| | | | |  | | By Joseph Gedeon | — With help from John Sakellariadis
| | — Internet service in Gaza is partially restored after a blackout, but unlike in Ukraine, Starlink may not be a viable solution for improved connectivity — or for Israeli officials. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I spent this weekend a little way out of town, and some of it was spent trapped in a moonlit corn maze for some sort of Halloweekend activity. It was a way, way better time than I expected. Me and my city-slicking ways have a lot to learn about how the rest of America does Halloween. Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Let’s dive in. Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
| | Department of Homeland Security Science and Technology undersecretary Dimitri Kusnezov, DHS management undersecretary Randolph “Tex” Alles, CISA’s associate chief of strategic technology Garfield Jones and others are joining the DHS’ Strategic Industry Conversation IX on innovation, research and development. Starts at 9:30 a.m. CISA’s executive assistant director for cybersecurity Eric Goldstein is joining the Federal Communications Commission for a joint-agency roundtable on America’s public alert and warning systems. 9:30 a.m.
| | | WISH UPON A STAR(LINK) — Internet connectivity for more than two million people in Gaza has been partially restored after being blacked out by Israeli airstrikes on Friday, but is still far below pre-conflict levels. While the lack of internet connectivity causes heavy disruption to Hamas’ communication technologies, the limited network also severely limits the messages civilians can send out — with experts remarking that network connectivity is not at all sustainable, especially if Israeli bombardments continue. “What we've observed on Friday is the new normal,” Alp Toker, the founder of London-based global internet monitoring group Netblocks, tells Morning Cyber. “This connectivity — which hovers around the 20 percent level — is actually the baseline of infrastructure that is still undamaged and that is now becoming a new kind of flat framework for what is the availability of connectivity.” One potential lifeline for Gaza is Elon Musk's offer of the battle-tested Starlink’s high-speed satellite internet service — but this may not be the fix Gazans are hoping for. — Not up and running: Starlink is not yet fully operational in Gaza, and it’s unclear when it will be. It could be a matter of days, much like for Ukraine in the immediate aftermath of Russia’s invasion, but it’s also not that simple. On Feb. 26, 2022, Ukrainian Minister of Digital Transformation Mykhailo Fedorov tweeted at Musk asking for Starlink terminals, with Musk replying within hours. The first shipment would reach Ukraine before the end of that month and played a vital role in Ukraine’s war effort — providing essential comms infrastructure to both military and civilians. However, the quick work by SpaceX was thanks to prior planning — the company had already been working to launch Starlink services in Ukraine and other places in Europe before the formal request, and had already secured landing rights for the satellites. — Not for everyone: Musk has said that he will only provide the satellite internet service to “internationally recognized” humanitarian aid groups, which means that many other people and groups in Gaza may not be able to access it anyways. That’s likely to include hospitals (that are run by Hamas as the de facto government of Gaza), news media and other organizations. There’s a risk that the connectivity could fall into the hands of Hamas militants, Toker explained, which Israel’s government fears could be used to sow disinformation and propaganda campaigns. While Hamas isn’t known to act through sophisticated cyber operations, Starlink could stamp out that possibility anyway by using precise geolocation tools that filter out connections to make sure only allowed groups are using it. Still, the offer doesn’t sit right with Israeli officials like minister of communications Shlomo Karhi, who posted on X that “Israel will use all means at its disposal to fight this,” and threatened to cut ties with Starlink. — Uncertain future: It’s unlikely the Gaza Strip will achieve full connectivity any time soon, and it's more and more likely that the network will again face total shutdown at some point. An anonymous senior U.S. official told the Washington Post on Sunday that Israel had intentionally shut off communications in Gaza and turned it back on after U.S. pressure.
| | IT’S AI TIME — In a 100-plus-page draft executive order obtained by POLITICO, the Biden administration lays out serious steps to manage the risks of artificial intelligence in critical infrastructure and cybersecurity. The EO comes as Washington becomes increasingly concerned about the potential for AI to be used in malicious attacks, such as developing powerful new cyber weapons or to create and deploy deepfakes ahead of the elections. Here’s what sticks out to us. — Cyber weapons: The order would require companies developing AI models that have the ability to be used for malicious purposes or have access to sensitive data to provide regular reports to the Commerce Department outlining how they are protecting their technology from espionage or digital subversion. It would also require large cloud services providers to notify the government each time a foreign entity rents server space to train a large AI model. — Critical infrastructure: The order paves the way for new federal cybersecurity regulation in critical infrastructure sectors like hospitals, gas pipelines and the electric grid. Agencies with regulatory authority over critical infrastructure will have three months to assess the potential risks related to the use of AI in those sectors. That includes identifying ways in which deploying AI could make critical infrastructure systems more vulnerable to failures or cyberattacks. The order also requires the Department of Homeland Security to develop guidelines for critical infrastructure owners and operators on how to manage AI-specific cyber risks. Those guidelines will be based on existing security guidance and NIST’s AI Risk Management framework. — Advisory committee: DHS will be tasked with establishing an AI safety and security advisory committee that’s expected to be up and running in early 2024. The committee will have to provide advice to the critical infrastructure community on how to improve security, resilience and incident response related to AI usage. The key committee will comprise AI experts from the private sector, academia and the government. — Pilot projects: The order directs the Department of Defense and DHS to carry out operational pilot projects within six months using AI for defensive efforts to identify, test and fix vulnerabilities in critical United States government software, systems and networks.
| | WHITE HOUSE TO UNVEIL RANSOM BAN — The U.S. and dozens of foreign governments will soon issue a joint commitment not to pay ransoms to cybercriminal gangs, a senior administration official told MC. The pledge, John writes in, which represents the latest effort by the White House to tamp down the continued scourge of online extortion, will be unveiled later this week as part of third-ever gathering of the international counter-ransomware initiative in Washington. However, the payment ban will not necessarily include all 48 national governments that are party to the CRI, said the official, who was granted anonymity as a condition of talking about the planning for the summit. “There's still a few nations that have not yet signed up to that statement, but it'll be the vast majority,” the official said. — What else to watch: The CRI, which also counts the EU and INTERPOL among its members, will announce new intelligence-sharing, anti-money laundering and capacity-building initiatives, deputy national security adviser for cybersecurity and emergency technology Anne Neuberger said last week. In addition, there is a push among CRI members to “get as much transparency as possible” around how many ransomware attacks occur within each member country, the official told MC. Many victims do not report attacks due to fear of legal, reputational or regulatory liability, complicating law enforcement’s ability to understand the prevalence of the problem. In addition, members are talking about creating a fund “to assist nations that are in distress,” the official said, and exploring mechanisms to ensure the CRI endures long after the Biden administration, which spearheaded the partnership. “I don't think that the ransomware problem is going away anytime soon,” the official said.
| | | | STEALING FROM AWS — A fast-moving cryptojacking campaign has been targeting exposed Amazon Web Services credentials on GitHub since at least December 2020, according to a new report from Unit 42. Researchers from Unit 42, the threat intelligence arm of Palo Alto Networks, dubbed the operation “EleKtra-Leak” and note attackers have been able to detect and use exposed credentials within five minutes of their initial exposure on GitHub — a show of force that displays how cyber gangs can leverage cloud automation techniques to achieve their cryptojacking dreams. — What’s the damage?: Researchers believe there have been 474 unique miners potentially linked to the attackers who mined Monero, a digital asset with strong privacy controls that mean the exact amount stolen can’t be determined. — How it’s being done: Researchers believe the attackers use automated tools to scan for exposed identity and access management credentials on public GitHub repositories. Once they find a set of exposed credentials, they use them to create EC2 instances (a virtual server that enables you to run applications on AWS infrastructure) that they then use for cryptojacking. The researchers were able to track the criminal movements by automating the creation of randomized AWS and user accounts with targeted overly permissive credentials. ATTACKS BREAKING THROUGH — Security teams are struggling to get ahead of attacks lobbed at their organizations, with reactive measures meaning more than 40 percent of cyberattacks are being treated after their defenses have been successfully penetrated, according to a new report from Tenable. Most cyber professionals in the report say they focus almost entirely on fighting successful attacks rather than working to prevent them in the first place — resulting in only being able to fend off about 57 percent of cyberattacks encountered in the last two years. Cyber professionals claim the reactive stance is largely due to their companies' struggle to get an accurate read of their attack surface. — Greatest exposure point: Seventy-five percent of respondents point to cloud infrastructure as the highest source of risk for most organizations. — Tack on the SEC rules: There are industry and governmental fears that the new SEC rules on cyber risk management and incident disclosure that take effect in December are likely to put even more strain on organizations looking to improve preventive measures. Along with public companies having to disclose serious cyberattacks, there’s a stipulation that they outline their processes for assessing and identifying material risks from cyber threats.
| | | | Now that’s what I call a derailment of duty.
|  | | | TIME’S TICKING — Russian-linked ransomware group LockBit claimed to have hacked Boeing and threatened to leak stolen data by Thursday, reports Stefanie Schappert and Vilius Petkauskas for CyberNews. SCHOOL DISTRICT BREACHED — The Clark County School District in Nevada, the fifth largest in the U.S., is dealing with potential massive data breach after hackers email parents their children's data. Get the details from BleepingComputer’s Lawrence Abrams. ICYMI — StripedFly malware, disguised as a cryptocurrency miner, evaded detection for five years, infecting more than 1 million devices, writes SecurityWeek’s Ionut Arghire. Chat soon. Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com). | | | | Follow us on Twitter | | | | Follow us | | | | |
Comments
Post a Comment