft’s deal with UAE AI firm sparks security concerns in US

Microsoft’s recent deal with UAE-backed AI firm G42 could involve the transfer of advanced AI technology, raising concerns about national security implications. Microsoft President Brad Smith highlighted that the agreement might eventually include exporting sophisticated chips and AI model weights, although this phase has no set timeline. The deal, which necessitates US Department of Commerce approval, includes safeguards to prevent the misuse of technology by Chinese entities. However, details of these measures remain undisclosed, prompting scepticism among US lawmakers about their adequacy.

Concerns about the agreement have been voiced by senior US officials, who warn of the potential national security risks posed by advanced AI systems, such as the ease of engineering dangerous weapons. Representative Michael McCaul expressed frustration over the lack of a comprehensive briefing for Congress, citing fears of Chinese espionage through UAE channels. Current regulations require notifications and export licenses for AI chips, but gaps exist regarding the export of AI models, leading to legislative efforts to grant US officials more explicit control over such exports.

Why does it matter?

The deal, valued at $1.5 billion, was framed as a strategic move to extend US technology influence amid global competition, particularly with China. Although the exact technologies and security measures involved are not fully disclosed, the agreement aims to enhance AI capabilities in regions like Kenya and potentially Turkey and Egypt. Microsoft asserts that G42 will adhere to US regulatory requirements and has implemented a ‘know your customer’ rule to prevent Chinese firms from using the technology for training AI models.

Microsoft emphasises its commitment to ensuring secure global technology transfers, with provisions for imposing financial penalties on G42 through arbitration courts in London if compliance issues arise. While the US Commerce Department will oversee the deal under existing and potential future export controls, how Commerce Secretary Gina Raimondo will handle the approval process remains uncertain. Smith anticipates that the regulatory framework developed for this deal will likely be applied broadly across the industry.

UK AI safety institute enhances US ties with new office in San Francisco

The UK’s AI safety institute is set to open an office in the US this summer, aiming to enhance international collaboration on AI regulation. The new office in San Francisco will recruit technical staff to support the institute’s efforts in London and strengthen connections with its US counterparts. The new office opening underscores the need for coordinated global efforts to manage AI’s rapid advancements and potential risks. Experts have highlighted the existential threats AI could pose, comparable to nuclear weapons or climate change, making international regulation crucial.

Why does it matter?

This announcement comes just before Seoul’s second global AI safety summit, co-hosted by the British and South Korean governments. The summit will bring together leaders to discuss AI safety, innovation, and inclusion.

The initiative follows significant concerns raised after OpenAI released ChatGPT in November 2022, prompting calls for a development pause due to unpredictable threats. The first AI safety summit at Britain’s Bletchley Park saw world leaders and tech executives, including US Vice President Kamala Harris and OpenAI’s Sam Altman, discuss regulatory approaches.

The summit fostered cooperation despite global tensions, with China signing the ‘Bletchley Declaration’ alongside the US and others. Britain’s technology minister, Michele Donelan, emphasised the importance of international standards on AI safety, which will be a key topic at the upcoming Seoul summit.