Friday Five: New Threats to Global Workforces, Securing AI, & More

CRITICAL INFRASTRUCTURE OPERATORS’ RESILIENCE WOULD GET FEDERAL ASSESSMENT UNDER NEW BILL BY MATT BRACKEN

The Contingency Plan for Critical Infrastructure Act, introduced by Reps. Dan Crenshaw and Seth Magaziner, would reportedly mandate a report to Congress on the readiness of critical infrastructure sectors to switch to manual operations during a cyberattack. The bill requires the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Emergency Management Agency (FEMA), and other agencies to assess the risks and challenges of transitioning to manual operations. It also calls for evaluations of CISA's and FEMA's capacities, cost analyses, and policy recommendations to ensure continuous operation during cyber incidents. This bipartisan initiative aims to enhance the resilience of vital services like water, energy, and transportation against increasing cyber threats.

Read more

CISA CONDUCTS AI-DRIVEN CYBER TABLETOP EXERCISE WITH GOVERNMENT AND INDUSTRY BY ALEXANDRA KELLEY

CISA recently conducted its first tabletop exercise with over 50 AI experts from the government and the AI industry to understand and mitigate digital threats to AI systems. Led by the Joint Cyber Defense Collaborative, the four-hour drill simulated a cybersecurity incident targeting an AI-enabled system, focusing on incident response and collaboration. Participants practiced handling a scenario where hackers bypassed an AI defense in an email system. The exercise aimed to raise awareness of AI-related cyber threats, assess current responses, and set information-sharing priorities. Outcomes will inform a playbook for AI-based cyberattack responses, with a follow-up exercise planned. Notable participants included Amazon, Microsoft, OpenAI, and several federal agencies.

Read more

CHINESE-ALIGNED HACKING GROUP TARGETED MORE THAN A DOZEN GOVERNMENT AGENCIES, RESEARCHERS FIND BY AJ VICENS

A Chinese-speaking cyberespionage group, dubbed "SneakyChef," has targeted the foreign ministries and embassies of at least nine countries in Africa, the Middle East, Europe, and Asia, including Angola, Turkmenistan, Kazakhstan, India, Saudi Arabia, South Korea, Uzbekistan, the U.S., and Latvia. Researchers revealed that SneakyChef uses the SugarGh0st remote access tool and a new trojan dubbed SpiceRAT to infiltrate government agencies, employing non-public government documents as lures to gain access. These operations reflect a rapidly evolving and aggressive hacking effort focused on key geopolitical areas. While there is no definitive link to a specific government agency, the activities align with patterns seen in Chinese state-sponsored groups. The group's recent activity includes targeting U.S. organizations involved in AI, using lures related to high-profile international relations.

Read more

SCATTERED SPIDER PIVOTS TO SAAS APPLICATION ATTACKS BY JAI VIJAYAN

Recent cyberattacks on Snowflake accounts highlight a shift toward targeting SaaS environments. The threat group UNC3944, also known as Scattered Spider, has expanded its focus from Microsoft cloud and on-premises infrastructure to SaaS applications over the past 10 months. This group, linked to multiple high-profile ransomware attacks, uses SIM-swapping and sophisticated social engineering to gain access. They exploit single sign-on (SSO) systems to infiltrate various SaaS platforms and create persistent access through virtual machines. Experts recommend enhanced monitoring, MFA for VPN access, and strict conditional access policies to mitigate these threats.

Read more

'ONNX' MFA BYPASS TARGETS MICROSOFT 365 ACCOUNTS BY ELIZABETH MONTALBANO

A phishing-as-a-service operation dubbed 'Darcula,' targeting Microsoft 365 accounts in financial firms, has been found using advanced tactics like 2FA bypass, QR codes, and typosquatting. Researchers found that the campaign, which is linked to the ONNX Store platform, targets banks and financial institutions globally. Attackers use QR codes in emails to direct victims to phishing sites that mimic Microsoft 365, capturing credentials and 2FA codes in real-time, while the ONNX kit employs encrypted JavaScript for evasion. Researchers suggest blocking suspicious PDFs, educating employees, and using security tools like FIDO2 keys and DNSSEC to mitigate these threats.

Read more