Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Network Breach. Show all posts

China Backed Actors are Employing Generative AI to Breach US infrastructure

 

Cybercriminals of all skill levels are utilising AI to hone their skills, but security experts warn that AI is also helping to track them down. 

At a workshop at Fordham University, National Security Agency head of cybersecurity Rob Joyce stated that AI is assisting Chinese hacker groups in bypassing firewalls when infiltrating networks. 

Joyce warned that hackers are using generative AI to enhance their use of English in phishing scams, as well as to provide technical help when penetrating a network or carrying out an attack. 

Two sides of the same coin

2024 is expected to be a pivotal year for state-sponsored hacking groups, particularly those operating on behalf of China and Russia. Taiwan's presidential election begins in a few days, and China will want to influence the result in its pursuit of reunification. However, attention will be centred around the upcoming US elections in November, as well as the UK's general election in the second half of 2024. 

China-backed groups have begun developing highly effective methods for infiltrating organisations, including the use of artificial intelligence. "They're all subscribed to the big name companies that you would expect - all the generative AI models out there," adds Joyce. "We're seeing intelligence operators [and] criminals on those platforms.” 

In 2023, the US saw a surge in attacks on major energy and water infrastructure facilities, which US officials attributed to groups linked to China and Iran. One of the attack techniques employed by the China-backed 'Volt Typhoon' group is to get clandestine access to a network before launching attacks using built-in network administration tools. 

While no specific examples of recent AI attacks were provided, Joyce states, "They're in places like electric, transportation pipelines, and courts, trying to hack in so that they can cause societal disruption and panic at the time and place of their choosing." 

China-backed groups have gained access to networks by exploiting implementation flaws - vulnerabilities caused by poorly managed software updates - and posing as legitimate users of the system. However, their activities and traffic inside the network are frequently odd. 

Joyce goes on to say that, "Machine learning, AI and big data helps us surface those activities [and] brings them to the fore because those accounts don't behave like the normal business operators on their critical infrastructure, so that gives us an advantage." 

Just as generative AI is expected to help narrow the cybersecurity skills gap by offering insights, definitions, and advice to industry professionals, it may also be reverse engineered or abused by cybercriminals to guide their hacking activities.

UK Transport Firm Go-Ahead Targeted in a Cyber Attack

 

Go-Ahead, one of the UK’s biggest bus operators, has said it is battling a cyber-attack after unearthing “unauthorized activity” on its network earlier in the week. 

The company said it became aware of a network breach late on Sunday and is “currently managing a cyber security incident” to keep buses running without disruption. However, the rail business remained unaffected as it operates on separate systems and is running smoothly in the UK and abroad. 

The cyber attack has affected parts of Go-Ahead’s back office systems, including the software that manages parts of its bus operations, such as driver rostering, although there was no disruption to services on Monday.

“Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans,” the company said in a statement on Tuesday. 

The company has also notified relevant regulators of the attack, including the Information Commissioner’s Office in the UK. 

The Newcastle-based transportation is one of the UK’s biggest bus operators, with networks across South, South West, London, North West, East Anglia, East Yorkshire, and its native North East. The firm also operates multiple high-capacity railway services in the UK including Great Northern, Thameslink, Gatwick Express, and Southern. 

The incident occurred just weeks before Go-Ahead is due to be acquired by a consortium of Australian bus operator Kinetic Holding and Spain’s Globalvia Inversiones, backed by international pension funds. The acquisition previously estimated the value of the UK business at £669m. 

Cyber attacks on governments and other entities have multiplied in recent years. There were 2.8bn known malware attacks in the first half of 2022, up by 11 percent, cyber security company SonicWall reported.

Attacks on European entities surged more rapidly than in the United States. In Europe, the total number of malware attacks grew by 23 percent compared to the first half of 2021. In the United States, the number grew by 2 percent. 

"Cybercrime has been a global phenomenon for decades. But with geopolitical forces accelerating the reconfiguration of the world’s cyber front lines, the true danger presented by threat actors is coming to the fore —, particularly among those that once saw the smallest share of attacks," Bill Conner, president, and chief executive of SonicWall, stated.

UN Computer Networks Breached by Hackers Earlier This Year

 

Hackers breached the United Nations' computer network and stole data, according to researchers at cybersecurity firm Resecurity, 

According to Bloomberg, the theft's unknown perpetrators appear to have acquired access by simply stealing login credentials from a UN employee. 

Logging into the employee's Umoja account provided access. The enterprise resource planning system Umoja, which means "unity" in Kiswahili, was deployed by the United Nations in 2015. The login and password used in the cyber-attack are believed to have been obtained from the dark web. 

Gene Yoo, chief executive officer at Resecurity, stated, “Organizations like the UN are a high-value target for cyber-espionage activity. The actor conducted the intrusion with the goal of compromising large numbers of users within the UN network for further long-term intelligence gathering.” 

Researchers discovered that hackers initially gained access to the UN's networks on April 5, 2021, and that network breaches lasted until August 7. Based on the findings, the attackers did not seem to have harmed or disrupted the UN's computer network. Instead, the hackers seem to have been motivated by a desire to gather information. 

After reporting the security issue to the UN, Resecurity stated it worked with the UN's security team to evaluate the extent of the intrusion. While the UN claims that the assault was a reconnaissance operation by hackers who just captured screenshots of the organization's vulnerable network. The breach resulted in the theft of data, as per the Resecurity experts. 

The UN discontinued interacting with Resecurity, according to Yoo, when proof of data theft was provided to the organization. 

Hackers have previously attacked the United Nations and its agencies. In 2018, Dutch and British law enforcement prevented a Russian cyberattack on the Organisation for the Prohibition of Chemical Weapons (OPCW), which was investigating the deployment of a lethal nerve agent on British territory. 

According to a Forbes article, the UN's "core infrastructure" was hacked in a cyberattack in August 2019 that targeted a known flaw in Microsoft's SharePoint platform. The breach was not made public until the New Humanitarian newsgroup published the news. 

In the context of the latest breach, UN spokesman Farhan Haq told DailyMail.com, “This attack had been detected before we were notified by the company cited in the Bloomberg article, and corrective actions to mitigate the impact of the breach had already been planned and were being implemented.” 

“At that time, we thanked the company for sharing information related to the incident and confirmed the breach to them.” 

Haq added that the United Nations is often targeted by cyber-attacks, including sustained campaigns.