Trending Topics Cybersecurity – August 2023

Artificial intelligence (AI) is both a curse and a blessing: On the one hand, AI systems are being used successfully in many industries to optimize processes and automate procedures. On the other hand, cybercriminals are also increasingly using intelligent systems to set up phishing campaigns without much effort or to create deceptively genuine copies of websites to tap user data.

A British research team has now analyzed the enormous damage potential of AI systems. Using deep-learning models, the group succeeded in stealing passwords based on typing sounds on the keyboard – with an accuracy of 95 percent. The method also works remotely with similarly high success rates. The researchers were able to determine password entries in video conferences with an accuracy of 93 percent. Such acoustic attacks are particularly critical in light of the sharp increase in remote activity among many employees since Corona.

OWASP Top 10 for AI

The OWASP (Open Worldwide Application Security Project) team of experts also looked at AI systems, or more precisely LLMs (Large Language Models). The security researchers examined the risks for LLM systems and summarized them in a top 10 ranking list. In addition to technical vulnerabilities such as “Insecure Plugin Design”, this also includes conceptual sources of error. For example, attackers can use “model denial of service” to make targeted, resource-intensive requests to LLM systems to overload the servers behind them or to provoke particularly high operating costs – the approach is thus similar to classic DDoS attacks, which aim to paralyze web servers.

In a recent survey, the analysis firm Gartner also highlights the risks resulting from the mass availability of generative AI. According to Gartner, the main problems for companies in this context are in the areas of copyright, data protection and cybersecurity. For example, it is currently almost impossible to ensure that intellectual property is not transferred from the internet into the training databases from AI solutions. Similarly, there is a risk of sensitive or personal information as well as trade secrets being leaked by generative AI tools. And the fact that cybercriminals are using the new solutions as a tool for attacks, malicious code and misuse has already been observed several times.

The top IT security topics in August

IT security trends

Federal situation report on cybercrime: around 137,000 cases recorded by the police in 2022

Despite a decline of 6.5 percent compared to the previous year, the Federal Criminal Police Office (BKA) expressly does not see a trend reversal in the number of cases. Especially since the authority estimates the dark field at up to 90 percent. This means that for every ten cases, only one is reported to the police. In addition, the BKA statistics do not record attacks carried out from abroad.

OWASP Top 10 for LLM launched: These risks threaten AI systems

For the first time, OWASP has examined the biggest security vulnerabilities of large language models (LLMs). The new ranking includes prompt injection, training data poisoning and model denial of service risks. Among the best-known LLMs at risk of such threats is OpenAI's GPT-3.5, which underlies ChatGPT.

NIS-2 Quick-Check: Online Tool Checks Compliance in Just a Few Steps

NIS-2 defines new scopes and stricter IT security requirements for operating companies. From October 2024, the number of affected companies will increase immensely. Companies can now check whether they are individually affected using an interactive online tool from the compliance experts at Reuschlaw. In just a few steps, the application provides an initial assessment of the applicable compliance requirements. In addition, the website serves as an info hub with the most important information about NIS-2.

AI can identify passwords by typing sounds

Security researchers have succeeded in using an AI solution to identify password entries based on keyboard typing sounds with an accuracy of 95 percent. Even when the sounds are transmitted by common video conferencing solutions, the method is said to allow passwords to be detected with a hit rate of 93 percent.

Critical infrastructure at risk due to security vulnerabilities in control systems

Security researchers have discovered a total of 15 serious vulnerabilities in the Codesys V3 software development kit (SDK). Attackers could exploit these to launch DDoS attacks or execute malicious code. Allegedly, confidential information could be stolen or even entire power plants could be shut down. Security patches are available.

Gartner survey: AI solutions as a risk for companies

A recent Gartner survey of Senior enterprise risk executives found that generative AI is increasingly seen as a risk for enterprises. Particularly regarding copyright, data protection and cybersecurity, risks arise from the new technology, according to Gartner.

Cybercrime

Cyberattack affects patient care at U.S. hospital

The critical cyberattack on Waterbury Health's systems caused outages in several areas of the hospital – outpatient and inpatient – earlier this month. Areas affected included diagnostic radiology, blood draw areas and the hospital's cardiopulmonary rehab center. Until the facility's systems are up and running again, doctors will have to rely on analog paper records. Currently, the problems are ongoing (as of Aug. 22, 2023).

Health data of millions leaked via MOVEit breach

Over 4 million people informed the Department of Health Care Policy and Finance (HCPF) in Colorado, USA, about the uncontrolled data leak of their health information. The attackers apparently used the MOVEit vulnerability to access the sensitive data from the department's systems.

U.S. authorities warn U.S. space industry against cyber espionage

Foreign cyber actors are targeting U.S. space technology. That's according to a joint warning from the FBI, the National Counterintelligence and Security Center (NCSC) and the Air Force Office of Special Investigations (AFOSI).

LinkedIn accounts targeted by cybercriminals

According to media reports, compromises of LinkedIn accounts are currently on the rise. Cyber criminals are taking over the accounts of users of the business network and in some cases demanding ransoms to release the accounts. Anyone who does not respond to the attackers' demands risks having their account permanently deleted. In this context, the German Federal Office for Information Security (BSI) advises the use of two-factor authentication (2FA) to proactively protect online accounts from such attacks.

Israeli hospital blackmailed with data from politicians

Cybercriminals are threatening the Mayanei Hayeshua Medical Center (MHMC) hospital in Bnei Berak, Israel, with the release of sensitive health data of well-known politicians. The information is said to be confidential medical records of prime ministers, members of parliament, high-ranking rabbis and other well-known public figures. The perpetrators are demanding a ransom of tens of millions of shekels (4 shekels equals about 1 euro). The sensitive information was captured during a ransomware attack.

Cyber activists launch attacks against Japanese nuclear power companies

The international cyber collective Anonymous has launched DDoS attacks against the web portals of various Japanese nuclear power companies in protest against the planned discharge of radioactive cooling water from the damaged Fukushima nuclear power plant into the sea. The Japan Atomic Energy Agency, Japan Atomic Power, and the Atomic Energy Society of Japan were affected.

Best Practice, Defense & Mitigation

How the FBI tackles DDoS-for-hire services

In an interview at the Black Hat cybersecurity conference in Las Vegas, FBI agent Elliott Peterson explains how the U.S. agency successfully cracked down on dozens of DDoS-for-hire portals last December. Cybercriminals can book DDoS attacks as a service on these websites and thus launch attacks without having any special technical knowledge or the necessary hardware.

NIS2UmsuCG makes cybersecurity a top priority

The planned implementation law of the NIS-2 directive poses a major challenge for many affected companies in Germany: stricter requirements, wider scope and more critical consequences need to be addressed. Compliance specialist Dennis-Kenji Kipker provides an outlook on the state of affairs.

Getting started with information security: BSI publishes checklists for municipalities

The BSI has published 18 checklists for getting started with information security as a community draft as part of its “Way to Basic Assurance” (WiBA) project. Municipalities are invited to provide feedback on the structure and content of the checklists. These include test questions and implementation aids for technical and organizational protection measures, such as for server systems or backups.

International investigators seize hosting servers from cybercriminals

European and US law enforcement agencies have cooperated to cripple the servers of Lolek Hosted hosting service and arrested five operators of the service. Lolek Hosted was used by cybercriminals for various activities such as DDoS attacks, botnet server management or even spam distribution.

Things to know

What is an SSL/TLS certificate?

An SSL/TLS certificate is a record that contains all the information needed to verify the authenticity of a web server using cryptographic methods. Its purpose is to ensure that the operator of a website is really who he claims to be.