Yazılar

Biden to Order Tougher Cybersecurity Standards Amid Growing China Hacking Threat

/in /tarafından

President Joe Biden is preparing to issue an executive order aimed at enhancing cybersecurity standards for federal agencies and contractors, as part of efforts to combat the escalating threat of cyberattacks linked to China and cybercriminal organizations. The new executive order, expected to be published in the coming days, seeks to address several high-profile cyberattacks attributed to China, targeting critical infrastructure, government agencies, major telecom firms, and most recently, the U.S. Treasury Department. While the U.S. government has attributed these hacks to China, Beijing has consistently denied involvement.

The proposed order emphasizes stricter standards for secure software development, including the need for vendors to provide detailed documentation that verifies adherence to these standards. The Cybersecurity and Infrastructure Security Agency (CISA) will be tasked with evaluating and validating this documentation through its software attestation program. Vendors whose software fails validation may face further legal action, as per the draft.

Tom Kellermann, Senior Vice President of Cyber Strategy at Contrast Security, expressed support for the effort to push for more secure software development but warned that the proposed attestation process might not go far enough. Kellermann pointed out that the timeline outlined in the order appears arbitrary given the urgency of the threat posed by China, Russia, and cybercriminal syndicates. “They’re already here,” Kellermann said, stressing the ongoing cyberattacks against U.S. critical infrastructure and government agencies, which have been fueled by foreign state actors.

The executive order also includes guidelines for the secure management of access tokens and cryptographic keys used by cloud providers. In 2023, Chinese-linked hackers exploited vulnerabilities in this area to access email accounts belonging to senior U.S. government officials, an issue that was highlighted by Microsoft.

Brandon Wales, Vice President of Cybersecurity Strategy at SentinelOne, acknowledged that the order builds on efforts from the past five years to strengthen cybersecurity capabilities, and emphasized that the Chinese threat is a major focus. However, he also noted that the U.S. faces a broad range of cybersecurity challenges that require ongoing attention.

The White House has declined to comment on the forthcoming order, and CISA did not respond to requests for comment.

 

US Removes Malware Allegedly Planted by Chinese-Backed Hackers

/in /tarafından

The U.S. Justice Department announced on Tuesday that it had successfully removed malware, known as “PlugX,” from over 4,200 computers that had been targeted by a group of hackers linked to the Chinese government. The malware, which had been used to steal sensitive information, was installed through infected USB devices by a group identified as “Mustang Panda” or “Twill Typhoon.”

The hackers, allegedly backed by the Chinese government, used PlugX for cyber-espionage, affecting thousands of computers globally. According to U.S. prosecutors, the Chinese government paid the Mustang Panda group to develop the malware. The hacking campaign has been active since at least 2014, targeting computers in the U.S., Europe, and Asia, as well as those belonging to Chinese political dissidents.

Cybersecurity company Sekoia traced the command-and-control infrastructure for PlugX and collaborated with French law enforcement to seize control of it in July 2024. In coordination with French authorities, the FBI identified devices in the U.S. affected by the malware and worked to send self-delete commands to remove it from those devices.

The operation marks a significant step in international cooperation to counteract cyber threats linked to state-sponsored hackers, with U.S. officials emphasizing the importance of protecting critical infrastructure from such sophisticated attacks.

 

eBay and Beazley Allegedly Targeted by Sophisticated AI-Generated Phishing Scams

/in /tarafından

eBay and several other companies are reportedly facing an uptick in personalized phishing attacks targeting high-level executives. These scams, which are increasingly difficult to detect, are being powered by artificial intelligence (AI) systems designed to make the fraudulent emails appear more human-like. Unlike typical scam messages, which often have obvious signs of deceit, these AI-generated phishing attempts are carefully crafted to bypass traditional security filters. The attackers are using AI to scrape and analyze data from various sources, allowing them to tailor messages with specific personal details that make the emails seem more credible and harder to identify as scams.

The rise in AI-driven phishing attacks has raised concerns across multiple industries, with companies like eBay and Beazley reporting a significant increase in the frequency and sophistication of these fraudulent emails. According to a report from the Financial Times, these phishing attempts are being directed at executives, making them more targeted and harder to defend against. The personal information included in the emails is not random but is reportedly drawn from various public and private data sources, increasing the likelihood of successful manipulation.

Kirsty Kelly, Beazley’s chief information security officer, discussed the troubling nature of these attacks, explaining that the emails’ personal touch suggests the use of AI. Kelly highlighted that the sophistication of these scams implies that attackers have gathered substantial amounts of data about the company’s executives. This data collection likely includes details from social media, public records, and possibly previous data breaches, all of which are used to make the phishing attempts more convincing.

The development of AI-powered phishing scams marks a new chapter in cybersecurity challenges, as traditional security measures are proving insufficient to handle these advanced threats. Organizations are now being forced to reevaluate their security protocols and invest in more sophisticated defenses that can detect these highly personalized attacks. As AI continues to evolve, so too will the tactics used by cybercriminals, making it crucial for companies to stay ahead of these emerging threats.