Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: Russia-backed Hackers Aim at Critical Infrastructure Orgs, as Crypto Fraud Balloons

Cybersecurity Snapshot: Russia-backed Hackers Aim at Critical Infrastructure Orgs, as Crypto Fraud Balloons

Critical infrastructure operators must beware of Russian military hacking groups. Plus, cyber scammers are having a field day with crypto fraud. Meanwhile, AI and cloud vendors face stricter reporting regulations in the U.S. And get the latest on AI-model risk management and on cybersecurity understaffing!

Dive into six things that are top of mind for the week ending September 13.

1 - Critical infrastructure orgs targeted by Russia-backed hackers

Here’s an important warning for critical infrastructure organizations in the U.S. and abroad: Nation-state hacking groups affiliated with Russia’s military are attacking critical infrastructure targets to conduct espionage, carry out sabotage and inflict reputational harm.

That’s according to a joint advisory from the governments of the U.S. and nine other countries that details the groups’ tactics, techniques and procedures, lists indicators of compromise and offers mitigation recommendations.

The groups are affiliated with the Russian armed forces’ Unit 29155, according to the advisory “Russian Military Cyber Actors Target US and Global Critical Infrastructure” published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

These Unit 29155 groups have been operating since 2020. They’re currently focused on disrupting aid efforts to Ukraine, which they first attacked with the WhisperGate malware in early 2022. 

 

Critical infrastructure orgs targeted by Russia-backed hackers

 

They also target critical infrastructure organizations in North Atlantic Treaty Organization (NATO) countries. Their attacks include defacing websites, stealing and leaking data, and scanning infrastructure.

To gain initial access, these hacking groups use VPNs to hide their actions and then target internet-facing systems’ weaknesses, including these vulnerabilities: 

Immediate steps that critical infrastructure organizations should take to protect themselves include:

  • Make it a priority to routinely update systems and to remediate known vulnerabilities exploited in the wild.
  • Segment networks.
  • Adopt phishing-resistant multi-factor authentication for all externally-facing account services.

To get more details, read:

To learn more about securing operational technology (OT) systems in critical infrastructure environments, check out these Tenable resources:

2 - Cyber crooks double down on crypto scams

Decentralized. Distributed. Speedy. Ephemeral. Irreversible.

These are some of the key characteristics of cryptocurrency transactions that make them irresistibly attractive to cybercriminals, as evidenced by a strong increase in both the number of crypto scams and total losses in 2023.

These findings come from the “2023 IC3 Cryptocurrency Report,” released this week by the FBI’s Internet Crime Complaint Center (IC3). Specifically, the IC3 received almost 69,500 crypto-related complaints last year. Losses amounted to $5.6 billion, a 45% increase over 2022. 

Cyber crooks double down on crypto scams

(Source: “2023 IC3 Cryptocurrency Report” from the FBI’s Internet Crime Complaint Center, September 2024)

Other report takeaways include:

  • Most of the losses – 70% – came from investment scams.
  • Crypto scams accounted for about 10% of all financial-fraud complaints, but they disproportionately generated almost 50% of total losses.
  • While most of the complaints fielded by IC3 originated in the U.S., it received complaints from victims in 200-plus countries.

The report unpacks multiple types of crypto investment-fraud schemes, detailing scammers’ tactics and offering detailed prevention tips.

For more information about crypto fraud:

VIDEO

How Americans Are Losing Their Life Savings To Crypto Fraud (CNBC)

3 - Uncle Sam wants more info from AI and cloud vendors

The AI regulatory landscape continues to expand. 

This week, developers of AI systems and providers of cloud services learned they may soon have to submit more detailed reports about their wares to the U.S. government.

Specifically, the U.S. Department of Commerce has proposed new rules for mandatory and detailed reporting about AI models and cloud computing clusters, due to concerns about hackers abusing powerful AI and cloud systems.

AI developers and cloud providers would have to submit information to the U.S. government about their development activities and about cybersecurity measures and testing.

 

Uncle Sam wants more info from AI and cloud vendors
 

“This proposed rule would help us keep pace with new developments in AI technology to bolster our national defense and safeguard our national security,” Secretary of Commerce Gina M. Raimondo said in a statement.

To get more information about trends in AI security and regulation:

4 - New risk management framework for AI and ML models

Concerned about the pitfalls faced by developers and users of AI and machine learning (ML) models? You might want to check out the Cloud Security Alliance’s paper “AI Model Risk Management Framework.

The 54-page document addresses common AI model risks, including:

  • Data quality issues
  • Flawed model selection, tuning and design
  • Implementation and operational mistakes

The CSA framework offers a “structured approach” to identify, assess, mitigate and monitor AI model risks. Its four pillars are:

  • Model cards, which detail model elements such as its purpose, training, capabilities, resistance to attacks, limitations and performance
  • Data sheets, which offer descriptions of the dataset used to create an AI model
  • Risk cards, which summarize an AI model’s key risks
  • Scenario planning, which outlines ways in which a model could malfunction or be abused

Framework Pillars for Responsible and Well-Informed Use of AI / ML

Uncle Sam wants more info from AI and cloud vendors

(Source: Cloud Security Alliance’s “AI Model Risk Management Framework,” July 2024)

“A comprehensive framework goes a long way to ensuring responsible development and enabling the safe and responsible use of beneficial AI/ML models, which in turn allows enterprises to keep pace with AI innovation,” Caleb Sima, Chair of the CSA AI Safety Initiative, said in a statement.

The paper’s intended audience includes AI and ML engineers and developers; data scientists; risk managers; compliance pros; and business executives.

According to the paper, the benefits of adopting a risk management framework for AI and ML models include more transparency, proactive risk mitigation and enhanced decision-making processes.

5 - U.S. gov’t tackles cyber understaffing with new campaign

Is your organization struggling to recruit cybersecurity pros? A new initiative from the U.S. government aims to connect potential candidates with employers.

With about 500,000 cybersecurity jobs vacant in the U.S., the White House has launched a two-month “sprint” campaign designed to help recruit candidates to fill these positions.

Called “Service for America,” the campaign kicked off in early September and runs through the end of October. Its goal: to boost the country’s cyber workforce via a variety of initiatives, such as job fairs.

“These jobs offer an opportunity to serve our country by protecting our national security, while also offering a personal path to prosperity,” Nation Cyber Director Harry Coker, Jr. wrote in the blog post “Service for America: Cyber Is Serving Your Country.” 

“Service for America” will aim to create awareness that people don’t need a technical degree or background to qualify for cybersecurity jobs. “Cyber professionals are part of a dynamic and diverse modern workforce and individuals from all backgrounds and disciplines have a place,” Coker, Jr. wrote.

 

U.S. gov’t tackles cyber understaffing with new campaign

 

“Service for America” is part of the “National Cyber Workforce and Education Strategy,” unveiled in mid-2023, which seeks, among other things, to:

  • Remove degree requirements from cybersecurity jobs, shifting instead to a skills-based approach
  • Expand apprenticeships that allow people to gain cybersecurity skills while at their current jobs
  • Encourage employers, academia, local governments and non-profit organizations to offer cybersecurity training and education in their local communities

The Office of the National Cyber Director is spearheading the “Service for America” campaign, in partnership with the Office of Management and Budget and the Office of Personnel Management.

To get more details, check out:

For more information about how organizations can improve recruitment of cyber pros:

6 - Report: Almost 5M cyber jobs open globally

And continuing with the topic of cybersecurity understaffing, the problem isn’t getting any better globally either.

There are 4.8 million vacant cybersecurity jobs worldwide, up 19% compared with 2023, with the primary causes being budget constraints and lack of qualified candidates, according to the “2024 ISC2 Cybersecurity Workforce Study.”

The number of cyber pros employed globally – 5.5 million – stayed flat from last year. Meanwhile, the world needs 10.2 million cyber pros to satisfy the workforce demand.

“At a time when organizations can least afford the cost, disruption and reputational damage of a cybersecurity incident, the profession is under its greatest pressure to maintain safety and security with fewer resources,” reads an ISC2 statement.

ISC2 plans to publish the report in October, but released key stats this week. 

 

Report: Almost 5M cyber jobs open globally

 

Another number that stayed flat compared with 2023 was the percentage of respondents that reported having a shortage of cyber pros – 67%.

In addition to understaffing, organizations are also experiencing skills gaps. Specifically, 90% reported having technical skills gaps in their cybersecurity teams, with AI / ML skills the most commonly reported at 34%. 

Rounding out the top five cybersecurity tech-skills gaps were:

  • Cloud computing security (30%)
  • Zero Trust implementation (27%)
  • Digital forensics and incident response (25%)
  • A tie between application security and penetration testing, both at 24%

Meanwhile, 74% of respondents described the current threat landscape as the most challenging they’ve encountered in the last five years

The study is based on a worldwide survey of almost 16,000 cybersecurity practitioners and decision-makers.

If you’d like to explore career opportunities at Tenable, visit us at https://www.tenable.com/careers

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.