Friday Five: AI Threats and Vulnerabilities, the Zero-Day Problem, MFA Fatigue, & More
Contact Us | |
Free Demo | |
Chat | |
While research suggests cybersecurity measures are mitigating Zero Day threats more effectively, threat actors are getting better at exploiting the threats that remain. Meanwhile, cyber threats related to AI continue to emerge, and CISA is refining its incident reporting requirements. Get up to speed on these stories and more in this week's Friday Five.
ZERO-DAY BONANZA DRIVES MORE EXPLOITS AGAINST ENTERPRISES BY BECKY BRACKEN
While recent research suggests consumer platforms are seeing a payoff in their cybersecurity investments, vendors are responding more quickly to in-the-wild exploits, and the number of zero days discovered each year is improving, the 50% spike in exploited zero-day vulnerabilities in 2023 compared to 2022 is attributed to the escalating cybersecurity arms race and organizations' complex attack surfaces. Cybercrime groups, particularly state-backed ones like APTs from China, focus on exploiting security software for espionage purposes, while financially motivated attacks have decreased. This trend is expected to persist, driven by both enterprise investments in cybersecurity tools and sophisticated zero-day hunting by nation-states.
SOME BANKS MOVING TOO SLOW TO ADDRESS AI-POWERED CYBERTHREATS, TREASURY SAYS BY DAVID DIMOLFETTA & ALEXANDRA KELLEY
The Treasury Department's recent report warns that some financial institutions are lagging in adopting adequate risk management frameworks to counter AI-driven cybersecurity threats. Hackers are leveraging AI-powered tools, like chatbots and voice cloning, to enhance cyberattacks, such as phishing campaigns and malware distribution. While some firms share threat information with cybersecurity vendors, those same firms are often hesitant to share fraud protection data with each other, “likely [affecting] smaller institutions more significantly than larger institutions.” The report emphasizes the need for data protection measures throughout AI systems' development and production cycles to prevent data poisoning, leakage, and integrity attacks. Financial regulators are increasingly concerned about AI's integration into investment services, with the SEC implementing rules for firms to disclose cyber incidents promptly.
THOUSANDS OF SERVERS HACKED IN ONGOING ATTACK TARGETING RAY AI FRAMEWORK BY DAN GOODIN
An ongoing cyberattack campaign targeting vulnerabilities in the Ray computing framework used by major organizations like OpenAI, Uber, and Amazon has led to the compromise of thousands of servers. Ray's lack of authentication in the default configuration of its Jobs API programming interface facilitates unauthorized access, reportedly leading to the tampering of AI models, stolen network credentials, and the installation of cryptocurrency miners and remote control tools. Anyscale, the developer of Ray, disputes the vulnerability but plans to introduce authentication measures. Critics argue that inadequate security configurations have left many Ray instances exposed, emphasizing the importance of proper setup and vigilance against attacks.
RECENT ‘MFA BOMBING’ ATTACKS TARGETING APPLE USERS BY BRIAN KREBS
Apple customers have reported being targeted by sophisticated phishing attacks exploiting a potential bug in Apple's password reset feature. Victims are bombarded with system-level prompts on their devices, hindering their use until they respond to each prompt. After declining multiple password reset requests, victims receive spoofed calls from scammers posing as Apple support, aiming to obtain a one-time code for account access. Entrepreneurs and security experts have shared their experiences with these attacks, highlighting the need for improved security measures from Apple. Although Apple has not responded to inquiries, users can take steps to mitigate the risk, such as using VOIP numbers and email aliases.
CISA RELEASES DRAFT RULE FOR CYBER INCIDENT REPORTING BY CHRISTIAN VASQUEZ
The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a proposed rule requiring critical infrastructure organizations to report cybersecurity incidents, following the Cyber Incident Reporting for Critical Infrastructure Act inspired by the SolarWinds hack. Under the proposed rules, incidents must be reported within specific time frames, with exemptions and detailed criteria outlined. CISA aims to analyze the data for threat assessment and mitigation. The rules could affect a wide range of critical infrastructure sectors and entities, although concerns exist regarding gaps in coverage, outdated sector-specific plans, and financial constraints for implementation, particularly for smaller organizations such as community water systems.
Recommended Resources
All the essential information you need about DLP in one eBook.
Expert views on the challenges of today & tomorrow.
The details on our platform architecture, how it works, and your deployment options.
Don't Fall Behind
Get the latest security insights
delivered to your inbox each week.
Thank you for subscribing!