Security News—ChatGPT and Cybersecurity, Ukraine Cyberwar Lessons, ICS Vulnerabilities, Mirai Botnet Variant and More
Welcome to the next edition of Forcepoint Security News—curated news meant to provide a quick look at what's happening around the cybersecurity industry..
Here are other stories getting our attention:
ChatGPT and more: What AI chatbots mean for the future of cybersecurity
AI chatbots, such as ChatGPT from OpenAI, can be used to help facilitate malicious cyber activities, even though the terms of service of these AI-driven tools ban cybercrime activities. Cybercriminals can use ChatGPT to create more efficient and compelling phishing emails, and AI tools can create fake but legitimate-looking online profiles, which is time-consuming for attackers to do manually. While there are safeguards in place to prevent the abuse of these tools, like any new technology, hackers will use tools that make them more effective and efficient.
The Lessons From Cyberwar, Cyber-in-War and Ukraine
What is the link between cyberwarfare, psychological warfare, and kinetic warfare, stating that they are all inextricably linked and each vying for an advantage in war. The author also asserts that psychological warfare can be used to destroy the morale of the enemy's military and civilian population, and as a precursor to kinetic warfare. The article highlights the ongoing conflict in Ukraine as an example of the interplay between cyber, psychological, and kinetic warfare. The article also suggests that the battle for the hearts and minds of the people is being waged by both sides, and reports of Russian war crimes and Putin's illness are part of psychological and information warfare.
ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage
Cybersecurity firm Forescout has shown how industrial control system (ICS) vulnerabilities can be chained for an exploit that allows hackers to cause physical damage to a bridge. The research focuses on vulnerabilities in Schneider Electric's Modicon programmable logic controllers and how they can be exploited with known security flaws in other vendors' products to gain deep lateral movement in an Operational Technology (OT) network. Researchers demonstrated how an attacker could use this method to manipulate a bridge's field devices and cause significant damage to the structure. The attack method is difficult to detect and allows for a wide range of malicious activities without raising suspicion.
DDoS Attacks Continue to Threaten Healthcare Cybersecurity
Distributed Denial of Service (DDoS) attacks are a significant threat to healthcare cybersecurity, and can have a detrimental impact on the ability to provide care. DDoS attacks flood a victim's network with traffic, making network resources unusable and serving as a distraction while bad actors deploy more sinister malware on their victim's network. The Health Sector Cybersecurity Coordination Center recommends that healthcare entities prepare for DDoS attacks by documenting internet-facing and IT infrastructure assets, developing a reliable incident response plan, and prioritizing the identification of services and devices that may be exposed to the public internet.
New Mirai botnet variant has been very busy, researchers say
A new variant of the Mirai malware called V3G4 has been discovered by researchers at Palo Alto Networks' Unit 42. The variant exploits 13 known vulnerabilities and can compromise smart devices to add them to a botnet that can launch distributed denial-of-service (DDoS) attacks. The botnet was first discovered in 2016 and has been used in some of the largest and most disruptive DDoS attacks. The V3G4 variant targets exposed servers and networking devices running Linux and uses both brute-force and embedded exploits to spread. The new variant inherited the feature of brute force attacks from the original Mirai.