Welcome to our weekly dose of critical cyber stories. So what are the top cybersecurity stories from June 2023?
This month, we dive into the heart of chaos and order, where devastating ransomware attacks shook the digital landscape while promising advancements in AI regulations provided a glimmer of hope. From the complexities of cyber threats to the intricacies of legislative progress, this roundup delivers the key insights you need to navigate the rapidly shifting sands of cybersecurity.
U.S. DOE Among Targets in Global Hack Exploiting File-Transfer Software
The U.S. Department of Energy (DOE) and several other federal bodies have fallen victim to a far-reaching hacking campaign exploiting a vulnerability in the widely used file-transfer software, MOVEit Transfer. Two DOE divisions, the Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, reported compromised data.
Additionally, British energy giant Shell, the University System of Georgia, Johns Hopkins University, and its associated health system confirmed breaches. This hacking spree highlights the growing list of infiltrated organizations across the globe, attacked via the MOVEit Transfer software flaw only discovered last month by software maker Progress Software.
EU Advances AI Regulation, Targets Biometric and Generative AI
The European Union lawmakers have advanced a pivotal draft legislation, the AI Act, marking a significant stride towards regulating artificial intelligence (AI) in the region. If enforced, the law would prohibit the use of real-time and remote biometric systems, such as facial recognition, along with devices demonstrating cognitive behavioral manipulation.
The law also targets the classification of individuals based on personal or socio-economic characteristics. Furthermore, high-risk AI technologies will be required to register in an EU database. This includes AI systems for biometric identification and law enforcement use. The latest version of the AI Act also stipulates requirements for generative AI companies, compelling them to disclose AI-generated content and ensure the prevention of illegal content generation.
Chilean Army Network Breach: Rhysida Ransomware Strikes
The Rhysida ransomware group recently unveiled what they claim are stolen documents from the Chilean Army’s network. The leak followed the army’s confirmation of a security incident on May 29, leading to the network’s isolation and initiation of system recovery. Local reports reveal that an army corporal has been arrested in connection with the attack.
Subsequently, the Rhysida ransomware gang declared that they have published 30% of the purportedly pilfered data from the Chilean Army’s network. The group, first identified on May 17, 2023, presents itself as a “cybersecurity team,” and is reported to compromise networks through phishing attacks, deploying Cobalt Strike or similar frameworks to disperse their payloads across breached systems.
NCSC Chief: AI Must Be ‘Secure by Design
National Cyber Security Centre (NCSC) CEO Lindy Cameron underscored the necessity of incorporating security into AI technologies from their inception in her address at the Chatham House Cyber 2023 conference. She urged against the creation of systems susceptible to attacks, a key consideration for AI development across public services, defence, and other sectors.
Cameron highlighted that security should not be retrofitted later, nor should users bear the sole risk burden. Like other Five Eyes security alliance members, she backed a ‘secure by design’ approach, wherein vendors integrate cybersecurity into their technologies and supply chains from the beginning. She cautioned that if AI developers do not anticipate potential attacks and find mitigation methods, vulnerabilities may be integrated into future AI systems.
Pro-Russian Hackers Threaten Western Financial System
Pro-Russian hacking groups Killnet, REevil, and Anonymous Sudan are reportedly uniting to launch a substantial cyberattack on the Western financial system, with the SWIFT wire transfer system as a primary target, according to CyberKnow. Formed via underground hacking forums, the groups aim to disrupt the flow of Western aid to Ukraine.
Alleged big campaign from #killnet, AS Sudan and claimed REvil members targeting western finance systems killnet has recently restructured, rumours about ransomware operators being involved but nothing confirmed#cybersecurity #infosec #RussiaUkraineWar #UkraineRussiaWar️ #USA pic.twitter.com/VhrbufiQtY
— CyberKnow (@Cyberknow20) June 14, 2023
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) system, powering most international money and security transfers, is central to their plan, the disruption of which could severely impact the Western financial system. Other targets include European and US banks and the US Federal Reserve System. Notably, REvil, infamous for last year’s Medibank data breach compromising nearly 10 million Australian health records, lead this operation, with backing from Killnet. Their threats necessitate serious attention, given their past exploits.
For more cybersecurity news, insights and analysis, follow Code Red on Twitter and LinkedIn.