Cyber Security Headlines Week in Review: Easterly AI warning, Windows admin alerts, Dallas ransomware fallout

Cyber Security Headlines – Week in Review, May 8-12, is hosted by Rich Stroffolino with our guest, Paul Connelly, Former CISO, HCA Healthcare

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com

Top US cyber official warns AI may be the ‘most powerful weapon of our time’

CISA Director Jen Easterly, speaking on Friday at a security summit at Vanderbilt University in Nashville warned, that artificial intelligence may be both the most “powerful capability of our time” and the “most powerful weapon of our time.” She highlighted a scenario in which how-to guides, AI-generated imagery, auto-generated shopping lists are available for terrorist and for criminals, providing the capability to develop things like cyber weapons, chemical weapons, bio weapons,” adding that those are not even the worst case scenario. She suggested that AI companies should break that “decades-long vicious cycle of technological innovation at the expense of security.”

(Cyberscoop)

Windows admins can now sign up for ‘known issue’ email alerts

Microsoft announced last week that Windows admins can now choose to be emailed when new known issues are added to the Windows release health section of the Microsoft 365 admin center. After enrolling, IT admins will receive an email every time known issues are added or updated with new information, including changes in status, new workarounds, or issue resolutions. Microsoft states this is only available for those with admin roles in organizations with eligible Windows or Microsoft 365 for Business subscriptions that provide access to Windows release health in the Microsoft 365 admin center.

(Bleeping Computer)

Dallas still reeling from ransomware

Last week, the city of Dallas confirmed it suffered a ransomware attack. The Royal ransomware organization took credit. Over the weekend, the city said it believed it contained the attack with no signs of new spread. However on May 8th all municipal courts remained closed. Police and fire departments also informed local outlets of continuing issues. Dispatchers are writing down information and relaying it manually over radios. This also played into the response to the mass shooting in Allen, Texas, as police were unable to access prior information on police calls to the home of the shooter. City officials also warned against scammers approaching the general public to pay things like utility bills, saying the city would not proactively reach out. 

(The Record)

Court rules on Merck cyber insurance claim

Back in 2018, Merck got caught up in the NetPetya attacks, suffering an estimated $1.4 billion loss. This accounted for outages, consulting, and system replacements, At the time, it held a $1.75 billion all-risk policy from Ace American. But the insurer refused to pay it citing an “Acts of War” clause, arguing the attacks were Russian-backed. Merck filed suit in 2018 disputing this. A December 2021 New Jersey Superior Court decision determined these provisions did not apply. Ace American appealed. How the Superior Court of New Jersey Appellate Division upheld the judgment. It found the details of the attack on Merck came “wholly outside the context of any armed conflict or military objective.” 

(SC Magazine)

Thanks to today’s episode sponsor, Trend Micro

Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries.

Operation Medusa takes down ‘Snake’ malware network

The US Department of Justice (DoJ) announced that a joint operation dubbed Medusa has decimated a 20-year-old malware operation run by Russia’s Federal Security Service of the Russian Federation (FSB). A threat group named Turla used malware called Snake to steal secrets from North Atlantic Treaty Organization (NATO)-member governments. Turla exfiltrated sensitive data through a global network of compromised machines to evade detection. The FBI developed a tool named Perseus, which they used to neutralize the Snake malware by commanding it to overwrite itself on compromised systems.

(Dark Reading and The Register)

Justice Department takes down 13 DDoS-for-Hire sites

The Justice Department continued a busy week, announcing Monday that it has seized 13 Internet domains linked to stressor or booter platforms, more formally known as DDoS-for-hire services. Threat actors have paid for these services to launch millions of attacks against organizations, including schools, universities, governments, and financial institutions. Ten of the 13 illicit domains seized are “reincarnations” of DDoS services that were previously shuttered towards the end of last year.

(Dark Reading and The Hacker News)

The long term impact of leaked Intel Boot Guard keys

Earlier this year, a ransomware attack against the PC OEM MSI by the organization Money Message claimed to steal about 1.5 terabytes of data. According to analysis of recently leaked data by the group by the supply chain analysts at Binarly, this includes Intel Boot Guard Private keys on 116 MSI products, as well as image-signing keys for 57 products. The leaked keys could allow an attacker to install malware in UEFI firmware, they keys would make it appear as legitimate software. If these keys are out there, they could represent a hard to detect attack vector for years to come. Intel says OEMs generate their own Boot Guard keys, meaning this should only impact MSI hardware specifically. 

(Dark Reading)

Cisco warns of new phishing-as-a-service tool

A new report from Cisco’s Talos group outlines details of this new service, called “Greatness.” It first spotted it in the wild back in mid-2022, with VirusTotal samples showing spikes in December and March. Its operator generally uses it against corporate entities for financial gain, spoofing Microsoft 365 login pages to gain credentials for further network access. Greatness provides its clients with a full phishing kit, including attachment and link builders, prebuild login pages, bots for chat apps, and MFA circumvention. US businesses accounted for roughly half of Greatness victims. Attackers mainly targeted manufacturing, healthcare, and technology sectors with attacks.

(The Record)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.