Check out how cyber agencies from multiple countries hit the LockBit ransomware group. Meanwhile, CISA wants water treatment plants to button up their cyber defenses. Plus, there’s a new generative AI governance checklist for tech and business leaders. And the White House seeks to boost ports' cybersecurity. And much more!
Dive into six things that are top of mind for the week ending February 23.
LockBit, one of the world’s most destructive ransomware groups, just got dealt a powerful blow. And if you’re one of LockBit’s victims, help is on the way.
This week, cybersecurity agencies from multiple countries, led by the Cyber Division of the U.K.’s National Crime Agency (NCA), announced the seizure of LockBit’s infrastructure and the disruption of its operations.
The law enforcement agencies involved in this effort, dubbed Operation Cronos, obtained more than 1,000 decryption keys and will assist LockBit victims in their respective countries. In addition, LockBit decryption tools have been added to the “No More Ransom” website.
“As of today, LockBit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity,” NCA Director General Graeme Biggar said in the statement “International investigation disrupts the world’s most harmful cyber crime group.”
Over the past four years, thousands of victims have been hit by hackers affiliated with LockBit’s ransomware-as-a-service operation, resulting in billions of dollars, pounds and euros in ransom payments and recovery costs, the NCA said.
Specifically, the NCA seized control of:
The LockBit platform’s source code, along with a treasure trove of internal information about the group’s systems, activities and affiliates
In collaboration with Europol and U.S. law enforcement agencies, several people have been either charged or arrested in the U.S. and Europe, and more than 200 cryptocurrency accounts frozen.
An interesting finding: LockBit’s systems still had data from victims who paid a ransom, proving that coughing up the money that ransomware gangs demand doesn’t guarantee they’ll delete it.
To get more details, check out:
For more information about ransomware prevention, trends and best practices, check out these Tenable resources:
With cyberthreats to water treatment plants in the spotlight, the U.S. government has released a fact sheet with security measures these facilities should take as soon as possible.
The guide “Top Cyber Actions for Securing Water Systems” outlines these seven steps that organizations in the water and wastewater systems (WWS) sector can take to reduce cyber risk and increase cyber resilience:
The two-page guide, jointly issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Environmental Protection Agency (EPA), also points readers to freely available resources.
For more information about protecting water and wastewater systems from cyberattacks:
Here’s a guide that might interest business and tech chiefs eager to ensure their organizations develop and deploy generative AI securely and responsibly.
The “LLM AI Cybersecurity & Governance Checklist,” which OWASP published this week, is aimed at business, privacy, compliance, legal and cybersecurity leaders, among others, tasked with setting guardrails for their organization’s generative AI use.
The goal: Help them stay abreast of AI developments so that their organizations will reap business success from their generative AI use while avoiding legal, security and regulatory pitfalls.
“These leaders and teams must create tactics to grab opportunities, combat challenges, and mitigate risks,” reads the document, which was created by the same OWASP team in charge of the group’s “OWASP Top 10 for LLM Applications” list.
Areas covered by the checklist include:
For more information about using generative AI responsibly and securely:
VIDEO
Gen AI: New Age of Governance (World Economic Forum)
The Biden administration this week issued an executive order and outlined steps intended to boost the cyber defenses of U.S. ports and other components of the country’s Marine Transportation System (MTS), whose operations heavily rely on digital systems.
It’s critical to protect the MTS from cyberattacks, as it supports $5.4 trillion of economic activity annually, contributes to the employment of 31 million Americans and supports almost 95% of cargo entering the U.S., the White House said in the fact sheet titled “Biden-Harris Administration Announces Initiative to Bolster Cybersecurity of U.S. Ports.”
“America’s prosperity is directly linked to maritime trade and the integrated network of ports, terminals, vessels, waterways, and land-side connections,” reads the fact sheet.
Specifically, the “Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States” bolsters the Department of Homeland Security’s authority to address MTS cyberthreats.
For example, the U.S. Coast Guard will have the authority to require that vessels and waterfront facilities fix dangerous cyber conditions; and to inspect vessels and facilities suspected of posing a cyberthreat. The Coast Guard will also propose new regulations to better protect the MTS from cyberattacks.
While in all likelihood the Coast Guard has had the authority to step in and address cyber risks posed by vessels, the executive order makes this plainly clear, as Marty Edwards, Tenable's Deputy CTO of OT and IoT told CSO Online.
“I think there’s some clarification here to make sure that the word cybersecurity is explicitly called out,” Edwards said. “Because too many times we’ve seen where organizations will say, oh, well, it doesn’t say cyber, so that means I don’t have to do it for cyber.”
To get more details, check out:
You could call it an identity crisis.
Successful cyberattacks carried out using a compromised identity rose sharply in 2023, according to IBM’s “2024 X-Force Threat Intelligence Index” report, released this week. Specifically, there was a 71% increase in the use of stolen credentials to gain initial access to valid enterprise accounts.
It’s the first time in the report’s history that this attack vector ranks first as cybercriminals’ preferred initial access method – tied with phishing. Each method accounted for 30% of all incidents to which the IBM X-Force unit responded last year.
Why the rise in use of stolen credentials? With so many available on the dark web, it’s a low-hanging fruit that allows attackers to log into valid accounts, instead of having to hack their way in, according to the report.
“Yet this ‘easy entry’ for attackers is hard to detect, requiring a complex response from organizations to distinguish between legitimate and malicious user activity on the network,” reads a blog about the report.
The “X-Force Threat Intelligence Index” report is primarily based on IBM’s monitoring of 150 billion security events per day in 130-plus countries.
And there’s yet another report on the proper and secure use of AI on the way, this time from a newly formed U.S. House of Representatives task force.
The “Task Force on Artificial Intelligence,” which was announced this week, has 24 members – 12 from each party. It has been tasked with producing a report that offers principles, recommendations and policies for AI usage.
It’s the latest move by the U.S. government to find ways to make sure that AI is used securely and responsibly, as the technology’s adoption surges among individuals and businesses.
To get more details, read the AI task force’s announcement.
For more information about AI regulation:
Juan has been writing about IT since the mid-1990s, first as a reporter and editor, and now as a content marketer. He spent the bulk of his journalism career at International Data Group’s IDG News Service, a tech news wire service where he held various positions over the years, including Senior Editor and News Editor. His content marketing journey began at Qualys, with stops at Moogsoft and JFrog. As a content marketer, he's helped plan, write and edit the whole gamut of content assets, including blog posts, case studies, e-books, product briefs and white papers, while supporting a wide variety of teams, including product marketing, demand generation, corporate communications, and events.