Are Governments Planning to Ban AI? Top Cybersecurity News from the Week of May 29th
In this week’s cybersecurity news roundup, we’re turning our focus onto the brewing debate around a potential ban on certain AI applications, addressing recent assaults on critical national infrastructure (CNI) organisations, and important insight into Black Basta’s unrelenting ransomware rampage. Let’s dive into this week’s top cybersecurity stories:
OpenAI CTO’s Twitter compromised to promote a phishing attack
In a worrying turn of events, the Twitter account of OpenAI’s Chief Technology Officer, Mira Murati, was seemingly hijacked with malicious intent. On June 1, a post surfaced on Murati’s feed advertising a purported crypto token coined by OpenAI, a tweet that has since been deleted. The dubious post directed users to a potentially fraudulent website to receive an ‘airdrop’ to their Ethereum addresses.
The site is currently inaccessible, indicating it may have been shut down. Given the rising interest in AI, it’s no shocker that scam artists are capitalizing on the trend. Platforms like Twitter and Facebook continue to grapple with scams and spam, with phishing attacks on the rise and insufficient measures in place to curb them. Alarmingly, even paid advertisements on platforms like Facebook are not exempt from these scams.
Government adviser proposes a potential AI ban
A potential ban on some forms of artificial general intelligence (AGI) has been proposed by a member of the government’s AI Council, Marc Warner, who also leads Faculty AI. Warner suggested to the BBC that AGI needs robust transparency, audit procedures, and additional built-in safety technologies. Decisions regarding these concerns should be made in the next six months to a year, according to Warner.
This announcement comes on the heels of the EU and US jointly advocating for a voluntary AI code of conduct. The AI Council, a body of independent experts advising government and AI leaders, has scrutinized Faculty AI’s political connections, despite its critical role as OpenAI’s sole technical partner and its contribution to predicting NHS service demand during the pandemic.
Warner, who co-signed a warning from the Center for AI Safety about potential threats to humanity posed by AI, believes AGI, unlike “narrow AI”, needs distinctive regulations. He insists that despite potential drawbacks, establishing safety measures could present a competitive advantage for the UK in the technology sector. Critics, however, caution that an excessive focus on AGI could overshadow issues with existing technologies and that overregulation may deter investors and suppress innovation.
Automation giant ABB hit by Black Basta ransomware
ABB, a leading global industrial automation company, has confirmed a data breach attributed to the notorious Black Basta ransomware group. The Swedish-Swiss multinational technology firm acknowledged the attack on its Windows Active Directory on May 7, causing disruption across numerous devices. The details were disclosed a week following the incident.
Initially termed as an “IT security incident”, ABB later provided a comprehensive account in a press release and Q&A document. The company disclosed that an unauthorized entity accessed select ABB systems, deployed non-self-propagating ransomware, and exfiltrated specific data.
Although the incident has been contained, ABB is still evaluating its impact. “All of ABB’s key services and systems are up and running… and the company is further enhancing the security of its systems,” the statement read. ABB assured its customers that there is no evidence their systems were directly affected or product security compromised.
Cybersecurity researcher Kevin Beaumont independently confirmed the attack was the handiwork of the Black Basta ransomware group, stating it was the group’s most significant attack yet. Since its emergence in April 2022, Black Basta has launched attacks on several organizations, including the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, and the industrial division of German company Rheinmetall.
Dark Pink APT continues rampant cyberattacks in 2023
Dark Pink APT, the notorious hacking group, remains rampant in its cyber offensive in 2023, primarily striking governmental, military, and educational entities in Indonesia, Brunei, and Vietnam. Active since mid-2021, the group has mainly been a scourge to the Asia-Pacific region, but only came into the limelight in a January 2023 report by Group-IB.
Despite this exposure, Dark Pink shows no signs of abating. On the contrary, Group-IB has identified at least five attacks attributed to the group following their report. Moreover, recent analyses of the group’s activities have unearthed further breaches, including one against an educational institution in Belgium and a military organization in Thailand.
For more cybersecurity news, insights, and analysis, follow Code Red on Twitter and LinkedIn.