Your Daily Decrypt

8/02/2023 - Today’s news and insights for cybersecurity pros and leaders

📸 Cybersecurity Snapshot

In the midst of a turbulent technology market, one sector stands tall: Cybersecurity.

Imagine a skyrocketing line chart — that's the global demand for cybersecurity professionals. Starting from a humble one million openings in 2013, job vacancies surged by a staggering 350%, reaching a peak of 3.5 million in 2021. Despite the waves of change lashing the tech world, this peak has remained steady through 2023, showing the resilience and ongoing demand in the cybersecurity sector.

While tech is tightening their belts, laying off more than 300,000 employees in the past two years, the cybersecurity industry has hung out a gigantic "Help Wanted" sign. With over 750,000 positions open in the U.S. alone, the message is clear: there's a gold rush happening in the realm of cybersecurity.

But don't expect this tide to recede anytime soon. Industry forecasts predict that the ocean of opportunities in cybersecurity will continue to swell, with the job gap expected to persist until at least 2025.

Despite the stormy weather in the broader tech industry, cybersecurity remains an island of opportunity with near-zero unemployment. As the tech industry navigates through these challenging times, one thing is clear — every IT position now comes with a "must-have" skill: cybersecurity expertise.

📰 Top Stories

Meta's subsidiaries, Onavo and Facebook Israel, have been ordered to pay $14 million for undisclosed data collection practices related to a discontinued VPN. Australian courts found that the app, despite promising user data would only be used for product provision, was sending user data to Facebook, including information about location, app usage, and browsing history. This data was utilized for advertising, marketing activities, and the development of commercial strategies. Critics argue that these fines are insufficient deterrents, merely viewed as the cost of doing business by large corporations like Meta.

Cloudzy, an obscure American internet hosting company, is suspected of providing a platform for cybercriminals and nation-state hackers, as well as a sanctioned spyware vendor, according to cybersecurity firm Halcyon. The firm's analysis suggests that Cloudzy, likely a front for a Tehran-based company named abrNOC, either knowingly or unknowingly supports illegal digital activity tied to several countries including China, Iran, and Russia. Cloudzy's infrastructure has also been connected to Candiru, an Israeli spyware vendor sanctioned by the U.S. government. Halcyon's investigation revealed that a significant portion of the activity leveraging Cloudzy's services is malicious in nature.

Researchers from Carnegie Mellon University have discovered a method of 'adversarial attack' that can bypass the defenses of advanced AI chatbots like ChatGPT, prompting them to generate responses they are programmed to avoid. By adding a specific string of information to a prompt, the researchers could nudge the AI towards producing disallowed responses, revealing a fundamental weakness in AI systems' security. These adversarial attacks were found to work on multiple commercial chatbots, including Google's Bard and Claude from Anthropic, highlighting a larger issue in the field of AI security. Companies have patched against these specific exploits, but a generalized solution remains elusive.

Walmart, along with other organizations such as Mastercard, Google, and Microsoft, are seeking to address the cybersecurity workforce gap in the US, which the White House estimated at 411,000 unfilled jobs in 2022. Walmart is now removing college education requirements for cybersecurity roles, aiming to find non-traditional "geniuses" who can help combat cybercrime. The company is also offering programs to teach current employees the necessary skills to transition into cybersecurity roles. The government is contributing to these efforts by offering scholarships to students interested in the field.

🚨 Threat Alerts

The US military is grappling with the persistent Chinese cyber operation, Volt Typhoon, as well as an internal breach impacting the Air Force and possibly the FBI. The Chinese malware, far more pervasive than initially suspected, lurks within critical networks supplying US military bases and could disrupt essential infrastructure in the event of a conflict. Concurrently, an insider attack at the Air Force has compromised communication systems at 17 facilities. As the military seeks to mitigate these threats, the wider business and civilian world also face potential exposure to the Volt Typhoon malware, underscoring the interconnectedness of cybersecurity risks.

As generative AI tools like ChatGPT become increasingly accessible, hackers are exploiting these capabilities to accelerate their cybercrime activities, warns the FBI. From refining scamming techniques to planning more devastating terror attacks, the misuse of AI chatbots has raised significant concerns. The FBI anticipates this trend to rise as AI continues to democratize. However, some cyber experts argue that the AI chatbot threat exaggerated, pointing out that many hackers lack the necessary skills to bypass chatbot safeguards and that malware code generated by chatbots is generally subpar. With OpenAI discontinuing its plagiarism detection tool, the unfolding situation raises questions about the future of cybersecurity in an AI-dominated landscape.

A new phishing method leveraging Google's Accelerated Mobile Pages (AMP) is successfully targeting enterprise-level employees by hosting malicious web pages on trusted Google domains. These domains are utilized in phishing emails aiming to steal login credentials, proving hard to detect due to their legitimate Google host. The phishing campaigns, first observed in May 2023, have used a range of evasive techniques, including URL redirection and image-based emails, to bypass security infrastructure. While companies can block known exploits, the adaptive nature of such phishing campaigns makes comprehensive protection challenging.

Canon has alerted users of a flaw in their inkjet printers that fails to erase Wi-Fi settings from device memory during initialization, potentially exposing sensitive information to unauthorized users. This could enable malicious parties to access the user's network, compromise shared resources, and launch further attacks. To mitigate the risk, Canon advises users to manually reset their Wi-Fi settings before allowing third parties access to the printer and to keep printers on isolated networks. Canon also recommends applying available firmware updates and disabling unnecessary services.

🚨 Regulatory Updates

Shaking up the corporate world, the SEC has rolled out new rules demanding prompt disclosure of material cybersecurity incidents by public companies. This development not only heightens transparency, but also compels companies to make regular revelations about their cybersecurity risk management strategies. However, the regulation's aggressive timelines have sparked concerns, with critics citing potential market mispricing and investor confusion. The new mandate underscores the escalating importance of cybersecurity in the corporate arena.

FBI Director Christopher Wray has stressed the vital need for Congress to reauthorize Section 702 of the Foreign Intelligence Surveillance Act amidst heightened scrutiny and criticism. Despite some claiming the legislation has been used inappropriately, Wray insists the act is critical for national security and has been instrumental in combating sophisticated cyber threats, including the successful identification and prevention of various ransomware attacks. Wray also highlighted the escalating threats posed by AI and machine learning technologies, which are becoming tools of choice for malicious actors, particularly in nations such as China.

👀 Curated Finds

WormGPT is a chatbot designed to assist cybercriminals. Its developer is selling access to the AI on a popular hacking forum. WormGPT doesn't have any guardrails preventing it from responding to malicious requests. It allows its users to do anything blackhat related, for example, it can produce malware and provide tips on crafting malicious attacks. Access to WormGPT currently costs 60 Euros per month, or 550 Euros per year.

The Privacy Commissioner in New Zealand has expressed frustration after being informed through the media about a significant privacy breach involving the email addresses of 147 firearms owners. The breach occurred when the Firearms Safety Authority mistakenly pasted a list of email addresses in the carbon copy (cc) field instead of the blind carbon copy (bcc) field. While the police acted promptly, notifying the affected individuals within minutes of the breach, the Privacy Commissioner was not formally notified until the following day. The commissioner will now request assurances from the Firearms Safety Authority that they have robust systems and processes in place to protect sensitive personal information.

Thank you 🙏
Ali Abidi