Welcome Back to CyberScan!
Welcome back to CyberScan, your trusted source for the latest on security, defence, AI business, and global affairs. This week, we're excited to bring you some groundbreaking stories from the tech world. At Black Hat 2024 in Las Vegas, experts will delve into the crucial integration of AI safety with security practices, addressing myths and emphasising organisational responsibilities.
Meanwhile, Singapore is set to release new technical guidelines to enhance AI security, showcasing their proactive approach to evolving cyber threats. Additionally, we cover the sensational claim by ransomware group LockBit, which alleged a massive data breach at the Federal Reserve, only to be debunked by security researchers who traced the data back to Evolve Bank & Trust.
In the realm of cybersecurity investments, analysts and publisher Stock News highlight the thriving software security industry amid rising digitization and cloud service adoption. With increasing cyber threats and data privacy concerns, businesses are investing heavily in secure identity platforms and application delivery solutions.
This surge presents lucrative opportunities in stocks like Tenable Holdings, Clear Secure, and Radware, which show promising Q2 earnings outlooks. Furthermore, the U.S. government's strategic initiatives, regulations, and partnerships outlined in the National Cybersecurity Strategy are set to bolster defences and drive innovation, significantly boosting demand for advanced security solutions. Stay tuned as we unpack these intricate stories and their implications for the global tech landscape.
Black Hat 2024: Addressing AI Safety and Security
Next month at Black Hat USA 2024 in Las Vegas, a panel of experts will delve into the often overlooked necessity of AI safety and its integration with security practices. Organised by Nathan Hamiel, leader of the Fundamental and Applied Research team at Kudelski Security, this session aims to dispel myths and emphasise the responsibilities organisations have regarding AI safety.
"Most security professionals don't think much about AI safety," Hamiel notes.
"They think it's something that governments or academics need to worry about or maybe even organisations creating foundational models."
However, with AI rapidly integrating into everyday systems and critical decision-making processes, the focus on safety becomes paramount. Hamiel highlights the misconception that AI safety concerns are merely existential, stressing, "AI safety is crucial for ensuring that the technology is safe to use."
The panel discussion will explore the intersection of AI safety and security, emphasising how these concepts are interrelated. Hamiel asserts that an insecure product cannot be safe to use, making security professionals integral to ensuring AI safety.
He explains, "Security professionals will play a larger role in AI safety because of its proximity to their current responsibilities securing systems and applications."
One key topic will be the harms from AI deployments, categorised by Hamiel using the acronym SPAR—secure, private, aligned, and reliable. He stresses the importance of addressing technical harms to mitigate human harms, stating, "You can't start addressing the human harms until you address the technical harms."
Additionally, Hamiel underscores the critical role organisations play in AI safety, saying, "If you're building a product and delivering it to customers, you can't say, 'Well, it's not our fault, it's the model provider's fault.'" The panel aims to provide attendees with a comprehensive understanding of the challenges and responsibilities related to AI safety, ensuring that innovation and safety go hand in hand.
Singapore Develops Technical Guidelines to Secure AI Systems
Singapore is set to release new technical guidelines aimed at enhancing the security of artificial intelligence (AI) systems. These voluntary guidelines, developed by the Cyber Security Agency (CSA), are expected to provide "practical measures" for cybersecurity professionals looking to improve AI security.
Senior Minister of State for the Ministry of Communications and Information, Janil Puthucheary, announced the upcoming public consultation for the draft Technical Guidelines for Securing AI Systems during his opening speech at the Association of Information Security Professionals (AiSP) AI security summit. Puthucheary emphasised the need for these guidelines, noting, "Over the past couple of years, AI has proliferated rapidly and been deployed in a wide variety of spaces. This has significantly impacted the threat landscape."
Puthucheary highlighted several risks associated with AI, including adversarial machine learning, which allows attackers to compromise the function of AI models. He cited an example where McAfee compromised Mobileye by altering speed limit signs the AI system was trained to recognize. As AI continues to evolve, the minister urged both public and private sectors to understand and address these emerging threats.
He noted that Singapore's Government Technology Agency (GovTech) is developing capabilities to simulate potential AI attacks to better safeguard these systems. Puthucheary also pointed out that AI can enhance cybersecurity by enabling quicker, more precise risk detection and response. "AI can be leveraged to improve cyber defence and arm security professionals with the ability to identify risks faster, at scale, and with better precision," he said. The AiSP is also establishing an AI special interest group to foster knowledge exchange among its members on AI security advancements.
Hackers Claim Theft of Federal Reserve Data, Evidence Lacking
The ransomware group LockBit put itself in the international headlines once again last week when it boldly claimed to have stolen 33 TB of data from the US Federal Reserve, something that could pose a dire threat to the entire banking system. However, independent security researchers have determined that the whole thing is malarkey.
LockBit’s sample of stolen data turns out to have come from just one US bank, Evolve Bank & Trust, which has recently been scrutinised by the Fed for its deficient risk management and compliance policies.
"It was highly likely, in my opinion, that the group is lying," said Brett Callow, a threat analyst at Emsisoft.
"I believe it's far more likely that any data they do have relating to the [Fed] would have come from a third party."
Ever since an international law enforcement raid in February dealt a heavy blow to LockBit’s operation, followed up by the identification of Russian national Dimitry Yuryevich Khoroshev as lead developer and operator "LockBitSupp" in May, security researchers have noted that the group’s data leak site has featured exaggerated or fake information. Once a giant in the ransomware-as-a-service (RaaS) world, LockBit now appears desperate to retain its client base, culminating in this fake attack on the US Federal Reserve.
What actually happened is that LockBit hit US-based Evolve Bank & Trust, a hybrid fintech operation with limited physical locations in Arkansas and Tennessee. Evolve has confirmed the breach, stating the stolen data came entirely from this incident. Despite the group's attempts to create mainstream buzz, the Federal Reserve never confirmed a breach or issued any public statement on the matter. Numerous independent security researchers, after examining the leaked data samples, concluded it all originated from Evolve.
Breaches of third-party IT services have become a common method for ransomware actors to steal data. In a prominent recent example, threat actor UNC5537 stole data from multiple organisations by breaching databases stored by cloud storage provider Snowflake. According to Google-owned cybersecurity firm Mandiant, it and Snowflake have notified "approximately 165 potentially exposed organisations" about the breaches. Among those companies are Santander Bank, QuoteWizard and Ticketmaster.
While the “doomsday scenario” of US Federal Reserve secrets being leaked seems to have been averted, Evolve customers are left to deal with their stolen data being leaked to the dark web. Evolve has acknowledged the breach and has offered impacted customers free credit monitoring and identity protection services. Meanwhile, LockBit's future remains uncertain. Itay Glick, VP of Products at OPSWAT, warned, “In May 2024 alone, LockBit claimed responsibility for over 150 out of the 450 ransomware attacks reported, highlighting its aggressive activity despite law enforcement efforts to disrupt it earlier in the year.”
Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, added that the financial field should be wary of further attacks: “Organisations in the financial industry must prioritise proactive defence, with a strong focus on threat detection and response.” Both experts agree that financial institutions must bolster their cybersecurity measures to mitigate these ongoing threats.
Investing in Cybersecurity: A Growing Opportunity
According to analysts and publisher Stock News, the software security industry is thriving due to increased digitization, the shift to cloud services, and the rising need for robust cybersecurity measures. With the growing prevalence of cyber threats and data privacy concerns, businesses are investing heavily in secure identity platforms and application delivery solutions. In this context, investing in strong cybersecurity stocks such as Tenable Holdings, Inc. (TENB), Clear Secure, Inc. (YOU), and Radware Ltd. (RDWR) appears prudent, as these companies show promising Q2 earnings outlooks and represent sound opportunities for savvy investors.
In 2024, the U.S. government is enhancing cybersecurity through strategic initiatives, regulations, and partnerships, as outlined in the National Cybersecurity Strategy. These efforts aim to bolster defences, support industry growth, and drive innovation, thereby increasing demand for advanced security solutions. The global cloud security market is projected to grow at a 26.34% CAGR, reaching $6.60 billion by 2029, while the security services market is expected to hit $97.30 billion by 2024. With ransomware and data breaches on the rise, the software security sector is poised for significant growth, highlighting the importance of investing in this critical industry.
