Tag Archive for: poses

Daixin ransomware poses critical threat to healthcare, says AHA cyber chief

/in


The American Hospital Association’s senior advisor for cybersecurity said the Daixin ransomware poses a significant risk to the healthcare sector. (U.S. Air Force)

Reports consistently note the rising risk to patient safety after a ransomware attack. But the most pressing variant facing healthcare is Daixin, a technologically advanced, stealthy, and long-lasting malware attributed to China, according to American Hospital Association’s Senior Advisor for Cybersecurity and Risk John Riggi.

Riggi spoke to sector leaders during a University of California San Francisco Stanford Center of Excellence in Regulatory Science and Innovation discussion on Tuesday, outlining the risk areas providers should be working to address into the foreseeable future.

He also had a stern warning for provider organizations still dragging their feet on implementing multi-factor authentication across the enterprise, particularly as threat actors continue to target critical infrastructure and supply chain partners in force.

“If we’re not doing MFA at this point, it would be hard to defend both civilly and regulatory the actions against you as it is a very, very basic technique at this point,” said Riggi. “The White House has implored us to implement basic cybersecurity procedures, which alone at a very low costs could prevent a significant portion of ransomware attacks.”

MFA should be at the top of the list for securing all remote access points into the organization, as the threat of ransomware and other cyberattacks continue to plague the sector and cyber insurance becomes less and less of a guarantee, he added.

Versions of Daixin have been used in attacks in various forms over the last decade, with researchers observing a resurgence of a refined variant in February 2022. Symantec described the threat “as the most advanced piece of malware” they’d ever seen from China-backed attackers. Daixin is used in both “smash-and-grab operations” and for stealthy operations.

The most prevalent goal of these attacks appears to be espionage, hijacking legitimate TCP/IP service and listening on port 80 for traffic patterns it can interpret as commands.

In healthcare, Daixin has claimed multiple victims that…

Source…

Viral ChatGPT poses propaganda and hacking risks, researchers warn

/in


Ever since OpenAI’s viral chatbot was unveiled late last year, detractors have lined up to flag potential misuse of ChatGPT by email scammers, bots, stalkers and hackers.

The latest warning is particularly eye-catching: It comes from OpenAI itself. Two of its policy researchers were among the six authors of a new report that investigates the threat of AI-enabled influence operations. (One of them has since left OpenAI.)

“Our bottom-line judgment is that language models will be useful for propagandists and will likely transform online influence operations,” according to a blog accompanying the report, which was published Wednesday morning.

Concerns about advanced chatbots don’t stop at influence operations. Cybersecurity experts warn that ChatGPT and similar AI models could lower the bar for hackers to write malicious code to target existing or newly discovered vulnerabilities. Check Point Software Technologies Ltd., an Israel-based cybersecurity company, said attackers were already musing on hacking forums how to re-create malware strains or dark web marketplaces using the chatbot.

Several cybersecurity experts stressed that any malicious code provided by the model is only as good as the user and the questions asked of it. Still, they said it could help less sophisticated hackers with such things as developing better lures or automating post-exploitation actions. Another concern is if hackers develop their own AI models.

WithSecure, a cybersecurity company based in Helsinki, contends in a new report also out Wednesday that bad actors will soon learn how to game ChatGPT by figuring out how to ask malicious prompts that could feed into phishing attempts, harassment and fake news.

“It’s now reasonable to assume any new communication you receive may have been written with the help of a robot,” Andy Patel, intelligence researcher at WithSecure, said in a statement.

A representative for OpenAI didn’t respond to a request for comment, nor did the researchers for OpenAI who worked on the report on influence operations. The FBI, National Security Agency and National Security Council declined to comment on the risks of such AI-generated models.

Kyle Hanslovan, who used to create…

Source…

New Botnet Targeting Minecraft Servers Poses Potential Enterprise Threat

/in


The persistence and spread of a newly identified botnet targeting private Minecraft Java servers has far wider ramifications for enterprises than bumming out a Biome.

Microsoft researchers revealed in a report published Dec. 16 that this new botnet is used to launch distributed denial-of-service (DDoS) attacks on Minecraft servers, which might sound like kid stuff. But enterprises should take note because of the botnet’s ability to target both Windows and Linux devices, spread quickly, and avoid detection, the Microsoft team added.

It starts with a user downloading a malicious downloads of “cracked” Windows licenses.

The botnet spreads by enumerating default credentials on internet-exposed Secure Shell (SSH)-enabled devices,” the Defender team reported. “Because IoT devices are commonly enabled for remote configuration with potentially insecure settings, these devices could be at risk to attacks like this botnet.

The threat researchers suggest that organizations harden their device networks against these kinds of threats.

The group’s analysis revealed most of the infected devices were in Russia.

Enterprises Beware

Factors including the sheer number of potential server targets and the general lack of cybersecurity protections on private Minecraft servers make this botnet something security teams should take seriously, Patrick Tiquet, vice president of security architecture at Keeper Security, tells Dark Reading.

“The concern in this scenario is that there are a large number of servers that can potentially be compromised and then weaponized against other systems, including enterprise assets,” Tiquet explains. “Gaming servers such as Minecraft are typically managed by private individuals who may or may not be interested in or capable of patching and following cybersecurity best-practices. As a result, this vulnerability could continue unmitigated on a large scale for an extended period of time and could potentially be leveraged to target enterprises in the future.”

Beyond this particular malware, Microsoft’s recommendations are a good idea for protecting the enterprise from all sorts of botnets besides just the Minecraft-focused sort, according to Vulcan Cyber’s Mike Parkin.

They’re…

Source…

How the Internet of Things poses threats to journalists

/in






“And far away, as Frodo put on the Ring […] The Dark Lord was suddenly aware of him, and his Eye piercing all shadows looked across the plain to the door that he had made […] and all the devices of his enemies were at last laid bare.” – J.R.R. Tolkien, “The Return of the King

“You hereby grant Ring and its licensees an unlimited, irrevocable, fee free and royalty-free, perpetual, worldwide right to use, distribute, store, delete, translate, copy, modify, display, and create derivative works from such Content that you share through Services.” – Amazon Ring, Terms of Service (as of Oct. 5, 2022)

There is plenty of research showing that many journalists have insufficient support, inadequate training and incalculable numbers of adversaries looking to cause digital harm. Most journalist cybersecurity guidance focuses on legacy devices — laptops, tablets and phones. While these threats are by no means over (spyware, for example, is still very much a concern), it is important to acknowledge and address the invasion of newer networked technologies all around us, such as Amazon Alexa devices and smart light bulbs.

In a previous article for The Journalist’s Resource, I wrote about the multiplying numbers of consumer Internet of Things (IoT) devices in private and public spaces and the threat that they pose to journalists’ security. This article further categorizes threats to journalists from the IoT, pairing example threat-types in each category with descriptions of potential consequences. The information presented here is based on a forthcoming paper in Springer’s Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media. Rather than providing an exhaustive or overly-technical list of potential threats, this system represents an initial step toward illustrating new and upcoming threats. It is designed to appeal to a narrative-driven audience, such as the media, to help them navigate the uncertainty that shrouds IoT threats, such as surveillance

My goal is to give journalists ways to understand these threats, to easily communicate them to their…

Source…