This Week in Cyber Security - June 15, 2023
Another week, another round of news from the cybersecurity world!
There’s never a dull moment in this industry, and last week was no exception.
In last week’s roundup, we talked about cyber warfare—specifically in Russia and Sudan. This week, we have some more stories that have geopolitical significance. And, of course, we talk about AI as well!
War is not all about guns and missiles
Based on a new study published by the Association of Technical Inspection Agencies and Germany’s Federal Office for Information Security, about 11% of companies in Germany were victims of cyberattacks in 2022. But the most interesting data comes from the fact that 58% of the German companies that participated in the survey said that they registered an increased cybersecurity risk following the Russian invasion of Ukraine. As reported by Bloomberg, the increase in hacks for Europe’s largest economy was the most acute for larger companies, the public sector, and healthcare businesses.
Our take: The study highlights how important it is to have a solid cybersecurity infrastructure for a company in 2023. With generative AI becoming more of a part of our lives and phishing emails getting more sophisticated, companies no longer can afford to not be vigilant and need to be more proactive in protecting their digital sphere.
The US is concerned about Chinese cyberattacks
The Director of the US Cybersecurity and Infrastructure Security Agency Jen Easterly has recently declared that China’s cyber-espionage and sabotage capacities are an “epoch-defining threat” when asked about the recently disclosed Chinese infiltration of US military and private sector infrastructure. Easterly said that “It’s going to be very, very difficult for us to prevent disruptions from happening” in the event of a direct conflict between the US and China.
Our take: the statements made by Jen Easterly highlight the importance of fully understanding the geopolitical implications of cyber warfare. While she focuses on China specifically, businesses should be aware of the fact that the threat can originate from any foreign country and cause very significant losses for them.
Google wants to set the standard for a secure generative AI framework
Google is introducing a Secure AI Framework to help make AI technologies more secure by mitigating the associated risks of it, which include theft of the model, data poisoning, malicious inputs through prompt injection, and extracting confidential information. The framework is built around six core principles and aims at building stronger security foundations, extending detection and response, automating defenses, harmonizing the controls of the platforms, and generally contextualizing these systems in existing business processes.
Our take: it’s become very clear that there is a strong need to protect AI systems from being misused and leveraged for malicious purposes. Generative AI is advancing at an exponential pace, which also significantly increases the potential for harm. That’s why developers and businesses need to start implementing robust security measures to mitigate these risks. This framework by Google goes in the right direction and hopefully, it will help to maintain the integrity of these systems while protecting the valuable data and information that is used.
Bloomberg reported that the University of Manchester is investigating a hack. The UK Cyber Security Centre, the Information Commissioner’s Office, and other authorities are helping with the investigation.
Cybersecurity firm Bitdefender warns Minecraft users about malware campaign targeting modpacks and plugins. The software is able to access cryptocurrency wallets as well as Discord, Microsoft, and Minecraft accounts.
Over 5000 people using non-custodial crypto wallet Atomic Wallet were targeted by North Korean hackers. Over $100M were withdrawn according to Elliptic.
As a consequence of the increased number of hacks and cyber attacks, US cyber insurance premiums surged 50% in 2022, reaching a total of $7.2 billion.