Cyber News

This Week in Cyber: 30th October 2023 – 3rd November 2023

In the ever-evolving world of technology, cybersecurity remains a critical concern for organisations, governments, and individuals. With cyber threats constantly on the rise, staying informed about the latest news and developments in the field is essential for maintaining digital safety. In this blog post, we will explore the top cybersecurity news stories from this week, shedding light on significant events, and noteworthy security incidents.

This week’s top stories include news that governments around the world are taking a new approach to AI regulations, SolarWinds are being sued by the SEC, and there have been various high profile data breaches.

Boeing Claimed by LockBit Ransom Gang

An cyberattack on leading global aerospace, commercial jetliner manufacturer, and US military and defence contractor The Boeing Company is being claimed by the LockBit ransomware gang. The Russian-linked ransomware group posted Boeing as its latest conquest last Friday on its dark leak site. A Boeing spokesperson initially said that the company was “assessing this claim” and have since confirmed a “cyber incident”.

LockBit says it has a tremendous amount of sensitive data that will be published if the company does not contact the group by a November 2nd deadline of 1:23 pm UTC.

Analyst Comments:LockBit has been one of the most active and successful ransomware groups in recent years. Therefore, it is no surprise that they are responsible for the attack against Boeing. Since 2020, LockBit has carried out approximately 1,700 ransomware attacks in the United States. This attack has now added Boeing to the list of victims in the aviation industry cyber attacks, which already include Air Canada and Air Europa. The incident impacted several aspects of Boeing's parts and distribution business, and sends a clear message to other organisations that the LockBit group is incredibly powerful and disruptive.

SEC Sues SolarWinds Over Massive Cyberattack, Alleging Fraud and Weak Controls

In a lawsuit filed on Monday, the Securities and Exchange Commission (SEC) accused SolarWinds, a company that fell victim to a Russian-backed hacking group in 2019, of engaging in fraudulent activities and neglecting to uphold sufficient internal controls for several years leading up to the cyber-espionage incident.

Additionally, the lawsuit implicated SolarWinds' Chief Information Security Officer, Tim Brown, alleging that the company had misrepresented its cybersecurity measures and downplayed the recognised vulnerabilities in its systems.

Analyst Comments: Despite being aware of specific vulnerabilities internally, the company was accused of downplaying risks to investors. This resulted in a significant impact on the share price and raised concerns about the company's transparency. The Securities and Exchange Commission (SEC) is investigating the CISO and the company's actions. It seems that the SEC's actions may be justified in this case. Since 2018, a significant vulnerability was ignored, and the company made a statement to investors that their cybersecurity posture was better than it actually was. In 2020, the CISO was found to be instructing his team to lie to customers by saying that they had not seen similar attacks on other customers. As a result, the SEC has fined the company and the CISO for misleading investors for profit rather than for their cybersecurity measures.

British Library Suffers Major Technology Outage After Cyberattack

This week, The British Library grappled with a technology outage caused by a cyberattack. The attack impacted its online services and physical locations in London and Yorkshire. It also saw access to the website, catalogue, and digital collections become temporarily unavailable. This disruption extended to items ordered on or after October 27, new collection item requests through digital catalogues, and access to reading room PCs. Additionally, reader registration services are also inaccessible.

In response to the incident, the British Library announced on Tuesday that it has initiated an investigation, enlisting the assistance of the National Cyber Security Centre (NCSC) and other cybersecurity experts to address the issue.

Analyst Comments: It may be a surprise to many that the British Library ended up at the top of the list for cybercriminals to target with a cyberattack. The recent security breach is a reminder that the increasing digitalisation of our world leaves us vulnerable to cybercriminals who exploit the gaps. Unfortunately, the impact of the attack was not resolved quickly, as customers continued to face issues the following day. It is worth thinking about the motivations behind this attack, as it appears that the main intention of the attacker was to cause disruption. There have been no reports of ransomware, so it could be an attempt to demonstrate power and dominance.

Biden Signs Executive Order on AI

In other AI news, the recently signed Executive Order on Artificial Intelligence (EO on AI) by US President Biden has received a positive reception worldwide. The cybersecurity community has widely praised its strong dedication to AI safety, thorough testing, and the integration of security into the design process.

This directive requires developers to share the results of safety tests with the US government, ensuring that AI systems undergo comprehensive evaluation before they are made available to the public. Additionally, the order promotes the establishment of standards, tools, and testing procedures to enhance the safety and security of AI.

Analyst Comments: This executive order is a significant step towards shaping the future of technology by promoting responsible development of AI while addressing essential aspects such as safety, privacy, equity, and innovation. Achieving a balance between enforcement and innovation is challenging, and this will remain an ongoing battle as AI continues to evolve. As AI continues to transform the world, it is crucial to understand the implications of regulatory frameworks.

First-Ever Global Cyber Summit Takes Place in the UK

This week, the first-ever Global AI Summit kicked off, hosted by the UK government, and attended by experts in AI, alongside representatives from countries across the world and prominent business leaders. The summit aims to focus on “frontier” AI, revolutionary tech that is thought to be beneficial, but also risky, for organisations globally.

At the event, UK ministers revealed that the UK government has ramped up using AI in an attempt to hunt down criminals in the capital. Additionally, AI is being rolled out by various other government departments.

Analyst Comments: The UK's first-ever Global AI summit has seen significant participation from both the public and private sectors. As AI continues to evolve, tools such as ChatGPT and statistical data-driven AI approaches are being used daily by individuals and organizations to optimize their productivity and are now a part of everyday life. The use of AI to track down criminals in the capital highlights the importance of allowing these tools to evolve, especially as they are used in critical situations. However, it is essential to ensure that we remain secure and stay up-to-date as AI continues to develop.

In today's ever-changing landscape, staying well-informed about the latest advancements in the industry remains incredibly important. By staying up to date with relevant news, leaders can make informed decisions, proactively implement security measures, and effectively shield their organisations from cyberattacks. Maintaining a vigilant mindset, embracing best practices, and leveraging cutting-edge technologies are all crucial components in building a secure digital future. Let's embrace these principles to safeguard our digital assets and pave the way for a safer tomorrow.