The UK’s National Cyber Security Centre (NCSC) recently brought together international and UK government partners, as well as industry leaders, to discuss the role of cyber deception in cyber defense. The event hosted by the NCSC in London underscored the potential of cyber deception technologies, such as digital tripwires, honeytokens, and honeypots, to enhance national cyber defense strategies. The NCSC aims to establish a comprehensive evidence base on the efficacy of these technologies by promoting their widespread deployment across the country. To achieve this, the NCSC invites public and private sector organisations to contribute to this initiative by sharing their experiences and outcomes from deploying these technologies (as defined by the UK NCSC):
Tripwires: Systems designed to detect unauthorised access by interacting with threat actors, such as honeytokens, to disclose their presence within a network.
Honeypots: Systems that allow threat actors to engage with them, providing opportunities to observe and collect data on their tactics, techniques, procedures, capabilities, and infrastructure for threat intelligence purposes.
Breadcrumbs: Digital artifacts strategically placed within a system to lure threat actors into interacting with tripwires or honeypots, aiding in their detection and study.
To build a comprehensive evidence base on the effectiveness of these tools, the NCSC announced several objectives for this large-scale deployment :
5,000 instances of both low and high interaction solutions across the UK internet, covering both IPv4 and IPv6.
20,000 instances of low interaction solutions within internal networks.
200,000 assets of low interaction solutions deployed within cloud environments.
2,000,000 tokens deployed to bolster detection and intelligence-gathering efforts.
To contribute and participate in this consultation, you contact the UK NCSC at thfcd@ncsc.gov.uk.
A newly identified zero-day flaw linked to the 0.0.0.0 IP address has been exploited by hackers, placing users of major web browsers on macOS and Linux at risk. This vulnerability has been observed in popular browsers like Safari, Chrome, and Firefox, which could potentially allow unauthorised access to private networks. Although Windows users are unaffected, other browsers like Microsoft Edge, Brave, and Opera, which are based on Chromium, are also vulnerable.
The cybersecurity firm Oligo has reported that this flaw enables hackers to communicate with local software on Mac or Linux systems. By using the 0.0.0.0 address instead of localhost, public websites might execute arbitrary code on a visitor’s device, bypassing long-standing security measures. Oligo researchers have estimated that around 100,000 websites could facilitate this attack, which has already been used in targeted strikes on AI workloads.
In response to the threat, Apple has promised to address the issue in the upcoming macOS 15 Sequoia beta by blocking the 0.0.0.0 address. An update to Safari’s WebKit will also block connections to this IP. Chrome is considering a similar approach to ensure that users cannot bypass its Private Network Access protection. Mozilla, however, remains cautious, with a spokesperson noting that tighter restrictions might lead to compatibility issues, and therefore, Firefox has not yet implemented any proposed restrictions.
The widespread nature of the vulnerability and the potential for serious security breaches underscore the urgent need for a solution. Users of affected browsers are encouraged to stay updated on patches and fixes as they become available, particularly from browser developers like Apple, Google, and Mozilla.
The multinational technology magnate has unveiled an internal security platform designed to handle the immense scale of the company’s network. Built on a vast graph database, Mithra helps Amazon manage and protect its systems by filtering vast amounts of data to identify and neutralise malicious domains. Chief Information Security Officer C.J. Moses likens Mithra to a funnel, narrowing down data until human intervention is minimal.
Mithra’s integration with Sonaris, Amazon’s network observation platform, creates a robust defensive net around Amazon’s environments. AI and machine learning are essential for managing the large-scale data, with AI models trained to detect anomalies and potential threats. Generative AI further assists threat analysts by allowing them to interact with data in plain language, enhancing decision-making efficiency.
Amazon’s proactive approach extends beyond technology. The company maintains a strong network of Chief Information Security Officers (CISOs) to facilitate rapid communication and collaboration in times of crisis. The unveiling of Mithra comes as Amazon faces scrutiny over its AI deal with startup Adept and accountability issues for hazardous products in the United States.
Telecommunications firm Lumen Technologies has secured $5 billion in new deals from cloud and tech companies for its networking and cybersecurity solutions. These agreements come as more businesses rush to adapt AI-driven technologies. One notable deal involves Microsoft, which will use Lumen’s network equipment to expand its capacity for AI workloads.
Lumen, which provides secure digital connections for data centres, announced ongoing discussions with customers to secure an additional $7 billion in sales opportunities. The surge in AI adoption has led enterprises across multiple sectors to invest heavily in building infrastructure capable of supporting AI-powered applications.
Major corporations are increasingly seeking high-capacity fibre, a resource becoming valuable and potentially scarce due to growing AI requirements. Lumen’s AI-ready infrastructure and expansive network are key factors driving this demand. According to CEO Kate Johnson, this marks the beginning of a significant opportunity that could lead to one of the largest expansions of the internet ever.
In response to rising demand, Lumen has established a new division, Custom Networks, to oversee its Private Connectivity Fabric solutions portfolio. The division aims to meet the increasing needs of various organisations for secure and reliable connectivity solutions.
A pro-Ukrainian hacker group, known as Cyber Anarchy Squad, has claimed responsibility for hacking the Russian information security firm Avanpost and leaking a significant amount of its data. They also reported destroying more than 60 terabytes of data and leaking 390 gigabytes of ‘valuable information.’
Avanpost, which has been operating in Russia for 15 years and specialises in developing authorisation and authentication systems for local businesses, confirmed the incident. The company acknowledged that its infrastructure was hit by a ‘serious cyberattack’ but did not provide details on the extent of the damage or the specific data that was leaked.
Avanpost advised its customers, including Russian airports, a large water supply company, and telecom service providers, to update their identification data and change passwords ‘as a precaution.’ The company also urged people not to trust ‘rumors’ and to rely only on official information.
The exact method of the hackers’ entry into Avanpost’s system, the tools they used, and the specifics of the leaked data remain unclear.
Cyber Anarchy Squad shared some of the allegedly leaked data on Telegram and the file hosting service Mega. They also posted screenshots of what they claim to be a group chat of Avanpost employees discussing the hack. However, the authenticity of this data could not be independently verified.
The Paris Olympics will highlight the use of generative AI for American viewers, while European audiences will experience a more traditional approach. Comcast’s NBCUniversal plans to integrate AI into its US broadcast, including recreating the voice of a legendary sportscaster. Meanwhile, Warner Bros. Discovery’s sports division in Europe considers the technology too immature for roles like sports commentating.
Warner Bros. Discovery, which will stream the Games on its Max and discovery+ platforms across Europe, has tested AI for translating speech but found it lacks the emotion needed for thrilling sports moments. Scott Young, senior vice president at Warner Bros. Discovery Sports Europe, emphasised that AI struggles to capture the genuine excitement of live commentary. The difference in approaches reflects global media companies’ varied stances on AI technology, as France also plans to allow AI-powered surveillance during the Olympics, highlighting its broad application.
In the US, NBCUniversal will collaborate with Google and Team USA to enhance the viewing experience with AI, including AI-enhanced Google Map images of Olympic venues and AI-generated personalised daily briefings narrated by an AI recreation of Al Michaels’ voice. The Olympic Broadcasting Services is also using AI to produce quick highlights but remains cautious about deepfake risks. Additionally, extensive cybersecurity measures are being implemented to protect the Games from cyber threats, showcasing the crucial role of AI in ensuring safety and security.
As AI capabilities advance, European sports fans may soon experience similar technology. Warner Bros. Discovery anticipates significant AI integration by the 2028 Los Angeles Olympics. The International Olympic Committee (IOC) is already implementing AI for athlete safety and deploying AI tools to counter cyber threats at the 2024 Olympics, illustrating the growing influence of AI in sports.
The US cybersecurity company has successfully restored 97% of its Windows sensors following a global outage caused by a faulty software update. The issue, which began nearly a week ago, affected 8.5 million devices running Microsoft’s Windows operating system, leading to significant disruptions in services, including flights, healthcare, and banking.
The outage was triggered by a fault in CrowdStrike’s Falcon platform sensor, a security agent designed to protect devices from threats. The fault caused computers to crash and display the notorious blue screen of death. In response, CrowdStrike deployed a fix and mobilized all resources to support customers, enhancing recovery efforts with automatic recovery techniques.
The recovery comes amidst scrutiny over the cybersecurity firm’s quality control measures. Despite the challenges, CrowdStrike’s swift response has helped mitigate further impact and restore critical services globally.
Malta called for urgent international action against the misuse of cyberspace and its significant impact on societies, governments, critical infrastructure, and global peace and security. Malta’s pivotal role as the President of the Organisation for Security and Cooperation in Europe (OSCE) is highlighted, with a strong focus on enhancing cybersecurity during its term.
Minister for Foreign and European Affairs and Trade Ian Borg has called for increased cyber resilience among OSCE member countries, emphasising the need for cooperation between governments and stakeholders to tackle cyber threats effectively.
The advancements in AI present both opportunities and challenges for cybersecurity. While AI can enhance security measures, it also introduces new vulnerabilities like sophisticated cyber-attacks, deepfakes, and disseminating fake news. Minister Borg stressed the importance of effectively harnessing AI technology to combat cyber threats while preventing misuse.
Minister Borg also criticised the Russian Federation for its malicious cyber activities, particularly in the context of its invasion of Ukraine, highlighting the risks posed to critical infrastructure and essential services. He called for Russia to cease its aggression, underscoring the broader implications for global security and stability. He concluded by emphasising the necessity for enhanced cybersecurity measures and international cooperation to address the evolving nature of cyber threats in today’s interconnected world.
Leaders of Fortune 500 companies developing AI applications face a potential nightmare: hackers tricking AI into revealing sensitive data. Zurich-based startup Lakera has raised $20 million to address this issue. The funding round, led by Atomico with participation from Citi Ventures and Dropbox Ventures, brings Lakera’s total funding to $30 million. Lakera’s platform, used by companies like Dropbox and Citi, allows businesses to set guardrails for generative AI, protecting against prompt injection attacks.
Lakera CEO David Haber highlighted the importance of safety and security as companies integrate generative AI into critical functions. Existing security teams encounter new challenges in securing these applications. Lakera’s platform, built on internal AI models, ensures that generative AI applications do not take unintended actions. Customers can specify the context and policies for AI responses, preventing the disclosure of sensitive information.
A unique advantage for Lakera is Gandalf, an online AI security game used by millions, including Microsoft. The game generates a real-time database of AI threats, keeping Lakera’s software updated with thousands of new attacks daily. That helps in maintaining robust security measures for their clients.
Lakera competes in the generative AI security landscape with startups like HackerOne and BugCrowd. Matt Carbonara of Citi Ventures praised Lakera’s focus on prompt injection attacks and its team’s capability to build the necessary countermeasures for new attack surfaces.
A global system failure on 19 July 2024, caused by a CrowdStrike Windows update, left gate screens blue and blank at airports worldwide. The update resulted in failures with Windows servers, virtual machines, and end point systems, affecting 8.5 million devices. Experts believe the update may have skipped quality checks, leading to widespread ‘blue screens of death’ and inoperable systems.
Organisations have struggled to restore operations, with Gartner releasing guidelines for immediate and long-term measures. Security teams are advised to be vigilant for opportunistic attacks, such as phishing and ransomware, as hackers exploit the chaos. The incident underscores the importance of resilience in the face of interconnected system vulnerabilities.
Chris Morales of Netenrich warned of potential phishing attacks, credential stuffing, and brute-force breaches during the outage. Gartner also highlighted the need to manage employee burnout as help desk staff face increased workloads. Ensuring temporary measures are properly decommissioned will be crucial to avoid further issues.
Long-term recommendations include focusing on resilience through redundant systems, continuous data backup, and comprehensive supply chain oversight. Jenna Wells of Supply Wisdom emphasised the importance of proactive business continuity plans to mitigate future incidents, stating that it’s not a matter of if but when an event will occur.
