News from the World of Computers

Post Reply New Topic

China's cyberattacks against the U.S. and its allies are reaching a "fever pitch," FBI director Christopher Wray warned at the Munich Cyber Security Conference on Thursday.

Wray spoke to allies at the conference about hackers affiliated with the Chinese Communist Party (CCP) that are known to have infiltrated critical U.S. infrastructure and remain "poised to attack" even now. The event is playing host to hundreds of security leaders from Western countries.

"You might find your companies harassed and hacked, targeted by a web of corporate CCP proxies," Wray told the leaders gathered in Germany. "You might also find PRC [People’s Republic of China] hackers lurking in your power stations, your phone companies and other infrastructure, poised to take them down when they decide you stepped too far out of line, and that hurting your civilian population suits the CCP."

"China-sponsored hackers pre-positioned for potential cyberattacks against U.S. oil and natural gas companies way back in 2011, but these days, it’s reached something closer to a fever pitch," he continued. "What we’re seeing now is China’s increasing build-out of offensive weapons within our critical infrastructure, poised to attack whenever Beijing decides the time is right."

GOP Sen. Marco Rubio warned on social media that the AT&T outage affecting tens of thousands of Americans pales in comparison to what a potential China cyberattack would look like.

"I don’t know the cause of the AT&T outage," the Florida Republican posted on X on Thursday. "But I do know it will be 100 times worse when #China launches a cyber attack on America on the eve of a #Taiwan invasion.

"And it won’t be just cell service they hit, it will be your power, your water and your bank."

Rubio's warning came as tens of thousands of AT&T customers reported outages on Thursday morning for their home phone, internet and mobile phone services, according to Downdetector.

Change Healthcare has not yet disclosed the specific nature of its cyberattack.

Pharmacies across the U.S. are reporting that they are unable to fulfill prescriptions through patients' insurance due to the ongoing outage at Change Healthcare, which handles much of the billing process.

Several people who work in the healthcare space and whose work is affected by the outage tell TechCrunch that they are experiencing downtime because of the ongoing cyberattack.

Eight years ago, Google came under fire after an artificial intelligence (AI) tool mistakenly labelled pictures of black people as “gorillas” in its photo app.

Now its AI tools have been accused of racial bias once again after its Gemini bot generated ethnically diverse yet utterly implausible images of historical figures.

Its new Gemini AI is able to create images from text prompts alone. Yet the AI inserted black, Asian or American Indian characters into pictures when asked to create people from European or American history, even when those figures were all white.

Among the most absurd images were pictures of “diverse” Nazis, including black and Asian soldiers in Wehrmacht uniforms, and images of black and American Indian “Vikings”.

Relief is coming for hospitals and healthcare providers still reeling from a cyberattack that crippled the nation's largest insurance processing company, leaving them unable to collect payments for weeks.

On Saturday, the Centers for Medicare and Medicaid Services announced it will expand its response to the Feb. 21 cybersecurity breach on Change Healthcare, a subsidiary of UnitedHealth Group, to include advance payments for Medicare Part B providers.

Since the attack, thousands of healthcare providers across the country have struggled to get paid. The emergency funds will allow for upfront payments.

The Biden administration is warning states to be on guard for cyberattacks against water systems, citing ongoing threats from hackers linked to the governments of Iran and China.

“Disabling cyberattacks are striking water and wastewater systems throughout the United States,” Environmental Protection Agency Administrator Michael Regan and National Security Advisor Jake Sullivan wrote in a letter to governors made public Tuesday. “These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.”

Hackers affiliated with the Iranian Government Islamic Revolutionary Guard Corps have attacked drinking water systems, while a People’s Republic of China state-sponsored group, Volt Typhoon, has compromised information technology of drinking water and other critical infrastructure systems, the letter warned.

AT&T said it has begun notifying millions of customers about the theft of personal data recently discovered online.

The telecommunications giant said Saturday that a dataset found on the “dark web” contains information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders.

The company said it has already reset the passcodes of current users and will be communicating with account holders whose sensitive personal information was compromised.

It is not known if the data "originated from AT&T or one of its vendors,” the company said in a statement. The compromised data is from 2019 or earlier and does not appear to include financial information or call history, it said. In addition to passcodes and Social Security numbers, it may include email and mailing addresses, phone numbers and birth dates.

U.S. adversaries including China and Russia are showing increased interest in disrupting American space assets through cyberattacks that could cripple military communications, a top DOD cyber official said Thursday.

Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang said nation-state hackers are mulling disrupting space assets “at all segments,” and emphasized ground stations that transmit data to satellites and space stations are easiest to target.

“The cybersecurity of the space systems — the ways in which the information from space flows across networks to enable traffic — is something that we’re very worried about,” she told an audience at RSA Conference in San Francisco.

Ground segment space assets like mission control centers, launch facilities and other networking equipment used for relaying data are easiest to breach because defending them from intrusions often involves basic cybersecurity concepts that many other organizations don’t deploy, Eoyang said.

Even if the U.S. government eventually ejects a notorious Chinese hacking operation that has tunneled into critical infrastructure entities, the sweeping digital campaign has permanently altered the cyberthreat landscape, federal officials say.

The hacking activity, labeled Volt Typhoon, remains a major focus of federal national security leaders, who have scrutinized the group’s capabilities as well as its intent — to cause disruption and sow societal panic, especially in the event of a military conflict — and concluded Beijing will not back away from that approach in the future.

The end result is that China has moved beyond the traditional goal of nation-state hacking operations — spying on an adversary — into something more sinister, the officials say.

China remains the biggest cyber threat to the US government, America's critical infrastructure, and its private-sector networks, the nation's intelligence community has assessed.

This is probably not all that shocking to anyone paying attention to recent headlines warning of Beijing's cyber-snoops burrowing into energy facilities, emergency responder networks, and government officials' email inboxes and waiting to unleash some degree of chaos at Chinese President Xi Jinping's command.

But there's an often overlooked threat when it comes to cyber warfare capabilities, according to Crystal Morin, former intelligence analyst for the US Air Force and today cybersecurity strategist at Sysdig.

"A destructive cyber-attack against the United States would come from Iran before someone else," Morin told The Register. Check out our full interview below with Morin to find out her reasoning.

The United States' cyber posture has made steady and significant improvements over the past year despite an ever-changing threat landscape and emerging technologies that stand to reshape the global digital ecosystem, according to the nation's first-ever federal cybersecurity posture report.

The U.S. is "in the midst of a fundamental transformation" in national cybersecurity, the Office of the National Cyber Director said in a Tuesday report that assesses a wide variety of cybersecurity threats. The office also released an accompanying update to the 2023 National Cyber Strategy Implementation Plan that adds 31 new initiatives to the strategy and directs six federal agencies to lead cyber initiatives for the first time.

Despite the White House advancing "an affirmative vision for a safe, prosperous and equitable digital future," National Cyber Director Harry Coker acknowledged in a letter accompanying the report that "the threats we face remain daunting, our defenses are not impregnable and our work continues to evolve to meet the changing landscape."

ONCD described artificial intelligence as "one of the most powerful, publicly accessible technologies of our time" and said advances throughout 2023 in large-language models and other foundational algorithms "presented opportunities and challenges for cyber risk management at scale." The report warned that cybercriminals with limited resources and technical expertise can use AI to conduct malicious cyber activity, while AI-enabled surveillance and censorship have enabled authoritarian regimes "to more effectively and efficiently target journalists, dissidents and human rights defenders."

The implementation plan prioritizes defending critical infrastructure and essential services, calling for healthcare and public health sector-specific cybersecurity performance goals and the establishment of an Education Facilities Subsector Government Coordinating Council. The plan also calls for the adoption of cybersecurity best practices across the water and wastewater systems sector.

ONCD focused on the increasing reliance among critical infrastructure owners and operators on third-party cloud service providers and said that cloud migrations and hybrid deployments can often introduce complex centralized logging and authentication regimes that can allow threat actors to hack identity management systems.