Cybersecurity Snapshot: North Korea’s Cyber Spies Hunt for Nuclear Secrets, as Online Criminals Ramp Up AI Use in the EU

Check out a CISA-FBI advisory about North Korean cyber espionage on critical infrastructure orgs. Plus, what Europol found about the use of AI for cybercrime. Meanwhile, the risk concerns that healthcare leaders have about generative AI. And a poll on water plant cybersecurity. And much more!

Dive into six things that are top of mind for the week ending July 26.

1 - CISA, FBI warn about North Korea’s cyber spying

North Korea is engaged in a global cyber espionage campaign targeting critical infrastructure organizations, especially those involved with the defense, aerospace and nuclear sectors.

That’s the warning issued this week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and law enforcement agencies from the U.S., South Korea and the U.K.

CISA and the FBI recommend that all critical infrastructure organizations review the joint advisory, titled “North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs,” and implement its mitigation recommendations.

Via a group called Andariel, North Korea is trying to steal confidential technical information in order to advance the goals of its military and nuclear programs. Andariel is focused on the U.S., South Korea, the U.K., Japan and India, although its cyber espionage scope is global.

The joint advisory details Andariel’s tactics, techniques and procedures, such as exploiting known vulnerabilities in web servers and deploying web shells to access sensitive information and applications.

Recommended mitigation strategies include:

• Patch vulnerabilities on a timely manner
• Protect web servers from web shells
• Monitor endpoints to detect malicious activity
• Boost authentication and remote access security

Andariel, also known as Onyx Sleet, initially carried out destructive attacks against U.S. and South Korean organizations but now focuses on cyber espionage and ransomware operations. It funds its activities via ransomware attacks against U.S. healthcare organizations.

To get more details, check out:

• CISA’s announcement “FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity”
• The joint advisory “North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs.”

For more information about cyberthreats from North Korea:

• “Exclusive: UN experts investigate 58 cyberattacks worth $3 bln by North Korea” (Reuters)
• “U.S. charges North Korean man with cyberattacks on NASA” (Washington Post)
• “North Korea hacking teams hack South Korea defence contractors” (Reuters)
• “North Korea hacked South Korea chip equipment makers, Seoul says” (BBC)

2 - Europol: AI use by cybercriminals on the rise in the EU

Cybercrime in the European Union grew steadily last year, helped in part by criminals’ growing use of artificial intelligence (AI), according to Europol’s “Internet Organised Crime Threat Assessment (IOCTA) 2024” report.

“Cybercriminals are keen to leverage AI, which is already becoming a common component in their toolbox and is very likely to see even wider application,” reads the report, which was released this week.

Not only are cybercrooks abusing legitimate large language models (LLMs), but they have access to a growing number of malicious LLMs designed specifically for cybercriminal activities, such as phishing.

“There is increased marketing of AI tools and services on the dark web,” the report reads.

To get more details, read the “Internet Organised Crime Threat Assessment (IOCTA) 2024” report.

For more information about the use of AI for cyberattacks:

• “FBI Warns of Increasing Threat of Cyber Criminals Utilizing Artificial Intelligence” (FBI)
• “Cybercriminals are creating their own AI chatbots to support hacking and scam users” (The Conversation)
• “AI advances risk facilitating cyber crime, top US officials say” (Reuters)
• “Cyber Criminals Are Getting Faster--and Generative AI Could Make Their Work Easier” (Inc)

3 - An ad-hoc Tenable poll on the cybersecurity of water plants

During our recent webinar “Safeguarding Your Water Utility,” we took the opportunity to poll attendees about their strategies for protecting these critical infrastructure facilities from cyberattacks. Check out what they said about their biggest challenges and concerns.

^{(24 webinar attendees polled by Tenable, July 2024)}

^{(18 webinar attendees polled by Tenable, July 2024)}

^{(24 webinar attendees polled by Tenable, July 2024)}

Want to learn more about cybersecurity for water utilities? Watch the on-demand webinar “Safeguarding Your Water Utility,” which covers water-sector cyberthreats, regulation, legislation, funding opportunities, best practices for cyber resilience and more.

For more information about the cybersecurity of water and wastewater plants:

• “Shoring Up Water Security: Industry Leaders Testify Before Congress” (Tenable)
• “EPA Cybersecurity for the Water Sector” (Environmental Protection Agency)
• “US officials find weak security practices at water plants breached by pro-Russia hackers” (CNN)
• “More than 70% of surveyed water systems failed to meet EPA cyber standards” (NextGov)

VIDEO

Tenable Homeland Security Testimony 2024: CISA funding for OT security and water sector

4 - Report: Risk is top obstacle to GenAI adoption in healthcare

Concerns about privacy, information accuracy, regulation compliance, biased analysis and other risks ranked as the top challenge healthcare organizations face when considering the adoption of generative AI.

That’s according to the report “Generative AI in healthcare: Adoption trends and what’s next” from McKinsey, which surveyed 100 leaders in payer, provider and healthcare services and technology (HST) organizations.

“Risk concerns and considerations top the list of scale-up challenges faced by surveyed leaders, regardless of whether they work at a payer, provider, or HST company,” reads the report.

Fueling risk concerns are generative AI’s lack of a track record, its investment requirements and uncertainty regarding regulations.

To reap the benefits generative AI promises without running afoul of regulations or compromising safety, healthcare organizations need to establish “governance processes, frameworks and guardrails” to proactively address and mitigate risks, according to McKinsey.

For more information about AI risk and opportunity in healthcare:

• “Artificial intelligence and cybersecurity in healthcare” (International Hospital Federation)
• “Evaluating the Impact of AI in Healthcare Cybersecurity” (American Hospital Association)
• “How the Executive Order on AI Will Impact Healthcare Cybersecurity” (TechTarget)
• “AI, deepfakes and other cybersecurity threats facing hospitals” (Chief Healthcare Executive)

5 - Tenable’s insights on global IT outage

Check out some thoughts from Tenable’s CEO and CSO about last week’s unprecedented IT outage, which was caused by a faulty software update. 

In these interviews with CNBC and CNN, Tenable CEO Amit Yoran explains why organizations should focus on the diversity of their IT systems amidst the fallout from the massive outage. 

You can also catch more comments from Yoran in the Wall Street Journal article “Blue Screens Everywhere Are Latest Tech Woe for Microsoft.”

Meanwhile, in his blog “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design,” Tenable CSO Robert Huber outlines how our comprehensive approach to the software development lifecycle (SDLC) allows us to produce extremely high-quality software and protect our customers’ business operations.

6 - U.S. Health Department unveils tech-focused reorg

The U.S. Department of Health and Human Services (HHS) this week rolled out a reorganization aimed at improving tech operations, including cybersecurity, data management and AI.

The revamping involves consolidating under two HHS groups all the tech functions that until now have been handled by three groups. 

One of the new consolidated groups will establish the Office of the Chief Technology Officer and reinstitute the CTO role. The CTO will oversee data and AI strategy and policy. 

Directly reporting to the CTO will be the Chief AI Officer, the Chief Data Officer and a new Office of Digital Services.

“Cybersecurity, data, and AI are some of the most pressing issues facing the healthcare space today,” HHS Secretary Xavier Becerra said in a statement.

Responsibilities of the Chief AI Officer include:

• Setting AI policy and strategy
• Implementing governance, policy and risk management for AI use
• Support safe and appropriate AI use